Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/aI0lkgkAHSY0xv7QgK8siGdpJr0.roa
File: aI0lkgkAHSY0xv7QgK8siGdpJr0.roa (raw, json)
Hash identifier: MWt8USFENteEThY3v4wyt+2ufjS3YFglMqUJbYs12Vc=
Subject key identifier: 68:8D:25:92:09:00:1D:26:34:C6:FE:D0:80:AF:2C:88:67:69:26:BD
Certificate issuer: /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial: 018CC8DF62D424B314796849C94FAA0F4C47
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/aI0lkgkAHSY0xv7QgK8siGdpJr0.roa
Signing time: Tue 02 Jan 2024 06:32:12 +0000
ROA not before: Tue 02 Jan 2024 06:32:12 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 203511
IP address blocks: 193.31.116.0/24 maxlen: 24
213.226.119.0/24 maxlen: 24
176.98.41.0/24 maxlen: 24
84.54.13.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:df:62:d4:24:b3:14:79:68:49:c9:4f:aa:0f:4c:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
Validity
Not Before: Jan 2 06:32:12 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=688d259209001d2634c6fed080af2c88676926bd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:9d:41:b4:57:f1:10:55:bc:25:70:dd:60:a0:
0c:ee:33:96:d6:41:09:c0:8a:6d:82:06:b0:31:4d:
0f:6d:1b:9f:45:ed:8c:48:57:8c:a1:29:b5:d5:da:
78:13:49:bb:0d:b8:58:49:78:db:11:cb:ae:8e:bb:
75:b3:ad:42:9f:54:aa:4c:d6:3e:de:56:fe:39:ac:
22:b3:e2:18:8b:85:1c:f8:cf:c4:87:f9:38:97:91:
e4:ae:63:9e:84:08:1d:a6:05:f0:c8:fd:56:68:a4:
6c:17:ea:27:e0:06:a3:d2:5f:ca:20:75:fe:ce:26:
02:62:aa:cb:05:e9:48:a0:6b:c0:c1:32:a3:8b:03:
96:4c:1f:35:90:9b:27:6e:ce:7b:a3:0c:53:9d:ff:
5a:c0:83:96:fd:25:16:b4:19:02:29:04:29:b3:8e:
b3:94:30:b4:b2:8e:9b:73:86:5c:ef:f5:d7:90:b2:
62:5f:fc:7d:7e:df:f4:ab:58:e9:13:c2:24:52:e8:
35:2d:14:b7:db:39:50:cf:ea:0b:d6:f7:69:c8:88:
8f:7d:5c:e1:1d:af:bd:84:a3:17:2c:be:83:4a:31:
84:75:32:45:2c:03:24:f6:f3:69:bb:6d:36:df:cd:
13:7b:bb:47:e1:11:89:4c:0d:7d:31:48:60:a9:7d:
3a:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:8D:25:92:09:00:1D:26:34:C6:FE:D0:80:AF:2C:88:67:69:26:BD
X509v3 Authority Key Identifier:
keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/aI0lkgkAHSY0xv7QgK8siGdpJr0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.54.13.0/24
176.98.41.0/24
193.31.116.0/24
213.226.119.0/24
Signature Algorithm: sha256WithRSAEncryption
5e:b7:86:bb:77:d7:99:48:81:aa:ca:3b:52:dd:0f:33:d6:66:
0e:8f:cf:86:29:e3:9c:38:65:10:5a:40:e2:5e:de:c1:c5:02:
2c:50:86:9c:88:6f:05:b0:69:55:39:c2:73:73:cf:5a:06:57:
5d:e6:d2:15:20:ed:cd:da:45:f2:74:82:1e:0c:97:3f:a7:95:
b4:03:a4:25:c0:12:c7:69:62:d5:df:64:4b:43:07:65:ad:41:
3f:2f:d5:74:5b:46:53:33:96:cc:40:05:ce:14:1e:c7:2a:8e:
f1:d2:d2:f3:bf:ab:b9:e8:18:99:b9:04:80:86:53:6c:66:eb:
db:09:44:73:67:74:00:f1:2e:ac:4a:26:7e:00:36:63:13:c4:
bb:69:90:17:12:ef:c8:9a:fa:6d:1d:c0:60:8b:67:71:9f:a4:
e4:c7:a8:a6:85:22:30:88:8b:ec:df:a3:d5:72:83:fc:ff:68:
85:0d:3d:08:0c:44:c5:87:fd:8d:86:e4:f1:11:54:18:c6:da:
cf:35:c6:9c:ae:f8:25:32:1f:d6:39:e7:db:b2:92:da:6a:2f:
d6:e7:da:91:2c:66:19:21:90:a3:7d:d5:75:84:1b:d0:ac:18:
de:cd:ec:80:68:a4:b4:4f:a8:a3:88:5d:98:0c:5d:d0:fb:59:
e9:06:1e:ed
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzI32LUJLMUeWhJyU+qD0xHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYjM0Nzc0YjAxOTc5Mjg0ZmQ5ZTc1NGZlYTY4ZmEzYzYx
NzgzZDAwHhcNMjQwMTAyMDYzMjEyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODhkMjU5MjA5MDAxZDI2MzRjNmZlZDA4MGFmMmM4ODY3NjkyNmJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJ1BtFfxEFW8JXDdYKAM7jOW1kEJ
wIptggawMU0PbRufRe2MSFeMoSm11dp4E0m7DbhYSXjbEcuujrt1s61Cn1SqTNY+
3lb+Oawis+IYi4Uc+M/Eh/k4l5HkrmOehAgdpgXwyP1WaKRsF+on4Aaj0l/KIHX+
ziYCYqrLBelIoGvAwTKjiwOWTB81kJsnbs57owxTnf9awIOW/SUWtBkCKQQps46z
lDC0so6bc4Zc7/XXkLJiX/x9ft/0q1jpE8IkUug1LRS32zlQz+oL1vdpyIiPfVzh
Ha+9hKMXLL6DSjGEdTJFLAMk9vNpu202380Te7tH4RGJTA19MUhgqX06eQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFGiNJZIJAB0mNMb+0ICvLIhnaSa9MB8GA1UdIwQY
MBaAFI2zR3SwGXkoT9nnVP6mj6PGF4PQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGIt
NjI2NTUyMWY2ZGY3LzEvYUkwbGtna0FIU1kweHY3UWdLOHNpR2RwSnIwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGItNjI2NTUyMWY2ZGY3
LzEvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAVDYNAwQA
sGIpAwQAwR90AwQA1eJ3MA0GCSqGSIb3DQEBCwUAA4IBAQBet4a7d9eZSIGqyjtS
3Q8z1mYOj8+GKeOcOGUQWkDiXt7BxQIsUIaciG8FsGlVOcJzc89aBldd5tIVIO3N
2kXydIIeDJc/p5W0A6QlwBLHaWLV32RLQwdlrUE/L9V0W0ZTM5bMQAXOFB7HKo7x
0tLzv6u56BiZuQSAhlNsZuvbCURzZ3QA8S6sSiZ+ADZjE8S7aZAXEu/ImvptHcBg
i2dxn6Tkx6imhSIwiIvs36PVcoP8/2iFDT0IDETFh/2NhuTxEVQYxtrPNcacrvgl
Mh/WOefbspLaai/W59qRLGYZIZCjfdV1hBvQrBjezeyAaKS0T6ijiF2YDF3Q+1np
Bh7t
-----END CERTIFICATE-----
Generated at Fri Sep 6 15:05:26 2024 by rpki-client on console-ams.rpki-client.org