Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/ac0c06-8072-4e30-95d1-a3d5533f1757/1/UcCkUN6L0ywim9vo1uboFKLbg6o.roa
File: UcCkUN6L0ywim9vo1uboFKLbg6o.roa (raw, json)
Hash identifier: EQNVBEs9//wU7Pm5368dEFV0jA7jrk2JrAXp0aoHOpE=
Subject key identifier: 51:C0:A4:50:DE:8B:D3:2C:22:9B:DB:E8:D6:E6:E8:14:A2:DB:83:AA
Certificate issuer: /CN=48cb94a44349f98d409b7ddb9a053df4aef1addf
Certificate serial: 8E3C0F
Authority key identifier: 48:CB:94:A4:43:49:F9:8D:40:9B:7D:DB:9A:05:3D:F4:AE:F1:AD:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/SMuUpENJ-Y1Am33bmgU99K7xrd8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/ac0c06-8072-4e30-95d1-a3d5533f1757/1/UcCkUN6L0ywim9vo1uboFKLbg6o.roa
Signing time: Sat 01 Jan 2022 02:58:18 +0000
ROA not before: Sat 01 Jan 2022 02:58:18 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 212238
IP address blocks: 87.249.128.0/21 maxlen: 24
87.249.136.0/23 maxlen: 24
185.24.8.0/22 maxlen: 24
178.249.208.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 9321487 (0x8e3c0f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=48cb94a44349f98d409b7ddb9a053df4aef1addf
Validity
Not Before: Jan 1 02:58:18 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=51c0a450de8bd32c229bdbe8d6e6e814a2db83aa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:7e:49:fd:9b:58:ef:f3:25:97:1f:b6:c4:3a:
38:72:19:96:24:b9:cb:42:d5:92:6b:7e:85:23:f2:
7f:98:44:e6:ce:25:bd:5d:af:3d:1b:ad:bb:c4:45:
e1:26:1b:69:75:4a:0b:31:78:fb:e6:31:e3:e0:3f:
8e:59:7f:cf:52:0c:79:bc:61:a5:cb:95:18:1d:20:
5d:06:36:04:ae:9d:f1:3a:75:b5:02:b3:c5:1d:38:
72:ce:31:2b:f3:65:dc:49:88:30:07:ac:95:b0:1a:
bd:c4:38:d8:2b:2a:71:e9:5e:79:aa:c1:b1:28:1a:
be:9c:f4:95:79:f3:72:f3:ec:7a:48:ad:58:f9:5f:
df:ee:47:f8:67:c8:b5:af:d7:09:dd:c5:a8:bd:47:
91:e1:28:d1:f9:f0:ba:e5:12:e2:bd:e1:ed:32:af:
61:29:d9:8c:00:a0:23:ea:cd:a6:f4:24:8c:0a:a0:
82:3d:d5:8e:c8:e6:f1:e2:eb:18:ac:0b:9f:2d:96:
64:5d:e7:ea:48:c2:41:03:29:1d:26:99:d0:20:62:
5c:81:f8:ce:7d:c5:93:86:a9:9c:7c:46:4e:a5:8a:
02:ce:3e:cb:42:01:9a:3f:2d:94:aa:41:c7:64:a5:
62:61:ea:81:55:37:3b:da:2a:5c:0a:66:f7:3f:02:
a1:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:C0:A4:50:DE:8B:D3:2C:22:9B:DB:E8:D6:E6:E8:14:A2:DB:83:AA
X509v3 Authority Key Identifier:
keyid:48:CB:94:A4:43:49:F9:8D:40:9B:7D:DB:9A:05:3D:F4:AE:F1:AD:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/SMuUpENJ-Y1Am33bmgU99K7xrd8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/ac0c06-8072-4e30-95d1-a3d5533f1757/1/UcCkUN6L0ywim9vo1uboFKLbg6o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/ac0c06-8072-4e30-95d1-a3d5533f1757/1/SMuUpENJ-Y1Am33bmgU99K7xrd8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.249.128.0-87.249.137.255
