Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/cE1C_1YuOmzYGSyP1TizjCLm1hc.roa
File: cE1C_1YuOmzYGSyP1TizjCLm1hc.roa (raw, json)
Hash identifier: Upm/LErWsvm5/A1xy5kuxDRAUvh31JBRcT3bnEIuf+I=
Subject key identifier: 70:4D:42:FF:56:2E:3A:6C:D8:19:2C:8F:D5:38:B3:8C:22:E6:D6:17
Certificate issuer: /CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Certificate serial: 018CC8DF61B1B94D6F0A5B59B8E53D79D71D
Authority key identifier: AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/cE1C_1YuOmzYGSyP1TizjCLm1hc.roa
Signing time: Tue 02 Jan 2024 06:32:11 +0000
ROA not before: Tue 02 Jan 2024 06:32:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12513
IP address blocks: 194.46.32.0/19 maxlen: 19
194.46.64.0/19 maxlen: 19
194.46.80.0/20 maxlen: 20
212.104.128.0/19 maxlen: 19
212.108.80.0/21 maxlen: 21
212.108.88.0/22 maxlen: 22
2a02:c2c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:df:61:b1:b9:4d:6f:0a:5b:59:b8:e5:3d:79:d7:1d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Validity
Not Before: Jan 2 06:32:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=704d42ff562e3a6cd8192c8fd538b38c22e6d617
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:67:83:68:94:5c:e0:3e:36:da:62:a9:0a:49:
fd:78:b2:95:33:7d:dc:e5:9a:e6:29:15:41:c3:33:
c2:aa:c8:ba:30:cb:9c:00:8e:55:da:56:8a:71:27:
90:39:2c:28:67:a6:ed:02:b5:a2:52:30:21:3d:78:
a2:d5:2a:3d:e5:e8:b8:f6:71:53:63:82:bb:51:8c:
cc:9f:98:6f:0b:f3:45:db:8c:36:51:b0:d4:3f:86:
5c:9d:cb:8c:19:e5:2e:9c:b6:8a:14:66:b6:88:f9:
52:dd:ca:39:43:f2:6a:71:70:cc:ec:a9:61:fa:e5:
4c:0a:20:cc:f7:cd:a1:d8:da:ba:00:3e:34:37:1c:
11:fd:06:18:f2:84:14:86:00:3e:f4:a7:1a:d3:fb:
43:94:34:cc:62:7d:ef:e2:cb:f4:19:30:9a:21:a2:
da:6e:f0:8f:ee:f6:9f:35:5d:f0:48:b0:b1:dc:19:
12:42:2e:be:c4:ce:25:ba:f6:56:f0:53:48:05:c3:
2a:0c:95:4a:ae:74:5b:df:21:f5:d0:96:c6:17:13:
3b:e4:72:50:55:c5:f4:30:0d:67:2f:e3:fb:fa:9a:
ac:23:87:1f:61:77:67:df:f8:2e:20:a7:d9:aa:7a:
83:0e:4b:6d:4e:4f:5a:94:07:ba:06:82:3e:f2:93:
11:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:4D:42:FF:56:2E:3A:6C:D8:19:2C:8F:D5:38:B3:8C:22:E6:D6:17
X509v3 Authority Key Identifier:
keyid:AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/cE1C_1YuOmzYGSyP1TizjCLm1hc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.46.32.0-194.46.95.255
212.104.128.0/19
212.108.80.0-212.108.91.255
IPv6:
2a02:c2c0::/29
Signature Algorithm: sha256WithRSAEncryption
