Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/mfAAEtP0bXbX7CzC146WYzniWiw.roa
File: mfAAEtP0bXbX7CzC146WYzniWiw.roa (raw, json)
Hash identifier: bdl1OezMA1b0/c1TULnLWn1AjTXdSMfbXjGjXWUcS3U=
Subject key identifier: 99:F0:00:12:D3:F4:6D:76:D7:EC:2C:C2:D7:8E:96:63:39:E2:5A:2C
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 0188B0960C6EB924B48919798D984DA25F2C
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/mfAAEtP0bXbX7CzC146WYzniWiw.roa
Signing time: Mon 12 Jun 2023 17:10:03 +0000
ROA not before: Mon 12 Jun 2023 17:10:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 62.182.172.0/24 maxlen: 24
62.182.175.0/24 maxlen: 24
194.15.153.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:b0:96:0c:6e:b9:24:b4:89:19:79:8d:98:4d:a2:5f:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: Jun 12 17:10:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=99f00012d3f46d76d7ec2cc2d78e966339e25a2c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:7f:43:03:0d:df:a2:29:7d:84:8c:78:52:43:
a6:2e:f9:cd:7e:4c:dc:d5:ae:f7:06:c5:c6:6a:58:
8a:73:41:30:c6:6d:b7:56:17:21:e1:b2:9f:56:9c:
3e:b0:cd:fd:33:f8:e7:83:3e:5c:9b:48:8a:b0:0d:
eb:cd:39:c2:ee:bb:20:c3:65:26:66:6c:a2:a4:85:
22:ff:83:74:80:b7:eb:6b:3a:52:b1:39:2f:c7:06:
a5:82:30:18:6c:32:2f:6a:70:78:be:17:ed:8c:44:
59:2c:8f:15:5f:50:20:11:f7:b3:41:6b:8b:59:ba:
35:21:2c:10:fa:3f:57:d9:83:c1:8d:46:66:37:31:
2b:fe:8e:50:1e:ad:e9:38:27:8e:7a:87:cb:c6:21:
3a:8e:bb:dd:4e:68:69:6b:91:29:d5:f1:8a:05:fb:
4f:b5:fa:19:37:f7:fd:39:92:72:e4:c0:2f:41:db:
0c:31:32:c3:83:3c:42:a9:df:03:f4:bb:64:05:dc:
57:5e:f8:6a:6b:dc:31:e5:06:f6:7e:36:5c:e5:c9:
82:e9:f6:38:a5:f5:5c:ce:aa:e3:14:7f:29:49:d9:
69:e9:84:9f:ea:5d:1e:25:b7:06:7b:8a:e0:74:82:
dc:f2:c1:50:41:7c:7c:5a:bd:e4:cd:67:a0:70:0d:
5b:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:F0:00:12:D3:F4:6D:76:D7:EC:2C:C2:D7:8E:96:63:39:E2:5A:2C
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/mfAAEtP0bXbX7CzC146WYzniWiw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.182.172.0/24
62.182.175.0/24
194.15.153.0/24
Signature Algorithm: sha256WithRSAEncryption
43:a7:e6:90:21:15:81:ea:42:fd:53:81:46:01:55:1f:24:cc:
13:33:93:fe:67:ec:ea:f2:cb:fb:9d:0f:b7:3e:fd:c5:9e:e1:
ba:d9:42:b6:2a:70:66:70:c1:45:6c:0f:8d:1d:68:9a:41:f1:
05:93:dc:ec:67:d8:fe:bd:23:81:cb:5c:36:8e:09:04:23:7e:
ee:03:90:42:db:98:6e:f6:00:69:9f:07:64:56:16:8f:7f:7e:
50:e6:79:8a:b8:1a:09:e2:71:3b:b9:cb:5d:39:1c:5e:24:6d:
88:0e:61:b1:9a:35:71:c3:da:57:29:53:98:37:6f:f4:75:8a:
9e:66:96:f1:f2:e5:71:c3:11:c7:8f:6a:3d:ff:b2:d4:5a:19:
de:98:ea:86:e8:ee:08:e7:d3:6e:dc:fa:cc:7d:0e:4e:36:38:
a7:cc:8f:5f:c9:f5:b0:f8:28:dd:eb:49:60:9e:73:72:04:6b:
87:d9:77:43:28:f1:6f:d7:3d:f6:17:ed:fb:a1:03:ca:eb:1c:
d0:75:6d:14:9e:cd:9a:20:b0:49:cf:a4:8b:cf:eb:bd:aa:ad:
a2:e4:98:8c:15:08:b9:6b:63:d1:94:c3:8d:4a:41:17:66:89:
f4:3e:40:72:e4:63:1f:be:e6:57:c7:e1:84:7a:17:44:fb:eb:
2e:9d:9e:57
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYiwlgxuuSS0iRl5jZhNol8sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMwNjEyMTcxMDAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OWYwMDAxMmQzZjQ2ZDc2ZDdlYzJjYzJkNzhlOTY2MzM5ZTI1YTJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkX9DAw3foil9hIx4UkOmLvnNfkzc
1a73BsXGaliKc0Ewxm23Vhch4bKfVpw+sM39M/jngz5cm0iKsA3rzTnC7rsgw2Um
ZmyipIUi/4N0gLfrazpSsTkvxwalgjAYbDIvanB4vhftjERZLI8VX1AgEfezQWuL
Wbo1ISwQ+j9X2YPBjUZmNzEr/o5QHq3pOCeOeofLxiE6jrvdTmhpa5Ep1fGKBftP
tfoZN/f9OZJy5MAvQdsMMTLDgzxCqd8D9LtkBdxXXvhqa9wx5Qb2fjZc5cmC6fY4
pfVczqrjFH8pSdlp6YSf6l0eJbcGe4rgdILc8sFQQXx8Wr3kzWegcA1boQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJnwABLT9G121+wswteOlmM54losMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvbWZBQUV0UDBiWGJYN0N6QzE0NldZem5pV2l3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPrasAwQA
PravAwQAwg+ZMA0GCSqGSIb3DQEBCwUAA4IBAQBDp+aQIRWB6kL9U4FGAVUfJMwT
M5P+Z+zq8sv7nQ+3Pv3FnuG62UK2KnBmcMFFbA+NHWiaQfEFk9zsZ9j+vSOBy1w2
jgkEI37uA5BC25hu9gBpnwdkVhaPf35Q5nmKuBoJ4nE7uctdORxeJG2IDmGxmjVx
w9pXKVOYN2/0dYqeZpbx8uVxwxHHj2o9/7LUWhnemOqG6O4I59Nu3PrMfQ5ONjin
zI9fyfWw+Cjd60lgnnNyBGuH2XdDKPFv1z32F+37oQPK6xzQdW0Uns2aILBJz6SL
z+u9qq2i5JiMFQi5a2PRlMONSkEXZon0PkBy5GMfvuZXx+GEehdE++sunZ5X
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:14:36 2025 by rpki-client