Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/08e15b-4a24-4ce0-9454-f87a322a7776/1/O434VX7yzTeWvttAvZYShhH_Cz8.roa
File: O434VX7yzTeWvttAvZYShhH_Cz8.roa (raw, json)
Hash identifier: tD/0a+cFm+TST+K4oLNiDSKPBTroDSi4R5K3J1f7ov4=
Subject key identifier: 3B:8D:F8:55:7E:F2:CD:37:96:BE:DB:40:BD:96:12:86:11:FF:0B:3F
Certificate issuer: /CN=1bd21dfb24f7d8ce2311ba4076775474bd50be64
Certificate serial: 01886C3EA5447A5FCAB8E23B963904B89883
Authority key identifier: 1B:D2:1D:FB:24:F7:D8:CE:23:11:BA:40:76:77:54:74:BD:50:BE:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/G9Id-yT32M4jEbpAdndUdL1QvmQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/12/08e15b-4a24-4ce0-9454-f87a322a7776/1/O434VX7yzTeWvttAvZYShhH_Cz8.roa
Signing time: Tue 30 May 2023 10:40:24 +0000
ROA not before: Tue 30 May 2023 10:40:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12684
IP address blocks: 37.19.24.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:6c:3e:a5:44:7a:5f:ca:b8:e2:3b:96:39:04:b8:98:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1bd21dfb24f7d8ce2311ba4076775474bd50be64
Validity
Not Before: May 30 10:40:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3b8df8557ef2cd3796bedb40bd96128611ff0b3f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:13:88:ca:d8:a0:1f:dc:24:b4:c5:4e:17:50:
b6:63:50:8d:5b:c9:b8:b1:ff:c3:89:51:85:34:62:
2f:f2:fc:72:b0:2a:3b:5a:4e:cd:53:4f:77:e2:6c:
85:88:db:54:7b:5a:88:d3:94:21:2c:4b:57:2a:cd:
23:0c:6f:cb:31:71:bc:5e:ad:23:a5:c0:82:4b:a6:
4d:ff:34:38:11:83:86:95:f1:f0:0b:a5:fe:56:b1:
a9:46:a7:b6:c7:97:80:37:7b:0f:2d:16:45:23:75:
7d:f5:46:0c:8d:3f:d0:d5:9f:fc:d7:e0:f8:45:b5:
38:30:ac:c0:b2:d6:ee:6d:20:2c:8b:e3:9f:22:48:
0d:8e:c3:c3:44:c9:c6:09:9b:73:64:45:01:c0:cc:
c8:a2:25:77:51:2e:e8:8f:94:cc:98:c4:a3:c9:85:
fd:fd:1b:d0:01:f1:58:d8:49:3a:67:b1:36:2e:b1:
c0:6d:11:84:a6:2c:c2:8c:b1:31:60:36:80:19:d0:
1f:79:f3:9d:df:89:9b:44:68:eb:86:5d:0e:a8:77:
32:45:40:58:c9:48:c7:70:31:f2:e8:b5:91:6d:c6:
7e:53:a8:f6:0c:74:ff:92:6f:6f:55:0c:5c:62:db:
c3:4f:83:1c:71:f0:c1:9a:9b:9f:21:89:80:93:72:
ca:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:8D:F8:55:7E:F2:CD:37:96:BE:DB:40:BD:96:12:86:11:FF:0B:3F
X509v3 Authority Key Identifier:
keyid:1B:D2:1D:FB:24:F7:D8:CE:23:11:BA:40:76:77:54:74:BD:50:BE:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/G9Id-yT32M4jEbpAdndUdL1QvmQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/08e15b-4a24-4ce0-9454-f87a322a7776/1/O434VX7yzTeWvttAvZYShhH_Cz8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/12/08e15b-4a24-4ce0-9454-f87a322a7776/1/G9Id-yT32M4jEbpAdndUdL1QvmQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.19.24.0/21
