Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/ov9n-JldaMArYR5C6WgJAuC9KB4.roa
File: ov9n-JldaMArYR5C6WgJAuC9KB4.roa (raw, json)
Hash identifier: d6QzqPxg6gY6qJqQEw8IaJ/xNi/E+f4gTVzdiVm/esI=
Subject key identifier: A2:FF:67:F8:99:5D:68:C0:2B:61:1E:42:E9:68:09:02:E0:BD:28:1E
Certificate issuer: /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial: 018964C2564C5FB82F8A01385F946002937A
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/ov9n-JldaMArYR5C6WgJAuC9KB4.roa
Signing time: Mon 17 Jul 2023 16:50:04 +0000
ROA not before: Mon 17 Jul 2023 16:50:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 62240
IP address blocks: 194.59.222.0/24 maxlen: 24
212.107.25.0/24 maxlen: 24
88.218.187.0/24 maxlen: 24
45.87.124.0/24 maxlen: 24
45.87.125.0/24 maxlen: 24
45.87.127.0/24 maxlen: 24
84.252.69.0/24 maxlen: 24
45.128.124.0/24 maxlen: 24
194.60.76.0/24 maxlen: 24
88.218.184.0/24 maxlen: 24
88.218.186.0/24 maxlen: 24
88.218.185.0/24 maxlen: 24
2a0f:3101::/32 maxlen: 32
2a0d:3c46::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:64:c2:56:4c:5f:b8:2f:8a:01:38:5f:94:60:02:93:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Validity
Not Before: Jul 17 16:50:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a2ff67f8995d68c02b611e42e9680902e0bd281e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f2:b6:ec:2d:0d:1c:cd:0d:de:b1:89:9c:67:bd:
22:76:3a:52:fc:e6:56:62:85:13:06:41:9f:d5:97:
dc:87:39:a0:56:8f:55:9f:26:1c:fb:2c:b2:a1:bd:
75:85:78:29:c7:99:35:af:46:1f:d5:a8:27:18:74:
54:b9:15:a3:e8:65:ca:9f:3d:9d:bb:e9:bc:09:9c:
a5:ce:4b:b4:77:cd:6a:03:9c:9c:e0:32:5b:4a:cd:
6c:d0:7c:5a:86:a0:35:a4:63:58:1a:f6:b3:7c:7d:
a5:cc:4e:38:47:5a:d9:61:df:4d:dc:a0:e7:7a:15:
70:29:14:b8:fe:fd:db:a3:f2:f4:5b:dd:01:91:18:
dd:6d:2a:db:57:64:4f:4b:01:ec:0d:1e:0b:21:3c:
ff:d6:11:9b:60:ee:f0:27:5b:53:a9:82:1b:aa:76:
70:16:a6:ed:4f:f2:da:12:00:0f:08:98:2c:0b:99:
3b:c9:86:99:17:56:d6:b0:65:ad:cf:38:8d:3d:9f:
05:9f:25:ba:5d:96:86:8a:51:e4:e7:16:d8:f4:b9:
28:68:d6:9e:92:1a:a8:d9:02:dc:57:97:1a:7d:9a:
96:e7:11:75:17:cb:b3:66:8d:bf:3d:82:e6:38:3e:
25:7d:7a:90:aa:d2:9b:8b:b3:e5:ce:8f:e9:58:9c:
13:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:FF:67:F8:99:5D:68:C0:2B:61:1E:42:E9:68:09:02:E0:BD:28:1E
X509v3 Authority Key Identifier:
keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/ov9n-JldaMArYR5C6WgJAuC9KB4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.87.124.0/23
45.87.127.0/24
