Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/1hFIc5xVWem87mMFwKS-5bcwzC4.roa
File: 1hFIc5xVWem87mMFwKS-5bcwzC4.roa (raw, json)
Hash identifier: nTeKs5gYYoKHslcOZ04VKZ3npCcAn0sceQCtaQWTaPI=
Subject key identifier: D6:11:48:73:9C:55:59:E9:BC:EE:63:05:C0:A4:BE:E5:B7:30:CC:2E
Certificate issuer: /CN=5bd74e39dda400d136126e6c3efb1cf9344277ef
Certificate serial: 018E3243C684A8A9CD85425BD58FB4328066
Authority key identifier: 5B:D7:4E:39:DD:A4:00:D1:36:12:6E:6C:3E:FB:1C:F9:34:42:77:EF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/W9dOOd2kANE2Em5sPvsc-TRCd-8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/1hFIc5xVWem87mMFwKS-5bcwzC4.roa
Signing time: Tue 12 Mar 2024 10:44:46 +0000
ROA not before: Tue 12 Mar 2024 10:44:46 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 62240
IP address blocks: 62.3.7.0/24 maxlen: 24
91.210.68.0/24 maxlen: 24
146.19.136.0/24 maxlen: 24
176.116.25.0/24 maxlen: 24
185.214.167.0/24 maxlen: 24
193.0.62.0/24 maxlen: 24
194.104.237.0/24 maxlen: 24
2a11:68c3::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:32:43:c6:84:a8:a9:cd:85:42:5b:d5:8f:b4:32:80:66
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5bd74e39dda400d136126e6c3efb1cf9344277ef
Validity
Not Before: Mar 12 10:44:46 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d61148739c5559e9bcee6305c0a4bee5b730cc2e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:00:76:b1:b8:9f:99:4d:57:35:59:44:c5:e4:
fd:6e:64:38:e0:b6:ea:16:da:07:56:1d:67:e5:6b:
4d:50:16:c7:05:42:d8:0b:6d:c2:a3:36:1c:c3:7f:
e6:2b:a6:e0:07:f5:07:94:b2:12:eb:62:8b:cd:88:
40:72:85:27:96:ab:58:f6:92:de:74:a6:96:ee:31:
9f:2f:5c:82:6d:ef:de:51:ed:48:23:67:93:79:9d:
42:97:b0:20:f0:b8:e5:84:b7:49:c3:c7:db:f3:6e:
8d:ab:1b:a1:18:59:33:46:bb:d2:5f:c9:49:99:2c:
dd:cd:d6:3f:c2:0f:a9:33:95:e3:4b:65:f4:df:94:
06:1b:15:8f:3b:26:a6:e7:0c:c4:74:2e:46:de:c8:
c7:c4:78:a3:c2:da:d9:57:c1:33:e3:ef:1d:7e:3b:
8e:e7:db:ad:cf:55:8a:a2:54:24:f3:9c:74:d9:d3:
b5:4c:96:c6:4d:79:37:02:54:84:cb:94:6a:9c:f2:
5a:ed:ee:ca:92:be:e9:4a:62:a4:09:f8:60:c9:bd:
7c:30:8a:aa:3e:89:7c:3d:47:06:e4:48:03:0c:8a:
26:3f:2d:c7:55:8c:0f:f3:52:88:86:14:6a:f0:70:
a8:b4:19:b5:df:f8:3a:8b:01:cf:29:90:65:6e:30:
2b:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:11:48:73:9C:55:59:E9:BC:EE:63:05:C0:A4:BE:E5:B7:30:CC:2E
X509v3 Authority Key Identifier:
keyid:5B:D7:4E:39:DD:A4:00:D1:36:12:6E:6C:3E:FB:1C:F9:34:42:77:EF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/W9dOOd2kANE2Em5sPvsc-TRCd-8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/1hFIc5xVWem87mMFwKS-5bcwzC4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/89ec25-72dc-4f0f-8b2f-ad7890c2e752/1/W9dOOd2kANE2Em5sPvsc-TRCd-8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.3.7.0/24
91.210.68.0/24
