Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/csP0hHtRRBHc3U_opduwg2jQ1Xw.roa
File: csP0hHtRRBHc3U_opduwg2jQ1Xw.roa (raw, json)
Hash identifier: p0Zj8MAQ44Zlrfrh+wDGrVMNmb+lfIbqJFVKt7aqVqg=
Subject key identifier: 72:C3:F4:84:7B:51:44:11:DC:DD:4F:E8:A5:DB:B0:83:68:D0:D5:7C
Certificate issuer: /CN=458d12f095053c35876b88b47685d6435421fcf2
Certificate serial: 018CC8DF951D8CCBCABA60726619DC5DF263
Authority key identifier: 45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/csP0hHtRRBHc3U_opduwg2jQ1Xw.roa
Signing time: Tue 02 Jan 2024 06:32:25 +0000
ROA not before: Tue 02 Jan 2024 06:32:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49981
IP address blocks: 79.132.137.0/24 maxlen: 24
79.132.139.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:df:95:1d:8c:cb:ca:ba:60:72:66:19:dc:5d:f2:63
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=458d12f095053c35876b88b47685d6435421fcf2
Validity
Not Before: Jan 2 06:32:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=72c3f4847b514411dcdd4fe8a5dbb08368d0d57c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:82:54:88:05:e7:19:6b:c0:86:1b:6b:a4:7a:
b9:7f:f7:a3:79:2a:53:0c:de:24:8f:43:6f:35:8d:
54:95:b0:76:86:af:ba:34:a0:5d:07:9a:d5:c0:ac:
18:57:12:f8:fa:6c:60:c0:34:59:84:50:20:e5:41:
f7:54:07:73:da:e5:57:c0:cb:b5:0f:d6:38:ae:c8:
92:2a:d4:1e:e9:0a:8a:f8:0f:a3:1e:a3:73:34:96:
98:08:bf:f3:00:b5:3c:24:59:57:4e:46:cf:97:c2:
5a:bd:65:d7:3a:a9:b3:c6:17:95:68:58:0a:16:82:
57:89:3c:d3:00:c0:68:31:aa:34:03:b1:34:c5:e4:
50:df:c2:72:ab:c3:16:27:c7:c3:91:58:5c:56:96:
70:f5:0a:d3:86:51:70:25:6e:4a:82:f8:ce:b7:46:
76:be:05:38:d6:0e:a9:96:bd:5c:87:40:4a:fd:32:
d3:c3:e7:0d:b2:03:4e:ba:88:78:56:80:48:65:ff:
9c:23:9f:3f:65:1b:aa:9b:ea:7a:7e:2d:cc:cc:c8:
b4:34:e1:4c:25:51:ab:99:fd:d4:c0:ba:b1:6d:aa:
c5:09:d3:a3:c1:30:05:70:46:8c:cb:0a:bb:32:42:
46:89:23:75:91:b9:7c:4d:e0:a3:0d:32:82:a1:97:
09:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:C3:F4:84:7B:51:44:11:DC:DD:4F:E8:A5:DB:B0:83:68:D0:D5:7C
X509v3 Authority Key Identifier:
keyid:45:8D:12:F0:95:05:3C:35:87:6B:88:B4:76:85:D6:43:54:21:FC:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/csP0hHtRRBHc3U_opduwg2jQ1Xw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/7cecc7-f63d-43fc-b219-3955959eaf81/1/RY0S8JUFPDWHa4i0doXWQ1Qh_PI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.132.137.0/24
79.132.139.0/24
Signature Algorithm: sha256WithRSAEncryption