45.128.124.0/24
84.252.69.0/24
88.218.184.0/22
194.59.222.0/24
194.60.76.0/24
212.107.25.0/24
IPv6:
2a0d:3c46::/32
2a0f:3101::/32
Signature Algorithm: sha256WithRSAEncryption
3a:77:ff:fa:34:f4:3e:fe:15:64:b3:40:53:de:1c:8e:6c:de:
12:c8:f1:d7:3e:dd:03:1a:c4:59:d4:65:80:e7:13:0b:59:8f:
48:d9:56:90:67:d9:31:76:34:16:a4:1d:fa:67:9c:34:87:cb:
5b:03:5c:db:f6:a4:96:43:ad:d2:9e:46:9d:06:82:ad:12:7c:
3d:09:c6:80:93:2c:72:56:31:8a:6e:e5:ee:e9:52:ac:e6:ac:
06:02:83:cd:ec:f4:97:19:3e:ff:62:4e:68:cd:7a:a4:6d:d9:
ba:1c:55:09:7e:e4:d1:58:2f:7e:54:9a:91:0a:bb:bd:65:ab:
04:c4:77:51:c4:d9:72:4a:2b:c6:1b:ff:fb:fb:14:f2:cd:4f:
80:0e:79:7a:85:56:4a:d9:8f:13:76:54:86:68:8e:de:ed:e6:
cd:ac:fc:85:38:98:92:d0:21:9e:29:d3:e8:9a:08:d7:e9:e2:
08:ea:b8:70:c3:d6:4d:de:04:b1:b2:d5:8e:2e:dc:92:44:01:
85:72:5b:f4:8d:d4:6b:c7:c4:b1:d7:6a:a2:62:49:57:76:d3:
2d:6c:bc:31:6b:26:52:75:3b:4e:a2:cf:4e:85:c1:4b:c2:8b:
8a:df:d3:b7:bb:be:2e:63:ee:c1:98:12:43:09:81:2c:86:cf:
ff:66:ca:f8
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYlkwlZMX7gvigE4X5RgApN6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjMwNzE3MTY1MDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMmZmNjdmODk5NWQ2OGMwMmI2MTFlNDJlOTY4MDkwMmUwYmQyODFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8rbsLQ0czQ3esYmcZ70idjpS/OZW
YoUTBkGf1ZfchzmgVo9VnyYc+yyyob11hXgpx5k1r0Yf1agnGHRUuRWj6GXKnz2d
u+m8CZylzku0d81qA5yc4DJbSs1s0HxahqA1pGNYGvazfH2lzE44R1rZYd9N3KDn
ehVwKRS4/v3bo/L0W90BkRjdbSrbV2RPSwHsDR4LITz/1hGbYO7wJ1tTqYIbqnZw
FqbtT/LaEgAPCJgsC5k7yYaZF1bWsGWtzziNPZ8FnyW6XZaGilHk5xbY9LkoaNae
khqo2QLcV5cafZqW5xF1F8uzZo2/PYLmOD4lfXqQqtKbi7Plzo/pWJwT1QIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFKL/Z/iZXWjAK2EeQuloCQLgvSgeMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvb3Y5bi1KbGRhTUFyWVI1QzZXZ0pBdUM5S0I0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA2BAIAATAwAwQBLVd8AwQA
LVd/AwQALYB8AwQAVPxFAwQCWNq4AwQAwjveAwQAwjxMAwQA1GsZMBQEAgACMA4D
BQAqDTxGAwUAKg8xATANBgkqhkiG9w0BAQsFAAOCAQEAOnf/+jT0Pv4VZLNAU94c
jmzeEsjx1z7dAxrEWdRlgOcTC1mPSNlWkGfZMXY0FqQd+mecNIfLWwNc2/aklkOt
0p5GnQaCrRJ8PQnGgJMsclYxim7l7ulSrOasBgKDzez0lxk+/2JOaM16pG3ZuhxV
CX7k0VgvflSakQq7vWWrBMR3UcTZckorxhv/+/sU8s1PgA55eoVWStmPE3ZUhmiO
3u3mzaz8hTiYktAhninT6JoI1+niCOq4cMPWTd4EsbLVji7ckkQBhXJb9I3Ua8fE
sddqomJJV3bTLWy8MWsmUnU7TqLPToXBS8KLit/Tt7u+LmPuwZgSQwmBLIbP/2bK
+A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:17 2024 by rpki-client on console-fra.rpki-client.org