178.249.208.0/21
185.24.8.0/22
Signature Algorithm: sha256WithRSAEncryption
06:98:3a:40:ee:9c:39:6f:54:1b:e0:95:51:96:9b:da:b5:c3:
ad:73:ed:d3:c2:88:40:c1:20:2a:a3:6a:29:39:74:f1:c0:28:
e8:28:65:a5:d3:55:4a:b7:61:12:0c:e2:2a:55:d3:16:ac:9d:
8b:25:9d:90:61:e3:55:dd:90:01:66:e7:86:61:ed:d4:3a:82:
f2:bd:2a:00:ef:7a:01:6b:e6:7b:0b:00:12:23:e8:fb:0f:e0:
c7:db:f7:fc:d8:81:78:01:7e:08:4f:4c:5f:0f:cb:bc:e8:d8:
47:d3:2e:1e:72:c9:e1:1f:7b:e3:c6:cd:43:24:aa:2b:2a:cc:
10:5e:6e:bf:34:1b:af:1a:2d:f1:36:e9:fb:0b:de:b6:22:3f:
c2:24:4f:77:2e:70:b9:2a:d3:ad:bd:ae:a9:a4:d3:07:cd:d3:
c9:e1:a0:0c:29:16:4e:75:3f:aa:95:59:d7:37:9b:83:5a:0d:
f8:7c:6b:a1:36:b7:82:48:f7:cb:09:84:8a:b1:de:26:83:d3:
ac:2b:1f:c1:fb:2b:04:8e:26:59:90:ae:ad:66:6f:0e:0c:ac:
16:ca:76:8b:b6:a7:72:fa:58:64:0b:9c:c8:47:99:35:cb:46:
0a:d7:24:7c:5d:e2:ab:cc:23:36:69:d2:33:6d:77:1b:31:c3:
62:81:4d:f5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgIEAI48DzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
OGNiOTRhNDQzNDlmOThkNDA5YjdkZGI5YTA1M2RmNGFlZjFhZGRmMB4XDTIyMDEw
MTAyNTgxOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTFjMGE0NTBkZThi
ZDMyYzIyOWJkYmU4ZDZlNmU4MTRhMmRiODNhYTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALJ+Sf2bWO/zJZcftsQ6OHIZliS5y0LVkmt+hSPyf5hE5s4l
vV2vPRutu8RF4SYbaXVKCzF4++Yx4+A/jll/z1IMebxhpcuVGB0gXQY2BK6d8Tp1
tQKzxR04cs4xK/Nl3EmIMAeslbAavcQ42CsqceleearBsSgavpz0lXnzcvPsekit
WPlf3+5H+GfIta/XCd3FqL1HkeEo0fnwuuUS4r3h7TKvYSnZjACgI+rNpvQkjAqg
gj3Vjsjm8eLrGKwLny2WZF3n6kjCQQMpHSaZ0CBiXIH4zn3Fk4apnHxGTqWKAs4+
y0IBmj8tlKpBx2SlYmHqgVU3O9oqXApm9z8CobkCAwEAAaOCAh0wggIZMB0GA1Ud
DgQWBBRRwKRQ3ovTLCKb2+jW5ugUotuDqjAfBgNVHSMEGDAWgBRIy5SkQ0n5jUCb
fduaBT30rvGt3zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1NNdVVwRU5KLVkxQW0zM2JtZ1U5OUs3eHJkOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDgvYWMwYzA2LTgwNzItNGUzMC05NWQxLWEzZDU1MzNmMTc1Ny8x
L1VjQ2tVTjZMMHl3aW05dm8xdWJvRktMYmc2by5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDgv
YWMwYzA2LTgwNzItNGUzMC05NWQxLWEzZDU1MzNmMTc1Ny8xL1NNdVVwRU5KLVkx
QW0zM2JtZ1U5OUs3eHJkOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAz
BggrBgEFBQcBBwEB/wQkMCIwIAQCAAEwGjAMAwQHV/mAAwQBV/mIAwQDsvnQAwQC
uRgIMA0GCSqGSIb3DQEBCwUAA4IBAQAGmDpA7pw5b1Qb4JVRlpvatcOtc+3TwohA
wSAqo2opOXTxwCjoKGWl01VKt2ESDOIqVdMWrJ2LJZ2QYeNV3ZABZueGYe3UOoLy
vSoA73oBa+Z7CwASI+j7D+DH2/f82IF4AX4IT0xfD8u86NhH0y4ecsnhH3vjxs1D
JKorKswQXm6/NBuvGi3xNun7C962Ij/CJE93LnC5KtOtva6ppNMHzdPJ4aAMKRZO
dT+qlVnXN5uDWg34fGuhNreCSPfLCYSKsd4mg9OsKx/B+ysEjiZZkK6tZm8ODKwW
ynaLtqdy+lhkC5zIR5k1y0YK1yR8XeKrzCM2adIzbXcbMcNigU31
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:51:43 2024 by rpki-client on console-ams.rpki-client.org