Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/sgBjSXrSdZlj539JhTtsHO8rKRo.roa
File: sgBjSXrSdZlj539JhTtsHO8rKRo.roa (raw, json)
Hash identifier: QLkU4JpMSkm4C40DFFOazweWHixH2H3WOLY/VrBVNsc=
Subject key identifier: B2:00:63:49:7A:D2:75:99:63:E7:7F:49:85:3B:6C:1C:EF:2B:29:1A
Certificate issuer: /CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Certificate serial: 018D3B180AB1AE5D0778F751CDA86FEE5C35
Authority key identifier: AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/sgBjSXrSdZlj539JhTtsHO8rKRo.roa
Signing time: Wed 24 Jan 2024 10:50:47 +0000
ROA not before: Wed 24 Jan 2024 10:50:47 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12513
IP address blocks: 194.46.32.0/19 maxlen: 19
194.46.64.0/19 maxlen: 19
194.46.80.0/20 maxlen: 20
212.108.80.0/21 maxlen: 21
212.108.88.0/22 maxlen: 22
2a02:c2c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:3b:18:0a:b1:ae:5d:07:78:f7:51:cd:a8:6f:ee:5c:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Validity
Not Before: Jan 24 10:50:47 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b20063497ad2759963e77f49853b6c1cef2b291a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:1e:42:83:cb:2e:f6:af:4b:20:ec:d7:7e:9d:
47:04:8e:0e:6c:06:c8:6e:bf:b1:70:1b:78:f9:f5:
7d:da:b6:48:69:3f:2f:32:49:6a:ba:1f:be:e8:01:
51:f8:da:76:b3:78:ad:75:80:a2:b9:ec:5b:b6:f8:
c9:b1:0f:df:66:4d:38:cf:e6:74:1d:39:5b:73:ba:
3a:fc:e5:03:96:31:0c:ec:8f:da:a5:83:23:d1:3d:
70:eb:78:a4:c4:8f:fc:cf:7a:45:d9:79:13:69:4f:
ba:83:83:6c:8d:74:00:bd:a1:4d:73:67:2d:0f:65:
b5:10:c6:47:28:66:2b:c8:f8:d9:7c:91:01:c4:8b:
b8:7d:01:34:da:5e:92:f4:b0:0b:bb:3e:91:67:56:
ad:28:8e:35:3f:01:45:14:ee:9d:6a:ca:87:04:52:
a8:01:5b:92:1e:c4:7c:23:f6:20:45:e1:12:71:55:
89:1d:32:5e:d7:6b:e2:27:0c:ad:fb:d9:6a:fb:2b:
7c:57:07:97:d5:a3:01:e1:b7:3b:ff:55:06:8f:11:
98:1d:96:36:71:1c:67:22:1a:8f:80:1b:2d:be:a2:
50:d8:ef:c8:da:a2:e3:88:a3:b8:8f:de:19:b1:a7:
ae:90:c6:c0:02:58:93:24:ef:dd:53:0f:44:d7:13:
ba:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:00:63:49:7A:D2:75:99:63:E7:7F:49:85:3B:6C:1C:EF:2B:29:1A
X509v3 Authority Key Identifier:
keyid:AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/sgBjSXrSdZlj539JhTtsHO8rKRo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.46.32.0-194.46.95.255
212.108.80.0-212.108.91.255
IPv6:
2a02:c2c0::/29
Signature Algorithm: sha256WithRSAEncryption
23:75:00:25:35:5f:ff:52:84:ce:e1:9b:2a:32:e2:a1:e2:f6:
