Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/ac0c06-8072-4e30-95d1-a3d5533f1757/1/0P0R3aSVwDGWUYFHF16hRsUmibs.roa
File: 0P0R3aSVwDGWUYFHF16hRsUmibs.roa (raw, json)
Hash identifier: 1GNVrofztllsA4OsHDTD5E/GdSj6oh1iN2tF3viby3s=
Subject key identifier: D0:FD:11:DD:A4:95:C0:31:96:51:81:47:17:5E:A1:46:C5:26:89:BB
Certificate issuer: /CN=48cb94a44349f98d409b7ddb9a053df4aef1addf
Certificate serial: 0183EF6774BAB100603461691FEB191CDA66
Authority key identifier: 48:CB:94:A4:43:49:F9:8D:40:9B:7D:DB:9A:05:3D:F4:AE:F1:AD:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SMuUpENJ-Y1Am33bmgU99K7xrd8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/ac0c06-8072-4e30-95d1-a3d5533f1757/1/0P0R3aSVwDGWUYFHF16hRsUmibs.roa
Signing time: Wed 19 Oct 2022 08:41:18 +0000
ROA not before: Wed 19 Oct 2022 08:41:18 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 212238
IP address blocks: 87.249.128.0/21 maxlen: 24
87.249.136.0/23 maxlen: 24
178.249.208.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:ef:67:74:ba:b1:00:60:34:61:69:1f:eb:19:1c:da:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=48cb94a44349f98d409b7ddb9a053df4aef1addf
Validity
Not Before: Oct 19 08:41:18 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=d0fd11dda495c03196518147175ea146c52689bb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:e7:e4:d4:eb:66:68:5a:18:2c:50:54:8e:d3:
7c:94:19:6b:18:9e:29:95:3b:f8:01:35:9a:c1:a9:
08:07:ee:00:49:e7:12:05:75:3d:17:78:50:e7:46:
bc:ed:fb:91:ec:3a:d7:64:34:37:d2:8f:34:2e:60:
c9:a1:c3:4e:41:b5:3c:17:43:82:7e:c0:06:25:0a:
c5:5d:4e:1d:db:47:6f:ea:90:b7:c2:49:98:2c:bb:
7a:a5:32:33:09:49:2a:8c:50:19:e9:f2:91:1a:fc:
ec:bf:82:08:ee:16:c4:f1:77:e1:83:04:b9:41:bb:
1e:13:24:99:c2:af:66:88:a3:99:f2:46:ee:7f:b6:
04:c5:9b:fd:de:a5:ff:17:69:09:cc:08:3d:03:ff:
25:7b:d3:dd:5f:b2:13:df:4d:cd:d6:a3:cb:75:c5:
17:99:5b:10:a9:5f:7a:bd:10:89:d7:49:44:98:ab:
88:ea:7d:e2:6b:b4:e1:63:dc:17:09:b5:c2:16:3f:
cc:5a:6b:c0:70:ec:f9:87:aa:01:7a:1c:47:15:7b:
74:af:ba:3a:8f:37:db:20:dd:1b:9f:25:44:b9:d9:
b0:03:4f:33:fa:73:0c:1c:84:fc:cb:17:99:00:a5:
18:aa:16:05:58:bb:7a:ee:b7:45:c5:61:da:7e:fb:
4f:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:FD:11:DD:A4:95:C0:31:96:51:81:47:17:5E:A1:46:C5:26:89:BB
X509v3 Authority Key Identifier:
keyid:48:CB:94:A4:43:49:F9:8D:40:9B:7D:DB:9A:05:3D:F4:AE:F1:AD:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SMuUpENJ-Y1Am33bmgU99K7xrd8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/ac0c06-8072-4e30-95d1-a3d5533f1757/1/0P0R3aSVwDGWUYFHF16hRsUmibs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/ac0c06-8072-4e30-95d1-a3d5533f1757/1/SMuUpENJ-Y1Am33bmgU99K7xrd8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.249.128.0-87.249.137.255
