Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/46e7a2-639a-4162-9ddf-b6392c50f95a/1/lkmaJwklkaSCxhxnxF5NYOJWMzw.roa
File: lkmaJwklkaSCxhxnxF5NYOJWMzw.roa (raw, json)
Hash identifier: rSYRjvhh6ayRXUVbt6I7MPLFGcJqoAurHWxSg3Nnjpc=
Subject key identifier: 96:49:9A:27:09:25:91:A4:82:C6:1C:67:C4:5E:4D:60:E2:56:33:3C
Certificate issuer: /CN=839e07e5116a5daf5578e5fd6a18c7ef349ef044
Certificate serial: 01856DCB047546CFCD09C6A10B5840D4F864
Authority key identifier: 83:9E:07:E5:11:6A:5D:AF:55:78:E5:FD:6A:18:C7:EF:34:9E:F0:44
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/g54H5RFqXa9VeOX9ahjH7zSe8EQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3f/46e7a2-639a-4162-9ddf-b6392c50f95a/1/lkmaJwklkaSCxhxnxF5NYOJWMzw.roa
Signing time: Sun 01 Jan 2023 14:44:59 +0000
ROA not before: Sun 01 Jan 2023 14:44:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42963
IP address blocks: 193.105.178.0/24 maxlen: 24
193.142.113.0/24 maxlen: 24
2001:67c:21dc::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:cb:04:75:46:cf:cd:09:c6:a1:0b:58:40:d4:f8:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=839e07e5116a5daf5578e5fd6a18c7ef349ef044
Validity
Not Before: Jan 1 14:44:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=96499a27092591a482c61c67c45e4d60e256333c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:ac:c5:2d:22:6a:d9:2a:30:66:b6:de:79:8e:
58:b2:04:49:ad:a0:db:67:d9:07:27:f2:8f:d3:1a:
51:e0:97:3f:e5:45:5b:9a:c3:65:28:e6:1c:be:ba:
b7:7c:c8:18:61:21:a0:44:a7:ef:39:b7:6a:4b:50:
d3:89:42:51:aa:88:6f:ee:d7:56:16:b5:4c:78:fc:
aa:20:bc:e5:0b:77:2d:80:dc:35:15:b6:04:91:80:
4c:d7:2f:3e:93:cf:c3:58:57:82:dd:4f:48:e7:86:
d2:12:d2:ff:03:68:98:64:a9:a2:f2:f2:5f:b8:7b:
01:cb:84:38:85:c5:1b:66:d0:50:a2:ca:6f:16:c2:
df:25:ca:53:79:c0:fc:1f:fb:ca:95:0d:1b:db:c3:
eb:7a:8c:d4:16:23:94:bd:c2:f4:a7:21:18:44:99:
70:ba:ee:47:8c:20:c3:74:1c:65:39:26:a9:e2:be:
82:96:5a:82:af:16:3d:1e:1f:36:03:aa:8b:ea:06:
95:97:9a:d0:2e:44:83:02:29:3a:07:cb:77:da:0f:
8d:f4:20:13:5b:f6:ee:f9:a5:69:35:8b:c0:7e:1b:
2c:41:3d:f9:02:14:b4:40:75:a4:26:ed:77:e6:8a:
11:a3:8e:78:71:bf:ac:3c:0a:43:d5:58:f7:c4:6c:
0d:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:49:9A:27:09:25:91:A4:82:C6:1C:67:C4:5E:4D:60:E2:56:33:3C
X509v3 Authority Key Identifier:
keyid:83:9E:07:E5:11:6A:5D:AF:55:78:E5:FD:6A:18:C7:EF:34:9E:F0:44
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g54H5RFqXa9VeOX9ahjH7zSe8EQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/46e7a2-639a-4162-9ddf-b6392c50f95a/1/lkmaJwklkaSCxhxnxF5NYOJWMzw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/46e7a2-639a-4162-9ddf-b6392c50f95a/1/g54H5RFqXa9VeOX9ahjH7zSe8EQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.105.178.0/24