2b:69:64:99:f5:ca:0e:a0:73:e5:f7:67:a4:d9:5d:34:4e:89:
18:1f:a8:05:06:66:fe:3c:fe:98:2b:97:45:27:eb:c2:65:6e:
4f:e8:b4:6c:9d:0c:67:2e:f2:70:8e:e5:50:67:8a:50:a3:8b:
04:35:62:df:af:9d:f2:ad:13:f5:8c:65:7f:44:82:fb:83:33:
5a:00:5a:d0:9a:3b:a3:4d:aa:20:b9:05:e4:4e:be:1c:7b:3d:
dc:86:6f:1f:e9:e5:23:69:56:a5:7a:e2:84:f7:da:b6:6f:16:
3d:8c:50:56:7e:ce:31:a4:af:07:2e:92:bc:13:ef:73:c1:a9:
ac:e9:68:62:2b:7b:4d:22:44:08:31:0c:fd:30:fd:c9:fa:69:
97:c8:61:12:8f:75:ad:07:7d:60:68:f4:6d:a9:4e:6a:f2:2a:
66:74:af:47:a4:8a:cd:90:9c:10:2e:80:7b:1d:8b:d9:6d:e5:
b2:22:ed:e9:4e:8d:80:a2:5b:bd:11:cb:0b:81:85:5b:b0:93:
b2:95:92:a0:31:08:cb:69:a5:dc:34:bc:27:77:bf:ac:4e:92:
b5:0f:11:bb:e3:8a:fd:0d:ff:ff:c0:32:36:7e:32:8e:f4:ad:
c1:8c:44:13:7a:1a:75:f9:13:2a:f7:5f:f3:f0:ba:bc:ea:02:
23:e9:4e:1c
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYzI32GxuU1vCltZuOU9edcdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDM1MzkzMzY3NGE1NjA4ZjZkMWVlMmRhYjRmNjRjOGJm
ZjhmMzkwHhcNMjQwMTAyMDYzMjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MDRkNDJmZjU2MmUzYTZjZDgxOTJjOGZkNTM4YjM4YzIyZTZkNjE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAumeDaJRc4D422mKpCkn9eLKVM33c
5ZrmKRVBwzPCqsi6MMucAI5V2laKcSeQOSwoZ6btArWiUjAhPXii1So95ei49nFT
Y4K7UYzMn5hvC/NF24w2UbDUP4ZcncuMGeUunLaKFGa2iPlS3co5Q/JqcXDM7Klh
+uVMCiDM982h2Nq6AD40NxwR/QYY8oQUhgA+9Kca0/tDlDTMYn3v4sv0GTCaIaLa
bvCP7vafNV3wSLCx3BkSQi6+xM4luvZW8FNIBcMqDJVKrnRb3yH10JbGFxM75HJQ
VcX0MA1nL+P7+pqsI4cfYXdn3/guIKfZqnqDDkttTk9alAe6BoI+8pMRCwIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFHBNQv9WLjps2Bksj9U4s4wi5tYXMB8GA1UdIwQY
MBaAFK3TU5M2dKVgj20e4tq09kyL/485MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgt
NzJjODMxMjg3NjFiLzEvY0UxQ18xWXVPbXpZR1N5UDFUaXpqQ0xtMWhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgtNzJjODMxMjg3NjFi
LzEvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAoBAIAATAiMAwDBAXCLiAD
BAXCLkADBAXUaIAwDAMEBNRsUAMEAtRsWDANBAIAAjAHAwUDKgLCwDANBgkqhkiG
9w0BAQsFAAOCAQEAK2lkmfXKDqBz5fdnpNldNE6JGB+oBQZm/jz+mCuXRSfrwmVu
T+i0bJ0MZy7ycI7lUGeKUKOLBDVi36+d8q0T9Yxlf0SC+4MzWgBa0Jo7o02qILkF
5E6+HHs93IZvH+nlI2lWpXrihPfatm8WPYxQVn7OMaSvBy6SvBPvc8GprOloYit7
TSJECDEM/TD9yfppl8hhEo91rQd9YGj0balOavIqZnSvR6SKzZCcEC6Aex2L2W3l
siLt6U6NgKJbvRHLC4GFW7CTspWSoDEIy2ml3DS8J3e/rE6StQ8Ru+OK/Q3//8Ay
Nn4yjvStwYxEE3oadfkTKvdf8/C6vOoCI+lOHA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:14 2024 by rpki-client on console-fra.rpki-client.org