Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/e775eb-7d8a-4835-9456-bd7bf949d9c2/1/Ix4TcJZDKGcequHjBHgyJEtmlRQ.roa
File: Ix4TcJZDKGcequHjBHgyJEtmlRQ.roa (raw, json)
Hash identifier: 0DR79XLiWaG/9DUo8Txeoqzpw/4Ct1xLPKLmo6nPDBo=
Subject key identifier: 23:1E:13:70:96:43:28:67:1E:AA:E1:E3:04:78:32:24:4B:66:95:14
Certificate issuer: /CN=0212a07ce793a5f0416027bf4aab8bd1ceaf0fce
Certificate serial: 018D3C4E0FB513CEFDD2BA279ED2322A81EB
Authority key identifier: 02:12:A0:7C:E7:93:A5:F0:41:60:27:BF:4A:AB:8B:D1:CE:AF:0F:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AhKgfOeTpfBBYCe_SquL0c6vD84.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/e775eb-7d8a-4835-9456-bd7bf949d9c2/1/Ix4TcJZDKGcequHjBHgyJEtmlRQ.roa
Signing time: Wed 24 Jan 2024 16:29:25 +0000
ROA not before: Wed 24 Jan 2024 16:29:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8100
IP address blocks: 31.220.14.0/24 maxlen: 24
45.12.52.0/23 maxlen: 23
185.238.249.0/24 maxlen: 24
185.238.251.0/24 maxlen: 24
193.9.45.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:3c:4e:0f:b5:13:ce:fd:d2:ba:27:9e:d2:32:2a:81:eb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0212a07ce793a5f0416027bf4aab8bd1ceaf0fce
Validity
Not Before: Jan 24 16:29:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=231e1370964328671eaae1e3047832244b669514
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:ad:a9:39:fb:35:f3:97:b3:1d:7b:11:9f:3d:
58:15:39:a7:14:b5:b3:d8:87:a9:a1:1e:66:54:08:
7f:dd:34:c3:cc:3c:c1:7a:eb:a3:0e:d4:5f:dc:4a:
23:90:1e:e2:7f:41:44:94:47:6e:f7:0b:6f:b7:b2:
40:72:28:58:94:97:37:e4:bc:f2:2c:87:4b:ef:2a:
1e:43:34:08:fa:50:28:74:ed:a0:73:e9:68:cc:ef:
d6:f4:c6:12:ed:55:54:68:5d:1e:5b:4c:cf:15:29:
71:85:c9:e0:74:8a:e5:f7:d9:c5:89:24:b9:05:18:
85:ce:6a:84:a2:c5:df:92:d7:da:52:e5:db:15:71:
58:4e:84:16:db:5b:48:0f:74:16:fc:8f:c1:ce:f0:
e2:3b:ae:e9:04:33:a6:05:fd:64:bd:2a:cb:83:30:
4b:d3:92:6c:5f:51:15:f0:4c:89:b2:78:8d:ac:e4:
38:4b:74:21:6f:ab:be:76:a1:63:f0:dc:2a:ad:26:
17:c0:1c:db:bb:c1:48:88:7c:99:88:7b:94:dc:e6:
30:4e:9e:ff:a1:eb:ea:9d:f5:10:1a:0a:12:0f:b7:
bd:98:d1:ce:c8:d1:83:80:6a:31:85:d0:51:c0:7b:
82:ac:b3:b0:1b:b6:51:17:7c:27:f3:da:b5:d8:c9:
14:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:1E:13:70:96:43:28:67:1E:AA:E1:E3:04:78:32:24:4B:66:95:14
X509v3 Authority Key Identifier:
keyid:02:12:A0:7C:E7:93:A5:F0:41:60:27:BF:4A:AB:8B:D1:CE:AF:0F:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AhKgfOeTpfBBYCe_SquL0c6vD84.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/e775eb-7d8a-4835-9456-bd7bf949d9c2/1/Ix4TcJZDKGcequHjBHgyJEtmlRQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/e775eb-7d8a-4835-9456-bd7bf949d9c2/1/AhKgfOeTpfBBYCe_SquL0c6vD84.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.220.14.0/24
