Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/347c9a-0197-4762-8523-7bad5bae51e4/1/0n_jp8Rqt1fqBeIzALfdkSGEyt4.roa
File: 0n_jp8Rqt1fqBeIzALfdkSGEyt4.roa (raw, json)
Hash identifier: rcJVZw2Tew6ld38quoBt47eo5JDpm35Y7PwphzApVMo=
Subject key identifier: D2:7F:E3:A7:C4:6A:B7:57:EA:05:E2:33:00:B7:DD:91:21:84:CA:DE
Certificate issuer: /CN=9de6e4272e2ce387b4cc04b143f73309d713629b
Certificate serial: 0185723A12AFAEB1B515EA0B03048D366045
Authority key identifier: 9D:E6:E4:27:2E:2C:E3:87:B4:CC:04:B1:43:F7:33:09:D7:13:62:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nebkJy4s44e0zASxQ_czCdcTYps.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/347c9a-0197-4762-8523-7bad5bae51e4/1/0n_jp8Rqt1fqBeIzALfdkSGEyt4.roa
Signing time: Mon 02 Jan 2023 11:24:46 +0000
ROA not before: Mon 02 Jan 2023 11:24:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15435
IP address blocks: 159.180.0.0/18 maxlen: 24
136.143.0.0/17 maxlen: 24
213.184.96.0/19 maxlen: 24
62.45.0.0/16 maxlen: 24
83.128.0.0/16 maxlen: 24
163.158.0.0/16 maxlen: 24
2a0f:900::/29 maxlen: 48
2001:4c38::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:3a:12:af:ae:b1:b5:15:ea:0b:03:04:8d:36:60:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9de6e4272e2ce387b4cc04b143f73309d713629b
Validity
Not Before: Jan 2 11:24:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d27fe3a7c46ab757ea05e23300b7dd912184cade
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:d1:de:67:34:f2:f0:e9:e1:dc:f5:c2:4e:1c:
d8:b3:bb:55:f1:c3:fc:27:41:01:75:c5:f6:0d:0e:
88:c4:4a:38:fd:3d:6e:62:bb:9c:d9:b3:40:2a:d5:
4b:df:2f:e6:65:ed:a6:68:e8:39:0c:fb:0b:4e:6a:
9d:31:33:45:6a:e2:9d:83:90:4d:eb:5f:9a:eb:bd:
b8:99:6b:59:66:ad:33:a5:49:6d:1f:d0:22:11:0f:
0d:f8:28:f3:ce:4a:c2:4d:ec:3f:9c:8f:f2:f8:62:
af:b8:df:b4:80:81:66:e7:83:d2:12:36:ab:80:c7:
87:e4:0a:69:31:35:61:7b:22:b1:8b:e6:a4:87:9b:
cc:20:85:e8:ba:73:db:38:c8:27:03:d5:a2:f7:5c:
2a:01:a3:f2:60:51:3c:f3:ba:28:8d:08:67:b3:31:
1a:bb:e2:bf:3c:be:a1:39:3f:21:4c:74:53:11:ce:
b4:8c:fb:64:0d:63:8f:cc:a9:f3:d0:ee:fb:4b:67:
ab:04:52:ef:de:99:bd:7c:5e:eb:11:74:7a:4f:11:
f7:45:e8:56:dc:b0:8b:dd:f0:fc:fd:0c:d8:8e:71:
b8:2a:d1:80:f5:65:44:92:b8:38:96:a3:62:dc:48:
a1:16:03:11:cb:f8:b6:31:02:8d:8d:d9:d8:c9:f3:
92:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D2:7F:E3:A7:C4:6A:B7:57:EA:05:E2:33:00:B7:DD:91:21:84:CA:DE
X509v3 Authority Key Identifier:
keyid:9D:E6:E4:27:2E:2C:E3:87:B4:CC:04:B1:43:F7:33:09:D7:13:62:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nebkJy4s44e0zASxQ_czCdcTYps.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/347c9a-0197-4762-8523-7bad5bae51e4/1/0n_jp8Rqt1fqBeIzALfdkSGEyt4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/347c9a-0197-4762-8523-7bad5bae51e4/1/nebkJy4s44e0zASxQ_czCdcTYps.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.45.0.0/16
