Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/DmY0J2CBM0_K_TORW8FvxZDnni0.roa
File: DmY0J2CBM0_K_TORW8FvxZDnni0.roa (raw, json)
Hash identifier: 6152uwzK/66X9DW16JU2noCfwQkTxsrJ7T8c30+5Nro=
Subject key identifier: 0E:66:34:27:60:81:33:4F:CA:FD:33:91:5B:C1:6F:C5:90:E7:9E:2D
Certificate issuer: /CN=1062bc36512658a0f7d3f96bc1d8e67d9fd4918b
Certificate serial: 019122064FE6E002F7734062F5B3DA9DA452
Authority key identifier: 10:62:BC:36:51:26:58:A0:F7:D3:F9:6B:C1:D8:E6:7D:9F:D4:91:8B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EGK8NlEmWKD30_lrwdjmfZ_UkYs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/DmY0J2CBM0_K_TORW8FvxZDnni0.roa
Signing time: Mon 05 Aug 2024 10:12:04 +0000
ROA not before: Mon 05 Aug 2024 10:12:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 396982
IP address blocks: 193.24.252.0/22 maxlen: 24
195.245.86.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:22:06:4f:e6:e0:02:f7:73:40:62:f5:b3:da:9d:a4:52
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1062bc36512658a0f7d3f96bc1d8e67d9fd4918b
Validity
Not Before: Aug 5 10:12:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=0e6634276081334fcafd33915bc16fc590e79e2d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:74:49:2f:87:97:19:1f:da:c4:3f:67:cf:b1:
1d:87:28:aa:8a:f6:99:01:bf:24:1b:e5:2c:87:76:
c3:a3:a1:7f:0e:bb:c7:3b:ab:f8:a2:2c:f3:27:60:
35:d0:74:a1:a8:f8:9a:d3:bf:32:4a:c0:7a:cb:89:
80:d3:9d:82:f4:7b:76:fa:95:26:b6:87:c8:2a:5e:
a2:5c:63:75:a4:89:3b:cc:87:84:47:e0:9b:a2:08:
18:db:61:bc:48:10:69:3d:7f:9b:b2:c5:59:29:0d:
b5:6a:cb:06:2b:31:57:e6:f3:b6:22:4b:30:31:43:
ab:16:d0:d1:83:f8:50:32:85:6b:32:bc:23:73:35:
2c:46:f3:d2:f6:f2:2a:a4:41:d3:3d:28:e3:25:c6:
0f:2f:91:c9:73:65:dc:2f:1d:73:92:d8:83:67:5e:
08:df:32:28:df:de:a3:34:27:e6:25:bc:9e:4a:cc:
ac:59:cd:8e:f0:99:a7:b2:70:24:0a:dd:b6:f1:f6:
d8:b7:a0:16:b6:a1:d9:0e:7d:0a:ea:48:7f:d3:1b:
ff:47:df:da:3a:7d:5b:3c:73:48:20:62:ca:72:33:
92:bd:a0:d4:95:c6:b6:70:cd:19:c3:9d:f4:49:31:
52:cc:8a:0a:44:fc:dd:d3:42:6b:db:c2:ba:d5:95:
e2:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:66:34:27:60:81:33:4F:CA:FD:33:91:5B:C1:6F:C5:90:E7:9E:2D
X509v3 Authority Key Identifier:
keyid:10:62:BC:36:51:26:58:A0:F7:D3:F9:6B:C1:D8:E6:7D:9F:D4:91:8B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EGK8NlEmWKD30_lrwdjmfZ_UkYs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/DmY0J2CBM0_K_TORW8FvxZDnni0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/54/669ebf-ee7f-4eb7-8486-95ad92ac8698/1/EGK8NlEmWKD30_lrwdjmfZ_UkYs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.24.252.0/22
195.245.86.0/23
