Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/pSIyceiulETY062INkl5phfqANI.roa
File: pSIyceiulETY062INkl5phfqANI.roa (raw, json)
Hash identifier: M32IwLp3jnQji/cpI8e3TgMiCNn369p2BFr6H4UCSy4=
Subject key identifier: A5:22:32:71:E8:AE:94:44:D8:D3:AD:88:36:49:79:A6:17:EA:00:D2
Certificate issuer: /CN=f4e018fddfd422517c3069e75658657b40e73601
Certificate serial: 01857070628F716B90150C240114CE1A6CAB
Authority key identifier: F4:E0:18:FD:DF:D4:22:51:7C:30:69:E7:56:58:65:7B:40:E7:36:01
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9OAY_d_UIlF8MGnnVlhle0DnNgE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/pSIyceiulETY062INkl5phfqANI.roa
Signing time: Mon 02 Jan 2023 03:04:51 +0000
ROA not before: Mon 02 Jan 2023 03:04:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34037
IP address blocks: 195.191.141.0/24 maxlen: 24
195.191.177.0/24 maxlen: 24
141.136.32.0/24 maxlen: 24
141.136.37.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:70:62:8f:71:6b:90:15:0c:24:01:14:ce:1a:6c:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f4e018fddfd422517c3069e75658657b40e73601
Validity
Not Before: Jan 2 03:04:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a5223271e8ae9444d8d3ad88364979a617ea00d2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:3b:c9:90:68:10:ee:e9:8a:06:75:c3:5f:d8:
4d:fd:5f:a1:92:9a:91:fe:8f:df:40:c9:83:36:0a:
94:73:af:70:66:6d:66:fd:f5:ca:38:ca:0c:57:d1:
05:3c:69:23:9c:c4:21:14:92:36:cb:f9:42:89:8c:
50:22:d2:d4:d0:c5:11:1e:ff:36:56:be:00:23:6d:
60:62:46:6e:33:47:58:5e:1a:92:2c:8a:8f:8b:76:
f8:88:d6:7d:ea:87:35:6d:e9:2b:99:ee:67:94:3e:
75:97:59:7b:eb:60:b1:4d:49:bb:73:df:08:89:69:
dd:73:97:3f:36:96:15:12:6e:eb:57:71:f4:b1:66:
ab:3f:8f:c7:89:d5:88:c0:f8:4d:e6:42:dd:25:de:
3d:e8:f1:37:30:c8:29:8e:07:98:ae:c9:52:2b:2b:
61:3d:ac:cd:ab:ad:00:54:b8:24:e5:b6:b9:cf:70:
8c:11:f2:d8:c7:e8:d9:15:40:fd:e5:20:b6:42:94:
61:eb:81:e8:58:77:b8:dd:f2:75:b5:10:6e:a6:af:
32:76:ac:c9:4b:65:4a:9d:e8:31:db:bf:63:70:d6:
9c:d1:d6:44:c5:a5:5b:33:bb:ae:2c:22:f3:f5:ec:
3d:5c:8a:c9:e8:88:13:ac:ec:7d:c2:76:4b:66:fa:
38:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A5:22:32:71:E8:AE:94:44:D8:D3:AD:88:36:49:79:A6:17:EA:00:D2
X509v3 Authority Key Identifier:
keyid:F4:E0:18:FD:DF:D4:22:51:7C:30:69:E7:56:58:65:7B:40:E7:36:01
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9OAY_d_UIlF8MGnnVlhle0DnNgE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/pSIyceiulETY062INkl5phfqANI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/12/ad6f5f-53b5-4e07-94b4-70f94d5ee5fc/1/9OAY_d_UIlF8MGnnVlhle0DnNgE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
141.136.32.0/24
