Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/umIqYyCaDyvpfaaO0Yby1kxjvBc.roa
File: umIqYyCaDyvpfaaO0Yby1kxjvBc.roa (raw, json)
Hash identifier: H0xyZz6Nu6eg4gTHFimfY+b/zJF6cH99oWkCllEGiYg=
Subject key identifier: BA:62:2A:63:20:9A:0F:2B:E9:7D:A6:8E:D1:86:F2:D6:4C:63:BC:17
Certificate issuer: /CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Certificate serial: 0188D242AB0FAF5CBB7CBF980E637497B72B
Authority key identifier: 3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/umIqYyCaDyvpfaaO0Yby1kxjvBc.roa
Signing time: Mon 19 Jun 2023 06:06:04 +0000
ROA not before: Mon 19 Jun 2023 06:06:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 62.182.170.0/24 maxlen: 24
194.15.155.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:d2:42:ab:0f:af:5c:bb:7c:bf:98:0e:63:74:97:b7:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3c4ed942e5c742e77bfb9beb954f872534f52848
Validity
Not Before: Jun 19 06:06:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ba622a63209a0f2be97da68ed186f2d64c63bc17
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:76:31:06:c3:d3:02:a0:f4:76:49:30:59:19:
6b:e0:44:11:34:2b:1c:ec:f3:32:6f:49:2b:ca:4c:
28:fe:d0:c6:85:f5:b3:49:cb:15:40:01:04:a1:66:
eb:a0:43:d5:6e:3d:dd:a7:78:c6:02:75:1c:9c:47:
6c:74:23:64:d2:c8:87:d5:86:5b:38:66:af:8f:17:
e1:32:05:b0:9b:d5:3d:96:b3:07:58:af:1e:2f:c4:
a5:cb:5b:c0:eb:7b:7f:ad:d4:9f:00:85:73:62:fc:
99:0a:e8:2e:f1:cb:22:ad:f0:42:70:f7:04:32:1f:
e6:ed:42:ec:ac:6b:ce:cb:29:22:25:e3:f0:87:60:
ce:51:d5:fb:23:f1:e0:dc:ee:66:7f:bf:55:66:54:
4e:92:5c:93:6e:8a:87:4a:27:ae:9e:92:8d:b0:67:
90:34:b9:58:aa:45:e2:66:57:62:7e:d7:17:4e:b3:
8b:e4:20:f9:a5:35:18:e1:e4:7f:bd:2c:0a:90:d9:
80:94:00:34:3e:dc:1a:58:5a:7b:cb:a5:73:d3:1c:
e4:c1:27:ac:58:1f:21:4b:a2:09:2f:52:6f:b6:35:
db:b7:e6:4d:2a:e0:cc:60:d2:85:8e:0f:2f:92:14:
eb:a6:be:05:0a:bb:89:58:ff:ee:33:6b:da:6b:89:
e6:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:62:2A:63:20:9A:0F:2B:E9:7D:A6:8E:D1:86:F2:D6:4C:63:BC:17
X509v3 Authority Key Identifier:
keyid:3C:4E:D9:42:E5:C7:42:E7:7B:FB:9B:EB:95:4F:87:25:34:F5:28:48
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PE7ZQuXHQud7-5vrlU-HJTT1KEg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/umIqYyCaDyvpfaaO0Yby1kxjvBc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/66/1bb45a-551c-4967-95ca-77344bcc9191/1/PE7ZQuXHQud7-5vrlU-HJTT1KEg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.182.170.0/24
194.15.155.0/24