146.19.136.0/24
176.116.25.0/24
185.214.167.0/24
193.0.62.0/24
194.104.237.0/24
IPv6:
2a11:68c3::/32
Signature Algorithm: sha256WithRSAEncryption
00:fa:b9:04:f2:b3:8f:80:0d:bd:b6:8d:fd:07:8c:fe:12:80:
27:65:19:5b:66:0e:71:c8:b2:b4:9f:30:34:ff:fa:eb:c3:4f:
90:79:3c:c2:dc:0d:52:ee:a3:e6:dd:ba:fd:48:e0:22:83:f1:
ae:e6:f2:8c:d6:0f:40:ff:8d:e4:3b:d9:ae:6e:80:7c:fe:9a:
a3:ee:14:b6:f7:da:9a:fb:6d:1f:5a:16:cb:79:0f:2e:62:3a:
b2:5c:85:46:31:7e:c3:ca:e4:4c:48:ae:65:a3:79:f6:f2:8e:
6e:69:86:ad:9b:50:f4:8e:14:9e:84:f2:12:4a:82:ba:0c:9a:
e0:c7:c7:05:e6:ef:af:16:36:62:d0:76:c3:9e:79:95:e7:fd:
18:38:be:7b:e2:01:77:44:36:47:10:ed:eb:f8:64:86:ac:14:
e3:48:d9:97:ed:2e:ed:59:be:8c:3d:7e:84:1e:ab:c2:1c:af:
ae:9e:1b:d8:7a:f3:12:cd:95:52:bc:c4:b3:7a:7d:18:a2:0e:
32:e0:fb:36:16:e5:00:ab:f6:f2:fc:99:c2:02:b1:c9:13:f1:
13:a4:cc:c6:c1:a8:7b:94:8a:6f:30:6d:b9:73:4e:b2:57:00:
8f:f2:e5:79:fa:b8:6f:ef:a2:0c:7f:49:80:12:aa:8e:06:f7:
4d:19:97:3c
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAY4yQ8aEqKnNhUJb1Y+0MoBmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDViZDc0ZTM5ZGRhNDAwZDEzNjEyNmU2YzNlZmIxY2Y5MzQ0
Mjc3ZWYwHhcNMjQwMzEyMTA0NDQ2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjExNDg3MzljNTU1OWU5YmNlZTYzMDVjMGE0YmVlNWI3MzBjYzJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxgB2sbifmU1XNVlExeT9bmQ44Lbq
FtoHVh1n5WtNUBbHBULYC23CozYcw3/mK6bgB/UHlLIS62KLzYhAcoUnlqtY9pLe
dKaW7jGfL1yCbe/eUe1II2eTeZ1Cl7Ag8LjlhLdJw8fb826NqxuhGFkzRrvSX8lJ
mSzdzdY/wg+pM5XjS2X035QGGxWPOyam5wzEdC5G3sjHxHijwtrZV8Ez4+8dfjuO
59utz1WKolQk85x02dO1TJbGTXk3AlSEy5RqnPJa7e7Kkr7pSmKkCfhgyb18MIqq
Pol8PUcG5EgDDIomPy3HVYwP81KIhhRq8HCotBm13/g6iwHPKZBlbjArTQIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFNYRSHOcVVnpvO5jBcCkvuW3MMwuMB8GA1UdIwQY
MBaAFFvXTjndpADRNhJubD77HPk0QnfvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVzlkT09kMmtBTkUyRW01c1B2c2MtVFJDZC04LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC84OWVjMjUtNzJkYy00ZjBmLThiMmYt
YWQ3ODkwYzJlNzUyLzEvMWhGSWM1eFZXZW04N21NRndLUy01YmN3ekM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC84OWVjMjUtNzJkYy00ZjBmLThiMmYtYWQ3ODkwYzJlNzUy
LzEvVzlkT09kMmtBTkUyRW01c1B2c2MtVFJDZC04LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQAPgMHAwQA
W9JEAwQAkhOIAwQAsHQZAwQAudanAwQAwQA+AwQAwmjtMA0EAgACMAcDBQAqEWjD
MA0GCSqGSIb3DQEBCwUAA4IBAQAA+rkE8rOPgA29to39B4z+EoAnZRlbZg5xyLK0
nzA0//rrw0+QeTzC3A1S7qPm3br9SOAig/Gu5vKM1g9A/43kO9muboB8/pqj7hS2
99qa+20fWhbLeQ8uYjqyXIVGMX7DyuRMSK5lo3n28o5uaYatm1D0jhSehPISSoK6
DJrgx8cF5u+vFjZi0HbDnnmV5/0YOL574gF3RDZHEO3r+GSGrBTjSNmX7S7tWb6M
PX6EHqvCHK+unhvYevMSzZVSvMSzen0Yog4y4Ps2FuUAq/by/JnCArHJE/ETpMzG
wah7lIpvMG25c06yVwCP8uV5+rhv76IMf0mAEqqOBvdNGZc8
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:42 2024 by rpki-client on console-fra.rpki-client.org