Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/JoUofh3fpbupwnA3gEef_yZJKCo.roa
File: JoUofh3fpbupwnA3gEef_yZJKCo.roa (raw, json)
Hash identifier: 7Ld2vFfRUzIZOXLm3VH2nTzx83Wduhj2FIgLsVr39gM=
Subject key identifier: 26:85:28:7E:1D:DF:A5:BB:A9:C2:70:37:80:47:9F:FF:26:49:28:2A
Certificate issuer: /CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Certificate serial: 01856F42C6CEE4C682478BB3214D9BE7B26A
Authority key identifier: 8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/JoUofh3fpbupwnA3gEef_yZJKCo.roa
Signing time: Sun 01 Jan 2023 21:35:25 +0000
ROA not before: Sun 01 Jan 2023 21:35:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7922
IP address blocks: 193.41.32.0/24 maxlen: 24
193.39.250.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:42:c6:ce:e4:c6:82:47:8b:b3:21:4d:9b:e7:b2:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8e1c11658d2041eaf2502fe5408ed493bbd4f318
Validity
Not Before: Jan 1 21:35:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2685287e1ddfa5bba9c2703780479fff2649282a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:84:60:30:40:73:ad:72:dc:1c:6a:9a:96:11:
2b:a0:ea:23:b7:ee:26:6a:36:ec:2f:af:61:02:91:
4c:e8:1b:53:f9:9d:64:70:fd:92:51:1a:25:e1:4e:
5c:07:1b:6b:e0:98:3e:ed:58:07:85:da:de:db:07:
7d:03:f9:89:0e:bd:64:cd:c3:06:8a:b1:2f:16:0a:
dc:33:0f:83:a1:b1:c6:97:e8:13:62:a1:a0:b1:38:
4e:60:a6:06:ca:fe:48:f0:3b:9c:f1:da:8e:c0:73:
9b:b8:a8:80:de:95:31:13:05:ce:cb:7d:83:40:b2:
35:7b:90:b7:d5:73:8e:9b:8b:f4:0f:e1:02:64:32:
e1:fc:89:6d:1b:54:5d:8f:6a:7c:92:a8:96:b6:57:
71:42:a5:1e:68:dd:a7:c7:4d:48:aa:1f:60:81:e7:
0f:26:bc:10:bb:c9:8d:49:cd:88:8e:c2:01:53:cf:
5f:45:67:02:56:4c:a9:81:41:cf:95:bc:42:12:5f:
19:ed:c2:cb:7e:d0:cb:86:ef:93:86:ab:21:46:5f:
8a:a5:20:af:d0:07:4c:45:fa:22:9f:95:e4:2e:1d:
3f:b4:d0:ff:5c:b8:c5:0e:2a:37:46:03:60:38:14:
02:27:b8:8e:77:e4:c7:18:27:7d:45:ac:65:ee:da:
a6:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:85:28:7E:1D:DF:A5:BB:A9:C2:70:37:80:47:9F:FF:26:49:28:2A
X509v3 Authority Key Identifier:
keyid:8E:1C:11:65:8D:20:41:EA:F2:50:2F:E5:40:8E:D4:93:BB:D4:F3:18
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jhwRZY0gQeryUC_lQI7Uk7vU8xg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/JoUofh3fpbupwnA3gEef_yZJKCo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/70bf8b-d8c4-40c3-9022-63348cdbf024/1/jhwRZY0gQeryUC_lQI7Uk7vU8xg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.39.250.0/24
193.41.32.0/24
