Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3f/3c08ae-eb6d-4608-82c3-6c04a6ed13c5/1/H1WuWQeLl9ErvZ0win9a8eSENkA.roa
File: H1WuWQeLl9ErvZ0win9a8eSENkA.roa (raw, json)
Hash identifier: XGE6yMNw/+tuLyRhdHwuYoZRYUtP4YGvMePTY9yGJ3U=
Subject key identifier: 1F:55:AE:59:07:8B:97:D1:2B:BD:9D:30:8A:7F:5A:F1:E4:84:36:40
Certificate issuer: /CN=c9da2ff5a77e78eec3033dda5749a4a8c1e55164
Certificate serial: 0190319A9D66FD3DFBAADCA66B209F9EA72A
Authority key identifier: C9:DA:2F:F5:A7:7E:78:EE:C3:03:3D:DA:57:49:A4:A8:C1:E5:51:64
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ydov9ad-eO7DAz3aV0mkqMHlUWQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3f/3c08ae-eb6d-4608-82c3-6c04a6ed13c5/1/H1WuWQeLl9ErvZ0win9a8eSENkA.roa
Signing time: Wed 19 Jun 2024 17:45:34 +0000
ROA not before: Wed 19 Jun 2024 17:45:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 7029
IP address blocks: 185.5.144.0/24 maxlen: 24
195.64.115.0/24 maxlen: 24
195.96.134.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:31:9a:9d:66:fd:3d:fb:aa:dc:a6:6b:20:9f:9e:a7:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c9da2ff5a77e78eec3033dda5749a4a8c1e55164
Validity
Not Before: Jun 19 17:45:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1f55ae59078b97d12bbd9d308a7f5af1e4843640
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:01:6e:05:c9:0a:43:43:42:ad:08:d8:c8:fc:
90:cb:be:b3:79:37:c1:c4:84:e0:2b:e2:01:3d:24:
12:85:a1:53:24:ae:2b:54:02:c8:97:55:9f:ef:88:
c8:48:d2:bc:3b:d4:b7:72:b5:40:f4:59:86:72:85:
ba:56:49:cd:0e:41:2e:40:7e:df:11:8e:ad:20:19:
01:e0:5c:8e:5c:29:50:e7:2a:f7:e3:a0:e4:cb:2d:
1c:bc:5b:b1:2a:93:da:a1:43:9b:e2:a2:22:17:96:
f2:8f:72:d6:71:3e:0b:7e:c5:ce:c2:d7:6f:69:7b:
db:20:25:f0:49:84:62:2d:63:81:7a:91:db:8f:fc:
c3:19:76:f1:19:7d:a4:a1:0b:9e:40:96:72:c8:24:
74:87:ef:e2:9c:ff:65:57:d5:09:6f:a0:6e:56:c7:
fd:9b:93:b4:89:a2:96:87:e5:90:63:e5:34:88:f1:
5c:d1:bf:88:7d:5e:c4:0d:1f:90:76:b5:e1:79:de:
ed:f1:f0:92:28:66:b4:00:db:71:5d:d3:9b:1d:70:
1f:d6:4e:fb:d1:8b:56:43:51:61:5d:7f:e5:79:30:
12:78:ee:1b:9f:9a:85:1b:c2:ec:68:b5:65:9c:56:
ee:64:c9:51:c8:19:5f:5b:f5:2a:8a:1d:fc:a9:98:
6a:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1F:55:AE:59:07:8B:97:D1:2B:BD:9D:30:8A:7F:5A:F1:E4:84:36:40
X509v3 Authority Key Identifier:
keyid:C9:DA:2F:F5:A7:7E:78:EE:C3:03:3D:DA:57:49:A4:A8:C1:E5:51:64
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ydov9ad-eO7DAz3aV0mkqMHlUWQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/3c08ae-eb6d-4608-82c3-6c04a6ed13c5/1/H1WuWQeLl9ErvZ0win9a8eSENkA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3f/3c08ae-eb6d-4608-82c3-6c04a6ed13c5/1/ydov9ad-eO7DAz3aV0mkqMHlUWQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.5.144.0/24
