Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/fZc7_iqNcMUZXKuTKLhweLRnrpQ.roa
File: fZc7_iqNcMUZXKuTKLhweLRnrpQ.roa (raw, json)
Hash identifier: Zi2hh3OekyKPVxppEb3wWupy67EAINYKI5VSqy6GLFY=
Subject key identifier: 7D:97:3B:FE:2A:8D:70:C5:19:5C:AB:93:28:B8:70:78:B4:67:AE:94
Certificate issuer: /CN=f4e018fddfd422517c3069e75658657b40e73601
Certificate serial: 018CC7272C6C19319D0C2740AB9676095B2C
Authority key identifier: F4:E0:18:FD:DF:D4:22:51:7C:30:69:E7:56:58:65:7B:40:E7:36:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9OAY_d_UIlF8MGnnVlhle0DnNgE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/fZc7_iqNcMUZXKuTKLhweLRnrpQ.roa
Signing time: Mon 01 Jan 2024 22:31:22 +0000
ROA not before: Mon 01 Jan 2024 22:31:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 47583
IP address blocks: 141.136.33.0/24 maxlen: 24
141.136.36.0/24 maxlen: 24
141.136.35.0/24 maxlen: 24
141.136.34.0/24 maxlen: 24
141.136.39.0/24 maxlen: 24
141.136.44.0/24 maxlen: 24
141.136.44.0/23 maxlen: 23
141.136.43.0/24 maxlen: 24
141.136.42.0/24 maxlen: 24
141.136.41.0/24 maxlen: 24
141.136.47.0/24 maxlen: 24
141.136.46.0/24 maxlen: 24
141.136.45.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:27:2c:6c:19:31:9d:0c:27:40:ab:96:76:09:5b:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f4e018fddfd422517c3069e75658657b40e73601
Validity
Not Before: Jan 1 22:31:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7d973bfe2a8d70c5195cab9328b87078b467ae94
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:54:30:34:04:70:bc:d9:23:54:9a:a8:b3:9c:
46:ba:a0:00:23:f6:7d:b4:da:5c:dc:47:a3:15:14:
f6:f4:60:ec:e0:e7:30:02:22:f7:36:eb:be:78:76:
97:35:15:f9:8c:fc:fc:83:5f:46:ec:d1:df:9d:bd:
02:bd:b1:f8:c3:93:b3:b7:f7:7a:97:6a:3f:de:bb:
07:29:ce:bb:27:d6:af:84:41:87:ca:67:65:db:15:
a1:c9:48:25:ae:e3:b4:3c:f1:07:44:ca:7e:1d:9e:
6e:b9:2e:72:fb:e1:a5:da:9a:28:4e:81:92:ac:67:
25:57:49:19:a2:44:6f:72:74:6e:0c:2e:3b:e0:31:
f2:5a:1e:8d:b1:a5:5b:0f:4e:cd:27:bd:9f:2e:8c:
c2:eb:80:02:dd:25:9d:e4:bc:2e:58:bc:81:61:9a:
03:1d:af:94:f7:67:f8:5e:cf:50:6b:fc:af:6e:f6:
0f:51:8e:42:76:15:5a:6d:72:be:55:a5:d7:47:03:
43:81:19:bf:58:68:13:3e:e8:36:0e:72:f1:b7:f8:
bc:57:0c:85:8d:43:dd:e2:da:48:68:49:20:5f:b3:
1c:ae:a2:6f:25:cd:b9:1e:11:fa:10:4b:c3:e9:c6:
1b:b8:31:85:b3:bc:32:17:55:4f:55:b1:99:3a:b9:
a6:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:97:3B:FE:2A:8D:70:C5:19:5C:AB:93:28:B8:70:78:B4:67:AE:94
X509v3 Authority Key Identifier:
keyid:F4:E0:18:FD:DF:D4:22:51:7C:30:69:E7:56:58:65:7B:40:E7:36:01
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9OAY_d_UIlF8MGnnVlhle0DnNgE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/fZc7_iqNcMUZXKuTKLhweLRnrpQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/9OAY_d_UIlF8MGnnVlhle0DnNgE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.136.33.0-141.136.36.255
