Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/4AiF0jrr_lHFHzC57HZzF5pgU3s.roa
File: 4AiF0jrr_lHFHzC57HZzF5pgU3s.roa (raw, json)
Hash identifier: HDh6l8kFclW/CaYgdLPOrarYo941FwFmM971/Ky0xFY=
Subject key identifier: E0:08:85:D2:3A:EB:FE:51:C5:1F:30:B9:EC:76:73:17:9A:60:53:7B
Certificate issuer: /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial: 018570028AD61EF9737763C204323337FBA1
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/4AiF0jrr_lHFHzC57HZzF5pgU3s.roa
Signing time: Mon 02 Jan 2023 01:04:52 +0000
ROA not before: Mon 02 Jan 2023 01:04:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3320
IP address blocks: 195.242.243.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:02:8a:d6:1e:f9:73:77:63:c2:04:32:33:37:fb:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Validity
Not Before: Jan 2 01:04:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e00885d23aebfe51c51f30b9ec7673179a60537b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:55:ef:ba:f1:93:2c:79:88:13:c6:97:21:ca:
38:6b:4b:e9:bc:d7:0b:1d:5b:23:0b:82:99:b3:75:
23:a4:c2:2a:c2:ec:70:86:8b:cb:da:0e:5e:e4:c9:
a8:2a:5c:b6:be:7a:be:c2:da:a4:87:d1:37:95:22:
d2:c5:e1:a4:86:5c:e6:0a:87:17:a2:38:ac:de:4d:
9d:4f:b0:5a:c1:ed:60:13:b9:d9:7b:b4:ae:a7:8f:
e1:be:46:9c:4a:e0:6c:17:1d:68:67:8e:f9:29:3e:
a0:88:81:46:b0:3a:75:6a:d6:53:db:98:78:ce:52:
4e:4b:1d:e9:4c:2c:5f:30:6b:61:29:de:bd:50:3e:
ee:5e:99:fe:f4:3d:d2:07:81:3e:b9:01:73:77:e3:
d4:82:e3:88:56:ff:03:58:5d:68:d3:b2:b5:ce:42:
cc:46:f9:6b:81:77:09:f6:65:d8:62:b2:b2:70:49:
56:1c:58:5d:98:c4:56:1e:0d:74:c2:c9:94:15:41:
1d:b3:77:cb:e7:58:0b:f3:c4:0a:c4:21:b8:a6:bf:
0e:49:14:a9:d2:8f:80:b6:10:d2:7a:dc:ae:03:3e:
2a:17:d8:36:1d:9f:62:99:b1:ce:9e:59:18:14:00:
c5:2f:9c:0b:06:9b:01:f3:b6:a9:f9:7c:34:50:fc:
02:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:08:85:D2:3A:EB:FE:51:C5:1F:30:B9:EC:76:73:17:9A:60:53:7B
X509v3 Authority Key Identifier:
keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/4AiF0jrr_lHFHzC57HZzF5pgU3s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.242.243.0/24
Signature Algorithm: sha256WithRSAEncryption
7d:0f:4d:cf:64:dc:7e:33:90:74:00:66:71:7a:48:7b:1d:fb:
04:46:23:89:82:b0:1e:06:b3:55:2a:db:08:29:7d:31:c8:14:
c1:31:4d:4b:8c:c1:a5:ba:8f:d5:3c:14:dc:6a:66:c0:c0:f1:
7d:94:41:78:a3:4c:65:41:ab:45:b5:6e:5a:00:03:6b:1d:52:
f1:1d:bc:0e:13:7c:06:3e:63:cc:dd:79:de:05:a2:b5:ff:72:
f1:0c:4f:7a:d6:d2:f0:dc:4d:09:1c:0f:62:83:12:3b:0c:e2:
7f:8d:4b:6d:4e:d4:db:82:83:0c:46:97:50:b0:1b:ac:57:fb:
9d:8a:f3:8b:ec:7a:26:06:19:81:1a:96:d5:cc:f0:83:c9:16:
44:6b:ce:36:7f:90:a3:28:cb:02:b4:81:1c:1d:1e:8e:b6:52:
1a:c9:f8:8a:d5:a4:4c:b3:56:71:34:91:5f:e1:73:20:95:8a:
b8:cc:04:a5:40:19:56:af:6c:4d:37:fa:be:fd:06:49:67:1f:
e6:2e:3d:d0:e5:cf:09:08:dc:b1:7f:b0:cb:c3:e3:2e:ca:d4:
46:c2:7d:44:26:80:a1:b4:d0:60:d9:f6:de:c7:13:6b:e6:c3:
71:fa:be:2c:42:bd:ee:3b:07:27:4e:26:b2:6c:82:1f:a9:0f:
54:d2:e1:6c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVwAorWHvlzd2PCBDIzN/uhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjMwMTAyMDEwNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMDA4ODVkMjNhZWJmZTUxYzUxZjMwYjllYzc2NzMxNzlhNjA1MzdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmlXvuvGTLHmIE8aXIco4a0vpvNcL
HVsjC4KZs3UjpMIqwuxwhovL2g5e5MmoKly2vnq+wtqkh9E3lSLSxeGkhlzmCocX
ojis3k2dT7Bawe1gE7nZe7Sup4/hvkacSuBsFx1oZ475KT6giIFGsDp1atZT25h4
zlJOSx3pTCxfMGthKd69UD7uXpn+9D3SB4E+uQFzd+PUguOIVv8DWF1o07K1zkLM
RvlrgXcJ9mXYYrKycElWHFhdmMRWHg10wsmUFUEds3fL51gL88QKxCG4pr8OSRSp
0o+AthDSetyuAz4qF9g2HZ9imbHOnlkYFADFL5wLBpsB87ap+Xw0UPwCawIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFOAIhdI66/5RxR8wuex2cxeaYFN7MB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvNEFpRjBqcnJfbEhGSHpDNTdIWnpGNXBnVTNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/LzMA0G
CSqGSIb3DQEBCwUAA4IBAQB9D03PZNx+M5B0AGZxekh7HfsERiOJgrAeBrNVKtsI
KX0xyBTBMU1LjMGluo/VPBTcambAwPF9lEF4o0xlQatFtW5aAANrHVLxHbwOE3wG
PmPM3XneBaK1/3LxDE961tLw3E0JHA9igxI7DOJ/jUttTtTbgoMMRpdQsBusV/ud
ivOL7HomBhmBGpbVzPCDyRZEa842f5CjKMsCtIEcHR6OtlIayfiK1aRMs1ZxNJFf
4XMglYq4zASlQBlWr2xNN/q+/QZJZx/mLj3Q5c8JCNyxf7DLw+MuytRGwn1EJoCh
tNBg2fbexxNr5sNx+r4sQr3uOwcnTiaybIIfqQ9U0uFs
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:24:34 2025 by rpki-client