Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/h34z8F5f9FPKn-eucqv-9wISJ4E.roa
File: h34z8F5f9FPKn-eucqv-9wISJ4E.roa (raw, json)
Hash identifier: qESRbNYIxa+NzoEd2bhVZzQEoBLbrs16ZCmP+lqrsOY=
Subject key identifier: 87:7E:33:F0:5E:5F:F4:53:CA:9F:E7:AE:72:AB:FE:F7:02:12:27:81
Certificate issuer: /CN=7cd6c0236ff4d6050906957ffd380b3879e6ed6e
Certificate serial: 018CCA28582D69BE5C00ACF24DB99A075F78
Authority key identifier: 7C:D6:C0:23:6F:F4:D6:05:09:06:95:7F:FD:38:0B:38:79:E6:ED:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fNbAI2_01gUJBpV__TgLOHnm7W4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/h34z8F5f9FPKn-eucqv-9wISJ4E.roa
Signing time: Tue 02 Jan 2024 12:31:30 +0000
ROA not before: Tue 02 Jan 2024 12:31:30 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 205131
IP address blocks: 194.54.157.0/24 maxlen: 24
194.54.158.0/24 maxlen: 24
194.54.159.0/24 maxlen: 24
194.54.156.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:28:58:2d:69:be:5c:00:ac:f2:4d:b9:9a:07:5f:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7cd6c0236ff4d6050906957ffd380b3879e6ed6e
Validity
Not Before: Jan 2 12:31:30 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=877e33f05e5ff453ca9fe7ae72abfef702122781
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:6f:b8:a4:dd:b1:e8:b5:c5:c0:6f:37:52:47:
a1:ff:2b:6c:de:64:fe:9f:0a:fe:0e:7d:63:5c:28:
cb:3e:9f:a8:49:42:ca:82:93:1e:d2:29:fa:3b:5f:
16:af:e9:52:d7:94:bc:a6:8c:1c:6b:22:ac:21:9f:
81:f4:28:8f:f9:29:b6:aa:74:4f:ab:2f:33:41:04:
5e:0b:76:16:50:66:a1:8c:af:8f:4d:d4:2e:00:26:
3a:4d:0b:9d:81:ac:7c:59:aa:7a:15:fd:39:79:29:
4b:05:55:06:d3:b2:48:95:20:df:4d:94:c0:da:53:
b1:b6:a7:67:8e:12:10:2d:69:ed:62:27:9b:95:7d:
f0:1d:27:a9:d3:f2:85:49:44:9f:b0:cb:88:ad:f7:
2d:83:9c:4d:a6:8d:4a:9d:43:74:14:18:a2:9f:07:
b0:16:6e:8f:60:e8:6b:1c:2c:3c:9d:b9:27:a8:d3:
77:a0:15:c2:26:41:e0:6a:2a:4d:7a:df:24:23:ee:
89:72:9d:ec:72:05:38:6b:08:23:e3:60:00:42:0d:
4a:b5:56:2b:f1:21:b8:10:ec:53:68:89:a0:c9:0f:
c4:77:e3:35:88:a3:12:e1:b2:5a:ff:76:fa:cf:c2:
88:af:b9:b0:6a:f2:6d:36:08:cb:5e:a6:1a:b0:63:
f9:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
87:7E:33:F0:5E:5F:F4:53:CA:9F:E7:AE:72:AB:FE:F7:02:12:27:81
X509v3 Authority Key Identifier:
keyid:7C:D6:C0:23:6F:F4:D6:05:09:06:95:7F:FD:38:0B:38:79:E6:ED:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fNbAI2_01gUJBpV__TgLOHnm7W4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/h34z8F5f9FPKn-eucqv-9wISJ4E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/fNbAI2_01gUJBpV__TgLOHnm7W4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.54.156.0/22
