Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/rT8Y1ojCu1i73FNjKLzkDjjP2Lo.roa
File: rT8Y1ojCu1i73FNjKLzkDjjP2Lo.roa (raw, json)
Hash identifier: ot3qViUuCgFxuQwdUSlxwl/zWwW0lCsAAdW++SJH6Zo=
Subject key identifier: AD:3F:18:D6:88:C2:BB:58:BB:DC:53:63:28:BC:E4:0E:38:CF:D8:BA
Certificate issuer: /CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Certificate serial: 018CC500C64FB2CA69F1444010C7E39DE553
Authority key identifier: 08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/rT8Y1ojCu1i73FNjKLzkDjjP2Lo.roa
Signing time: Mon 01 Jan 2024 12:30:11 +0000
ROA not before: Mon 01 Jan 2024 12:30:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 61317
IP address blocks: 188.66.26.0/24 maxlen: 24
193.108.59.0/24 maxlen: 24
193.3.20.0/24 maxlen: 24
193.108.105.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:00:c6:4f:b2:ca:69:f1:44:40:10:c7:e3:9d:e5:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=088465b37b2d4e9f413a31dc7b7e6cba2a33db96
Validity
Not Before: Jan 1 12:30:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ad3f18d688c2bb58bbdc536328bce40e38cfd8ba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:4c:0a:d9:45:da:2d:08:58:ab:ae:8a:92:43:
da:13:83:9d:00:03:e7:a5:e7:2b:d5:42:a7:36:6e:
ad:f7:20:65:02:09:5e:8f:a1:e0:c5:af:f5:23:80:
74:72:d0:4f:82:e1:c5:c4:97:18:f9:53:1e:62:2b:
c6:9c:b0:8b:04:25:2b:79:c2:21:b0:2e:21:bc:a6:
86:9c:89:5f:05:db:de:b4:a4:10:27:dc:93:36:ad:
39:25:ae:d1:64:56:25:42:68:cf:e5:49:7a:f7:44:
03:c2:42:a0:c7:fb:08:5e:a0:bc:21:4c:c7:1d:df:
8d:2e:30:cf:d6:c1:52:81:fd:ec:3c:cd:16:91:25:
0d:5d:94:de:b5:1d:73:f8:57:fa:dc:20:3d:0e:ea:
8e:5c:bc:84:fb:32:e1:b1:9d:c6:f7:38:d7:9c:fd:
10:a7:7b:90:83:8d:2b:b1:c4:be:47:88:4f:48:ff:
5f:77:54:88:2c:6a:3d:54:7f:9b:46:ac:b4:61:40:
21:f3:9a:21:af:f6:ce:45:c0:65:9e:e7:ee:a9:d1:
d3:ba:e7:16:93:71:dc:13:cc:b8:0f:07:d1:3f:dd:
9a:a5:69:d2:1c:76:24:be:d2:f0:ca:c3:4b:2e:41:
84:40:37:5f:14:a4:8f:85:c9:66:c3:d4:08:cc:f3:
9a:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:3F:18:D6:88:C2:BB:58:BB:DC:53:63:28:BC:E4:0E:38:CF:D8:BA
X509v3 Authority Key Identifier:
keyid:08:84:65:B3:7B:2D:4E:9F:41:3A:31:DC:7B:7E:6C:BA:2A:33:DB:96
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CIRls3stTp9BOjHce35suioz25Y.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/rT8Y1ojCu1i73FNjKLzkDjjP2Lo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3d/3e2b18-55c9-4180-8c6e-2c7086fded93/1/CIRls3stTp9BOjHce35suioz25Y.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.66.26.0/24
193.3.20.0/24
