Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/IJkM4j2L-yWdJvVoPk-flFbJ_fk.roa
File: IJkM4j2L-yWdJvVoPk-flFbJ_fk.roa (raw, json)
Hash identifier: /LHZZvxC4+j7+zZyK8qK0NMAgL2uh5517pm1grzBUiE=
Subject key identifier: 20:99:0C:E2:3D:8B:FB:25:9D:26:F5:68:3E:4F:9F:94:56:C9:FD:F9
Certificate issuer: /CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Certificate serial: 018D13D7EBB27812CBC71205682BAB1BDC6B
Authority key identifier: F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/IJkM4j2L-yWdJvVoPk-flFbJ_fk.roa
Signing time: Tue 16 Jan 2024 19:55:34 +0000
ROA not before: Tue 16 Jan 2024 19:55:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 58061
IP address blocks: 62.204.52.0/24 maxlen: 24
193.42.119.0/24 maxlen: 24
193.201.10.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:13:d7:eb:b2:78:12:cb:c7:12:05:68:2b:ab:1b:dc:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Validity
Not Before: Jan 16 19:55:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=20990ce23d8bfb259d26f5683e4f9f9456c9fdf9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:38:41:8a:97:ca:cb:cb:0c:b8:20:77:b6:c9:
c1:7e:df:c8:1a:a4:dd:b4:49:34:b4:a0:b1:96:cc:
7a:3b:8e:28:4a:6f:a2:93:53:dc:65:e9:29:c1:36:
99:1a:21:3f:09:d9:c0:15:12:2b:85:50:6d:6d:f9:
22:c6:ce:2c:a1:99:7b:96:df:37:a3:79:ff:be:73:
e9:11:a7:e2:10:55:d4:ef:54:8d:ca:0a:0a:60:c2:
b7:66:c2:99:84:c6:b4:4b:71:63:ce:ba:47:4d:07:
59:5b:5f:bc:fc:bf:20:28:7b:1d:6f:bb:62:36:75:
51:2a:2d:24:df:99:8e:8d:95:7a:f0:eb:dd:7a:a0:
36:ff:e6:39:c6:13:92:3d:fa:e9:91:c2:8d:86:9f:
8b:3b:45:27:a2:a5:92:41:98:fd:50:dc:49:7c:1a:
01:bd:a6:63:d1:6d:41:0a:2d:93:c2:c0:ca:83:a9:
41:48:49:32:ae:c2:53:f3:31:80:d4:2d:0d:b7:f1:
e7:f0:40:0c:f4:52:82:8c:cf:a9:df:58:98:f4:8c:
a0:90:cd:70:a3:a3:51:58:c5:c4:e4:44:18:4f:5b:
3b:82:5e:d4:9c:b2:1d:17:4f:99:a2:e7:0e:2a:fc:
14:6f:04:48:a6:db:bd:17:69:fd:d3:09:59:71:a2:
27:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:99:0C:E2:3D:8B:FB:25:9D:26:F5:68:3E:4F:9F:94:56:C9:FD:F9
X509v3 Authority Key Identifier:
keyid:F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/IJkM4j2L-yWdJvVoPk-flFbJ_fk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.204.52.0/24
193.42.119.0/24
193.201.10.0/24
Signature Algorithm: sha256WithRSAEncryption
34:a6:75:78:b0:74:da:8e:79:6b:f2:e0:d3:64:83:f5:04:d0:
ba:87:e1:28:b0:2f:d2:bd:8d:6e:1b:83:92:f6:6e:00:8b:09:
a1:80:14:05:db:d0:aa:d0:5c:2f:90:df:29:aa:d6:a2:5e:5a:
33:3d:dd:10:ed:ee:a1:b9:94:c5:6e:ba:1f:95:3c:e5:63:19:
f6:9e:f5:28:6a:af:ef:d5:e8:17:c5:63:28:a3:5e:ca:c7:ed:
85:22:55:fd:9d:14:22:27:5e:a4:9b:a7:35:1f:d8:7c:d6:d3:
39:5a:74:dc:29:d3:0d:f9:f2:68:82:2f:d1:67:3c:57:0a:c3:
c9:f8:70:0c:86:b0:55:8e:2b:a0:12:70:87:84:82:13:b0:cb:
fb:82:6d:a8:61:72:22:7a:2e:2b:89:55:56:c3:a0:9c:7c:10:
ee:e9:39:7c:53:19:3f:a1:73:af:44:25:99:81:2a:f6:7a:33:
3f:99:de:e5:b6:43:bf:fa:98:a2:77:7e:fc:f3:85:17:6e:42:
0a:c7:9e:1b:1e:a0:c5:3b:95:6e:77:6a:bf:7a:04:c9:9b:bb:
13:8b:4f:a3:0c:5e:cc:13:6d:f2:5f:b5:74:85:a9:69:09:da:
c7:bd:e8:f2:16:33:1d:a3:68:8d:ac:4e:01:0d:30:a3:c8:d2:
a2:67:b8:a8
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY0T1+uyeBLLxxIFaCurG9xrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NWQ4YjUyODE1ZjNmMjYxM2U5NDg5OTJlYzlmZTY2MGY2
OTQ5YjQwHhcNMjQwMTE2MTk1NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDk5MGNlMjNkOGJmYjI1OWQyNmY1NjgzZTRmOWY5NDU2YzlmZGY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsjhBipfKy8sMuCB3tsnBft/IGqTd
tEk0tKCxlsx6O44oSm+ik1PcZekpwTaZGiE/CdnAFRIrhVBtbfkixs4soZl7lt83
o3n/vnPpEafiEFXU71SNygoKYMK3ZsKZhMa0S3FjzrpHTQdZW1+8/L8gKHsdb7ti
NnVRKi0k35mOjZV68OvdeqA2/+Y5xhOSPfrpkcKNhp+LO0UnoqWSQZj9UNxJfBoB
vaZj0W1BCi2TwsDKg6lBSEkyrsJT8zGA1C0Nt/Hn8EAM9FKCjM+p31iY9IygkM1w
o6NRWMXE5EQYT1s7gl7UnLIdF0+ZoucOKvwUbwRIptu9F2n90wlZcaInWQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFCCZDOI9i/slnSb1aD5Pn5RWyf35MB8GA1UdIwQY
MBaAFPddi1KBXz8mE+lImS7J/mYPaUm0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2Ut
YTQ0MTBlMTBiNmY1LzEvSUprTTRqMkwteVdkSnZWb1BrLWZsRmJKX2ZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2UtYTQ0MTBlMTBiNmY1
LzEvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPsw0AwQA
wSp3AwQAwckKMA0GCSqGSIb3DQEBCwUAA4IBAQA0pnV4sHTajnlr8uDTZIP1BNC6
h+EosC/SvY1uG4OS9m4AiwmhgBQF29Cq0FwvkN8pqtaiXlozPd0Q7e6huZTFbrof
lTzlYxn2nvUoaq/v1egXxWMoo17Kx+2FIlX9nRQiJ16km6c1H9h81tM5WnTcKdMN
+fJogi/RZzxXCsPJ+HAMhrBVjiugEnCHhIITsMv7gm2oYXIiei4riVVWw6CcfBDu
6Tl8Uxk/oXOvRCWZgSr2ejM/md7ltkO/+piid37884UXbkIKx54bHqDFO5Vud2q/
egTJm7sTi0+jDF7ME23yX7V0halpCdrHvejyFjMdo2iNrE4BDTCjyNKiZ7io
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:59 2024 by rpki-client on console-fra.rpki-client.org