Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/OtoqfGXfNVZL4zMriQurKElzoUo.roa
File: OtoqfGXfNVZL4zMriQurKElzoUo.roa (raw, json)
Hash identifier: iOy62Hh2iMSjufxPzC+ajK2140+Pe1vinwdcPXyBsvQ=
Subject key identifier: 3A:DA:2A:7C:65:DF:35:56:4B:E3:33:2B:89:0B:AB:28:49:73:A1:4A
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 018571954C0C58AD5F775047A66A47EBBA20
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/OtoqfGXfNVZL4zMriQurKElzoUo.roa
Signing time: Mon 02 Jan 2023 08:24:47 +0000
ROA not before: Mon 02 Jan 2023 08:24:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211936
IP address blocks: 62.182.168.0/24 maxlen: 24
185.65.68.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:95:4c:0c:58:ad:5f:77:50:47:a6:6a:47:eb:ba:20
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: Jan 2 08:24:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3ada2a7c65df35564be3332b890bab284973a14a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:20:2e:87:d6:d0:cd:19:a6:1e:ec:09:0d:c5:
f1:28:c3:7d:ca:ee:ac:f2:5f:78:14:67:eb:f1:37:
10:26:44:5e:fe:82:1c:91:87:48:85:08:6f:ab:1a:
4d:44:a1:70:b8:77:6d:ea:63:1d:f4:32:e2:f7:da:
fe:d3:5f:48:46:9e:fe:3e:8c:4d:b7:e4:d0:7c:e3:
b3:e7:e4:cf:57:0d:9c:95:b0:5e:fe:8a:93:bb:c0:
6b:60:f2:4d:ac:57:f0:62:7d:c5:46:dd:f7:3a:bb:
9e:c4:70:e9:09:e3:14:96:b2:00:01:23:e2:a5:1a:
4c:97:b5:ce:4d:d2:21:48:ee:99:3a:c4:eb:17:64:
5e:12:01:f5:02:f3:35:ec:03:63:79:c4:de:c8:a3:
60:b7:86:ff:2f:41:87:b0:71:bd:0c:a3:08:89:27:
a9:61:3b:08:1c:01:eb:e2:be:3d:90:d8:2d:8a:5e:
7b:85:39:0b:a9:e9:97:1f:a2:00:a2:9d:b5:9f:ea:
d5:80:5b:96:0e:4a:ab:89:e0:16:3b:1b:c5:a2:47:
db:c4:61:5d:4e:ec:a3:74:4a:f7:7f:80:52:1e:4f:
13:0a:3d:c9:0d:58:5b:ff:8f:2a:b8:16:5c:4e:ff:
d1:12:2b:0a:ec:cc:bd:3e:f5:2d:c0:61:c8:9b:19:
b0:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:DA:2A:7C:65:DF:35:56:4B:E3:33:2B:89:0B:AB:28:49:73:A1:4A
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/OtoqfGXfNVZL4zMriQurKElzoUo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.182.168.0/24
185.65.68.0/24
Signature Algorithm: sha256WithRSAEncryption
26:75:83:a8:fc:de:85:69:11:9a:6c:43:60:b1:26:94:6b:a5:
69:9a:84:f3:bb:33:a9:61:e2:c4:9c:73:df:9b:54:dc:eb:4b:
60:7b:f0:7a:61:48:bc:a7:16:3c:30:7f:46:9e:7c:3f:f4:54:
52:a4:b5:9c:b4:5d:3a:f0:0d:0c:a1:d0:4e:ff:9a:25:43:ae:
50:e5:c1:fe:80:83:6b:01:65:72:37:c2:9a:61:27:b6:e2:b6:
35:b6:5a:8f:f6:fc:aa:ef:f5:d5:ce:d7:d5:cf:9c:c7:51:44:
8f:07:dc:67:b2:92:50:ac:3f:ff:53:47:40:ba:d1:9c:ba:25:
ed:d6:47:21:78:40:2c:c9:2c:1b:4f:88:ea:2a:88:c5:79:c5:
cd:65:ae:b1:51:70:f7:59:10:68:26:06:d2:0c:84:cf:13:01:
bd:ab:1d:48:02:4f:f9:d7:37:9b:e3:81:8b:0b:f9:4b:36:ed:
4e:62:ab:c6:de:89:bf:52:3e:c8:aa:54:7b:fd:c2:9c:e9:1a:
d7:d2:2b:09:c1:9d:05:a6:d9:2e:04:d2:99:88:df:51:6e:ad:
31:9b:6f:43:31:d2:d2:3e:4d:ed:7b:ac:dd:9c:4c:fc:b6:27:
e2:73:ab:75:56:0e:d2:e8:1d:38:76:57:02:fe:d9:72:af:57:
49:70:3c:6f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVxlUwMWK1fd1BHpmpH67ogMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMwMTAyMDgyNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYWRhMmE3YzY1ZGYzNTU2NGJlMzMzMmI4OTBiYWIyODQ5NzNhMTRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSAuh9bQzRmmHuwJDcXxKMN9yu6s
8l94FGfr8TcQJkRe/oIckYdIhQhvqxpNRKFwuHdt6mMd9DLi99r+019IRp7+PoxN
t+TQfOOz5+TPVw2clbBe/oqTu8BrYPJNrFfwYn3FRt33OruexHDpCeMUlrIAASPi
pRpMl7XOTdIhSO6ZOsTrF2ReEgH1AvM17ANjecTeyKNgt4b/L0GHsHG9DKMIiSep
YTsIHAHr4r49kNgtil57hTkLqemXH6IAop21n+rVgFuWDkqrieAWOxvFokfbxGFd
TuyjdEr3f4BSHk8TCj3JDVhb/48quBZcTv/REisK7My9PvUtwGHImxmwpwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFDraKnxl3zVWS+MzK4kLqyhJc6FKMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvT3RvcWZHWGZOVlpMNHpNcmlRdXJLRWx6b1VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPraoAwQA
uUFEMA0GCSqGSIb3DQEBCwUAA4IBAQAmdYOo/N6FaRGabENgsSaUa6VpmoTzuzOp
YeLEnHPfm1Tc60tge/B6YUi8pxY8MH9Gnnw/9FRSpLWctF068A0ModBO/5olQ65Q
5cH+gINrAWVyN8KaYSe24rY1tlqP9vyq7/XVztfVz5zHUUSPB9xnspJQrD//U0dA
utGcuiXt1kcheEAsySwbT4jqKojFecXNZa6xUXD3WRBoJgbSDITPEwG9qx1IAk/5
1zeb44GLC/lLNu1OYqvG3om/Uj7IqlR7/cKc6RrX0isJwZ0FptkuBNKZiN9Rbq0x
m29DMdLSPk3te6zdnEz8tific6t1Vg7S6B04dlcC/tlyr1dJcDxv
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:38:39 2025 by rpki-client