Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/Su6POryHyMeOYZmFkCO5o4Njhwc.roa
File: Su6POryHyMeOYZmFkCO5o4Njhwc.roa (raw, json)
Hash identifier: bRBoUE8sXYIg5U4XY4C5nl9AhOEwSZu9Y7inuDeBgm8=
Subject key identifier: 4A:EE:8F:3A:BC:87:C8:C7:8E:61:99:85:90:23:B9:A3:83:63:87:07
Certificate issuer: /CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Certificate serial: 018EC783441212F42016A17F71266EDC0136
Authority key identifier: F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/Su6POryHyMeOYZmFkCO5o4Njhwc.roa
Signing time: Wed 10 Apr 2024 10:17:32 +0000
ROA not before: Wed 10 Apr 2024 10:17:32 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 59729
IP address blocks: 5.42.195.0/24 maxlen: 24
193.200.199.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:c7:83:44:12:12:f4:20:16:a1:7f:71:26:6e:dc:01:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f75d8b52815f3f2613e948992ec9fe660f6949b4
Validity
Not Before: Apr 10 10:17:32 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4aee8f3abc87c8c78e6199859023b9a383638707
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:59:cd:ee:d5:30:f7:44:40:31:d3:5c:e1:c0:
23:1b:fc:9a:17:4a:ce:74:e9:6d:c0:43:e6:38:df:
ed:40:34:4f:d4:fa:69:9c:7f:05:cb:de:17:5b:9b:
b9:1d:70:a6:30:25:b6:ef:ab:65:4f:89:33:7b:d8:
09:84:0e:72:d8:93:b5:d3:3c:f7:93:bc:05:2b:65:
6c:3d:95:94:91:8f:8a:4c:f5:f0:39:57:ef:13:74:
19:97:f3:01:1d:15:54:66:fd:85:4d:aa:de:1d:19:
27:92:ae:6e:bc:e5:c5:2c:8d:bc:16:30:b0:f7:c5:
d7:8d:bb:87:c5:b1:3d:22:b2:cf:b3:18:96:8c:93:
23:3b:c7:30:d7:ca:4c:f9:10:34:d4:07:ff:4a:46:
1d:ab:d8:0d:4a:df:c1:46:51:0c:2f:04:e7:01:df:
74:4f:49:1b:7b:0f:5e:ed:b7:d0:92:9d:00:0d:ea:
07:0b:8e:84:17:e2:fb:ad:0e:f2:f4:0c:c8:3e:0f:
5f:03:a7:8b:54:90:03:7f:2a:c6:17:8a:ce:97:b7:
9a:50:03:9f:8e:01:85:d5:6d:b3:84:21:bf:cb:d1:
55:5b:c5:a0:21:4a:8c:b6:a3:3d:d3:30:90:30:67:
ed:3d:2c:6a:9a:a7:0f:ac:da:b1:72:3c:3f:ab:be:
89:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:EE:8F:3A:BC:87:C8:C7:8E:61:99:85:90:23:B9:A3:83:63:87:07
X509v3 Authority Key Identifier:
keyid:F7:5D:8B:52:81:5F:3F:26:13:E9:48:99:2E:C9:FE:66:0F:69:49:B4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/912LUoFfPyYT6UiZLsn-Zg9pSbQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/Su6POryHyMeOYZmFkCO5o4Njhwc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/08/9514ed-276e-4aba-897e-a4410e10b6f5/1/912LUoFfPyYT6UiZLsn-Zg9pSbQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.42.195.0/24
193.200.199.0/24