193.142.113.0/24
IPv6:
2001:67c:21dc::/48
Signature Algorithm: sha256WithRSAEncryption
27:3e:d5:01:59:49:9c:ca:f1:7a:34:fd:32:7e:c1:2f:2a:5a:
e7:b5:da:70:f1:82:04:81:a7:2b:b1:10:56:37:2f:74:d0:77:
7d:fa:2d:bc:bf:bb:0b:cf:fd:7b:c1:7b:5c:6a:39:85:6c:55:
8b:d9:c0:7b:83:c5:36:5c:42:36:5b:59:71:a1:c7:c9:17:f2:
22:c9:93:57:76:9a:0e:86:c8:de:7d:96:45:76:ee:ad:54:25:
7b:f1:5f:f4:44:5b:40:5d:bd:a9:34:14:e5:06:d5:02:b9:06:
82:f4:e8:a8:2c:52:05:3a:e4:47:2b:ac:09:e0:14:d0:aa:9d:
fb:e4:6d:63:40:54:10:a4:1e:97:66:28:e9:bd:52:bf:54:7f:
80:81:76:e1:0a:3a:c8:11:81:a7:56:b4:38:78:2f:c3:87:39:
ca:48:90:c6:3b:3b:5b:0e:67:4c:98:6a:75:a4:41:60:64:14:
09:29:e1:d3:f7:32:e6:ed:e5:f0:b4:ab:e1:40:39:80:79:7b:
3c:84:86:07:29:6f:78:1b:65:8d:cd:bd:bc:1b:9a:f1:5f:75:
80:24:37:be:13:3c:d9:3a:df:f8:e5:1f:c1:f5:e2:4b:64:c7:
e3:87:51:a9:99:ba:62:71:2e:f8:f3:26:74:76:10:f6:e2:91:
05:28:19:ce
-----BEGIN CERTIFICATE-----
MIIFFDCCA/ygAwIBAgISAYVtywR1Rs/NCcahC1hA1PhkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgzOWUwN2U1MTE2YTVkYWY1NTc4ZTVmZDZhMThjN2VmMzQ5
ZWYwNDQwHhcNMjMwMTAxMTQ0NDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjQ5OWEyNzA5MjU5MWE0ODJjNjFjNjdjNDVlNGQ2MGUyNTYzMzNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7qzFLSJq2SowZrbeeY5YsgRJraDb
Z9kHJ/KP0xpR4Jc/5UVbmsNlKOYcvrq3fMgYYSGgRKfvObdqS1DTiUJRqohv7tdW
FrVMePyqILzlC3ctgNw1FbYEkYBM1y8+k8/DWFeC3U9I54bSEtL/A2iYZKmi8vJf
uHsBy4Q4hcUbZtBQospvFsLfJcpTecD8H/vKlQ0b28PreozUFiOUvcL0pyEYRJlw
uu5HjCDDdBxlOSap4r6CllqCrxY9Hh82A6qL6gaVl5rQLkSDAik6B8t32g+N9CAT
W/bu+aVpNYvAfhssQT35AhS0QHWkJu135ooRo454cb+sPApD1Vj3xGwNlwIDAQAB
o4ICIDCCAhwwHQYDVR0OBBYEFJZJmicJJZGkgsYcZ8ReTWDiVjM8MB8GA1UdIwQY
MBaAFIOeB+URal2vVXjl/WoYx+80nvBEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZzU0SDVSRnFYYTlWZU9YOWFoakg3elNlOEVRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi80NmU3YTItNjM5YS00MTYyLTlkZGYt
YjYzOTJjNTBmOTVhLzEvbGttYUp3a2xrYVNDeGh4bnhGNU5ZT0pXTXp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi80NmU3YTItNjM5YS00MTYyLTlkZGYtYjYzOTJjNTBmOTVh
LzEvZzU0SDVSRnFYYTlWZU9YOWFoakg3elNlOEVRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDYGCCsGAQUFBwEHAQH/BCcwJTASBAIAATAMAwQAwWmyAwQA
wY5xMA8EAgACMAkDBwAgAQZ8IdwwDQYJKoZIhvcNAQELBQADggEBACc+1QFZSZzK
8Xo0/TJ+wS8qWue12nDxggSBpyuxEFY3L3TQd336Lby/uwvP/XvBe1xqOYVsVYvZ
wHuDxTZcQjZbWXGhx8kX8iLJk1d2mg6GyN59lkV27q1UJXvxX/REW0Bdvak0FOUG
1QK5BoL06KgsUgU65EcrrAngFNCqnfvkbWNAVBCkHpdmKOm9Ur9Uf4CBduEKOsgR
gadWtDh4L8OHOcpIkMY7O1sOZ0yYanWkQWBkFAkp4dP3Mubt5fC0q+FAOYB5ezyE
hgcpb3gbZY3NvbwbmvFfdYAkN74TPNk63/jlH8H14ktkx+OHUamZumJxLvjzJnR2
EPbikQUoGc4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:04:38 2024 by rpki-client on console-ams.rpki-client.org