178.249.208.0/21
Signature Algorithm: sha256WithRSAEncryption
13:51:61:99:bf:d4:95:19:41:05:56:d3:27:e8:c7:00:f8:62:
2d:18:8a:43:88:89:b5:a0:7f:6f:a2:0a:d8:2e:cf:e4:c3:da:
cd:a4:36:b2:e5:3b:2f:99:fa:68:dc:61:48:ad:6b:fb:f2:ad:
22:59:d9:a5:c9:ce:f0:20:7a:d5:de:47:37:83:a8:aa:2e:e9:
28:48:33:69:c2:d0:45:20:06:db:6c:41:7c:51:e2:09:06:fa:
d6:ec:89:72:8a:dd:ed:9d:e4:ac:f1:e7:11:a0:2e:2d:2d:b6:
34:33:78:68:74:0d:1b:7c:50:11:1c:e7:c9:8f:e9:7f:6f:93:
d1:1b:31:40:7f:7c:74:7b:67:f9:02:fd:c8:b3:e1:72:ec:b5:
2a:f2:21:44:83:9a:72:a9:30:b7:9a:14:bf:d6:5c:1c:40:b5:
77:9a:86:1f:c8:c2:b8:57:b7:f7:66:71:1d:81:ff:99:ae:a0:
32:ad:9e:c6:02:d0:17:45:52:42:ae:85:2c:09:a6:19:68:9d:
26:3f:33:c1:6c:f0:f8:65:36:a3:c0:c3:b6:ae:53:c3:5b:ba:
a0:3b:5e:df:f5:81:dd:aa:72:f4:ae:bc:0d:a7:c1:92:55:3b:
13:8c:1d:5e:c1:15:3c:34:66:10:76:af:1a:78:ba:1b:ee:c6:
b9:18:04:96
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYPvZ3S6sQBgNGFpH+sZHNpmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ4Y2I5NGE0NDM0OWY5OGQ0MDliN2RkYjlhMDUzZGY0YWVm
MWFkZGYwHhcNMjIxMDE5MDg0MTE4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMGZkMTFkZGE0OTVjMDMxOTY1MTgxNDcxNzVlYTE0NmM1MjY4OWJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm+fk1OtmaFoYLFBUjtN8lBlrGJ4p
lTv4ATWawakIB+4ASecSBXU9F3hQ50a87fuR7DrXZDQ30o80LmDJocNOQbU8F0OC
fsAGJQrFXU4d20dv6pC3wkmYLLt6pTIzCUkqjFAZ6fKRGvzsv4II7hbE8XfhgwS5
QbseEySZwq9miKOZ8kbuf7YExZv93qX/F2kJzAg9A/8le9PdX7IT303N1qPLdcUX
mVsQqV96vRCJ10lEmKuI6n3ia7ThY9wXCbXCFj/MWmvAcOz5h6oBehxHFXt0r7o6
jzfbIN0bnyVEudmwA08z+nMMHIT8yxeZAKUYqhYFWLt67rdFxWHafvtPDQIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFND9Ed2klcAxllGBRxdeoUbFJom7MB8GA1UdIwQY
MBaAFEjLlKRDSfmNQJt925oFPfSu8a3fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvU011VXBFTkotWTFBbTMzYm1nVTk5Szd4cmQ4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC9hYzBjMDYtODA3Mi00ZTMwLTk1ZDEt
YTNkNTUzM2YxNzU3LzEvMFAwUjNhU1Z3REdXVVlGSEYxNmhSc1VtaWJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC9hYzBjMDYtODA3Mi00ZTMwLTk1ZDEtYTNkNTUzM2YxNzU3
LzEvU011VXBFTkotWTFBbTMzYm1nVTk5Szd4cmQ4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAdX+YAD
BAFX+YgDBAOy+dAwDQYJKoZIhvcNAQELBQADggEBABNRYZm/1JUZQQVW0yfoxwD4
Yi0YikOIibWgf2+iCtguz+TD2s2kNrLlOy+Z+mjcYUita/vyrSJZ2aXJzvAgetXe
RzeDqKou6ShIM2nC0EUgBttsQXxR4gkG+tbsiXKK3e2d5Kzx5xGgLi0ttjQzeGh0
DRt8UBEc58mP6X9vk9EbMUB/fHR7Z/kC/ciz4XLstSryIUSDmnKpMLeaFL/WXBxA
tXeahh/IwrhXt/dmcR2B/5muoDKtnsYC0BdFUkKuhSwJphlonSY/M8Fs8PhlNqPA
w7auU8NbuqA7Xt/1gd2qcvSuvA2nwZJVOxOMHV7BFTw0ZhB2rxp4uhvuxrkYBJY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:43 2024 by rpki-client on console-ams.rpki-client.org