45.12.52.0/23
185.238.249.0/24
185.238.251.0/24
193.9.45.0/24
Signature Algorithm: sha256WithRSAEncryption
50:e6:8b:bc:f1:56:4e:85:e4:e1:b9:4e:fc:fe:34:72:8e:cf:
95:9c:f1:d5:21:d8:f4:57:dd:0a:f4:f6:00:f5:9b:37:ca:96:
e0:63:91:b3:18:82:23:86:ae:74:ad:a1:d0:a0:6a:ca:c6:30:
99:39:a1:74:55:9b:e5:61:e8:e1:1f:f7:d6:50:57:c7:25:44:
f6:93:a3:56:c0:1b:84:d5:09:fa:6f:16:6e:0b:04:c9:e9:43:
99:8c:03:e7:18:21:a5:e6:fa:2d:8c:e3:b5:67:99:cb:72:81:
73:ac:94:d4:4f:79:06:1c:0e:af:73:f4:46:01:00:39:1a:4d:
e3:2b:92:a6:80:6d:f9:2b:e7:ad:06:32:85:19:56:90:60:17:
da:2c:12:ef:29:b7:5e:63:41:93:f1:0b:83:96:50:33:a9:ab:
32:20:0b:c7:84:4c:aa:17:96:5e:46:5d:eb:29:9f:93:46:bc:
3c:fd:87:b0:f7:73:3c:54:fc:f9:da:0a:d2:88:d3:82:eb:e9:
d2:ab:48:ef:ac:c9:47:94:48:60:d8:e1:30:65:80:80:6d:ba:
e4:9e:be:ac:bf:67:ad:3d:e8:cf:dd:fc:de:30:c2:41:81:4d:
2b:ff:f3:d1:08:f2:81:c2:69:0b:fe:6f:10:e8:77:5f:12:af:
30:93:87:a4
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY08Tg+1E8790ronntIyKoHrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAyMTJhMDdjZTc5M2E1ZjA0MTYwMjdiZjRhYWI4YmQxY2Vh
ZjBmY2UwHhcNMjQwMTI0MTYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMzFlMTM3MDk2NDMyODY3MWVhYWUxZTMwNDc4MzIyNDRiNjY5NTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz62pOfs185ezHXsRnz1YFTmnFLWz
2IepoR5mVAh/3TTDzDzBeuujDtRf3EojkB7if0FElEdu9wtvt7JAcihYlJc35Lzy
LIdL7yoeQzQI+lAodO2gc+lozO/W9MYS7VVUaF0eW0zPFSlxhcngdIrl99nFiSS5
BRiFzmqEosXfktfaUuXbFXFYToQW21tID3QW/I/BzvDiO67pBDOmBf1kvSrLgzBL
05JsX1EV8EyJsniNrOQ4S3Qhb6u+dqFj8NwqrSYXwBzbu8FIiHyZiHuU3OYwTp7/
oevqnfUQGgoSD7e9mNHOyNGDgGoxhdBRwHuCrLOwG7ZRF3wn89q12MkUYQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCMeE3CWQyhnHqrh4wR4MiRLZpUUMB8GA1UdIwQY
MBaAFAISoHznk6XwQWAnv0qri9HOrw/OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQWhLZ2ZPZVRwZkJCWUNlX1NxdUwwYzZ2RDg0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy9lNzc1ZWItN2Q4YS00ODM1LTk0NTYt
YmQ3YmY5NDlkOWMyLzEvSXg0VGNKWkRLR2NlcXVIakJIZ3lKRXRtbFJRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy9lNzc1ZWItN2Q4YS00ODM1LTk0NTYtYmQ3YmY5NDlkOWMy
LzEvQWhLZ2ZPZVRwZkJCWUNlX1NxdUwwYzZ2RDg0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAH9wOAwQB
LQw0AwQAue75AwQAue77AwQAwQktMA0GCSqGSIb3DQEBCwUAA4IBAQBQ5ou88VZO
heThuU78/jRyjs+VnPHVIdj0V90K9PYA9Zs3ypbgY5GzGIIjhq50raHQoGrKxjCZ
OaF0VZvlYejhH/fWUFfHJUT2k6NWwBuE1Qn6bxZuCwTJ6UOZjAPnGCGl5votjOO1
Z5nLcoFzrJTUT3kGHA6vc/RGAQA5Gk3jK5KmgG35K+etBjKFGVaQYBfaLBLvKbde
Y0GT8QuDllAzqasyIAvHhEyqF5ZeRl3rKZ+TRrw8/Yew93M8VPz52grSiNOC6+nS
q0jvrMlHlEhg2OEwZYCAbbrknr6sv2etPejP3fzeMMJBgU0r//PRCPKBwmkL/m8Q
6HdfEq8wk4ek
-----END CERTIFICATE-----
Generated at Fri Feb 23 16:25:33 2024 by rpki-client on console-fra.rpki-client.org