Signature Algorithm: sha256WithRSAEncryption
70:88:ef:d2:f5:6d:e2:42:eb:96:2f:46:00:69:99:36:36:9d:
9b:ce:c0:c8:df:d9:a4:5c:63:3f:ca:a3:18:6e:ec:d3:e3:97:
4a:af:5f:25:5b:a7:dd:d6:2b:6e:fd:6c:e0:bf:3c:cf:f0:69:
bf:de:fc:93:7b:b6:81:df:3e:38:c3:cc:cd:bb:52:2f:87:ae:
90:9e:bb:78:b8:c6:85:2e:4b:b1:c6:7a:00:5e:02:57:fb:6b:
40:aa:1c:65:cc:b6:b4:90:fd:ca:15:8c:26:3b:a0:d4:ab:ee:
02:c9:23:71:e3:0e:d0:30:a4:27:7a:7a:2e:ea:e2:84:8e:77:
96:63:13:e0:94:91:2d:a3:41:3c:d3:7f:6c:3a:90:04:fb:80:
31:d8:23:ee:d6:85:20:7a:97:df:8e:f0:3b:5d:e2:71:f1:af:
d7:b2:c7:b1:f3:db:51:7f:d8:88:c7:e5:24:00:13:0d:75:3d:
d7:97:7a:ce:00:68:3d:50:62:10:8a:f6:01:00:ee:e2:bc:13:
2e:85:c1:46:66:d6:39:fe:7b:91:ff:8f:77:fc:f8:0c:7f:b3:
cb:d6:be:6a:59:ae:06:20:e5:53:97:27:7c:30:90:8c:a1:a5:
23:78:09:f8:b4:0d:11:e7:95:8b:3b:65:ea:1e:22:93:ae:63:
bd:a7:84:20
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAY7Hg0QSEvQgFqF/cSZu3AE2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY3NWQ4YjUyODE1ZjNmMjYxM2U5NDg5OTJlYzlmZTY2MGY2
OTQ5YjQwHhcNMjQwNDEwMTAxNzMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWVlOGYzYWJjODdjOGM3OGU2MTk5ODU5MDIzYjlhMzgzNjM4NzA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy1nN7tUw90RAMdNc4cAjG/yaF0rO
dOltwEPmON/tQDRP1PppnH8Fy94XW5u5HXCmMCW276tlT4kze9gJhA5y2JO10zz3
k7wFK2VsPZWUkY+KTPXwOVfvE3QZl/MBHRVUZv2FTareHRknkq5uvOXFLI28FjCw
98XXjbuHxbE9IrLPsxiWjJMjO8cw18pM+RA01Af/SkYdq9gNSt/BRlEMLwTnAd90
T0kbew9e7bfQkp0ADeoHC46EF+L7rQ7y9AzIPg9fA6eLVJADfyrGF4rOl7eaUAOf
jgGF1W2zhCG/y9FVW8WgIUqMtqM90zCQMGftPSxqmqcPrNqxcjw/q76JswIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFErujzq8h8jHjmGZhZAjuaODY4cHMB8GA1UdIwQY
MBaAFPddi1KBXz8mE+lImS7J/mYPaUm0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2Ut
YTQ0MTBlMTBiNmY1LzEvU3U2UE9yeUh5TWVPWVptRmtDTzVvNE5qaHdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wOC85NTE0ZWQtMjc2ZS00YWJhLTg5N2UtYTQ0MTBlMTBiNmY1
LzEvOTEyTFVvRmZQeVlUNlVpWkxzbi1aZzlwU2JRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQABSrDAwQA
wcjHMA0GCSqGSIb3DQEBCwUAA4IBAQBwiO/S9W3iQuuWL0YAaZk2Np2bzsDI39mk
XGM/yqMYbuzT45dKr18lW6fd1itu/WzgvzzP8Gm/3vyTe7aB3z44w8zNu1Ivh66Q
nrt4uMaFLkuxxnoAXgJX+2tAqhxlzLa0kP3KFYwmO6DUq+4CySNx4w7QMKQnenou
6uKEjneWYxPglJEto0E8039sOpAE+4Ax2CPu1oUgepffjvA7XeJx8a/Xssex89tR
f9iIx+UkABMNdT3Xl3rOAGg9UGIQivYBAO7ivBMuhcFGZtY5/nuR/493/PgMf7PL
1r5qWa4GIOVTlyd8MJCMoaUjeAn4tA0R55WLO2XqHiKTrmO9p4Qg
-----END CERTIFICATE-----
Generated at Wed Aug 21 09:58:20 2024 by rpki-client on console-fra.rpki-client.org