Signature Algorithm: sha256WithRSAEncryption
ab:38:be:20:45:34:29:d1:9a:be:31:ff:4a:fa:55:7b:68:3b:
91:19:4a:e5:d4:a8:e1:b2:75:1d:e5:04:fe:62:5e:05:98:4a:
d3:b3:18:88:b3:33:26:9e:e2:02:0a:84:5d:e2:e5:e2:7b:be:
3f:16:b3:68:b2:8a:b9:0e:2e:10:a4:4d:a1:fc:2d:d7:bc:2e:
a6:e7:70:d2:4a:aa:7f:3a:fb:d3:65:28:f2:10:1f:a8:07:92:
1f:4a:1b:32:92:29:7a:71:18:dc:52:6f:4a:4b:5f:d1:13:79:
e5:88:16:94:ff:ca:6c:19:03:8e:9d:19:ed:00:ae:06:4e:6e:
a5:a2:89:bc:46:4f:bb:c8:18:66:60:2a:17:f5:36:83:68:82:
54:48:0f:fb:7e:58:bb:43:d7:bd:a2:ae:64:76:12:8c:f1:b0:
10:b2:26:4f:0a:87:bf:2f:13:28:c7:2e:fe:49:07:91:bf:dd:
55:f4:d1:7f:a1:22:a1:72:34:94:42:8f:24:c3:3c:5c:b3:e5:
69:5f:b2:d7:ed:e0:87:45:c7:97:2e:64:91:a5:8b:5d:80:e2:
3b:e0:cf:d2:94:9a:51:c9:94:69:37:64:63:4e:d5:6f:89:80:
b5:ee:0a:21:cc:f4:31:27:a1:c6:d0:0c:b5:a2:2f:b0:82:2e:
75:64:e2:30
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYhsPqVEel/KuOI7ljkEuJiDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFiZDIxZGZiMjRmN2Q4Y2UyMzExYmE0MDc2Nzc1NDc0YmQ1
MGJlNjQwHhcNMjMwNTMwMTA0MDI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjhkZjg1NTdlZjJjZDM3OTZiZWRiNDBiZDk2MTI4NjExZmYwYjNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnROIytigH9wktMVOF1C2Y1CNW8m4
sf/DiVGFNGIv8vxysCo7Wk7NU0934myFiNtUe1qI05QhLEtXKs0jDG/LMXG8Xq0j
pcCCS6ZN/zQ4EYOGlfHwC6X+VrGpRqe2x5eAN3sPLRZFI3V99UYMjT/Q1Z/81+D4
RbU4MKzAstbubSAsi+OfIkgNjsPDRMnGCZtzZEUBwMzIoiV3US7oj5TMmMSjyYX9
/RvQAfFY2Ek6Z7E2LrHAbRGEpizCjLExYDaAGdAfefOd34mbRGjrhl0OqHcyRUBY
yUjHcDHy6LWRbcZ+U6j2DHT/km9vVQxcYtvDT4MccfDBmpufIYmAk3LKCwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDuN+FV+8s03lr7bQL2WEoYR/ws/MB8GA1UdIwQY
MBaAFBvSHfsk99jOIxG6QHZ3VHS9UL5kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRzlJZC15VDMyTTRqRWJwQWRuZFVkTDFRdm1RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi8wOGUxNWItNGEyNC00Y2UwLTk0NTQt
Zjg3YTMyMmE3Nzc2LzEvTzQzNFZYN3l6VGVXdnR0QXZaWVNoaEhfQ3o4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi8wOGUxNWItNGEyNC00Y2UwLTk0NTQtZjg3YTMyMmE3Nzc2
LzEvRzlJZC15VDMyTTRqRWJwQWRuZFVkTDFRdm1RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDJRMYMA0G
CSqGSIb3DQEBCwUAA4IBAQCrOL4gRTQp0Zq+Mf9K+lV7aDuRGUrl1KjhsnUd5QT+
Yl4FmErTsxiIszMmnuICCoRd4uXie74/FrNosoq5Di4QpE2h/C3XvC6m53DSSqp/
OvvTZSjyEB+oB5IfShsykil6cRjcUm9KS1/RE3nliBaU/8psGQOOnRntAK4GTm6l
oom8Rk+7yBhmYCoX9TaDaIJUSA/7fli7Q9e9oq5kdhKM8bAQsiZPCoe/LxMoxy7+
SQeRv91V9NF/oSKhcjSUQo8kwzxcs+VpX7LX7eCHRceXLmSRpYtdgOI74M/SlJpR
yZRpN2RjTtVviYC17gohzPQxJ6HG0Ay1oi+wgi51ZOIw
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:17:19 2025 by rpki-client