0e:51:c6:a6:e8:6d:6c:cb:d6:ee:15:a4:97:d4:c6:c9:a7:b4:
fe:c3:ee:41:b8:76:ca:c4:bf:e9:16:10:da:f1:0c:73:5b:98:
ba:2e:bd:51:12:0e:8c:3d:6a:72:d1:55:2b:80:58:ce:f7:02:
f6:8e:dc:e9:31:78:f1:7f:a9:c3:6a:cf:28:21:79:f2:86:93:
08:67:83:42:44:78:3a:73:ff:d2:ca:7b:75:f4:6f:ba:a1:41:
1f:26:20:a1:4e:eb:31:5c:18:d2:43:5c:43:fd:d5:f8:12:26:
a6:42:3e:62:8f:2b:b6:55:8b:cb:68:38:dc:5e:3a:67:05:88:
ab:85:b4:15:c8:91:4b:fb:08:b8:51:94:35:78:81:c2:2b:ec:
2b:31:98:82:b6:08:9f:65:38:a8:50:95:29:6e:dd:49:e1:dc:
3c:19:73:d5:13:f7:e4:bd:37:3a:8c:aa:de:88:00:9e:7c:95:
eb:ab:a3:02:92:2a:8f:b1:18:b4:6f:fa:25:a1:39:2f:6b:9f:
23:43:0a:59:6e:52:41:04:4e:a8:79:f9:e9:71:fe:4b:81:0b:
40:55:59:f2:47:53:1d:46:35:85:29:2c:3a:b2:91:c2:3d:aa:
96:e2:b3:e1:1e:33:b2:1e:af:77:05:d1:dd:01:68:6e:97:96:
40:14:68:3b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzI35UdjMvKumByZhncXfJjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ1OGQxMmYwOTUwNTNjMzU4NzZiODhiNDc2ODVkNjQzNTQy
MWZjZjIwHhcNMjQwMTAyMDYzMjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmMzZjQ4NDdiNTE0NDExZGNkZDRmZThhNWRiYjA4MzY4ZDBkNTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAloJUiAXnGWvAhhtrpHq5f/ejeSpT
DN4kj0NvNY1UlbB2hq+6NKBdB5rVwKwYVxL4+mxgwDRZhFAg5UH3VAdz2uVXwMu1
D9Y4rsiSKtQe6QqK+A+jHqNzNJaYCL/zALU8JFlXTkbPl8JavWXXOqmzxheVaFgK
FoJXiTzTAMBoMao0A7E0xeRQ38Jyq8MWJ8fDkVhcVpZw9QrThlFwJW5KgvjOt0Z2
vgU41g6plr1ch0BK/TLTw+cNsgNOuoh4VoBIZf+cI58/ZRuqm+p6fi3MzMi0NOFM
JVGrmf3UwLqxbarFCdOjwTAFcEaMywq7MkJGiSN1kbl8TeCjDTKCoZcJ0wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFHLD9IR7UUQR3N1P6KXbsINo0NV8MB8GA1UdIwQY
MBaAFEWNEvCVBTw1h2uItHaF1kNUIfzyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTkt
Mzk1NTk1OWVhZjgxLzEvY3NQMGhIdFJSQkhjM1Vfb3BkdXdnMmpRMVh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS83Y2VjYzctZjYzZC00M2ZjLWIyMTktMzk1NTk1OWVhZjgx
LzEvUlkwUzhKVUZQRFdIYTRpMGRvWFdRMVFoX1BJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAT4SJAwQA
T4SLMA0GCSqGSIb3DQEBCwUAA4IBAQAOUcam6G1sy9buFaSX1MbJp7T+w+5BuHbK
xL/pFhDa8QxzW5i6Lr1REg6MPWpy0VUrgFjO9wL2jtzpMXjxf6nDas8oIXnyhpMI
Z4NCRHg6c//Synt19G+6oUEfJiChTusxXBjSQ1xD/dX4EiamQj5ijyu2VYvLaDjc
XjpnBYirhbQVyJFL+wi4UZQ1eIHCK+wrMZiCtgifZTioUJUpbt1J4dw8GXPVE/fk
vTc6jKreiACefJXrq6MCkiqPsRi0b/oloTkva58jQwpZblJBBE6oefnpcf5LgQtA
VVnyR1MdRjWFKSw6spHCPaqW4rPhHjOyHq93BdHdAWhul5ZAFGg7
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:26:02 2024 by rpki-client on console-fra.rpki-client.org