Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/DrahfUU8mDRfTML2sL8NKjpr_yQ.roa
File: DrahfUU8mDRfTML2sL8NKjpr_yQ.roa (raw, json)
Hash identifier: CtlSUsvMaCdZDC1AzCIvPMWM+2xASBeUVbIDxEBIiEo=
Subject key identifier: 0E:B6:A1:7D:45:3C:98:34:5F:4C:C2:F6:B0:BF:0D:2A:3A:6B:FF:24
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 018BAD9C36A4750986DD788E0E6B08D66C50
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/DrahfUU8mDRfTML2sL8NKjpr_yQ.roa
Signing time: Wed 08 Nov 2023 06:26:17 +0000
ROA not before: Wed 08 Nov 2023 06:26:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 62.182.169.0/24 maxlen: 24
62.182.170.0/24 maxlen: 24
62.182.171.0/24 maxlen: 24
194.15.153.0/24 maxlen: 24
194.15.154.0/24 maxlen: 24
194.15.155.0/24 maxlen: 24
83.97.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:ad:9c:36:a4:75:09:86:dd:78:8e:0e:6b:08:d6:6c:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: Nov 8 06:26:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0eb6a17d453c98345f4cc2f6b0bf0d2a3a6bff24
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:19:fe:1c:13:7e:05:4f:bb:c4:26:f5:fc:c1:
95:b3:aa:cf:fb:50:52:b7:d2:bf:53:aa:ff:05:26:
c2:ef:57:c7:f6:67:e2:96:15:dc:a7:2b:dc:5b:96:
3c:e6:26:a9:5b:59:91:7d:bd:b0:90:50:93:37:44:
ae:c2:bb:db:72:83:49:b8:30:01:96:61:a5:f8:f5:
1d:29:ce:42:cf:d0:6d:e7:e1:90:72:34:dc:0c:94:
96:f8:ff:3d:df:53:0e:ac:07:1f:e6:e2:b5:52:8d:
83:17:87:23:94:80:df:79:f8:48:a2:5e:eb:84:77:
2a:ec:aa:59:80:d7:10:f6:5a:6f:fb:8c:e4:e4:bc:
55:59:3b:9d:9f:92:f0:73:77:80:41:e9:3d:6e:da:
1b:79:5d:c4:fa:ac:17:2c:58:88:89:bd:51:6a:c2:
0d:f5:12:c2:0c:e7:3f:90:c0:be:49:05:2c:0e:db:
27:b7:19:de:96:65:f2:8b:09:b1:c7:2a:76:ba:be:
8e:d5:6e:b5:bf:1f:c1:33:9b:56:45:0e:fd:a7:da:
70:d4:d0:4f:66:b3:ad:1d:7e:2c:f0:69:1f:68:74:
0e:5a:87:be:09:72:59:b3:30:e2:bd:e4:c0:29:e2:
f6:d2:4c:70:ce:87:6e:1c:a1:2f:1a:b7:62:7e:9c:
92:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0E:B6:A1:7D:45:3C:98:34:5F:4C:C2:F6:B0:BF:0D:2A:3A:6B:FF:24
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/DrahfUU8mDRfTML2sL8NKjpr_yQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.182.169.0-62.182.171.255
83.97.96.0/22
194.15.153.0-194.15.155.255
Signature Algorithm: sha256WithRSAEncryption
1c:e5:72:fd:87:58:d6:fa:a3:64:6a:99:a3:10:d2:90:f3:f2:
56:c7:2d:85:81:61:15:52:c3:a8:8a:70:40:90:e3:9c:d9:e1:
0a:bb:b5:5a:53:30:19:d5:6f:ba:1c:45:13:bc:18:b0:8c:35:
a3:e3:14:37:c8:d4:09:50:10:aa:2e:78:8a:11:31:db:5f:09:
03:9a:0f:d4:45:5f:fe:ee:38:98:c5:13:a6:80:1c:c4:a2:24:
64:39:af:32:92:c2:6d:14:7a:a7:57:fb:48:b3:7a:b5:71:34:
59:2b:84:75:8d:5c:65:f7:20:9c:cd:0b:f8:c1:8c:a0:71:1f:
6b:c1:77:ab:71:72:71:6f:0a:ea:91:ca:e3:84:a7:f0:ef:d1:
4f:8d:d2:b5:df:59:0e:07:7d:50:22:e9:9a:a0:73:07:7e:af:
63:8f:9f:5f:e3:3e:90:92:85:c6:33:6e:37:7c:ee:38:06:21:
5c:0b:1f:cf:8d:5f:6e:a8:ca:8a:ef:47:8d:e4:cb:bc:a8:d4:
eb:97:f2:ba:9b:e3:f1:96:df:ef:cc:1e:85:11:af:ea:8d:e1:
0d:bf:29:bb:77:29:75:09:12:38:72:bb:f0:e4:3f:19:06:52:
76:f4:1c:60:c4:1b:cb:98:47:f7:11:f7:b8:1d:1f:ba:97:d0:
8d:58:e3:3d
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYutnDakdQmG3XiODmsI1mxQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMxMTA4MDYyNjE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZWI2YTE3ZDQ1M2M5ODM0NWY0Y2MyZjZiMGJmMGQyYTNhNmJmZjI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAixn+HBN+BU+7xCb1/MGVs6rP+1BS
t9K/U6r/BSbC71fH9mfilhXcpyvcW5Y85iapW1mRfb2wkFCTN0SuwrvbcoNJuDAB
lmGl+PUdKc5Cz9Bt5+GQcjTcDJSW+P8931MOrAcf5uK1Uo2DF4cjlIDfefhIol7r
hHcq7KpZgNcQ9lpv+4zk5LxVWTudn5Lwc3eAQek9btobeV3E+qwXLFiIib1RasIN
9RLCDOc/kMC+SQUsDtsntxnelmXyiwmxxyp2ur6O1W61vx/BM5tWRQ79p9pw1NBP
ZrOtHX4s8GkfaHQOWoe+CXJZszDiveTAKeL20kxwzoduHKEvGrdifpyS4wIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFA62oX1FPJg0X0zC9rC/DSo6a/8kMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvRHJhaGZVVThtRFJmVE1MMnNMOE5LanByX3lRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjAoBAIAATAiMAwDBAA+tqkD
BAI+tqgDBAJTYWAwDAMEAMIPmQMEAsIPmDANBgkqhkiG9w0BAQsFAAOCAQEAHOVy
/YdY1vqjZGqZoxDSkPPyVscthYFhFVLDqIpwQJDjnNnhCru1WlMwGdVvuhxFE7wY
sIw1o+MUN8jUCVAQqi54ihEx218JA5oP1EVf/u44mMUTpoAcxKIkZDmvMpLCbRR6
p1f7SLN6tXE0WSuEdY1cZfcgnM0L+MGMoHEfa8F3q3FycW8K6pHK44Sn8O/RT43S
td9ZDgd9UCLpmqBzB36vY4+fX+M+kJKFxjNuN3zuOAYhXAsfz41fbqjKiu9HjeTL
vKjU65fyupvj8Zbf78wehRGv6o3hDb8pu3cpdQkSOHK78OQ/GQZSdvQcYMQby5hH
9xH3uB0fupfQjVjjPQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:04 2024 by rpki-client on console-fra.rpki-client.org