Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/347c9a-0197-4762-8523-7bad5bae51e4/1/63FtNw2djeeRfYhTZ7xAamVeFDo.roa
File: 63FtNw2djeeRfYhTZ7xAamVeFDo.roa (raw, json)
Hash identifier: DNSjAQxi8OAm9qRk2QQa2Rs11B9hA9abgZBp3kLIcs4=
Subject key identifier: EB:71:6D:37:0D:9D:8D:E7:91:7D:88:53:67:BC:40:6A:65:5E:14:3A
Certificate issuer: /CN=9de6e4272e2ce387b4cc04b143f73309d713629b
Certificate serial: 018BFBA16AE8E2B2090B8979F158A48347F8
Authority key identifier: 9D:E6:E4:27:2E:2C:E3:87:B4:CC:04:B1:43:F7:33:09:D7:13:62:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nebkJy4s44e0zASxQ_czCdcTYps.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/347c9a-0197-4762-8523-7bad5bae51e4/1/63FtNw2djeeRfYhTZ7xAamVeFDo.roa
Signing time: Thu 23 Nov 2023 10:02:21 +0000
ROA not before: Thu 23 Nov 2023 10:02:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15435
IP address blocks: 213.184.96.0/19 maxlen: 24
62.45.0.0/16 maxlen: 24
83.128.0.0/16 maxlen: 24
163.158.0.0/16 maxlen: 24
2a0f:900::/29 maxlen: 48
2001:4c38::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:fb:a1:6a:e8:e2:b2:09:0b:89:79:f1:58:a4:83:47:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9de6e4272e2ce387b4cc04b143f73309d713629b
Validity
Not Before: Nov 23 10:02:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=eb716d370d9d8de7917d885367bc406a655e143a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:df:71:50:40:53:49:aa:fe:f2:da:d4:f6:fe:
7a:17:4f:9a:af:42:20:07:5f:e9:82:1d:44:9e:ff:
c9:49:15:02:2a:ff:f1:ca:29:6b:12:eb:5b:5d:58:
02:8e:27:50:cb:4c:6a:88:95:06:ed:1d:41:34:3a:
4c:87:ea:ac:90:42:89:28:65:b3:1b:b8:95:b3:b0:
1e:f2:ec:6d:77:c5:3d:78:78:45:7b:cd:6c:20:c2:
b4:30:73:78:4e:37:9d:6a:61:3a:b5:8a:16:08:a7:
25:32:81:a7:61:32:86:c9:99:db:37:07:14:0c:10:
6c:27:6d:7d:16:27:16:78:95:fa:39:e4:7d:26:92:
3b:de:4a:5c:56:d2:ea:88:3a:8f:53:75:7b:f7:1a:
53:17:d3:fa:19:8c:4e:3b:6f:ee:1f:39:c2:83:09:
83:86:f3:99:66:88:35:14:ef:62:5b:37:17:59:60:
9e:1b:aa:ba:f0:f5:1d:ea:98:61:52:79:33:dc:05:
47:a4:cc:56:08:bb:19:cd:73:17:bd:bd:9f:f6:32:
ea:23:df:6b:50:29:8e:a5:ac:83:05:b1:a6:af:23:
5c:69:a3:f8:1e:60:bc:bb:10:dd:49:93:6d:4e:2d:
6a:d8:84:ed:b9:43:ac:b2:fb:4b:25:32:99:25:ff:
01:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EB:71:6D:37:0D:9D:8D:E7:91:7D:88:53:67:BC:40:6A:65:5E:14:3A
X509v3 Authority Key Identifier:
keyid:9D:E6:E4:27:2E:2C:E3:87:B4:CC:04:B1:43:F7:33:09:D7:13:62:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nebkJy4s44e0zASxQ_czCdcTYps.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/347c9a-0197-4762-8523-7bad5bae51e4/1/63FtNw2djeeRfYhTZ7xAamVeFDo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/347c9a-0197-4762-8523-7bad5bae51e4/1/nebkJy4s44e0zASxQ_czCdcTYps.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.45.0.0/16
