Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/272986-88a9-477c-a277-a55b580b0ea3/1/1-OK2-LZD9Pte1QMnQLomnetGuZg.roa
File: 1-OK2-LZD9Pte1QMnQLomnetGuZg.roa (raw, json)
Hash identifier: SXo14wk2GnwnixjQgpzbsqJrl5auxTcuBru3Q63dIhE=
Subject key identifier: F8:E2:B6:F8:B6:43:F4:FB:5E:D5:03:27:40:BA:26:9D:EB:46:B9:98
Certificate issuer: /CN=cdf51a7b4c5b24580292b8c4aa6aa9c325665480
Certificate serial: 018570C2DB97BCACC3A5087C7E9963BC7159
Authority key identifier: CD:F5:1A:7B:4C:5B:24:58:02:92:B8:C4:AA:6A:A9:C3:25:66:54:80
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zfUae0xbJFgCkrjEqmqpwyVmVIA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/56/272986-88a9-477c-a277-a55b580b0ea3/1/1-OK2-LZD9Pte1QMnQLomnetGuZg.roa
Signing time: Mon 02 Jan 2023 04:34:56 +0000
ROA not before: Mon 02 Jan 2023 04:34:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48271
IP address blocks: 212.2.224.0/21 maxlen: 24
212.2.232.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:c2:db:97:bc:ac:c3:a5:08:7c:7e:99:63:bc:71:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdf51a7b4c5b24580292b8c4aa6aa9c325665480
Validity
Not Before: Jan 2 04:34:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f8e2b6f8b643f4fb5ed5032740ba269deb46b998
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:a4:d1:b2:08:b4:5f:ee:bb:fd:6f:b8:5f:03:
86:f0:b1:38:55:fc:4b:59:b5:45:88:39:d3:bc:46:
94:15:c0:31:c3:eb:ae:ab:c0:af:dd:b9:35:c9:e1:
2b:53:bb:44:b6:e9:75:31:86:21:fa:2a:07:f3:aa:
c1:72:59:8b:e8:58:b0:42:7a:a5:d7:79:95:be:c4:
d0:d1:c9:c0:8a:75:cd:ae:3c:17:42:8e:5e:e3:da:
2c:28:6b:fb:d4:bf:9e:35:2b:00:90:c8:88:70:00:
c3:fa:d4:f0:d9:5c:eb:c4:e1:92:e5:13:d4:01:82:
e2:d4:ed:2a:5c:d9:01:27:94:7f:31:87:f0:2c:4f:
08:6b:50:a0:4b:9a:16:b9:c6:d4:46:67:0e:d7:c5:
8a:db:5c:89:51:1a:69:b9:db:b1:34:3e:e1:c3:38:
7a:5b:85:f6:f2:ec:ea:b8:25:ad:4e:c8:14:2d:21:
8c:01:fc:3b:65:97:2c:1b:f9:05:f8:25:95:f8:aa:
9f:9d:c8:78:00:2c:52:25:30:3e:a6:bd:0a:4f:5a:
af:ca:cc:89:d7:44:73:8d:ec:8a:63:51:64:c5:c4:
e0:d3:39:9c:87:b7:a7:41:d4:61:4b:43:d0:36:87:
0e:7b:8b:7c:ae:d8:fa:63:c9:bd:ae:58:e0:2a:7d:
bf:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:E2:B6:F8:B6:43:F4:FB:5E:D5:03:27:40:BA:26:9D:EB:46:B9:98
X509v3 Authority Key Identifier:
keyid:CD:F5:1A:7B:4C:5B:24:58:02:92:B8:C4:AA:6A:A9:C3:25:66:54:80
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zfUae0xbJFgCkrjEqmqpwyVmVIA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/272986-88a9-477c-a277-a55b580b0ea3/1/1-OK2-LZD9Pte1QMnQLomnetGuZg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/56/272986-88a9-477c-a277-a55b580b0ea3/1/zfUae0xbJFgCkrjEqmqpwyVmVIA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.2.224.0-212.2.235.255