195.64.115.0/24
195.96.134.0/24
Signature Algorithm: sha256WithRSAEncryption
80:29:31:5f:fc:0e:12:f4:68:a4:5d:83:74:4c:45:6e:8b:d3:
07:9f:23:60:13:e5:d5:94:88:bd:62:4c:7a:b3:b2:82:d1:c9:
b6:7f:98:50:45:a6:e5:31:25:c3:71:8f:39:3f:f2:2b:6c:fa:
00:b1:ae:fb:18:a2:e7:f1:00:1e:74:3a:73:e1:68:a2:e6:33:
71:87:9d:e9:13:bd:58:b7:70:90:ca:31:44:27:bf:1e:58:12:
a2:b9:6a:91:cc:5b:6c:10:5e:e4:06:2a:20:e0:d1:8f:52:89:
72:d6:59:ff:f6:3e:cc:4b:bf:fe:c1:00:74:28:59:e5:93:c2:
c8:ed:07:d3:e1:16:64:7e:5f:33:58:4a:cf:4b:85:1f:91:3b:
fe:4d:98:a3:77:1b:41:01:c7:c4:41:ce:74:5b:1c:d5:3c:37:
47:34:98:57:ab:51:40:5d:c7:88:08:2c:f4:ae:16:35:f9:be:
89:af:0b:fb:d1:42:f7:e8:3f:05:aa:a1:18:81:23:69:2c:7e:
8e:87:91:fa:5d:bd:53:42:07:72:cf:6e:61:7b:64:85:f9:dc:
70:9c:c9:df:5a:fe:ab:a6:ae:fc:3a:33:07:a1:76:a5:85:f5:
07:0b:67:50:59:a0:7a:69:02:1c:ea:57:94:8e:02:7f:ae:b1:
3b:e4:a3:a4
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAZAxmp1m/T37qtymayCfnqcqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM5ZGEyZmY1YTc3ZTc4ZWVjMzAzM2RkYTU3NDlhNGE4YzFl
NTUxNjQwHhcNMjQwNjE5MTc0NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZjU1YWU1OTA3OGI5N2QxMmJiZDlkMzA4YTdmNWFmMWU0ODQzNjQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7QFuBckKQ0NCrQjYyPyQy76zeTfB
xITgK+IBPSQShaFTJK4rVALIl1Wf74jISNK8O9S3crVA9FmGcoW6VknNDkEuQH7f
EY6tIBkB4FyOXClQ5yr346Dkyy0cvFuxKpPaoUOb4qIiF5byj3LWcT4LfsXOwtdv
aXvbICXwSYRiLWOBepHbj/zDGXbxGX2koQueQJZyyCR0h+/inP9lV9UJb6BuVsf9
m5O0iaKWh+WQY+U0iPFc0b+IfV7EDR+QdrXhed7t8fCSKGa0ANtxXdObHXAf1k77
0YtWQ1FhXX/leTASeO4bn5qFG8LsaLVlnFbuZMlRyBlfW/Uqih38qZhqXwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFB9VrlkHi5fRK72dMIp/WvHkhDZAMB8GA1UdIwQY
MBaAFMnaL/WnfnjuwwM92ldJpKjB5VFkMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveWRvdjlhZC1lTzdEQXozYVYwbWtxTUhsVVdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zZi8zYzA4YWUtZWI2ZC00NjA4LTgyYzMt
NmMwNGE2ZWQxM2M1LzEvSDFXdVdRZUxsOUVydlowd2luOWE4ZVNFTmtBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zZi8zYzA4YWUtZWI2ZC00NjA4LTgyYzMtNmMwNGE2ZWQxM2M1
LzEveWRvdjlhZC1lTzdEQXozYVYwbWtxTUhsVVdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAuQWQAwQA
w0BzAwQAw2CGMA0GCSqGSIb3DQEBCwUAA4IBAQCAKTFf/A4S9GikXYN0TEVui9MH
nyNgE+XVlIi9Ykx6s7KC0cm2f5hQRablMSXDcY85P/IrbPoAsa77GKLn8QAedDpz
4Wii5jNxh53pE71Yt3CQyjFEJ78eWBKiuWqRzFtsEF7kBiog4NGPUoly1ln/9j7M
S7/+wQB0KFnlk8LI7QfT4RZkfl8zWErPS4UfkTv+TZijdxtBAcfEQc50WxzVPDdH
NJhXq1FAXceICCz0rhY1+b6Jrwv70UL36D8FqqEYgSNpLH6Oh5H6Xb1TQgdyz25h
e2SF+dxwnMnfWv6rpq78OjMHoXalhfUHC2dQWaB6aQIc6leUjgJ/rrE75KOk
-----END CERTIFICATE-----
Generated at Thu Mar 13 21:21:33 2025 by rpki-client