Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/mOEUmr-CvGtTNY8R9GBBehrPIU8.roa
File: mOEUmr-CvGtTNY8R9GBBehrPIU8.roa (raw, json)
Hash identifier: iHFJGDu0qC8S/AeDYojtNJYVyAUHS65JyPi6Lf9CUt4=
Subject key identifier: 98:E1:14:9A:BF:82:BC:6B:53:35:8F:11:F4:60:41:7A:1A:CF:21:4F
Certificate issuer: /CN=7cd6c0236ff4d6050906957ffd380b3879e6ed6e
Certificate serial: 018CCA2857561F3A29BCCFEDFBC3EAA7DB27
Authority key identifier: 7C:D6:C0:23:6F:F4:D6:05:09:06:95:7F:FD:38:0B:38:79:E6:ED:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fNbAI2_01gUJBpV__TgLOHnm7W4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/mOEUmr-CvGtTNY8R9GBBehrPIU8.roa
Signing time: Tue 02 Jan 2024 12:31:30 +0000
ROA not before: Tue 02 Jan 2024 12:31:30 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 16509
IP address blocks: 194.54.157.0/24 maxlen: 24
194.54.156.0/24 maxlen: 24
194.54.158.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:28:57:56:1f:3a:29:bc:cf:ed:fb:c3:ea:a7:db:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7cd6c0236ff4d6050906957ffd380b3879e6ed6e
Validity
Not Before: Jan 2 12:31:30 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=98e1149abf82bc6b53358f11f460417a1acf214f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:69:5e:81:91:12:84:cb:c5:9a:00:c4:2e:00:
b6:3c:32:d0:89:ac:5c:ff:39:49:57:fb:3a:1b:5f:
c8:18:7a:4d:83:8a:d0:b5:7d:18:da:41:e5:ea:19:
11:4d:fa:f1:bc:4b:37:f5:77:15:64:0c:f1:23:4a:
30:c0:0c:e8:0b:eb:db:88:cc:9c:c5:da:59:ca:6c:
f3:29:1a:42:15:e4:72:96:56:a4:18:07:9a:c1:e3:
22:2d:0d:12:0b:7d:5d:2f:35:8b:6b:46:8b:7e:9d:
b6:b8:1f:99:40:0f:36:c0:bf:52:29:97:31:07:2c:
33:1d:a7:6e:22:0f:4f:64:ad:5d:15:d8:19:a9:0a:
a7:27:4a:b6:81:80:8f:e9:57:94:55:f2:47:ff:d7:
cc:6f:e8:05:b7:fb:fb:38:2f:da:be:8a:f5:15:7f:
b3:67:98:f6:f2:2e:63:6f:b5:8a:cd:2f:d7:03:56:
00:b2:27:11:20:fa:f6:de:ec:ae:46:5f:8f:29:03:
03:c8:e2:8c:fb:51:da:a7:0e:c7:e9:3e:13:c4:9a:
85:94:e8:95:67:43:0f:63:f6:a0:00:ce:0b:ac:64:
45:b5:25:23:2c:0c:e7:5d:9d:55:dd:a1:d5:9e:c7:
5a:e2:a1:b0:4d:e2:80:7b:50:e2:ac:3d:00:2b:ff:
f8:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:E1:14:9A:BF:82:BC:6B:53:35:8F:11:F4:60:41:7A:1A:CF:21:4F
X509v3 Authority Key Identifier:
keyid:7C:D6:C0:23:6F:F4:D6:05:09:06:95:7F:FD:38:0B:38:79:E6:ED:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fNbAI2_01gUJBpV__TgLOHnm7W4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/mOEUmr-CvGtTNY8R9GBBehrPIU8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/21/0ee78b-815c-4995-82e1-c80c288ebeea/1/fNbAI2_01gUJBpV__TgLOHnm7W4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.54.156.0-194.54.158.255