Signature Algorithm: sha256WithRSAEncryption
5f:fd:fa:d7:85:0b:62:b6:98:d6:2b:a7:25:fa:aa:5c:bc:cb:
ab:3e:cb:f2:b3:56:bf:12:40:b3:48:45:8d:7c:b2:94:76:5a:
6a:3a:9c:b4:7c:49:82:4a:18:8d:f6:d9:68:f7:57:0c:2e:41:
98:91:36:8a:51:0d:14:0f:73:25:a8:45:49:e4:c0:49:fc:b4:
90:49:c5:5a:0d:86:00:db:9e:3c:1d:00:28:a2:f0:12:e8:4b:
50:dc:c3:96:d1:c4:b4:48:0e:09:58:03:d6:76:be:99:21:cf:
c8:2d:7d:be:dd:21:47:41:4a:de:be:38:21:58:8c:60:19:1b:
cf:0a:a1:84:bb:1c:5c:b5:d9:82:6e:94:65:30:ba:05:05:d9:
e0:85:77:2a:2c:fa:ba:76:e2:a3:7e:2e:7d:f2:1d:55:d0:81:
f9:88:9d:e9:39:d5:2e:82:87:4c:03:df:60:aa:e1:e1:74:ea:
02:07:1f:de:63:5a:6d:9b:35:a5:ee:da:ac:a9:3c:cf:8a:b6:
ae:3b:b9:a0:19:5c:5e:20:3e:da:f4:5f:b2:15:f3:8f:ab:05:
cd:85:8b:91:02:5b:f2:d3:8b:39:5b:36:0b:a6:f1:72:52:3f:
fb:a5:5c:70:27:ef:27:7e:a2:09:e2:98:fb:36:1b:3f:d5:99:
12:8a:cf:7e
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYjSQqsPr1y7fL+YDmN0l7crMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNjNGVkOTQyZTVjNzQyZTc3YmZiOWJlYjk1NGY4NzI1MzRm
NTI4NDgwHhcNMjMwNjE5MDYwNjA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYTYyMmE2MzIwOWEwZjJiZTk3ZGE2OGVkMTg2ZjJkNjRjNjNiYzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj3YxBsPTAqD0dkkwWRlr4EQRNCsc
7PMyb0krykwo/tDGhfWzScsVQAEEoWbroEPVbj3dp3jGAnUcnEdsdCNk0siH1YZb
OGavjxfhMgWwm9U9lrMHWK8eL8Sly1vA63t/rdSfAIVzYvyZCugu8csirfBCcPcE
Mh/m7ULsrGvOyykiJePwh2DOUdX7I/Hg3O5mf79VZlROklyTboqHSieunpKNsGeQ
NLlYqkXiZldiftcXTrOL5CD5pTUY4eR/vSwKkNmAlAA0PtwaWFp7y6Vz0xzkwSes
WB8hS6IJL1JvtjXbt+ZNKuDMYNKFjg8vkhTrpr4FCruJWP/uM2vaa4nmvwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLpiKmMgmg8r6X2mjtGG8tZMY7wXMB8GA1UdIwQY
MBaAFDxO2ULlx0Lne/ub65VPhyU09ShIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2Et
NzczNDRiY2M5MTkxLzEvdW1JcVl5Q2FEeXZwZmFhTzBZYnkxa3hqdkJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ni8xYmI0NWEtNTUxYy00OTY3LTk1Y2EtNzczNDRiY2M5MTkx
LzEvUEU3WlF1WEhRdWQ3LTV2cmxVLUhKVFQxS0VnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAPraqAwQA
wg+bMA0GCSqGSIb3DQEBCwUAA4IBAQBf/frXhQtitpjWK6cl+qpcvMurPsvys1a/
EkCzSEWNfLKUdlpqOpy0fEmCShiN9tlo91cMLkGYkTaKUQ0UD3MlqEVJ5MBJ/LSQ
ScVaDYYA2548HQAoovAS6EtQ3MOW0cS0SA4JWAPWdr6ZIc/ILX2+3SFHQUrevjgh
WIxgGRvPCqGEuxxctdmCbpRlMLoFBdnghXcqLPq6duKjfi598h1V0IH5iJ3pOdUu
godMA99gquHhdOoCBx/eY1ptmzWl7tqsqTzPirauO7mgGVxeID7a9F+yFfOPqwXN
hYuRAlvy04s5WzYLpvFyUj/7pVxwJ+8nfqIJ4pj7Nhs/1ZkSis9+
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:15:09 2024 by rpki-client on console-ams.rpki-client.org