Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/0d64e2-e2da-468a-8f7d-7fe328571938/1/FiUdTFdj4ZuczTuEFxEbbdkcllM.roa
File: FiUdTFdj4ZuczTuEFxEbbdkcllM.roa (raw, json)
Hash identifier: +oFsgchOYf+jxTJQwDOID4kPX8vyBvwZ/AsMTsJQd+Q=
Subject key identifier: 16:25:1D:4C:57:63:E1:9B:9C:CD:3B:84:17:11:1B:6D:D9:1C:96:53
Certificate issuer: /CN=39f086ca6211bb95d0643089c7da576fe67c2152
Certificate serial: 0190352D3875947E6019EC574642F9CA8885
Authority key identifier: 39:F0:86:CA:62:11:BB:95:D0:64:30:89:C7:DA:57:6F:E6:7C:21:52
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/OfCGymIRu5XQZDCJx9pXb-Z8IVI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/0e/0d64e2-e2da-468a-8f7d-7fe328571938/1/FiUdTFdj4ZuczTuEFxEbbdkcllM.roa
Signing time: Thu 20 Jun 2024 10:24:34 +0000
ROA not before: Thu 20 Jun 2024 10:24:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 62240
IP address blocks: 5.42.218.0/24 maxlen: 24
185.109.236.0/24 maxlen: 24
195.69.161.0/24 maxlen: 24
195.211.164.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:35:2d:38:75:94:7e:60:19:ec:57:46:42:f9:ca:88:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=39f086ca6211bb95d0643089c7da576fe67c2152
Validity
Not Before: Jun 20 10:24:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=16251d4c5763e19b9ccd3b8417111b6dd91c9653
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:61:8d:81:e4:ca:bb:88:2d:2f:10:11:ad:d8:
70:c1:3e:75:03:f1:a8:08:70:43:a7:c9:c1:d2:52:
90:2e:d7:74:ae:ef:de:1b:3b:3f:2c:bc:37:ef:78:
0f:12:27:fb:4f:a4:26:65:bd:1e:12:71:cf:fc:5c:
19:5a:d5:65:96:bd:ab:2a:1a:9c:f5:71:94:35:e5:
b7:2b:c9:21:e0:89:d9:f5:52:90:f8:2a:7c:40:b3:
c7:48:db:e4:c9:cb:18:22:14:b8:4e:57:02:3f:47:
6b:1f:44:a2:90:46:e5:04:be:4d:80:1a:46:b5:76:
07:8f:3b:51:fd:50:21:82:d0:94:cf:37:87:66:c2:
98:c8:e0:07:0c:13:87:b7:66:87:a0:76:ec:b8:e6:
4e:64:54:dc:fb:88:f2:ba:5d:21:7b:a6:81:fa:b4:
b9:99:d8:d5:28:28:85:67:bd:16:b2:6c:b2:41:d9:
b2:82:b6:de:f8:be:6b:7f:61:24:f4:fb:a0:fa:fa:
65:38:27:de:bd:79:d4:6c:59:c6:c8:8c:48:f1:75:
44:d7:5f:d0:22:98:a5:71:b7:06:85:b9:4a:e5:77:
9a:ad:69:06:9d:9a:1c:95:a1:c2:86:97:1a:00:59:
1c:8a:6e:8d:83:ae:69:34:8a:04:ad:4c:95:0d:64:
e8:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:25:1D:4C:57:63:E1:9B:9C:CD:3B:84:17:11:1B:6D:D9:1C:96:53
X509v3 Authority Key Identifier:
keyid:39:F0:86:CA:62:11:BB:95:D0:64:30:89:C7:DA:57:6F:E6:7C:21:52
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/OfCGymIRu5XQZDCJx9pXb-Z8IVI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/0d64e2-e2da-468a-8f7d-7fe328571938/1/FiUdTFdj4ZuczTuEFxEbbdkcllM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/0d64e2-e2da-468a-8f7d-7fe328571938/1/OfCGymIRu5XQZDCJx9pXb-Z8IVI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.42.218.0/24