Signature Algorithm: sha256WithRSAEncryption
21:a8:2e:92:c4:2b:4c:25:4d:6f:89:2d:51:3e:e2:70:b4:70:
47:64:c6:c1:37:f8:b9:b2:2e:d2:c2:14:81:23:91:b9:ea:c9:
48:ac:43:db:75:41:24:9d:34:b0:3d:40:02:75:26:3f:bb:da:
28:1b:53:3f:32:47:f8:4c:0b:1d:0b:cd:04:de:05:19:17:c7:
0e:3f:13:58:d6:e9:b2:e2:dc:d8:0a:ee:82:e0:dd:bb:a6:f3:
47:3f:92:2c:22:c3:91:78:dc:5b:a3:e3:c4:d5:c3:0c:9b:11:
4e:ec:f3:7a:59:be:0a:3b:20:3b:6d:51:5d:72:28:9d:c2:cd:
96:ec:b3:7c:8b:88:87:01:af:38:7e:ff:4f:5b:78:10:be:ed:
26:10:42:27:00:c9:07:f5:d9:d9:fc:83:89:11:ce:74:f6:28:
e3:b1:7e:88:dc:68:68:64:df:f9:79:88:d6:a9:e3:db:7d:60:
26:44:20:86:4a:07:83:ac:af:99:cd:6d:0a:dd:f2:28:21:be:
a7:be:6a:54:de:66:92:c0:05:38:07:fb:6c:98:25:24:8a:e5:
42:e5:5a:24:5f:3b:3c:e6:b6:db:7b:4e:8d:c1:8e:56:d8:cd:
2b:3f:db:aa:09:f6:29:b4:cc:38:3f:78:7e:59:b5:eb:50:c4:
9b:e9:2c:64
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYzKKFdWHzopvM/t+8Pqp9snMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdjZDZjMDIzNmZmNGQ2MDUwOTA2OTU3ZmZkMzgwYjM4Nzll
NmVkNmUwHhcNMjQwMTAyMTIzMTMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGUxMTQ5YWJmODJiYzZiNTMzNThmMTFmNDYwNDE3YTFhY2YyMTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmmlegZEShMvFmgDELgC2PDLQiaxc
/zlJV/s6G1/IGHpNg4rQtX0Y2kHl6hkRTfrxvEs39XcVZAzxI0owwAzoC+vbiMyc
xdpZymzzKRpCFeRyllakGAeaweMiLQ0SC31dLzWLa0aLfp22uB+ZQA82wL9SKZcx
BywzHaduIg9PZK1dFdgZqQqnJ0q2gYCP6VeUVfJH/9fMb+gFt/v7OC/avor1FX+z
Z5j28i5jb7WKzS/XA1YAsicRIPr23uyuRl+PKQMDyOKM+1Hapw7H6T4TxJqFlOiV
Z0MPY/agAM4LrGRFtSUjLAznXZ1V3aHVnsda4qGwTeKAe1DirD0AK//41wIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFJjhFJq/grxrUzWPEfRgQXoazyFPMB8GA1UdIwQY
MBaAFHzWwCNv9NYFCQaVf/04Czh55u1uMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZk5iQUkyXzAxZ1VKQnBWX19UZ0xPSG5tN1c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMS8wZWU3OGItODE1Yy00OTk1LTgyZTEt
YzgwYzI4OGViZWVhLzEvbU9FVW1yLUN2R3RUTlk4UjlHQkJlaHJQSVU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMS8wZWU3OGItODE1Yy00OTk1LTgyZTEtYzgwYzI4OGViZWVh
LzEvZk5iQUkyXzAxZ1VKQnBWX19UZ0xPSG5tN1c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBALCNpwD
BADCNp4wDQYJKoZIhvcNAQELBQADggEBACGoLpLEK0wlTW+JLVE+4nC0cEdkxsE3
+LmyLtLCFIEjkbnqyUisQ9t1QSSdNLA9QAJ1Jj+72igbUz8yR/hMCx0LzQTeBRkX
xw4/E1jW6bLi3NgK7oLg3bum80c/kiwiw5F43Fuj48TVwwybEU7s83pZvgo7IDtt
UV1yKJ3CzZbss3yLiIcBrzh+/09beBC+7SYQQicAyQf12dn8g4kRznT2KOOxfojc
aGhk3/l5iNap49t9YCZEIIZKB4Osr5nNbQrd8ighvqe+alTeZpLABTgH+2yYJSSK
5ULlWiRfOzzmttt7To3BjlbYzSs/26oJ9im0zDg/eH5ZtetQxJvpLGQ=
-----END CERTIFICATE-----
Generated at Thu Aug 8 13:04:23 2024 by rpki-client on console-fra.rpki-client.org