Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/0UeHFGiZcJgvcLv4oKUhpIbnieM.roa
File: 0UeHFGiZcJgvcLv4oKUhpIbnieM.roa (raw, json)
Hash identifier: XflD3bEr+Tcrw2Kv4AKYJSlHt55GfcKBIsxuJi0AONY=
Subject key identifier: D1:47:87:14:68:99:70:98:2F:70:BB:F8:A0:A5:21:A4:86:E7:89:E3
Certificate issuer: /CN=d4c3b12c8d635190ec928437bbd6cb0e8c38f9a9
Certificate serial: 018CC42460E1437A2B0036B4895D984E35BC
Authority key identifier: D4:C3:B1:2C:8D:63:51:90:EC:92:84:37:BB:D6:CB:0E:8C:38:F9:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1MOxLI1jUZDskoQ3u9bLDow4-ak.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/0UeHFGiZcJgvcLv4oKUhpIbnieM.roa
Signing time: Mon 01 Jan 2024 08:29:27 +0000
ROA not before: Mon 01 Jan 2024 08:29:27 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 48918
IP address blocks: 80.66.96.0/20 maxlen: 20
195.20.20.0/22 maxlen: 24
185.198.200.0/22 maxlen: 24
2a02:340::/32 maxlen: 32
2a0a:8ec0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:24:60:e1:43:7a:2b:00:36:b4:89:5d:98:4e:35:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d4c3b12c8d635190ec928437bbd6cb0e8c38f9a9
Validity
Not Before: Jan 1 08:29:27 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d1478714689970982f70bbf8a0a521a486e789e3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:86:08:f9:a2:70:ba:d2:c3:81:1d:8b:ed:63:
c9:3a:b9:d9:1c:18:81:bf:03:81:56:fc:f5:a6:83:
c2:3a:d9:61:60:e5:89:d9:b1:72:78:43:4b:0c:41:
de:6e:d4:97:8f:36:99:78:6c:ed:58:f5:65:8d:0d:
3c:ab:f6:4d:e5:3e:ff:9d:2d:24:26:b0:64:fa:eb:
48:da:bc:8b:eb:aa:29:ae:1b:20:5a:7f:d9:d6:98:
bf:5e:59:6c:da:99:76:84:97:e8:90:5f:00:9d:c8:
3d:5f:e5:ed:46:74:1e:13:21:a4:14:5e:3b:28:d7:
04:5f:fd:c3:6c:58:86:af:0e:d1:a7:54:ec:c0:50:
fe:90:59:42:a0:b3:3a:bd:ae:9f:d2:ad:86:57:cd:
0f:59:e4:4b:eb:26:30:77:8d:7c:c4:40:44:ab:88:
e6:0f:ff:94:f4:84:40:7e:75:ed:d1:7d:b4:cf:c0:
72:2b:18:73:e0:2f:6b:03:64:78:ab:1a:bb:38:c7:
39:8b:b2:88:c6:6c:71:53:07:ef:9d:96:6a:06:c2:
f0:5c:81:35:2e:dd:36:f2:a5:46:5b:ea:3b:e0:44:
d5:0f:5b:7a:ec:3e:32:40:5a:42:c9:6c:9a:de:e8:
f4:fe:85:72:a9:2f:1e:fd:00:0f:85:91:2d:06:1e:
2a:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D1:47:87:14:68:99:70:98:2F:70:BB:F8:A0:A5:21:A4:86:E7:89:E3
X509v3 Authority Key Identifier:
keyid:D4:C3:B1:2C:8D:63:51:90:EC:92:84:37:BB:D6:CB:0E:8C:38:F9:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1MOxLI1jUZDskoQ3u9bLDow4-ak.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/0UeHFGiZcJgvcLv4oKUhpIbnieM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/2fb593-43f5-4db7-9819-0f9d57a5d4fa/1/1MOxLI1jUZDskoQ3u9bLDow4-ak.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.66.96.0/20
185.198.200.0/22