Signature Algorithm: sha256WithRSAEncryption
1a:1d:4d:5d:18:4a:c1:fd:d2:27:fc:84:b3:fb:e2:8a:3a:e4:
dd:89:23:22:0e:9a:95:59:ac:73:f2:fc:45:80:3b:31:52:a0:
49:ee:f6:e9:9b:7d:94:df:00:95:dc:38:89:fc:7d:72:3d:5b:
f1:70:f3:fa:92:8e:08:8f:35:b2:c0:fd:52:e1:ba:99:dd:7e:
5c:34:64:d5:03:18:f4:43:7d:f4:da:83:61:b3:f0:5b:d9:8e:
23:ab:15:54:8b:9c:cb:da:7c:17:48:6a:77:34:5f:b1:4e:ee:
3a:11:2b:31:7d:43:da:70:3d:2a:41:4e:49:bb:80:22:ef:68:
ee:b4:b4:f5:cb:d8:e1:8d:9e:b3:fc:b2:e2:da:23:dc:a8:50:
31:ca:a9:e3:26:d9:e5:b0:b3:0c:b0:13:e4:32:5a:3b:f7:a0:
07:fe:7a:d1:f1:85:08:78:1f:17:f7:7b:43:21:75:c4:2d:20:
3e:04:e2:1d:6a:80:2f:d2:2e:c2:69:f0:94:28:38:66:aa:d5:
72:95:9d:82:f4:32:fa:3d:24:68:b2:b1:52:93:60:6a:4b:77:
fa:19:66:fb:a4:b6:e1:46:5c:a6:16:e1:a9:45:ba:bd:b6:82:
d9:5d:74:4c:cd:68:e5:d9:f9:4f:a5:9f:0d:4f:ef:6e:b0:bb:
e7:a7:9a:c5
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAZEiBk/m4AL3c0Bi9bPanaRSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEwNjJiYzM2NTEyNjU4YTBmN2QzZjk2YmMxZDhlNjdkOWZk
NDkxOGIwHhcNMjQwODA1MTAxMjA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZTY2MzQyNzYwODEzMzRmY2FmZDMzOTE1YmMxNmZjNTkwZTc5ZTJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1HRJL4eXGR/axD9nz7EdhyiqivaZ
Ab8kG+Ush3bDo6F/DrvHO6v4oizzJ2A10HShqPia078ySsB6y4mA052C9Ht2+pUm
tofIKl6iXGN1pIk7zIeER+CboggY22G8SBBpPX+bssVZKQ21assGKzFX5vO2Iksw
MUOrFtDRg/hQMoVrMrwjczUsRvPS9vIqpEHTPSjjJcYPL5HJc2XcLx1zktiDZ14I
3zIo396jNCfmJbyeSsysWc2O8JmnsnAkCt228fbYt6AWtqHZDn0K6kh/0xv/R9/a
On1bPHNIIGLKcjOSvaDUlca2cM0Zw530STFSzIoKRPzd00Jr28K61ZXieQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFA5mNCdggTNPyv0zkVvBb8WQ554tMB8GA1UdIwQY
MBaAFBBivDZRJlig99P5a8HY5n2f1JGLMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRUdLOE5sRW1XS0QzMF9scndkam1mWl9Va1lzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NC82NjllYmYtZWU3Zi00ZWI3LTg0ODYt
OTVhZDkyYWM4Njk4LzEvRG1ZMEoyQ0JNMF9LX1RPUlc4RnZ4WkRubmkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NC82NjllYmYtZWU3Zi00ZWI3LTg0ODYtOTVhZDkyYWM4Njk4
LzEvRUdLOE5sRW1XS0QzMF9scndkam1mWl9Va1lzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCwRj8AwQB
w/VWMA0GCSqGSIb3DQEBCwUAA4IBAQAaHU1dGErB/dIn/ISz++KKOuTdiSMiDpqV
Waxz8vxFgDsxUqBJ7vbpm32U3wCV3DiJ/H1yPVvxcPP6ko4IjzWywP1S4bqZ3X5c
NGTVAxj0Q3302oNhs/Bb2Y4jqxVUi5zL2nwXSGp3NF+xTu46ESsxfUPacD0qQU5J
u4Ai72jutLT1y9jhjZ6z/LLi2iPcqFAxyqnjJtnlsLMMsBPkMlo796AH/nrR8YUI
eB8X93tDIXXELSA+BOIdaoAv0i7CafCUKDhmqtVylZ2C9DL6PSRosrFSk2BqS3f6
GWb7pLbhRlymFuGpRbq9toLZXXRMzWjl2flPpZ8NT+9usLvnp5rF
-----END CERTIFICATE-----
Generated at Mon Aug 19 10:52:58 2024 by rpki-client on console-fra.rpki-client.org