Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/oNm3t1-OQq9i6492vsGPORzRaiM.roa
File: oNm3t1-OQq9i6492vsGPORzRaiM.roa (raw, json)
Hash identifier: w8w1/3pEg/kzjE/R+ars+Hdq4fHIh/+IK3mj/Hi1Sys=
Subject key identifier: A0:D9:B7:B7:5F:8E:42:AF:62:EB:8F:76:BE:C1:8F:39:1C:D1:6A:23
Certificate issuer: /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial: 018CC56E1FE28D7185F95E7236814EE51F63
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/oNm3t1-OQq9i6492vsGPORzRaiM.roa
Signing time: Mon 01 Jan 2024 14:29:37 +0000
ROA not before: Mon 01 Jan 2024 14:29:37 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 142111
IP address blocks: 195.242.242.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:1f:e2:8d:71:85:f9:5e:72:36:81:4e:e5:1f:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Validity
Not Before: Jan 1 14:29:37 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a0d9b7b75f8e42af62eb8f76bec18f391cd16a23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:26:c9:d7:52:14:8d:05:9c:f9:39:76:cc:35:
5b:99:a4:9b:3e:ea:49:ef:81:c5:8f:07:83:7b:27:
d2:08:e8:e1:84:fd:1d:8a:02:50:36:de:f6:c1:53:
c6:a6:79:c4:88:1d:7e:9b:70:f5:57:61:93:21:01:
2b:4b:51:dd:60:c7:bd:d5:34:c7:80:12:47:99:ac:
1f:75:39:0b:4e:50:c6:59:25:8a:66:3d:e4:3f:b8:
cf:04:0d:a0:e4:08:7b:84:b0:16:21:e6:10:3c:22:
4d:25:d2:c6:9e:ca:16:b5:10:a5:88:e0:15:6d:3f:
f9:82:b5:5c:7a:d3:03:b1:4a:5c:e2:08:83:ff:fd:
10:e2:e4:9e:af:71:f0:5d:fa:6f:ef:e4:95:3b:44:
72:1d:d4:6a:90:8e:6e:2f:6c:21:79:cb:05:3b:d5:
ce:32:8b:e7:ba:cc:34:af:c7:7a:04:d0:45:2f:ec:
81:9a:99:32:31:92:5a:a6:df:92:38:0a:e2:52:60:
67:e8:60:de:2a:22:e5:eb:b0:79:16:7a:ec:7f:3c:
78:1b:8b:51:f7:2d:28:2e:7c:7d:4f:b1:e1:e7:8d:
1d:97:6f:6f:35:44:a6:cc:8e:68:59:dc:08:dc:58:
0c:25:a7:98:ae:8d:46:f1:64:e5:a1:34:3d:19:b0:
01:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:D9:B7:B7:5F:8E:42:AF:62:EB:8F:76:BE:C1:8F:39:1C:D1:6A:23
X509v3 Authority Key Identifier:
keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/oNm3t1-OQq9i6492vsGPORzRaiM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.242.242.0/24
Signature Algorithm: sha256WithRSAEncryption
9b:30:da:02:07:2b:61:97:8c:e1:ec:b6:80:97:2f:f6:c1:6c:
95:23:3e:86:03:43:27:a3:a2:8d:56:c4:3e:9b:f3:d9:ba:bc:
3d:11:e4:81:1f:28:21:08:22:b6:dd:18:8d:ae:a7:c9:58:62:
a0:ae:92:4d:af:00:9f:15:cb:a2:76:66:c5:9c:39:43:a3:d4:
c0:e4:f5:29:b4:e8:68:1d:2d:88:69:b9:7c:6f:f6:9a:2c:a4:
2d:97:a8:13:a7:3b:0d:fa:34:c5:3b:6e:70:d7:1f:73:16:bd:
af:b1:fd:51:42:93:d8:7f:d5:27:b9:3a:f4:80:bf:4e:21:d6:
43:60:36:bd:b0:da:2e:a1:98:21:f4:a0:4b:13:f7:01:77:0a:
7e:fa:5b:89:87:ee:ff:7a:e6:fe:6f:b4:3e:9a:ba:a9:87:3d:
ed:45:49:8b:17:b8:ad:78:66:2f:2d:2a:4a:22:5e:7c:9d:42:
1f:90:e3:e4:e0:54:9e:b1:2a:6d:3a:1b:b4:e1:11:be:82:63:
17:80:54:f0:2f:d0:8d:ac:fb:e9:d3:34:63:2f:d0:84:82:2f:
0f:76:a6:32:34:1d:31:b2:61:e4:07:02:16:7d:fd:c8:09:38:
44:56:e8:21:82:8a:ca:c8:16:e4:fd:2c:83:e7:85:06:54:0d:
b2:25:58:2a
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzFbh/ijXGF+V5yNoFO5R9jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjQwMTAxMTQyOTM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGQ5YjdiNzVmOGU0MmFmNjJlYjhmNzZiZWMxOGYzOTFjZDE2YTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtCbJ11IUjQWc+Tl2zDVbmaSbPupJ
74HFjweDeyfSCOjhhP0digJQNt72wVPGpnnEiB1+m3D1V2GTIQErS1HdYMe91TTH
gBJHmawfdTkLTlDGWSWKZj3kP7jPBA2g5Ah7hLAWIeYQPCJNJdLGnsoWtRCliOAV
bT/5grVcetMDsUpc4giD//0Q4uSer3HwXfpv7+SVO0RyHdRqkI5uL2whecsFO9XO
Movnusw0r8d6BNBFL+yBmpkyMZJapt+SOAriUmBn6GDeKiLl67B5Fnrsfzx4G4tR
9y0oLnx9T7Hh540dl29vNUSmzI5oWdwI3FgMJaeYro1G8WTloTQ9GbABPwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFKDZt7dfjkKvYuuPdr7Bjzkc0WojMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvb05tM3QxLU9RcTlpNjQ5MnZzR1BPUnpSYWlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAw/LyMA0G
CSqGSIb3DQEBCwUAA4IBAQCbMNoCBythl4zh7LaAly/2wWyVIz6GA0Mno6KNVsQ+
m/PZurw9EeSBHyghCCK23RiNrqfJWGKgrpJNrwCfFcuidmbFnDlDo9TA5PUptOho
HS2Iabl8b/aaLKQtl6gTpzsN+jTFO25w1x9zFr2vsf1RQpPYf9UnuTr0gL9OIdZD
YDa9sNouoZgh9KBLE/cBdwp++luJh+7/eub+b7Q+mrqphz3tRUmLF7iteGYvLSpK
Il58nUIfkOPk4FSesSptOhu04RG+gmMXgFTwL9CNrPvp0zRjL9CEgi8PdqYyNB0x
smHkBwIWff3ICThEVughgorKyBbk/SyD54UGVA2yJVgq
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:46:32 2025 by rpki-client