Signature Algorithm: sha256WithRSAEncryption
1b:7b:a5:6d:d5:da:d6:46:f6:e9:c9:17:c1:59:03:cd:98:95:
70:81:1e:41:d0:33:74:23:dd:64:41:ef:1c:25:91:9e:69:72:
a0:d8:af:ed:35:b1:2b:b7:11:41:a5:80:ba:63:91:35:b7:e6:
23:cc:94:d3:00:d7:a8:2a:53:ff:9c:8c:3f:f6:6d:15:42:38:
77:71:10:ca:7d:33:dd:87:72:43:0f:ac:8e:0f:08:89:da:00:
1b:56:f4:d5:8e:cf:e8:a6:82:7e:42:8b:8a:55:28:76:63:a2:
5b:6b:8d:30:1e:66:d3:b1:66:e1:eb:11:4f:54:6c:c3:c8:d2:
03:9b:d9:8d:5a:ed:3c:24:e0:68:36:c4:ff:0e:63:68:87:12:
c2:97:04:c0:30:4c:ba:a6:4b:48:30:79:16:b7:e7:6e:d7:07:
96:c8:0e:dc:84:e1:33:10:5f:be:4f:56:81:69:2d:75:64:94:
8c:ff:db:bb:11:a5:60:b9:78:71:7c:d9:23:44:25:13:72:35:
15:f3:43:b0:b5:f7:ca:82:b1:0a:1c:f0:85:48:21:74:22:ac:
44:54:ba:d5:f2:5f:57:c0:88:bf:91:9a:3a:75:83:57:3d:76:
d0:e5:80:e2:79:4b:be:82:0e:f4:24:0d:8a:73:46:38:59:d3:
90:d1:99:bd
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVvQsbO5MaCR4uzIU2b57JqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlMWMxMTY1OGQyMDQxZWFmMjUwMmZlNTQwOGVkNDkzYmJk
NGYzMTgwHhcNMjMwMTAxMjEzNTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjg1Mjg3ZTFkZGZhNWJiYTljMjcwMzc4MDQ3OWZmZjI2NDkyODJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoRgMEBzrXLcHGqalhEroOojt+4m
ajbsL69hApFM6BtT+Z1kcP2SURol4U5cBxtr4Jg+7VgHhdre2wd9A/mJDr1kzcMG
irEvFgrcMw+DobHGl+gTYqGgsThOYKYGyv5I8Duc8dqOwHObuKiA3pUxEwXOy32D
QLI1e5C31XOOm4v0D+ECZDLh/IltG1Rdj2p8kqiWtldxQqUeaN2nx01Iqh9ggecP
JrwQu8mNSc2IjsIBU89fRWcCVkypgUHPlbxCEl8Z7cLLftDLhu+ThqshRl+KpSCv
0AdMRfoin5XkLh0/tND/XLjFDio3RgNgOBQCJ7iOd+THGCd9Raxl7tqmCQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCaFKH4d36W7qcJwN4BHn/8mSSgqMB8GA1UdIwQY
MBaAFI4cEWWNIEHq8lAv5UCO1JO71PMYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjIt
NjMzNDhjZGJmMDI0LzEvSm9Vb2ZoM2ZwYnVwd25BM2dFZWZfeVpKS0NvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi83MGJmOGItZDhjNC00MGMzLTkwMjItNjMzNDhjZGJmMDI0
LzEvamh3UlpZMGdRZXJ5VUNfbFFJN1VrN3ZVOHhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwSf6AwQA
wSkgMA0GCSqGSIb3DQEBCwUAA4IBAQAbe6Vt1drWRvbpyRfBWQPNmJVwgR5B0DN0
I91kQe8cJZGeaXKg2K/tNbErtxFBpYC6Y5E1t+YjzJTTANeoKlP/nIw/9m0VQjh3
cRDKfTPdh3JDD6yODwiJ2gAbVvTVjs/opoJ+QouKVSh2Y6Jba40wHmbTsWbh6xFP
VGzDyNIDm9mNWu08JOBoNsT/DmNohxLClwTAMEy6pktIMHkWt+du1weWyA7chOEz
EF++T1aBaS11ZJSM/9u7EaVguXhxfNkjRCUTcjUV80OwtffKgrEKHPCFSCF0IqxE
VLrV8l9XwIi/kZo6dYNXPXbQ5YDieUu+gg70JA2Kc0Y4WdOQ0Zm9
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:02 2023 by rpki-client on console-fra.rpki-client.org