83.128.0.0/16
136.143.0.0/17
159.180.0.0/18
163.158.0.0/16
213.184.96.0/19
IPv6:
2001:4c38::/29
2a0f:900::/29
Signature Algorithm: sha256WithRSAEncryption
2c:29:14:6e:f7:00:db:7f:a9:27:bd:0d:fc:d7:3d:bc:41:58:
60:b3:33:5f:c6:72:ca:cc:95:c2:56:39:85:d7:13:a3:ff:a3:
cf:1a:b8:d8:92:85:35:ae:d1:06:eb:e4:21:24:8f:ef:31:13:
bf:16:32:5b:e8:06:1e:3f:b0:9e:1a:b7:02:0d:e5:42:d0:fe:
26:d9:82:46:e5:3f:37:33:73:e4:63:0d:c4:ed:07:3b:22:11:
8b:60:47:df:33:79:b7:1b:6a:6f:ce:c1:89:9b:2a:7b:3b:3d:
db:8a:79:72:04:69:91:06:a2:59:7d:29:5a:68:f6:9d:14:91:
28:27:33:d5:18:06:7d:6c:19:38:8f:f4:19:e1:ce:af:86:e9:
6e:cf:b3:86:c5:2b:75:ac:8c:c8:a4:ce:0d:2f:83:e5:f9:d3:
be:05:6b:bb:b0:fb:e3:c2:6e:cf:fc:da:91:c9:27:44:38:bf:
a7:c8:39:87:05:ef:cd:1f:97:46:4d:96:ca:98:99:30:ed:9a:
c9:9b:99:02:8d:55:be:c4:a7:bf:e4:c5:e3:44:26:c5:3a:ed:
19:48:61:34:86:38:48:26:43:b8:55:60:a1:29:2d:50:f0:37:
b7:86:8d:3d:df:2b:fd:f9:e2:e0:14:33:ab:f7:e0:f5:db:b4:
95:80:93:ba
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYVyOhKvrrG1FeoLAwSNNmBFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkZTZlNDI3MmUyY2UzODdiNGNjMDRiMTQzZjczMzA5ZDcx
MzYyOWIwHhcNMjMwMTAyMTEyNDQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMjdmZTNhN2M0NmFiNzU3ZWEwNWUyMzMwMGI3ZGQ5MTIxODRjYWRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotHeZzTy8Onh3PXCThzYs7tV8cP8
J0EBdcX2DQ6IxEo4/T1uYruc2bNAKtVL3y/mZe2maOg5DPsLTmqdMTNFauKdg5BN
61+a6724mWtZZq0zpUltH9AiEQ8N+CjzzkrCTew/nI/y+GKvuN+0gIFm54PSEjar
gMeH5AppMTVheyKxi+akh5vMIIXounPbOMgnA9Wi91wqAaPyYFE887oojQhnszEa
u+K/PL6hOT8hTHRTEc60jPtkDWOPzKnz0O77S2erBFLv3pm9fF7rEXR6TxH3RehW
3LCL3fD8/QzYjnG4KtGA9WVEkrg4lqNi3EihFgMRy/i2MQKNjdnYyfOSgwIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFNJ/46fEardX6gXiMwC33ZEhhMreMB8GA1UdIwQY
MBaAFJ3m5CcuLOOHtMwEsUP3MwnXE2KbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmVia0p5NHM0NGUwekFTeFFfY3pDZGNUWXBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8zNDdjOWEtMDE5Ny00NzYyLTg1MjMt
N2JhZDViYWU1MWU0LzEvMG5fanA4UnF0MWZxQmVJekFMZmRrU0dFeXQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8zNDdjOWEtMDE5Ny00NzYyLTg1MjMtN2JhZDViYWU1MWU0
LzEvbmVia0p5NHM0NGUwekFTeFFfY3pDZGNUWXBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAnBAIAATAhAwMAPi0DAwBT
gAMEB4iPAAMEBp+0AAMDAKOeAwQF1bhgMBQEAgACMA4DBQMgAUw4AwUDKg8JADAN
BgkqhkiG9w0BAQsFAAOCAQEALCkUbvcA23+pJ70N/Nc9vEFYYLMzX8ZyysyVwlY5
hdcTo/+jzxq42JKFNa7RBuvkISSP7zETvxYyW+gGHj+wnhq3Ag3lQtD+JtmCRuU/
NzNz5GMNxO0HOyIRi2BH3zN5txtqb87BiZsqezs924p5cgRpkQaiWX0pWmj2nRSR
KCcz1RgGfWwZOI/0GeHOr4bpbs+zhsUrdayMyKTODS+D5fnTvgVru7D748Juz/za
kcknRDi/p8g5hwXvzR+XRk2WypiZMO2ayZuZAo1VvsSnv+TF40QmxTrtGUhhNIY4
SCZDuFVgoSktUPA3t4aNPd8r/fni4BQzq/fg9du0lYCTug==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:29 2024 by rpki-client on console-fra.rpki-client.org