141.136.39.0/24
141.136.41.0-141.136.47.255
Signature Algorithm: sha256WithRSAEncryption
58:5e:84:04:c1:c0:91:19:ac:1d:c4:9c:43:ab:6b:8f:c2:7c:
3f:b1:af:34:54:39:fa:5c:70:6c:d7:64:f2:6b:a2:f8:9d:34:
a3:44:a1:c6:08:02:e4:f2:31:60:6a:63:41:eb:77:a4:af:d5:
ce:52:9e:5f:4c:1f:de:70:63:a1:32:ba:cd:3d:aa:d8:59:84:
42:5a:f8:dc:6e:0e:5f:8e:fd:0f:42:65:ec:05:39:c8:12:78:
66:71:f5:37:95:7d:f9:c4:f8:bb:71:20:cb:07:3f:77:e0:94:
cc:63:44:9d:ec:25:72:0c:95:47:70:fe:bf:62:20:3d:58:a9:
17:0f:09:22:00:f2:46:0e:19:60:8d:c3:9b:d9:e8:ba:b2:ec:
05:0a:0d:30:47:cd:04:e1:b2:5d:dc:29:b0:bb:92:3e:56:46:
9b:5a:cf:77:e5:cc:fa:52:ba:65:aa:37:87:92:31:91:6c:e7:
12:7a:8e:84:bf:ec:3a:8c:d1:b8:d4:01:b5:ff:e1:d5:f3:86:
a0:13:9b:99:f1:f8:6d:8c:04:97:3b:ba:80:f1:d8:da:26:1f:
05:27:1c:ed:4c:59:bf:fc:ea:c0:f6:ef:ea:af:d3:79:9d:f2:
9d:c6:5e:92:2d:b3:16:18:49:e6:f3:93:f8:93:81:10:c0:ba:
63:17:89:85
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYzHJyxsGTGdDCdAq5Z2CVssMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZTAxOGZkZGZkNDIyNTE3YzMwNjllNzU2NTg2NTdiNDBl
NzM2MDEwHhcNMjQwMTAxMjIzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDk3M2JmZTJhOGQ3MGM1MTk1Y2FiOTMyOGI4NzA3OGI0NjdhZTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApFQwNARwvNkjVJqos5xGuqAAI/Z9
tNpc3EejFRT29GDs4OcwAiL3Nuu+eHaXNRX5jPz8g19G7NHfnb0CvbH4w5Ozt/d6
l2o/3rsHKc67J9avhEGHymdl2xWhyUglruO0PPEHRMp+HZ5uuS5y++Gl2pooToGS
rGclV0kZokRvcnRuDC474DHyWh6NsaVbD07NJ72fLozC64AC3SWd5LwuWLyBYZoD
Ha+U92f4Xs9Qa/yvbvYPUY5CdhVabXK+VaXXRwNDgRm/WGgTPug2DnLxt/i8VwyF
jUPd4tpIaEkgX7McrqJvJc25HhH6EEvD6cYbuDGFs7wyF1VPVbGZOrmmSQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFH2XO/4qjXDFGVyrkyi4cHi0Z66UMB8GA1UdIwQY
MBaAFPTgGP3f1CJRfDBp51ZYZXtA5zYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU9BWV9kX1VJbEY4TUdublZsaGxlMERuTmdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9hZDZmNWYtNTNiNS00ZTA3LTk0YjQt
NzBmOTRkNWVlNWZjLzEvZlpjN19pcU5jTVVaWEt1VEtMaHdlTFJucnBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9hZDZmNWYtNTNiNS00ZTA3LTk0YjQtNzBmOTRkNWVlNWZj
LzEvOU9BWV9kX1VJbEY4TUdublZsaGxlMERuTmdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBACNiCED
BACNiCQDBACNiCcwDAMEAI2IKQMEBI2IIDANBgkqhkiG9w0BAQsFAAOCAQEAWF6E
BMHAkRmsHcScQ6trj8J8P7GvNFQ5+lxwbNdk8mui+J00o0ShxggC5PIxYGpjQet3
pK/VzlKeX0wf3nBjoTK6zT2q2FmEQlr43G4OX479D0Jl7AU5yBJ4ZnH1N5V9+cT4
u3Egywc/d+CUzGNEnewlcgyVR3D+v2IgPVipFw8JIgDyRg4ZYI3Dm9nourLsBQoN
MEfNBOGyXdwpsLuSPlZGm1rPd+XM+lK6Zao3h5IxkWznEnqOhL/sOozRuNQBtf/h
1fOGoBObmfH4bYwElzu6gPHY2iYfBScc7UxZv/zqwPbv6q/TeZ3yncZeki2zFhhJ
5vOT+JOBEMC6YxeJhQ==
-----END CERTIFICATE-----
Generated at Wed Nov 6 19:54:06 2024 by rpki-client on console-ams.rpki-client.org