Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1e/ecec37-30b8-4e19-bbb2-f67e175d4ba7/1/zclqokYvnrmvdOZ8XDeL1kTmsoc.roa
File: zclqokYvnrmvdOZ8XDeL1kTmsoc.roa (raw, json)
Hash identifier: 30MSGJZ2+W+uRJIEI0Z4dxGrFwliwMiapWRnSOtJTLo=
Subject key identifier: CD:C9:6A:A2:46:2F:9E:B9:AF:74:E6:7C:5C:37:8B:D6:44:E6:B2:87
Certificate issuer: /CN=61544481d3be7fca5e80a564ad93c1b8a2f636f8
Certificate serial: 018D8430EF2FE4E773D4137436564483DB06
Authority key identifier: 61:54:44:81:D3:BE:7F:CA:5E:80:A5:64:AD:93:C1:B8:A2:F6:36:F8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/YVREgdO-f8pegKVkrZPBuKL2Nvg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1e/ecec37-30b8-4e19-bbb2-f67e175d4ba7/1/zclqokYvnrmvdOZ8XDeL1kTmsoc.roa
Signing time: Wed 07 Feb 2024 15:30:15 +0000
ROA not before: Wed 07 Feb 2024 15:30:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 61317
IP address blocks: 185.92.211.0/24 maxlen: 24
194.26.134.0/24 maxlen: 24
213.217.11.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:84:30:ef:2f:e4:e7:73:d4:13:74:36:56:44:83:db:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=61544481d3be7fca5e80a564ad93c1b8a2f636f8
Validity
Not Before: Feb 7 15:30:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=cdc96aa2462f9eb9af74e67c5c378bd644e6b287
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:1f:ce:cd:70:a4:c6:04:5c:94:af:97:37:c0:
a1:c1:e9:71:5c:d1:7b:2c:ff:54:37:cc:56:0d:85:
54:66:b9:2c:a0:b5:f1:94:4b:7e:07:ec:3c:4c:44:
8b:53:2b:a4:b4:b9:77:b2:ff:bd:d6:d2:3f:25:f9:
6a:77:7e:2a:14:33:f5:bc:26:f7:66:49:c9:70:90:
6f:42:b1:a4:71:fe:55:2d:29:18:49:31:c6:c3:8c:
42:01:38:f0:00:a6:d0:0b:e4:c8:48:12:d4:24:c0:
8d:2d:a0:b0:44:8e:f2:b7:f5:e7:b1:fa:7e:56:80:
20:06:e1:b7:2d:a8:3f:e2:99:d2:84:d6:96:f5:ce:
c9:fe:65:e8:3b:27:2f:30:10:b4:b4:2c:e8:99:17:
62:bb:a9:21:d5:6b:5d:51:2a:45:e6:9a:f3:93:0f:
b9:2b:e6:12:49:39:86:94:c4:d4:e4:93:14:09:20:
f8:b8:fd:d5:1f:44:46:45:5e:ab:78:ec:e6:ba:7a:
79:bd:ae:20:50:59:c5:1a:77:82:0f:8c:29:73:51:
3b:3e:f4:4e:66:e6:39:e4:3a:f0:4b:6e:e8:1b:91:
de:ea:ef:d8:4f:61:7d:bd:d0:d8:25:ac:73:43:08:
78:63:38:85:d2:66:20:82:b6:6b:85:4c:23:99:72:
5a:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CD:C9:6A:A2:46:2F:9E:B9:AF:74:E6:7C:5C:37:8B:D6:44:E6:B2:87
X509v3 Authority Key Identifier:
keyid:61:54:44:81:D3:BE:7F:CA:5E:80:A5:64:AD:93:C1:B8:A2:F6:36:F8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/YVREgdO-f8pegKVkrZPBuKL2Nvg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/ecec37-30b8-4e19-bbb2-f67e175d4ba7/1/zclqokYvnrmvdOZ8XDeL1kTmsoc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1e/ecec37-30b8-4e19-bbb2-f67e175d4ba7/1/YVREgdO-f8pegKVkrZPBuKL2Nvg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.92.211.0/24