Signature Algorithm: sha256WithRSAEncryption
8c:a5:8e:0f:04:22:e4:7f:8e:4b:71:16:db:b8:f7:d6:df:e9:
d5:36:ed:85:75:a5:2c:39:cf:d4:e4:96:77:7e:56:0f:fc:ae:
5c:e3:85:11:35:cf:7d:a3:10:53:c4:86:cd:34:e6:c9:ba:2c:
70:9a:57:ec:44:ff:7a:58:ec:c7:c1:35:13:99:40:e2:c3:b8:
35:59:cf:a3:19:40:84:50:ce:2d:22:4d:e8:24:15:47:c5:68:
6a:6d:37:5c:58:18:fe:c7:c7:28:67:97:51:ef:1a:20:a7:92:
8a:3f:d6:2c:bf:02:bb:71:9e:a9:94:99:ed:8a:41:79:34:30:
84:d3:26:57:7a:5a:35:40:80:16:54:d9:5f:92:80:56:1b:92:
69:ef:2d:dd:b1:34:4c:60:f0:70:c1:b7:10:e7:87:70:86:68:
7f:cd:1c:84:ff:6c:2b:86:74:74:d9:91:a4:cb:8a:de:37:a3:
7b:73:91:93:d2:fe:d7:e5:fe:1b:5e:65:19:5e:ea:06:75:a4:
8d:8b:fa:9d:56:b3:b5:e3:2f:f3:28:b8:0e:b9:bf:c2:a8:fd:
e5:30:e1:04:c8:6d:3a:24:d1:c5:6e:ba:7c:a5:48:57:4f:c0:
95:33:d5:38:10:5d:ab:9f:3d:02:57:51:de:ad:f8:9d:de:db:
ef:ab:e0:df
-----BEGIN CERTIFICATE-----
MIIFBjCCA+6gAwIBAgISAYVwwtuXvKzDpQh8fpljvHFZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkZjUxYTdiNGM1YjI0NTgwMjkyYjhjNGFhNmFhOWMzMjU2
NjU0ODAwHhcNMjMwMTAyMDQzNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOGUyYjZmOGI2NDNmNGZiNWVkNTAzMjc0MGJhMjY5ZGViNDZiOTk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqqTRsgi0X+67/W+4XwOG8LE4VfxL
WbVFiDnTvEaUFcAxw+uuq8Cv3bk1yeErU7tEtul1MYYh+ioH86rBclmL6FiwQnql
13mVvsTQ0cnAinXNrjwXQo5e49osKGv71L+eNSsAkMiIcADD+tTw2VzrxOGS5RPU
AYLi1O0qXNkBJ5R/MYfwLE8Ia1CgS5oWucbURmcO18WK21yJURppuduxND7hwzh6
W4X28uzquCWtTsgULSGMAfw7ZZcsG/kF+CWV+Kqfnch4ACxSJTA+pr0KT1qvysyJ
10RzjeyKY1FkxcTg0zmch7enQdRhS0PQNocOe4t8rtj6Y8m9rljgKn2/AwIDAQAB
o4ICEjCCAg4wHQYDVR0OBBYEFPjitvi2Q/T7XtUDJ0C6Jp3rRrmYMB8GA1UdIwQY
MBaAFM31GntMWyRYApK4xKpqqcMlZlSAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemZVYWUweGJKRmdDa3JqRXFtcXB3eVZtVklBLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni8yNzI5ODYtODhhOS00NzdjLWEyNzct
YTU1YjU4MGIwZWEzLzEvMS1PSzItTFpEOVB0ZTFRTW5RTG9tbmV0R3VaZy5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNTYvMjcyOTg2LTg4YTktNDc3Yy1hMjc3LWE1NWI1ODBiMGVh
My8xL3pmVWFlMHhiSkZnQ2tyakVxbXFwd3lWbVZJQS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjAnBggrBgEFBQcBBwEB/wQYMBYwFAQCAAEwDjAMAwQF1ALg
AwQC1ALoMA0GCSqGSIb3DQEBCwUAA4IBAQCMpY4PBCLkf45LcRbbuPfW3+nVNu2F
daUsOc/U5JZ3flYP/K5c44URNc99oxBTxIbNNObJuixwmlfsRP96WOzHwTUTmUDi
w7g1Wc+jGUCEUM4tIk3oJBVHxWhqbTdcWBj+x8coZ5dR7xogp5KKP9YsvwK7cZ6p
lJntikF5NDCE0yZXelo1QIAWVNlfkoBWG5Jp7y3dsTRMYPBwwbcQ54dwhmh/zRyE
/2wrhnR02ZGky4reN6N7c5GT0v7X5f4bXmUZXuoGdaSNi/qdVrO14y/zKLgOub/C
qP3lMOEEyG06JNHFbrp8pUhXT8CVM9U4EF2rnz0CV1Herfid3tvvq+Df
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:10:26 2024 by rpki-client on console-ams.rpki-client.org