195.20.20.0/22
IPv6:
2a02:340::/32
2a0a:8ec0::/29
Signature Algorithm: sha256WithRSAEncryption
98:2f:7c:f8:4e:e1:0b:25:a8:32:67:6d:6b:6e:ce:57:ea:35:
69:76:39:e5:dc:4a:7d:f3:8c:09:4f:ef:8b:95:52:ae:f6:bc:
c4:a8:f4:a1:a0:aa:d8:bb:08:c7:78:73:0b:74:55:5b:b1:e5:
d3:17:e9:6c:7d:b9:10:2d:fe:91:30:23:4a:e9:dd:50:95:aa:
ab:e5:61:94:2b:2b:44:6e:01:19:97:f3:0a:3a:2b:4b:a0:27:
56:43:82:77:a9:7d:13:7a:6c:0f:30:b7:1c:02:67:0b:c7:97:
b9:53:5d:87:56:3f:b1:58:48:24:1a:e3:dd:76:21:99:71:9b:
8f:46:a4:d5:20:cd:6a:0c:e2:b5:52:3d:4d:7d:ec:65:68:1b:
13:aa:5a:35:0a:cc:44:cf:51:36:99:70:bc:71:ed:2f:ab:7e:
ca:3f:81:58:00:3e:64:11:fc:0e:ad:fe:53:ca:b6:e9:e1:fe:
2f:16:af:90:3f:e3:08:49:91:2d:01:bc:1e:4d:1e:85:32:a6:
33:0e:54:a1:ff:b3:89:20:f5:c3:e8:0e:e9:fc:26:ee:aa:ba:
bc:cb:39:94:d4:a1:12:dd:ec:c5:a4:58:0c:56:5d:41:2f:9b:
97:a5:f3:11:3f:fb:69:c3:52:09:56:48:40:9e:c0:2b:0f:79:
47:75:e7:6c
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISAYzEJGDhQ3orADa0iV2YTjW8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0YzNiMTJjOGQ2MzUxOTBlYzkyODQzN2JiZDZjYjBlOGMz
OGY5YTkwHhcNMjQwMTAxMDgyOTI3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMTQ3ODcxNDY4OTk3MDk4MmY3MGJiZjhhMGE1MjFhNDg2ZTc4OWUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIYI+aJwutLDgR2L7WPJOrnZHBiB
vwOBVvz1poPCOtlhYOWJ2bFyeENLDEHebtSXjzaZeGztWPVljQ08q/ZN5T7/nS0k
JrBk+utI2ryL66oprhsgWn/Z1pi/Xlls2pl2hJfokF8Ancg9X+XtRnQeEyGkFF47
KNcEX/3DbFiGrw7Rp1TswFD+kFlCoLM6va6f0q2GV80PWeRL6yYwd418xEBEq4jm
D/+U9IRAfnXt0X20z8ByKxhz4C9rA2R4qxq7OMc5i7KIxmxxUwfvnZZqBsLwXIE1
Lt028qVGW+o74ETVD1t67D4yQFpCyWya3uj0/oVyqS8e/QAPhZEtBh4qCwIDAQAB
o4ICKzCCAicwHQYDVR0OBBYEFNFHhxRomXCYL3C7+KClIaSG54njMB8GA1UdIwQY
MBaAFNTDsSyNY1GQ7JKEN7vWyw6MOPmpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMU1PeExJMWpVWkRza29RM3U5YkxEb3c0LWFrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMy8yZmI1OTMtNDNmNS00ZGI3LTk4MTkt
MGY5ZDU3YTVkNGZhLzEvMFVlSEZHaVpjSmd2Y0x2NG9LVWhwSWJuaWVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMy8yZmI1OTMtNDNmNS00ZGI3LTk4MTktMGY5ZDU3YTVkNGZh
LzEvMU1PeExJMWpVWkRza29RM3U5YkxEb3c0LWFrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEEGCCsGAQUFBwEHAQH/BDIwMDAYBAIAATASAwQEUEJgAwQC
ucbIAwQCwxQUMBQEAgACMA4DBQAqAgNAAwUDKgqOwDANBgkqhkiG9w0BAQsFAAOC
AQEAmC98+E7hCyWoMmdta27OV+o1aXY55dxKffOMCU/vi5VSrva8xKj0oaCq2LsI
x3hzC3RVW7Hl0xfpbH25EC3+kTAjSundUJWqq+VhlCsrRG4BGZfzCjorS6AnVkOC
d6l9E3psDzC3HAJnC8eXuVNdh1Y/sVhIJBrj3XYhmXGbj0ak1SDNagzitVI9TX3s
ZWgbE6paNQrMRM9RNplwvHHtL6t+yj+BWAA+ZBH8Dq3+U8q26eH+LxavkD/jCEmR
LQG8Hk0ehTKmMw5Uof+ziSD1w+gO6fwm7qq6vMs5lNShEt3sxaRYDFZdQS+bl6Xz
ET/7acNSCVZIQJ7AKw95R3XnbA==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:02:24 2025 by rpki-client