141.136.37.0/24
195.191.141.0/24
195.191.177.0/24
Signature Algorithm: sha256WithRSAEncryption
7b:ed:b2:c6:a5:46:9f:08:8a:58:29:31:28:1f:75:16:56:f6:
1f:fb:00:d5:e7:4d:0c:50:d7:ca:c7:21:ad:a8:b7:81:66:a8:
05:bc:7e:2b:c8:af:07:7e:61:90:d0:d1:68:65:4b:1c:1a:9e:
a3:eb:9e:64:7a:68:9a:e4:bf:c7:a1:7d:8d:31:61:db:df:e2:
54:09:8f:25:0f:89:fe:1b:72:b6:51:a8:76:80:f2:98:64:bf:
6a:4b:64:c8:08:b2:95:99:34:56:92:db:70:13:c8:40:d7:bb:
bc:d1:cc:8a:9e:85:27:3d:57:e6:b6:1e:6a:81:36:87:47:c2:
4c:61:ad:94:f0:51:f8:97:35:af:75:86:0c:af:4c:bc:d6:40:
d6:a4:70:38:69:40:45:ed:ad:ed:f5:e6:48:1f:eb:18:d0:62:
9d:f3:d4:38:f4:f2:60:17:8a:89:f0:94:b1:3a:5b:5c:67:bd:
0c:66:d2:44:4c:9c:08:11:01:68:18:d0:1f:c9:cf:28:da:16:
6b:4a:6b:35:cc:e6:f7:da:43:c1:a1:2a:7b:6d:b4:0e:8c:8d:
e8:6c:14:75:f7:e2:0e:ee:a6:8d:ec:78:3e:17:7b:62:ee:7c:
90:8b:ce:e8:d1:52:83:b5:c4:9b:47:73:95:7d:0b:d1:4e:1a:
ad:d3:f5:dd
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVwcGKPcWuQFQwkARTOGmyrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0ZTAxOGZkZGZkNDIyNTE3YzMwNjllNzU2NTg2NTdiNDBl
NzM2MDEwHhcNMjMwMTAyMDMwNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNTIyMzI3MWU4YWU5NDQ0ZDhkM2FkODgzNjQ5NzlhNjE3ZWEwMGQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzvJkGgQ7umKBnXDX9hN/V+hkpqR
/o/fQMmDNgqUc69wZm1m/fXKOMoMV9EFPGkjnMQhFJI2y/lCiYxQItLU0MURHv82
Vr4AI21gYkZuM0dYXhqSLIqPi3b4iNZ96oc1bekrme5nlD51l1l762CxTUm7c98I
iWndc5c/NpYVEm7rV3H0sWarP4/HidWIwPhN5kLdJd496PE3MMgpjgeYrslSKyth
PazNq60AVLgk5ba5z3CMEfLYx+jZFUD95SC2QpRh64HoWHe43fJ1tRBupq8ydqzJ
S2VKnegx279jcNac0dZExaVbM7uuLCLz9ew9XIrJ6IgTrOx9wnZLZvo4UwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKUiMnHorpRE2NOtiDZJeaYX6gDSMB8GA1UdIwQY
MBaAFPTgGP3f1CJRfDBp51ZYZXtA5zYBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU9BWV9kX1VJbEY4TUdublZsaGxlMERuTmdFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMi9hZDZmNWYtNTNiNS00ZTA3LTk0YjQt
NzBmOTRkNWVlNWZjLzEvcFNJeWNlaXVsRVRZMDYySU5rbDVwaGZxQU5JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMi9hZDZmNWYtNTNiNS00ZTA3LTk0YjQtNzBmOTRkNWVlNWZj
LzEvOU9BWV9kX1VJbEY4TUdublZsaGxlMERuTmdFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAjYggAwQA
jYglAwQAw7+NAwQAw7+xMA0GCSqGSIb3DQEBCwUAA4IBAQB77bLGpUafCIpYKTEo
H3UWVvYf+wDV500MUNfKxyGtqLeBZqgFvH4ryK8HfmGQ0NFoZUscGp6j655kemia
5L/HoX2NMWHb3+JUCY8lD4n+G3K2Uah2gPKYZL9qS2TICLKVmTRWkttwE8hA17u8
0cyKnoUnPVfmth5qgTaHR8JMYa2U8FH4lzWvdYYMr0y81kDWpHA4aUBF7a3t9eZI
H+sY0GKd89Q49PJgF4qJ8JSxOltcZ70MZtJETJwIEQFoGNAfyc8o2hZrSms1zOb3
2kPBoSp7bbQOjI3obBR19+IO7qaN7Hg+F3ti7nyQi87o0VKDtcSbR3OVfQvRThqt
0/Xd
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:18:31 2025 by rpki-client