83.128.0.0/16
163.158.0.0/16
213.184.96.0/19
IPv6:
2001:4c38::/29
2a0f:900::/29
Signature Algorithm: sha256WithRSAEncryption
d8:4a:18:43:18:e3:13:c4:4e:2f:93:28:31:95:2a:4b:5f:f5:
67:73:58:b5:9b:b6:90:3d:15:93:78:3e:85:bb:d4:c5:33:f1:
29:21:61:5f:8e:5c:74:25:02:ae:b7:9f:e4:f9:1d:75:eb:cf:
27:cf:03:60:81:27:3c:5b:ee:a4:a3:e0:6f:4a:9c:42:8e:42:
c9:85:98:d8:49:3d:14:34:06:a9:ac:7e:ec:01:5c:57:7d:3a:
e4:d6:06:3f:78:2c:8b:aa:71:f0:2c:7d:50:6a:a6:de:6f:0c:
17:9f:90:da:4d:fb:43:fc:fc:9f:e6:bd:67:0a:5b:07:4a:ed:
27:63:e0:2d:ad:84:e6:b7:b0:18:92:2e:7b:8c:38:dc:40:58:
8b:1b:6b:f4:6c:14:89:39:23:29:71:40:b5:5d:80:09:7f:06:
02:c6:fb:79:28:22:89:32:e9:95:c0:d9:78:f9:0f:47:92:ea:
f6:e8:7a:7b:15:1b:45:6c:fd:39:49:a6:6d:77:75:43:72:e9:
13:cf:96:2b:5d:f7:fa:fd:81:3c:42:4c:ed:eb:be:f8:89:ed:
9e:cb:38:65:20:b0:b0:68:5e:e1:d8:07:95:48:d6:6b:5f:09:
9d:29:64:27:53:53:4b:19:9d:0f:9f:ea:e5:a4:8c:9c:65:1f:
2d:cb:c4:b6
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYv7oWro4rIJC4l58Vikg0f4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlkZTZlNDI3MmUyY2UzODdiNGNjMDRiMTQzZjczMzA5ZDcx
MzYyOWIwHhcNMjMxMTIzMTAwMjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYjcxNmQzNzBkOWQ4ZGU3OTE3ZDg4NTM2N2JjNDA2YTY1NWUxNDNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq99xUEBTSar+8trU9v56F0+ar0Ig
B1/pgh1Env/JSRUCKv/xyilrEutbXVgCjidQy0xqiJUG7R1BNDpMh+qskEKJKGWz
G7iVs7Ae8uxtd8U9eHhFe81sIMK0MHN4TjedamE6tYoWCKclMoGnYTKGyZnbNwcU
DBBsJ219FicWeJX6OeR9JpI73kpcVtLqiDqPU3V79xpTF9P6GYxOO2/uHznCgwmD
hvOZZog1FO9iWzcXWWCeG6q68PUd6phhUnkz3AVHpMxWCLsZzXMXvb2f9jLqI99r
UCmOpayDBbGmryNcaaP4HmC8uxDdSZNtTi1q2ITtuUOssvtLJTKZJf8B/wIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFOtxbTcNnY3nkX2IU2e8QGplXhQ6MB8GA1UdIwQY
MBaAFJ3m5CcuLOOHtMwEsUP3MwnXE2KbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbmVia0p5NHM0NGUwekFTeFFfY3pDZGNUWXBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8zNDdjOWEtMDE5Ny00NzYyLTg1MjMt
N2JhZDViYWU1MWU0LzEvNjNGdE53MmRqZWVSZlloVFo3eEFhbVZlRkRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8zNDdjOWEtMDE5Ny00NzYyLTg1MjMtN2JhZDViYWU1MWU0
LzEvbmVia0p5NHM0NGUwekFTeFFfY3pDZGNUWXBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAbBAIAATAVAwMAPi0DAwBT
gAMDAKOeAwQF1bhgMBQEAgACMA4DBQMgAUw4AwUDKg8JADANBgkqhkiG9w0BAQsF
AAOCAQEA2EoYQxjjE8ROL5MoMZUqS1/1Z3NYtZu2kD0Vk3g+hbvUxTPxKSFhX45c
dCUCrref5PkddevPJ88DYIEnPFvupKPgb0qcQo5CyYWY2Ek9FDQGqax+7AFcV306
5NYGP3gsi6px8Cx9UGqm3m8MF5+Q2k37Q/z8n+a9ZwpbB0rtJ2PgLa2E5rewGJIu
e4w43EBYixtr9GwUiTkjKXFAtV2ACX8GAsb7eSgiiTLplcDZePkPR5Lq9uh6exUb
RWz9OUmmbXd1Q3LpE8+WK133+v2BPEJM7eu++Intnss4ZSCwsGhe4dgHlUjWa18J
nSlkJ1NTSxmdD5/q5aSMnGUfLcvEtg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:29 2024 by rpki-client on console-fra.rpki-client.org