193.108.59.0/24
193.108.105.0/24
Signature Algorithm: sha256WithRSAEncryption
9f:62:91:95:5c:3b:2b:37:85:81:23:d8:64:94:70:1e:db:12:
7e:e6:c5:7a:e8:b6:56:ca:d8:fe:92:7d:6b:3d:f4:cf:05:59:
93:42:60:ca:9b:00:d4:46:b2:97:de:41:74:3d:35:e0:f6:97:
10:72:32:f4:34:d5:cf:0e:61:2e:2d:5f:fa:cd:ca:e2:16:c7:
23:fc:cc:95:cc:83:ae:bb:6d:19:4d:43:ec:8c:56:ed:94:b5:
8e:48:b0:30:bf:58:02:9a:6f:cd:52:ba:f0:e4:93:ab:39:d0:
4b:1f:b5:bd:85:98:e4:19:08:f8:6b:a6:97:55:e4:d9:f8:d3:
7f:4d:80:64:a8:57:9f:01:ab:22:96:62:b8:b3:ac:41:b7:41:
d0:d4:3a:9d:39:44:4e:0a:48:0a:b3:08:12:20:67:db:1a:11:
3d:08:cb:32:95:57:2e:d4:59:cd:67:6d:69:3a:06:20:04:09:
43:60:e1:45:fd:ae:9f:d6:08:b0:66:8a:b7:19:5d:9a:c0:9b:
70:ac:77:cc:ba:a4:ec:6d:98:be:1f:5e:3d:eb:99:35:0d:c6:
9c:f8:e6:86:cc:ec:0a:2f:b7:66:0c:77:de:f5:61:5c:4d:88:
ac:55:d5:4e:c2:7f:15:df:3c:47:e6:e4:a9:0a:3b:0d:a7:a4:
f1:62:f6:71
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYzFAMZPsspp8URAEMfjneVTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA4ODQ2NWIzN2IyZDRlOWY0MTNhMzFkYzdiN2U2Y2JhMmEz
M2RiOTYwHhcNMjQwMTAxMTIzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDNmMThkNjg4YzJiYjU4YmJkYzUzNjMyOGJjZTQwZTM4Y2ZkOGJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2EwK2UXaLQhYq66KkkPaE4OdAAPn
pecr1UKnNm6t9yBlAglej6Hgxa/1I4B0ctBPguHFxJcY+VMeYivGnLCLBCUrecIh
sC4hvKaGnIlfBdvetKQQJ9yTNq05Ja7RZFYlQmjP5Ul690QDwkKgx/sIXqC8IUzH
Hd+NLjDP1sFSgf3sPM0WkSUNXZTetR1z+Ff63CA9DuqOXLyE+zLhsZ3G9zjXnP0Q
p3uQg40rscS+R4hPSP9fd1SILGo9VH+bRqy0YUAh85ohr/bORcBlnufuqdHTuucW
k3HcE8y4DwfRP92apWnSHHYkvtLwysNLLkGEQDdfFKSPhclmw9QIzPOa5wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFK0/GNaIwrtYu9xTYyi85A44z9i6MB8GA1UdIwQY
MBaAFAiEZbN7LU6fQTox3Ht+bLoqM9uWMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUt
MmM3MDg2ZmRlZDkzLzEvclQ4WTFvakN1MWk3M0ZOaktMemtEampQMkxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZC8zZTJiMTgtNTVjOS00MTgwLThjNmUtMmM3MDg2ZmRlZDkz
LzEvQ0lSbHMzc3RUcDlCT2pIY2UzNXN1aW96MjVZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAvEIaAwQA
wQMUAwQAwWw7AwQAwWxpMA0GCSqGSIb3DQEBCwUAA4IBAQCfYpGVXDsrN4WBI9hk
lHAe2xJ+5sV66LZWytj+kn1rPfTPBVmTQmDKmwDURrKX3kF0PTXg9pcQcjL0NNXP
DmEuLV/6zcriFscj/MyVzIOuu20ZTUPsjFbtlLWOSLAwv1gCmm/NUrrw5JOrOdBL
H7W9hZjkGQj4a6aXVeTZ+NN/TYBkqFefAasilmK4s6xBt0HQ1DqdOUROCkgKswgS
IGfbGhE9CMsylVcu1FnNZ21pOgYgBAlDYOFF/a6f1giwZoq3GV2awJtwrHfMuqTs
bZi+H14965k1Dcac+OaGzOwKL7dmDHfe9WFcTYisVdVOwn8V3zxH5uSpCjsNp6Tx
YvZx
-----END CERTIFICATE-----
Generated at Thu Feb 1 13:28:27 2024 by rpki-client on console-ams.rpki-client.org