194.26.134.0/24
213.217.11.0/24
Signature Algorithm: sha256WithRSAEncryption
08:ad:67:db:e0:c2:76:b5:4f:e5:8a:2d:a3:76:0f:a7:70:10:
ea:33:2c:3f:83:aa:ce:bc:97:70:21:9c:1a:4c:f8:ce:79:df:
30:1b:e5:58:29:6b:e0:3f:4d:c6:b0:6f:72:30:67:c4:73:6f:
14:bd:d1:09:17:36:b8:61:4c:c4:4a:19:2d:d1:bf:8a:10:b6:
b2:f8:6e:90:59:ac:2a:76:7e:54:cc:01:11:05:56:92:04:a8:
f0:af:74:ba:52:a8:32:91:8b:ad:7e:b6:f7:8f:03:94:10:dd:
06:67:fb:cc:0e:1f:cd:de:e1:9a:66:c7:03:57:b7:2e:d0:38:
6e:70:4e:23:4e:1d:19:27:43:c7:5f:fc:50:7a:cc:e0:18:89:
3c:60:31:39:9d:24:06:a8:9b:f0:af:57:b2:16:e7:a0:ac:92:
f3:88:29:e5:e2:b2:10:ff:af:7a:89:f7:eb:87:5f:e9:a4:26:
72:24:77:fb:b2:f7:92:4d:89:f4:4d:58:05:17:2b:62:b6:e7:
af:e2:fe:08:02:93:0c:54:81:bf:c6:24:1c:0f:f9:0f:f8:f4:
5c:77:b4:43:53:46:f4:be:8a:f4:0e:89:8a:39:39:c5:3d:5a:
55:70:d0:a2:37:18:c7:8d:93:53:57:39:86:f8:41:18:6b:40:
4d:7e:13:13
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY2EMO8v5Odz1BN0NlZEg9sGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYxNTQ0NDgxZDNiZTdmY2E1ZTgwYTU2NGFkOTNjMWI4YTJm
NjM2ZjgwHhcNMjQwMjA3MTUzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZGM5NmFhMjQ2MmY5ZWI5YWY3NGU2N2M1YzM3OGJkNjQ0ZTZiMjg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkx/OzXCkxgRclK+XN8ChwelxXNF7
LP9UN8xWDYVUZrksoLXxlEt+B+w8TESLUyuktLl3sv+91tI/Jflqd34qFDP1vCb3
ZknJcJBvQrGkcf5VLSkYSTHGw4xCATjwAKbQC+TISBLUJMCNLaCwRI7yt/Xnsfp+
VoAgBuG3Lag/4pnShNaW9c7J/mXoOycvMBC0tCzomRdiu6kh1WtdUSpF5przkw+5
K+YSSTmGlMTU5JMUCSD4uP3VH0RGRV6reOzmunp5va4gUFnFGneCD4wpc1E7PvRO
ZuY55DrwS27oG5He6u/YT2F9vdDYJaxzQwh4YziF0mYggrZrhUwjmXJaFQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFM3JaqJGL565r3TmfFw3i9ZE5rKHMB8GA1UdIwQY
MBaAFGFURIHTvn/KXoClZK2Twbii9jb4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWVZSRWdkTy1mOHBlZ0tWa3JaUEJ1S0wyTnZnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZS9lY2VjMzctMzBiOC00ZTE5LWJiYjIt
ZjY3ZTE3NWQ0YmE3LzEvemNscW9rWXZucm12ZE9aOFhEZUwxa1Rtc29jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZS9lY2VjMzctMzBiOC00ZTE5LWJiYjItZjY3ZTE3NWQ0YmE3
LzEvWVZSRWdkTy1mOHBlZ0tWa3JaUEJ1S0wyTnZnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuVzTAwQA
whqGAwQA1dkLMA0GCSqGSIb3DQEBCwUAA4IBAQAIrWfb4MJ2tU/lii2jdg+ncBDq
Myw/g6rOvJdwIZwaTPjOed8wG+VYKWvgP03GsG9yMGfEc28UvdEJFza4YUzEShkt
0b+KELay+G6QWawqdn5UzAERBVaSBKjwr3S6UqgykYutfrb3jwOUEN0GZ/vMDh/N
3uGaZscDV7cu0DhucE4jTh0ZJ0PHX/xQeszgGIk8YDE5nSQGqJvwr1eyFuegrJLz
iCnl4rIQ/696iffrh1/ppCZyJHf7sveSTYn0TVgFFytituev4v4IApMMVIG/xiQc
D/kP+PRcd7RDU0b0vor0DomKOTnFPVpVcNCiNxjHjZNTVzmG+EEYa0BNfhMT
-----END CERTIFICATE-----
Generated at Mon Mar 11 20:50:31 2024 by rpki-client on console-ams.rpki-client.org