Signature Algorithm: sha256WithRSAEncryption
0b:53:63:3c:b8:58:9f:41:88:32:97:df:bb:36:a3:20:98:39:
5d:bd:a0:63:b1:30:8c:00:92:84:84:0b:0e:5c:e9:69:3b:c1:
e2:08:33:cb:f5:3e:f2:ad:31:c6:8e:50:44:2f:42:68:15:27:
58:bd:6f:82:19:7d:0d:2f:3f:30:88:2c:83:1c:cf:70:c5:3d:
4e:fb:1e:62:42:ad:b2:80:da:f1:e7:57:bd:28:96:78:a7:ef:
0c:08:f4:30:86:ee:6c:c5:64:b2:3b:3f:c4:45:a3:90:2a:bb:
e6:86:bd:06:26:64:75:d4:92:cf:05:e2:1b:b9:93:e0:f6:e9:
76:14:f8:a8:f2:54:37:25:ff:b6:97:e7:2a:18:d3:66:6b:e5:
f0:39:4b:ed:a8:5a:03:b9:ec:38:5a:64:14:c0:2a:3e:1a:32:
76:b4:47:81:4d:5f:6c:b5:3a:1d:f9:83:c9:bf:89:be:b3:0c:
8f:89:80:56:a4:4e:e4:97:ec:1c:57:84:da:d8:2b:bf:18:7c:
fd:06:7c:cd:5c:dc:3a:3b:bf:53:e9:58:d1:88:d1:f5:63:55:
d1:3e:3b:ea:35:98:6f:5c:a9:00:43:16:97:45:63:14:94:eb:
c0:cf:59:f9:12:fb:64:1a:48:43:45:fb:da:61:9f:01:a2:5e:
ac:79:b9:0c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKFgtab5cAKzyTbmaB194MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjZDZjMDIzNmZmNGQ2MDUwOTA2OTU3ZmZkMzgwYjM4Nzll
NmVkNmUwHhcNMjQwMTAyMTIzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NzdlMzNmMDVlNWZmNDUzY2E5ZmU3YWU3MmFiZmVmNzAyMTIyNzgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2+4pN2x6LXFwG83Ukeh/yts3mT+
nwr+Dn1jXCjLPp+oSULKgpMe0in6O18Wr+lS15S8powcayKsIZ+B9CiP+Sm2qnRP
qy8zQQReC3YWUGahjK+PTdQuACY6TQudgax8Wap6Ff05eSlLBVUG07JIlSDfTZTA
2lOxtqdnjhIQLWntYieblX3wHSep0/KFSUSfsMuIrfctg5xNpo1KnUN0FBiinwew
Fm6PYOhrHCw8nbknqNN3oBXCJkHgaipNet8kI+6Jcp3scgU4awgj42AAQg1KtVYr
8SG4EOxTaImgyQ/Ed+M1iKMS4bJa/3b6z8KIr7mwavJtNgjLXqYasGP5LwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFId+M/BeX/RTyp/nrnKr/vcCEieBMB8GA1UdIwQY
MBaAFHzWwCNv9NYFCQaVf/04Czh55u1uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZk5iQUkyXzAxZ1VKQnBWX19UZ0xPSG5tN1c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wZWU3OGItODE1Yy00OTk1LTgyZTEt
YzgwYzI4OGViZWVhLzEvaDM0ejhGNWY5RlBLbi1ldWNxdi05d0lTSjRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wZWU3OGItODE1Yy00OTk1LTgyZTEtYzgwYzI4OGViZWVh
LzEvZk5iQUkyXzAxZ1VKQnBWX19UZ0xPSG5tN1c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCwjacMA0G
CSqGSIb3DQEBCwUAA4IBAQALU2M8uFifQYgyl9+7NqMgmDldvaBjsTCMAJKEhAsO
XOlpO8HiCDPL9T7yrTHGjlBEL0JoFSdYvW+CGX0NLz8wiCyDHM9wxT1O+x5iQq2y
gNrx51e9KJZ4p+8MCPQwhu5sxWSyOz/ERaOQKrvmhr0GJmR11JLPBeIbuZPg9ul2
FPio8lQ3Jf+2l+cqGNNma+XwOUvtqFoDuew4WmQUwCo+GjJ2tEeBTV9stTod+YPJ
v4m+swyPiYBWpE7kl+wcV4Ta2Cu/GHz9BnzNXNw6O79T6VjRiNH1Y1XRPjvqNZhv
XKkAQxaXRWMUlOvAz1n5EvtkGkhDRfvaYZ8Bol6sebkM
-----END CERTIFICATE-----
Generated at Thu Aug 8 15:19:00 2024 by rpki-client on console-ams.rpki-client.org