Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/1sUW-uBhMu7hWdhMyEBrCz43otM.roa
File: 1sUW-uBhMu7hWdhMyEBrCz43otM.roa (raw, json)
Hash identifier: Kz147Dd6cwu4g5aWKnZQTLx1g9IoInXZNms9Ovetuu8=
Subject key identifier: D6:C5:16:FA:E0:61:32:EE:E1:59:D8:4C:C8:40:6B:0B:3E:37:A2:D3
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 018BCCC3F940A31DCC9C0410294805598D7B
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/1sUW-uBhMu7hWdhMyEBrCz43otM.roa
Signing time: Tue 14 Nov 2023 07:37:57 +0000
ROA not before: Tue 14 Nov 2023 07:37:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 62.182.168.0/24 maxlen: 24
62.182.169.0/24 maxlen: 24
62.182.170.0/24 maxlen: 24
62.182.171.0/24 maxlen: 24
194.15.153.0/24 maxlen: 24
194.15.154.0/24 maxlen: 24
194.15.155.0/24 maxlen: 24
83.97.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:cc:c3:f9:40:a3:1d:cc:9c:04:10:29:48:05:59:8d:7b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: Nov 14 07:37:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d6c516fae06132eee159d84cc8406b0b3e37a2d3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:f0:7e:53:d8:c8:a0:7a:89:78:ae:39:ed:35:
51:00:3b:47:a9:96:dc:75:e2:9f:ff:c6:8c:fe:9e:
2c:82:70:3c:24:22:54:6c:fc:80:bb:af:5d:6f:1b:
14:d3:e7:a9:e0:37:30:a7:f9:16:7f:1c:96:61:98:
de:69:93:94:0e:7d:b4:9d:79:ab:85:3e:b2:33:92:
38:86:d3:d9:22:4b:3a:06:28:84:d0:21:66:89:fc:
97:b2:75:32:24:2f:f3:3f:00:76:31:15:34:2c:9f:
80:79:e0:c6:ab:4c:2c:c8:3d:aa:bf:f9:b2:75:61:
66:47:07:86:ab:ca:f6:03:09:52:f2:9e:be:0e:11:
52:cf:7a:3f:96:cd:79:4e:69:28:de:44:d9:bd:f4:
70:5d:c7:4b:0e:c0:b9:da:0f:43:82:23:e5:fd:af:
ed:ea:a1:92:69:09:a1:02:3e:5a:0f:cf:1f:6e:47:
e0:3b:99:ec:e9:d1:40:1d:19:dc:b2:e8:2d:28:e9:
63:16:7b:5d:24:70:5c:4e:c8:4e:05:2c:8d:0d:a0:
32:f1:60:d5:b6:9f:ea:22:4d:64:4b:ab:1e:a2:80:
a3:0b:e8:43:35:a9:a2:4b:44:c6:e6:4e:10:34:6a:
80:2b:90:75:58:86:a6:cb:39:6e:1d:10:48:24:0e:
74:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:C5:16:FA:E0:61:32:EE:E1:59:D8:4C:C8:40:6B:0B:3E:37:A2:D3
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/1sUW-uBhMu7hWdhMyEBrCz43otM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.182.168.0/22
83.97.96.0/22
194.15.153.0-194.15.155.255
Signature Algorithm: sha256WithRSAEncryption
29:fe:d4:39:d1:9d:1d:e9:25:5f:7a:57:df:8f:b6:61:68:50:
bb:dc:72:0f:0f:3a:aa:73:66:c9:a2:b0:25:ba:8a:81:5c:c3:
73:4e:b4:02:d6:9f:15:e5:74:aa:e4:9e:24:74:b8:eb:01:0d:
f0:78:22:a8:43:26:fb:c8:1e:b5:eb:e2:2b:30:b1:19:6e:55:
74:ca:07:30:f4:6f:db:18:a4:90:a9:c2:a3:81:95:34:8a:6b:
eb:ab:94:84:67:8f:33:18:92:f1:6f:91:40:f0:b3:ce:45:cd:
fd:6b:8f:4c:34:e9:a2:00:1a:80:48:e0:99:d2:1b:36:16:00:
05:2f:70:75:e3:eb:45:5e:47:2d:69:dc:05:af:cf:4c:eb:ed:
26:71:c6:5b:df:b1:96:d7:d6:e4:35:36:db:0c:9a:73:b0:e8:
85:19:4b:2d:35:f7:5a:7c:63:eb:b8:69:bc:4d:e4:8d:d8:82:
9d:e4:2c:b5:dd:b8:51:70:8d:4a:4a:77:f1:70:21:57:5d:2e:
50:db:2c:0b:03:22:29:0b:3c:aa:12:d8:50:ed:ec:5d:3e:6a:
84:7d:97:db:f0:78:85:68:aa:87:1f:31:10:f6:ec:3d:ce:d3:
23:91:a0:32:23:00:f3:db:85:4e:12:93:92:9d:ec:9b:b5:e2:
23:d3:0e:d3
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYvMw/lAox3MnAQQKUgFWY17MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMxMTE0MDczNzU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmM1MTZmYWUwNjEzMmVlZTE1OWQ4NGNjODQwNmIwYjNlMzdhMmQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvB+U9jIoHqJeK457TVRADtHqZbc
deKf/8aM/p4sgnA8JCJUbPyAu69dbxsU0+ep4Dcwp/kWfxyWYZjeaZOUDn20nXmr
hT6yM5I4htPZIks6BiiE0CFmifyXsnUyJC/zPwB2MRU0LJ+AeeDGq0wsyD2qv/my
dWFmRweGq8r2AwlS8p6+DhFSz3o/ls15Tmko3kTZvfRwXcdLDsC52g9DgiPl/a/t
6qGSaQmhAj5aD88fbkfgO5ns6dFAHRncsugtKOljFntdJHBcTshOBSyNDaAy8WDV
tp/qIk1kS6seooCjC+hDNamiS0TG5k4QNGqAK5B1WIamyzluHRBIJA50BwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFNbFFvrgYTLu4VnYTMhAaws+N6LTMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvMXNVVy11QmhNdTdoV2RoTXlFQnJDejQzb3RNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQCPraoAwQC
U2FgMAwDBADCD5kDBALCD5gwDQYJKoZIhvcNAQELBQADggEBACn+1DnRnR3pJV96
V9+PtmFoULvccg8POqpzZsmisCW6ioFcw3NOtALWnxXldKrkniR0uOsBDfB4IqhD
JvvIHrXr4iswsRluVXTKBzD0b9sYpJCpwqOBlTSKa+urlIRnjzMYkvFvkUDws85F
zf1rj0w06aIAGoBI4JnSGzYWAAUvcHXj60VeRy1p3AWvz0zr7SZxxlvfsZbX1uQ1
NtsMmnOw6IUZSy0191p8Y+u4abxN5I3Ygp3kLLXduFFwjUpKd/FwIVddLlDbLAsD
IikLPKoS2FDt7F0+aoR9l9vweIVoqocfMRD27D3O0yORoDIjAPPbhU4Sk5Kd7Ju1
4iPTDtM=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:43:59 2025 by rpki-client