Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/Z45DkIhQu9SaYb3wvftUL2rStec.roa
File: Z45DkIhQu9SaYb3wvftUL2rStec.roa (raw, json)
Hash identifier: 31zt5aIcRPScXgDOJPmvt6mUt9yauEX6XEGPu0Zbb+0=
Subject key identifier: 67:8E:43:90:88:50:BB:D4:9A:61:BD:F0:BD:FB:54:2F:6A:D2:B5:E7
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 018571954C5A3CD132C76796C8E1395A06F4
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/Z45DkIhQu9SaYb3wvftUL2rStec.roa
Signing time: Mon 02 Jan 2023 08:24:47 +0000
ROA not before: Mon 02 Jan 2023 08:24:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211975
IP address blocks: 194.15.152.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:95:4c:5a:3c:d1:32:c7:67:96:c8:e1:39:5a:06:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: Jan 2 08:24:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=678e43908850bbd49a61bdf0bdfb542f6ad2b5e7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:52:ff:64:04:c9:6e:f1:b3:90:7e:19:56:2e:
0c:54:f4:e6:75:03:2c:12:bc:a8:a0:c5:3d:12:a6:
b2:b5:62:47:7d:e4:54:6b:94:ae:3f:d7:c3:a2:b9:
38:fa:c5:2b:db:3e:3e:0d:60:a3:ca:79:75:97:05:
ad:65:b9:e7:89:e1:d7:9d:78:41:01:33:b1:f3:fb:
f0:fe:fe:51:c2:9f:ba:28:84:b0:0e:c0:c4:0a:92:
93:79:98:1c:0c:a1:00:b8:57:9b:93:a1:f5:7e:50:
86:5c:d8:45:4d:7e:78:bc:75:30:48:1f:44:b2:1f:
47:03:32:32:49:11:a4:c3:50:0b:a9:ad:59:f3:b5:
83:95:75:0a:c6:16:84:32:44:18:63:06:fd:07:cb:
bd:33:0a:f0:87:4b:97:50:21:3c:67:13:05:cb:00:
59:84:ee:ba:a0:5f:2f:0e:04:a9:24:be:8d:cd:cd:
e7:a2:88:fb:30:97:f5:b7:a0:ce:a7:dc:7d:06:ff:
14:0e:49:0c:c2:78:92:e0:54:02:4e:ec:c0:1b:45:
b7:83:a4:c2:14:b7:60:db:f0:52:ab:ba:c3:05:66:
6e:b3:d0:81:a3:30:0a:8c:2f:a2:ea:e2:2c:08:e2:
72:86:4c:92:b7:16:66:f3:ff:70:55:cb:d4:7d:d2:
7c:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:8E:43:90:88:50:BB:D4:9A:61:BD:F0:BD:FB:54:2F:6A:D2:B5:E7
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/Z45DkIhQu9SaYb3wvftUL2rStec.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.15.152.0/24
Signature Algorithm: sha256WithRSAEncryption
6f:a1:d4:d5:da:77:2b:ac:f3:c5:c6:1d:93:08:07:3b:c4:4a:
51:bb:13:11:05:1c:30:ff:a3:4e:97:15:4a:a6:91:9d:8c:1f:
5f:a5:76:a0:53:92:5e:1e:93:f2:f5:bc:0a:0c:89:d2:83:2b:
be:d2:16:d3:8f:b6:de:ed:08:ae:57:87:8e:a0:70:75:61:00:
96:f2:86:e5:c0:da:7d:50:6a:f8:17:b9:10:2f:a2:d8:50:d7:
be:38:c5:95:be:3a:97:8d:13:07:0b:ed:08:f1:b7:98:a4:57:
fb:dd:a7:9a:71:10:7e:79:9a:79:e6:4a:cb:37:3e:58:99:b1:
7d:7d:30:5c:de:80:ec:ba:28:64:eb:aa:cd:5d:7c:f9:b8:83:
2c:a3:aa:16:5c:2b:83:bb:58:39:4a:45:25:02:3b:d5:b1:86:
10:ef:92:e4:66:36:5b:3a:7f:dc:c0:ec:2f:a2:8f:cf:1c:70:
3a:39:fb:a9:4b:86:04:5a:ed:35:d5:7a:e1:4f:67:e4:86:cc:
44:2d:4e:67:a2:c5:5b:fd:19:80:fa:13:99:f3:d4:d4:b5:c9:
67:57:90:0f:a0:32:04:3e:52:64:ee:d2:40:7b:44:24:a6:8b:
0f:54:19:67:e1:38:f8:6d:76:32:31:32:0b:fd:8f:88:8a:28:
7c:46:cd:37
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVxlUxaPNEyx2eWyOE5Wgb0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMwMTAyMDgyNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzhlNDM5MDg4NTBiYmQ0OWE2MWJkZjBiZGZiNTQyZjZhZDJiNWU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlFL/ZATJbvGzkH4ZVi4MVPTmdQMs
EryooMU9EqaytWJHfeRUa5SuP9fDork4+sUr2z4+DWCjynl1lwWtZbnnieHXnXhB
ATOx8/vw/v5Rwp+6KISwDsDECpKTeZgcDKEAuFebk6H1flCGXNhFTX54vHUwSB9E
sh9HAzIySRGkw1ALqa1Z87WDlXUKxhaEMkQYYwb9B8u9Mwrwh0uXUCE8ZxMFywBZ
hO66oF8vDgSpJL6Nzc3nooj7MJf1t6DOp9x9Bv8UDkkMwniS4FQCTuzAG0W3g6TC
FLdg2/BSq7rDBWZus9CBozAKjC+i6uIsCOJyhkyStxZm8/9wVcvUfdJ8CQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGeOQ5CIULvUmmG98L37VC9q0rXnMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvWjQ1RGtJaFF1OVNhWWIzd3ZmdFVMMnJTdGVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwg+YMA0G
CSqGSIb3DQEBCwUAA4IBAQBvodTV2ncrrPPFxh2TCAc7xEpRuxMRBRww/6NOlxVK
ppGdjB9fpXagU5JeHpPy9bwKDInSgyu+0hbTj7be7QiuV4eOoHB1YQCW8oblwNp9
UGr4F7kQL6LYUNe+OMWVvjqXjRMHC+0I8beYpFf73aeacRB+eZp55krLNz5YmbF9
fTBc3oDsuihk66rNXXz5uIMso6oWXCuDu1g5SkUlAjvVsYYQ75LkZjZbOn/cwOwv
oo/PHHA6OfupS4YEWu011XrhT2fkhsxELU5nosVb/RmA+hOZ89TUtclnV5APoDIE
PlJk7tJAe0QkposPVBln4Tj4bXYyMTIL/Y+Iiih8Rs03
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:04 2024 by rpki-client on console-fra.rpki-client.org