Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/9LA1FIbJuKZGy0TAwQlXCQnS5hA.roa
File: 9LA1FIbJuKZGy0TAwQlXCQnS5hA.roa (raw, json)
Hash identifier: YzKppccYF6q/ruhICyzwM+NBOP4vncJJYHBURG278bw=
Subject key identifier: F4:B0:35:14:86:C9:B8:A6:46:CB:44:C0:C1:09:57:09:09:D2:E6:10
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 0185719542DB84C88E68CF1BA74B3B24F2AB
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/9LA1FIbJuKZGy0TAwQlXCQnS5hA.roa
Signing time: Mon 02 Jan 2023 08:24:45 +0000
ROA not before: Mon 02 Jan 2023 08:24:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3320
IP address blocks: 62.182.168.0/24 maxlen: 24
185.65.68.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:95:42:db:84:c8:8e:68:cf:1b:a7:4b:3b:24:f2:ab
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: Jan 2 08:24:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f4b0351486c9b8a646cb44c0c109570909d2e610
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:4b:31:a7:e1:61:7c:88:1c:55:26:a3:ad:4f:
61:b2:ed:e5:88:69:4e:6c:3d:7f:a6:b7:4f:56:7d:
b8:db:9d:ae:62:1a:74:28:fd:63:61:1a:3d:cf:15:
b5:be:5a:bd:8c:91:d5:f5:c6:eb:13:6c:ed:33:fb:
b2:e7:27:d6:ef:6c:cf:b1:22:76:5b:d1:60:ac:20:
34:89:01:85:45:a2:d7:6e:a3:dd:69:9e:e3:f1:e2:
d3:e1:0a:f0:0c:72:86:de:4d:30:ee:09:3d:3e:33:
41:40:f2:5c:1e:47:e7:13:34:ef:79:07:4f:32:dd:
a0:f8:17:c1:d3:0c:8a:26:e2:06:71:46:f5:31:c8:
b2:1b:25:ef:14:b9:59:82:ac:a9:28:28:b5:67:69:
1b:e1:22:24:d3:40:fd:de:60:62:3f:72:d3:c1:f9:
1d:66:40:4f:df:97:1e:c7:c6:ab:29:c4:bd:68:9d:
65:42:21:03:2f:c3:b7:68:7c:46:6a:9b:73:a3:78:
ca:38:0b:e4:28:2a:4a:86:30:70:70:a4:91:f8:68:
24:14:2e:11:a9:58:9f:fa:84:c4:20:f7:fd:5f:d5:
c6:77:0a:ab:db:0c:14:c9:75:9b:eb:bc:62:15:1d:
40:05:a3:40:93:10:d8:8f:bb:d2:e9:61:18:80:1d:
40:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:B0:35:14:86:C9:B8:A6:46:CB:44:C0:C1:09:57:09:09:D2:E6:10
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/9LA1FIbJuKZGy0TAwQlXCQnS5hA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.182.168.0/24
185.65.68.0/24
Signature Algorithm: sha256WithRSAEncryption
ae:ab:f9:e7:03:f9:79:2b:68:5b:ec:6a:e8:8e:c6:bf:cf:a6:
bc:f2:a4:62:d3:9d:9a:fd:8d:17:f8:47:05:74:fa:8c:54:24:
ae:de:7f:45:d6:40:ab:03:42:c4:43:7f:2b:c3:30:8f:a1:df:
da:39:82:7a:81:14:70:fc:fe:04:e0:2a:db:fc:a1:ca:9d:33:
e0:dc:36:5e:a7:b5:c6:54:36:fd:f4:bd:da:92:c5:0b:9d:fa:
82:41:2f:bd:61:f8:a2:92:75:da:f7:51:14:88:53:9a:8a:08:
94:e4:30:e5:1a:ee:4f:65:90:cc:8b:ed:e7:af:01:c3:d6:d9:
8e:44:79:b0:b0:a5:2a:f1:fb:27:85:94:63:a1:be:f9:50:a2:
82:63:59:73:48:f1:43:ad:10:b0:d1:0c:88:e4:5e:ca:d8:45:
48:7a:74:6a:f6:d2:5e:75:ac:7e:88:43:e3:07:ea:4b:74:8d:
b2:fc:b7:e9:9e:aa:f5:0c:a0:17:b6:43:b9:6c:2d:f8:5a:69:
26:5a:c0:bb:5f:d5:d8:19:dd:8c:7c:4e:16:0b:14:69:6a:b1:
b6:e0:2f:52:81:28:b7:3e:13:57:77:53:dd:70:1d:61:16:b8:
6e:b6:9b:ec:21:09:59:11:3e:e3:6c:77:d4:45:60:33:6e:8b:
97:99:04:63
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVxlULbhMiOaM8bp0s7JPKrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMwMTAyMDgyNDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGIwMzUxNDg2YzliOGE2NDZjYjQ0YzBjMTA5NTcwOTA5ZDJlNjEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArksxp+FhfIgcVSajrU9hsu3liGlO
bD1/prdPVn24252uYhp0KP1jYRo9zxW1vlq9jJHV9cbrE2ztM/uy5yfW72zPsSJ2
W9FgrCA0iQGFRaLXbqPdaZ7j8eLT4QrwDHKG3k0w7gk9PjNBQPJcHkfnEzTveQdP
Mt2g+BfB0wyKJuIGcUb1MciyGyXvFLlZgqypKCi1Z2kb4SIk00D93mBiP3LTwfkd
ZkBP35cex8arKcS9aJ1lQiEDL8O3aHxGaptzo3jKOAvkKCpKhjBwcKSR+GgkFC4R
qVif+oTEIPf9X9XGdwqr2wwUyXWb67xiFR1ABaNAkxDYj7vS6WEYgB1ATQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPSwNRSGybimRstEwMEJVwkJ0uYQMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvOUxBMUZJYkp1S1pHeTBUQXdRbFhDUW5TNWhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPraoAwQA
uUFEMA0GCSqGSIb3DQEBCwUAA4IBAQCuq/nnA/l5K2hb7Grojsa/z6a88qRi052a
/Y0X+EcFdPqMVCSu3n9F1kCrA0LEQ38rwzCPod/aOYJ6gRRw/P4E4Crb/KHKnTPg
3DZep7XGVDb99L3aksULnfqCQS+9YfiiknXa91EUiFOaigiU5DDlGu5PZZDMi+3n
rwHD1tmORHmwsKUq8fsnhZRjob75UKKCY1lzSPFDrRCw0QyI5F7K2EVIenRq9tJe
dax+iEPjB+pLdI2y/Lfpnqr1DKAXtkO5bC34WmkmWsC7X9XYGd2MfE4WCxRparG2
4C9SgSi3PhNXd1PdcB1hFrhutpvsIQlZET7jbHfURWAzbouXmQRj
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:09 2024 by rpki-client on console-ams.rpki-client.org