Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/mG_0r7X3h_dNejtOjc8KEWbYcrQ.roa
File: mG_0r7X3h_dNejtOjc8KEWbYcrQ.roa (raw, json)
Hash identifier: GLOjug3kMy+5t9rWTvDQZbNr+7HY7egBMtekJs4UwCU=
Subject key identifier: 98:6F:F4:AF:B5:F7:87:F7:4D:7A:3B:4E:8D:CF:0A:11:66:D8:72:B4
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 018CA0BA610544F1402A020EBAE6A9411EE4
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/mG_0r7X3h_dNejtOjc8KEWbYcrQ.roa
Signing time: Mon 25 Dec 2023 11:26:58 +0000
ROA not before: Mon 25 Dec 2023 11:26:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 62.182.170.0/24 maxlen: 24
62.182.171.0/24 maxlen: 24
62.182.168.0/24 maxlen: 24
62.182.169.0/24 maxlen: 24
62.182.174.0/24 maxlen: 24
62.182.173.0/24 maxlen: 24
83.97.96.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:a0:ba:61:05:44:f1:40:2a:02:0e:ba:e6:a9:41:1e:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: Dec 25 11:26:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=986ff4afb5f787f74d7a3b4e8dcf0a1166d872b4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:a8:89:6f:1a:5d:b2:9e:c3:11:7c:66:19:9a:
b1:3b:9d:b1:1b:e3:bd:fd:16:b6:7f:dd:9d:f5:0f:
73:07:b2:39:09:78:e7:22:ea:23:3d:a4:6c:8e:66:
b2:d1:72:12:39:0e:1d:24:cd:47:ff:66:4a:c6:c8:
4f:16:55:33:62:c5:62:01:69:1f:dd:51:f7:79:66:
83:1c:8f:df:d2:ea:e4:af:49:87:44:1c:db:71:85:
5d:a0:6c:88:7b:af:67:7c:0a:94:c2:c7:10:42:fd:
4a:2b:75:fa:bf:c7:01:96:e7:a6:da:74:8d:f4:cf:
7f:2e:76:6e:7d:34:63:06:8f:88:e0:9a:cd:46:69:
76:37:41:6d:b4:03:ab:84:fc:14:2f:05:b0:5f:59:
bf:15:09:72:71:fc:15:7e:ec:bd:4e:de:e6:ef:a2:
62:61:78:88:21:3a:8f:b7:51:84:56:cd:46:c8:63:
c4:d1:22:05:3a:30:d2:ed:dc:37:f8:a5:da:44:91:
9b:fe:2f:bc:fe:a1:1f:67:be:9a:5b:9e:4e:82:51:
86:5a:30:48:60:3c:01:61:d4:bb:25:60:43:9e:85:
19:07:a8:c5:40:a9:78:08:40:b0:5c:29:8c:e2:3e:
30:d8:b9:c5:bd:cf:29:7d:d9:11:5d:6d:67:0a:bb:
89:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:6F:F4:AF:B5:F7:87:F7:4D:7A:3B:4E:8D:CF:0A:11:66:D8:72:B4
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/mG_0r7X3h_dNejtOjc8KEWbYcrQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.182.168.0/22
62.182.173.0-62.182.174.255
83.97.96.0/22
Signature Algorithm: sha256WithRSAEncryption
46:df:97:39:5c:bc:b9:43:88:4e:4c:d1:7d:20:4f:96:2e:d2:
4d:0e:f0:da:bf:5a:c2:a7:e8:d6:b0:aa:d3:ca:55:d1:17:be:
c3:50:b5:44:ba:b1:93:61:8d:42:a4:46:7c:df:57:1c:85:0b:
07:31:bb:fa:3f:9a:51:a6:a9:0e:63:dc:96:fb:e3:3f:41:e9:
5b:cf:60:86:86:52:c9:ee:6f:d9:df:ae:a8:e4:1c:12:12:79:
e4:0a:22:9b:e5:cc:a6:2b:e6:7d:dd:42:dd:69:dd:26:10:77:
c4:9f:5d:91:9b:8a:f0:b5:cd:44:0a:31:d6:ad:02:f1:0f:c2:
20:be:d2:ff:cc:6b:f2:9b:ca:b5:52:55:7b:44:ed:f7:59:d8:
e6:35:20:ba:d6:4d:f4:d4:91:9a:96:6d:be:9e:88:0a:dc:8a:
26:dc:cb:c3:2a:79:0d:c2:d9:da:9c:ea:1a:57:9c:67:c2:68:
d1:6f:44:3d:4c:94:42:e9:69:bd:c5:22:d8:d9:03:28:f6:ef:
11:fa:e3:d2:65:ac:04:c1:d7:a7:0e:6d:d7:99:b1:72:92:8b:
c3:fb:3d:0b:ca:97:74:61:29:70:f7:fc:79:d1:8f:50:26:c9:
c6:b5:3a:29:1a:a8:0b:e7:75:fa:dc:4a:f4:ea:c5:be:bd:28:
4a:9c:90:81
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYygumEFRPFAKgIOuuapQR7kMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMxMjI1MTEyNjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ODZmZjRhZmI1Zjc4N2Y3NGQ3YTNiNGU4ZGNmMGExMTY2ZDg3MmI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj6iJbxpdsp7DEXxmGZqxO52xG+O9
/Ra2f92d9Q9zB7I5CXjnIuojPaRsjmay0XISOQ4dJM1H/2ZKxshPFlUzYsViAWkf
3VH3eWaDHI/f0urkr0mHRBzbcYVdoGyIe69nfAqUwscQQv1KK3X6v8cBluem2nSN
9M9/LnZufTRjBo+I4JrNRml2N0FttAOrhPwULwWwX1m/FQlycfwVfuy9Tt7m76Ji
YXiIITqPt1GEVs1GyGPE0SIFOjDS7dw3+KXaRJGb/i+8/qEfZ76aW55OglGGWjBI
YDwBYdS7JWBDnoUZB6jFQKl4CECwXCmM4j4w2LnFvc8pfdkRXW1nCruJjwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFJhv9K+194f3TXo7To3PChFm2HK0MB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvbUdfMHI3WDNoX2ROZWp0T2pjOEtFV2JZY3JRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQCPraoMAwD
BAA+tq0DBAA+tq4DBAJTYWAwDQYJKoZIhvcNAQELBQADggEBAEbflzlcvLlDiE5M
0X0gT5Yu0k0O8Nq/WsKn6NawqtPKVdEXvsNQtUS6sZNhjUKkRnzfVxyFCwcxu/o/
mlGmqQ5j3Jb74z9B6VvPYIaGUsnub9nfrqjkHBISeeQKIpvlzKYr5n3dQt1p3SYQ
d8SfXZGbivC1zUQKMdatAvEPwiC+0v/Ma/KbyrVSVXtE7fdZ2OY1ILrWTfTUkZqW
bb6eiArciibcy8MqeQ3C2dqc6hpXnGfCaNFvRD1MlELpab3FItjZAyj27xH649Jl
rATB16cObdeZsXKSi8P7PQvKl3RhKXD3/HnRj1Amyca1OikaqAvndfrcSvTqxb69
KEqckIE=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:37:53 2025 by rpki-client