Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/GQCsg9-OdXNRpm4TlV4HP7uEvuI.roa
File: GQCsg9-OdXNRpm4TlV4HP7uEvuI.roa (raw, json)
Hash identifier: +lmvjILpWFm81MKlnbYnAMAsy4SQez9F+C6kkGjyZt0=
Subject key identifier: 19:00:AC:83:DF:8E:75:73:51:A6:6E:13:95:5E:07:3F:BB:84:BE:E2
Certificate issuer: /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial: 018570D558AC8AC15409C53E9C60BEA35C82
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/GQCsg9-OdXNRpm4TlV4HP7uEvuI.roa
Signing time: Mon 02 Jan 2023 04:55:08 +0000
ROA not before: Mon 02 Jan 2023 04:55:08 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 40997
IP address blocks: 213.139.201.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:d5:58:ac:8a:c1:54:09:c5:3e:9c:60:be:a3:5c:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Validity
Not Before: Jan 2 04:55:08 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1900ac83df8e757351a66e13955e073fbb84bee2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:b5:ab:b7:73:44:58:ca:e2:2d:a8:e6:c0:ac:
20:7b:d7:9c:d4:fc:b7:f8:7e:60:c5:82:ed:cf:d3:
9e:4e:e2:f8:33:d7:ab:24:53:0e:93:b0:cf:73:fd:
8b:9a:a8:60:b2:4b:9f:e3:b9:53:c3:61:e3:a6:3e:
4a:93:d6:4e:01:08:b6:ff:97:86:14:c6:e8:b4:ac:
23:0e:bb:83:13:d5:b2:5e:fd:99:16:8a:a4:8c:ae:
ec:11:70:3a:f7:45:ce:44:6b:17:81:27:e4:ec:c6:
4d:af:20:e2:81:c0:0b:b0:2e:85:75:2e:bf:d9:be:
1f:ef:e2:61:05:c2:1f:06:f3:a4:ec:e9:64:29:51:
1c:e0:50:a3:d8:16:ca:e5:2b:3e:1a:94:1c:76:2c:
5e:ba:bb:f0:31:29:b6:e2:7c:f5:ab:e7:18:eb:5c:
15:da:a5:1e:1c:70:ef:0d:54:60:fb:2a:9d:34:0b:
81:e2:aa:fd:4f:da:df:3f:72:91:c8:e9:a4:cd:56:
a2:c5:29:c2:67:12:89:a8:7c:7b:bf:85:b0:80:55:
d4:83:a0:37:78:fa:d7:37:5c:9b:80:b1:bf:47:24:
2a:36:69:50:18:1d:31:1d:d8:33:86:89:e7:35:7e:
d0:b9:09:63:ae:ae:13:f4:bc:cb:e5:09:e7:78:16:
39:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:00:AC:83:DF:8E:75:73:51:A6:6E:13:95:5E:07:3F:BB:84:BE:E2
X509v3 Authority Key Identifier:
keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/GQCsg9-OdXNRpm4TlV4HP7uEvuI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
213.139.201.0/24
Signature Algorithm: sha256WithRSAEncryption
38:c4:ad:a4:9b:b4:49:25:6f:4d:5e:b0:1c:af:79:b0:9b:cf:
02:80:ae:e7:1f:41:d4:16:b2:e8:fc:66:7d:7d:4c:84:97:5b:
77:08:d9:7f:a3:89:7e:9f:32:de:71:6b:4e:09:1c:95:cc:9d:
ec:08:67:1c:6c:2c:4e:f0:3e:07:53:0a:8e:cd:bf:79:fc:b0:
ab:3f:49:ff:cd:72:92:7b:09:dc:05:46:28:c7:ad:ac:d6:bc:
5f:37:dd:c4:ba:47:9e:01:3a:f1:bd:7b:3c:5d:a0:70:99:a0:
00:04:44:a3:09:e4:cd:46:89:dc:e1:28:a7:24:28:28:df:1e:
55:81:b9:64:07:24:2d:66:d0:f1:92:82:57:a7:a3:95:14:c3:
8b:af:d5:4b:ec:d7:22:91:ef:a4:64:6a:f4:e5:1a:cb:e0:39:
aa:3f:90:0e:0a:49:f7:63:c1:5e:28:8a:7a:39:83:db:b4:d2:
7e:7f:27:88:84:df:99:4e:31:66:a8:1b:b0:ef:72:ea:c1:3d:
b4:06:0a:06:cd:c4:44:42:f1:59:35:9f:7f:8c:55:88:26:1e:
fc:24:5b:7a:7b:5c:07:04:39:47:da:b1:11:74:70:61:e8:02:
17:c3:9f:b1:2f:27:84:14:65:3f:51:57:af:da:da:2c:e2:6c:
96:5e:e6:a7
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVw1VisisFUCcU+nGC+o1yCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjMwMTAyMDQ1NTA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTAwYWM4M2RmOGU3NTczNTFhNjZlMTM5NTVlMDczZmJiODRiZWUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorWrt3NEWMriLajmwKwge9ec1Py3
+H5gxYLtz9OeTuL4M9erJFMOk7DPc/2Lmqhgskuf47lTw2Hjpj5Kk9ZOAQi2/5eG
FMbotKwjDruDE9WyXv2ZFoqkjK7sEXA690XORGsXgSfk7MZNryDigcALsC6FdS6/
2b4f7+JhBcIfBvOk7OlkKVEc4FCj2BbK5Ss+GpQcdixeurvwMSm24nz1q+cY61wV
2qUeHHDvDVRg+yqdNAuB4qr9T9rfP3KRyOmkzVaixSnCZxKJqHx7v4WwgFXUg6A3
ePrXN1ybgLG/RyQqNmlQGB0xHdgzhonnNX7QuQljrq4T9LzL5QnneBY5zwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFBkArIPfjnVzUaZuE5VeBz+7hL7iMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvR1FDc2c5LU9kWE5ScG00VGxWNEhQN3VFdnVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1YvJMA0G
CSqGSIb3DQEBCwUAA4IBAQA4xK2km7RJJW9NXrAcr3mwm88CgK7nH0HUFrLo/GZ9
fUyEl1t3CNl/o4l+nzLecWtOCRyVzJ3sCGccbCxO8D4HUwqOzb95/LCrP0n/zXKS
ewncBUYox62s1rxfN93EukeeATrxvXs8XaBwmaAABESjCeTNRonc4SinJCgo3x5V
gblkByQtZtDxkoJXp6OVFMOLr9VL7Ncike+kZGr05RrL4DmqP5AOCkn3Y8FeKIp6
OYPbtNJ+fyeIhN+ZTjFmqBuw73LqwT20BgoGzcREQvFZNZ9/jFWIJh78JFt6e1wH
BDlH2rERdHBh6AIXw5+xLyeEFGU/UVev2tos4myWXuan
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:17 2024 by rpki-client on console-fra.rpki-client.org