185.109.236.0/24
195.69.161.0/24
195.211.164.0/24
Signature Algorithm: sha256WithRSAEncryption
14:6d:dd:3d:19:37:02:34:88:ed:68:dc:fa:90:4a:38:f0:51:
72:ed:f5:23:8b:22:f5:70:fc:e9:dd:3f:3f:77:70:14:a8:d8:
41:a1:41:98:c4:09:8c:93:2c:45:6e:62:31:a5:11:e8:b6:84:
c8:89:0e:99:84:b1:18:d3:52:b1:5c:d8:72:e3:58:22:8f:fb:
49:4f:49:8c:0d:bb:da:35:95:a3:61:91:d4:c0:47:9b:ee:30:
39:15:de:0c:74:a3:83:1c:57:e8:f4:a7:10:68:dc:d8:6e:48:
83:af:79:55:22:18:56:84:84:60:ff:0c:ba:59:be:ee:64:16:
a6:fa:40:c2:30:a0:66:14:36:40:e8:8c:ea:ff:b8:d4:f8:3d:
19:f3:4d:5b:dd:9b:2c:5b:42:74:d8:1b:d5:37:dc:86:7e:cc:
7a:bc:21:99:b6:22:51:27:89:77:e2:3b:d3:b6:28:bf:a6:78:
11:2c:e2:dc:81:4e:ef:27:b8:bc:20:c7:db:7c:4a:8e:6b:a1:
3b:ce:5e:e0:e6:ec:08:d8:cf:85:3b:b3:e6:e5:60:6d:3b:d2:
a4:ea:a3:e7:23:ef:1e:a9:a0:b5:90:37:fc:25:a2:d9:ca:b2:
9b:a4:ce:e7:31:23:f3:e4:8a:35:67:52:6f:8b:46:fa:93:df:
2c:80:fc:0c
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAZA1LTh1lH5gGexXRkL5yoiFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM5ZjA4NmNhNjIxMWJiOTVkMDY0MzA4OWM3ZGE1NzZmZTY3
YzIxNTIwHhcNMjQwNjIwMTAyNDM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjI1MWQ0YzU3NjNlMTliOWNjZDNiODQxNzExMWI2ZGQ5MWM5NjUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6WGNgeTKu4gtLxARrdhwwT51A/Go
CHBDp8nB0lKQLtd0ru/eGzs/LLw373gPEif7T6QmZb0eEnHP/FwZWtVllr2rKhqc
9XGUNeW3K8kh4InZ9VKQ+Cp8QLPHSNvkycsYIhS4TlcCP0drH0SikEblBL5NgBpG
tXYHjztR/VAhgtCUzzeHZsKYyOAHDBOHt2aHoHbsuOZOZFTc+4jyul0he6aB+rS5
mdjVKCiFZ70WsmyyQdmygrbe+L5rf2Ek9Pug+vplOCfevXnUbFnGyIxI8XVE11/Q
IpilcbcGhblK5XearWkGnZoclaHChpcaAFkcim6Ng65pNIoErUyVDWTo9wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFBYlHUxXY+GbnM07hBcRG23ZHJZTMB8GA1UdIwQY
MBaAFDnwhspiEbuV0GQwicfaV2/mfCFSMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvT2ZDR3ltSVJ1NVhRWkRDSng5cFhiLVo4SVZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS8wZDY0ZTItZTJkYS00NjhhLThmN2Qt
N2ZlMzI4NTcxOTM4LzEvRmlVZFRGZGo0WnVjelR1RUZ4RWJiZGtjbGxNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS8wZDY0ZTItZTJkYS00NjhhLThmN2QtN2ZlMzI4NTcxOTM4
LzEvT2ZDR3ltSVJ1NVhRWkRDSng5cFhiLVo4SVZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQABSraAwQA
uW3sAwQAw0WhAwQAw9OkMA0GCSqGSIb3DQEBCwUAA4IBAQAUbd09GTcCNIjtaNz6
kEo48FFy7fUjiyL1cPzp3T8/d3AUqNhBoUGYxAmMkyxFbmIxpRHotoTIiQ6ZhLEY
01KxXNhy41gij/tJT0mMDbvaNZWjYZHUwEeb7jA5Fd4MdKODHFfo9KcQaNzYbkiD
r3lVIhhWhIRg/wy6Wb7uZBam+kDCMKBmFDZA6Izq/7jU+D0Z801b3ZssW0J02BvV
N9yGfsx6vCGZtiJRJ4l34jvTtii/pngRLOLcgU7vJ7i8IMfbfEqOa6E7zl7g5uwI
2M+FO7Pm5WBtO9Kk6qPnI+8eqaC1kDf8JaLZyrKbpM7nMSPz5Io1Z1Jvi0b6k98s
gPwM
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:02:07 2025 by rpki-client