Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/IcFc894OZLsWZ7-WIeLWFRVUjhU.roa
File: IcFc894OZLsWZ7-WIeLWFRVUjhU.roa (raw, json)
Hash identifier: MTPlsYzF9PVb8jemEp2eQBi81D5zwBb9TRSi7B7f+XQ=
Subject key identifier: 21:C1:5C:F3:DE:0E:64:BB:16:67:BF:96:21:E2:D6:15:15:54:8E:15
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 018769E621BBAD7BD61D6030881DF2D216CD
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/IcFc894OZLsWZ7-WIeLWFRVUjhU.roa
Signing time: Mon 10 Apr 2023 06:41:42 +0000
ROA not before: Mon 10 Apr 2023 06:41:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49981
IP address blocks: 194.15.152.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:69:e6:21:bb:ad:7b:d6:1d:60:30:88:1d:f2:d2:16:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: Apr 10 06:41:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=21c15cf3de0e64bb1667bf9621e2d61515548e15
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:71:8f:3b:e0:e4:0a:26:6a:b5:df:ab:57:a2:
bd:02:26:25:fd:6e:15:d1:7d:1b:e8:ad:ba:05:00:
58:86:23:91:39:3e:ef:64:9b:a9:e7:2e:42:48:6e:
f8:1c:8e:87:14:e2:71:40:88:d4:3f:b5:05:61:fa:
ed:39:ad:74:eb:b1:13:37:e0:1b:6d:d6:8e:2f:ff:
5d:6f:56:a7:3a:32:a0:3b:21:31:99:4f:ec:e6:ca:
91:6b:f4:d1:7c:3f:4f:62:f7:b1:96:05:96:b3:3e:
00:98:99:8b:9f:05:43:ca:f2:25:3c:34:eb:87:42:
4e:2d:40:33:71:41:fe:e1:8a:43:a0:69:81:bb:21:
df:0f:16:92:9b:42:37:e3:d4:81:aa:94:9d:41:d7:
f4:59:04:b3:97:55:94:fb:7f:91:60:5d:90:d3:3a:
d0:9a:d8:2e:14:b7:e3:d9:07:10:e4:ba:ca:c9:bb:
f5:36:6a:94:92:a3:de:6c:54:78:01:93:55:2f:b7:
f5:7d:cd:7d:b1:a0:08:c5:84:6f:39:c4:7c:a8:0b:
2c:b0:60:17:e7:79:20:b8:f2:ea:b7:8f:5d:fb:df:
60:8b:12:7d:a5:af:e7:e6:7d:75:39:08:0d:a7:f4:
dd:77:c8:51:db:24:c2:bc:66:77:a5:90:1b:08:aa:
17:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:C1:5C:F3:DE:0E:64:BB:16:67:BF:96:21:E2:D6:15:15:54:8E:15
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/IcFc894OZLsWZ7-WIeLWFRVUjhU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.15.152.0/24
Signature Algorithm: sha256WithRSAEncryption
83:08:49:4e:cb:a5:da:06:dc:a2:67:a9:34:16:5b:8a:ac:94:
22:75:ad:28:91:68:4c:83:7a:72:1f:03:ac:52:3f:76:32:a3:
1a:2b:59:54:fb:ea:68:a8:b7:6e:20:40:69:e9:d0:c8:6a:a8:
60:89:29:bf:c9:a7:78:09:d4:51:1f:7e:4c:22:62:eb:d6:61:
bf:c5:d7:d8:93:76:aa:5c:9c:f7:b9:40:eb:41:c0:b3:16:4e:
08:d0:93:e7:a8:e5:36:6c:6f:48:56:f5:25:dc:4c:e4:87:2d:
66:46:fa:4b:8b:4e:e1:04:7e:79:25:e8:46:f9:8f:1a:29:d9:
b5:d2:9e:09:f8:ab:e6:44:19:0c:4b:db:fa:66:c2:9e:0e:83:
68:1f:e2:8f:90:c9:f9:7e:94:b0:e1:7e:f7:8c:c8:f5:b0:3d:
86:75:b7:40:c8:72:0b:8e:8a:72:b0:78:c7:53:8e:e7:b4:90:
eb:a6:f9:82:05:96:36:2e:ef:88:92:3a:50:69:28:46:bc:8f:
73:e5:83:eb:fa:bd:1d:97:da:df:6b:d7:05:bf:42:9c:0b:69:
d9:76:30:4b:95:5d:3f:8c:99:8a:87:5c:48:da:6c:2f:00:33:
73:36:f9:9b:9e:de:ef:ba:1c:6f:26:36:64:b4:c9:b4:11:05:
95:e1:7e:2b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYdp5iG7rXvWHWAwiB3y0hbNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMwNDEwMDY0MTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWMxNWNmM2RlMGU2NGJiMTY2N2JmOTYyMWUyZDYxNTE1NTQ4ZTE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA23GPO+DkCiZqtd+rV6K9AiYl/W4V
0X0b6K26BQBYhiOROT7vZJup5y5CSG74HI6HFOJxQIjUP7UFYfrtOa1067ETN+Ab
bdaOL/9db1anOjKgOyExmU/s5sqRa/TRfD9PYvexlgWWsz4AmJmLnwVDyvIlPDTr
h0JOLUAzcUH+4YpDoGmBuyHfDxaSm0I349SBqpSdQdf0WQSzl1WU+3+RYF2Q0zrQ
mtguFLfj2QcQ5LrKybv1NmqUkqPebFR4AZNVL7f1fc19saAIxYRvOcR8qAsssGAX
53kguPLqt49d+99gixJ9pa/n5n11OQgNp/Tdd8hR2yTCvGZ3pZAbCKoXTQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFCHBXPPeDmS7Fme/liHi1hUVVI4VMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvSWNGYzg5NE9aTHNXWjctV0llTFdGUlZVamhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg+YMA0G
CSqGSIb3DQEBCwUAA4IBAQCDCElOy6XaBtyiZ6k0FluKrJQida0okWhMg3pyHwOs
Uj92MqMaK1lU++poqLduIEBp6dDIaqhgiSm/yad4CdRRH35MImLr1mG/xdfYk3aq
XJz3uUDrQcCzFk4I0JPnqOU2bG9IVvUl3Ezkhy1mRvpLi07hBH55JehG+Y8aKdm1
0p4J+KvmRBkMS9v6ZsKeDoNoH+KPkMn5fpSw4X73jMj1sD2GdbdAyHILjopysHjH
U47ntJDrpvmCBZY2Lu+IkjpQaShGvI9z5YPr+r0dl9rfa9cFv0KcC2nZdjBLlV0/
jJmKh1xI2mwvADNzNvmbnt7vuhxvJjZktMm0EQWV4X4r
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:04 2024 by rpki-client on console-fra.rpki-client.org