85:1f:8a:b3:3a:be:5d:54:0a:2d:f7:e3:cd:5d:63:90:12:a2:
49:a3:ac:7d:77:dc:4a:17:9f:4c:38:c8:50:76:a0:c7:f5:68:
7b:a5:f9:f7:09:0f:3c:3e:02:fa:1f:07:07:22:04:ea:e2:12:
8a:25:b5:e7:15:04:36:98:ad:09:4f:76:5b:50:22:e3:59:36:
3c:52:e6:8b:a7:be:b0:05:5e:e7:76:bc:8d:58:7a:19:d4:57:
c2:67:7f:d3:66:b0:2f:1b:6b:e7:e8:4a:21:32:65:0f:b8:2c:
13:d0:78:4f:38:57:7f:89:ea:1b:17:8f:02:2b:a2:c1:94:4c:
04:1f:e5:f7:ae:cc:65:3b:48:ed:b7:3a:84:fe:d5:44:5f:10:
2d:26:20:27:0e:c8:6a:68:ef:f3:57:74:b4:f0:b5:bc:da:0e:
75:73:33:e4:34:c8:c2:16:26:19:6f:a2:42:7f:f1:3f:ce:68:
40:72:42:89:6f:20:f5:1f:d5:1e:4c:d4:f3:3f:8a:0d:7c:ff:
9f:8d:65:92:30:91:c2:7c:fd:4e:38:bf:7d:3c:13:86:40:4f:
64:13:d0:7f:a1:75:c3:87:1f:77:94:5e:2f:18:f3:25:b5:75:
12:7a:b8:29
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAY07GAqxrl0HePdRzahv7lw1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDM1MzkzMzY3NGE1NjA4ZjZkMWVlMmRhYjRmNjRjOGJm
ZjhmMzkwHhcNMjQwMTI0MTA1MDQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjAwNjM0OTdhZDI3NTk5NjNlNzdmNDk4NTNiNmMxY2VmMmIyOTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAth5Cg8su9q9LIOzXfp1HBI4ObAbI
br+xcBt4+fV92rZIaT8vMklquh++6AFR+Np2s3itdYCiuexbtvjJsQ/fZk04z+Z0
HTlbc7o6/OUDljEM7I/apYMj0T1w63ikxI/8z3pF2XkTaU+6g4NsjXQAvaFNc2ct
D2W1EMZHKGYryPjZfJEBxIu4fQE02l6S9LALuz6RZ1atKI41PwFFFO6dasqHBFKo
AVuSHsR8I/YgReEScVWJHTJe12viJwyt+9lq+yt8VweX1aMB4bc7/1UGjxGYHZY2
cRxnIhqPgBstvqJQ2O/I2qLjiKO4j94ZsaeukMbAAliTJO/dUw9E1xO6cQIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFLIAY0l60nWZY+d/SYU7bBzvKykaMB8GA1UdIwQY
MBaAFK3TU5M2dKVgj20e4tq09kyL/485MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgt
NzJjODMxMjg3NjFiLzEvc2dCalNYclNkWmxqNTM5SmhUdHNITzhyS1JvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgtNzJjODMxMjg3NjFi
LzEvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEQGCCsGAQUFBwEHAQH/BDUwMzAiBAIAATAcMAwDBAXCLiAD
BAXCLkAwDAMEBNRsUAMEAtRsWDANBAIAAjAHAwUDKgLCwDANBgkqhkiG9w0BAQsF
AAOCAQEAI3UAJTVf/1KEzuGbKjLioeL2hR+Kszq+XVQKLffjzV1jkBKiSaOsfXfc
ShefTDjIUHagx/Voe6X59wkPPD4C+h8HByIE6uISiiW15xUENpitCU92W1Ai41k2
PFLmi6e+sAVe53a8jVh6GdRXwmd/02awLxtr5+hKITJlD7gsE9B4TzhXf4nqGxeP
AiuiwZRMBB/l967MZTtI7bc6hP7VRF8QLSYgJw7Iamjv81d0tPC1vNoOdXMz5DTI
whYmGW+iQn/xP85oQHJCiW8g9R/VHkzU8z+KDXz/n41lkjCRwnz9Tji/fTwThkBP
ZBPQf6F1w4cfd5ReLxjzJbV1Enq4KQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:37 2024 by rpki-client on console-ams.rpki-client.org