Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/xPXtx7NhJt7pg6Gd8md99kPH0yg.roa
File: xPXtx7NhJt7pg6Gd8md99kPH0yg.roa (raw, json)
Hash identifier: oZLe0ISxPxfynl7YZIaNtDfuDyJA2RTHSwU1m8lKZ/I=
Subject key identifier: C4:F5:ED:C7:B3:61:26:DE:E9:83:A1:9D:F2:67:7D:F6:43:C7:D3:28
Certificate issuer: /CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Certificate serial: 018C684C1AA3D11F19D960E36245C4DEAB6B
Authority key identifier: AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/xPXtx7NhJt7pg6Gd8md99kPH0yg.roa
Signing time: Thu 14 Dec 2023 12:27:47 +0000
ROA not before: Thu 14 Dec 2023 12:27:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 12513
IP address blocks: 194.46.32.0/19 maxlen: 19
194.46.64.0/19 maxlen: 19
194.46.80.0/20 maxlen: 20
212.104.128.0/19 maxlen: 19
212.108.80.0/21 maxlen: 21
212.108.88.0/22 maxlen: 22
2a02:c2c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:68:4c:1a:a3:d1:1f:19:d9:60:e3:62:45:c4:de:ab:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Validity
Not Before: Dec 14 12:27:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c4f5edc7b36126dee983a19df2677df643c7d328
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:22:61:26:5c:dd:16:ba:25:51:28:26:83:a3:
b4:58:10:55:15:1e:7c:2a:de:82:26:43:2e:66:ce:
c9:a5:76:89:e4:d9:ec:9a:e2:eb:b3:05:83:f2:06:
cb:03:55:9f:2c:b2:2f:4c:ee:93:ba:e9:65:95:ac:
3e:b2:a8:f7:96:b3:d9:10:c5:6c:c6:14:17:df:39:
68:6d:72:32:45:b0:75:f5:37:5e:68:2e:39:30:d6:
e5:b8:3f:dc:d7:9f:9e:bb:58:66:3b:ce:5c:26:af:
94:10:8b:41:81:5e:fb:98:b0:23:fe:01:9d:98:f5:
33:b1:4d:df:33:c8:84:a9:d6:17:65:c2:ad:81:fb:
1f:9d:86:6c:30:ee:45:49:b6:14:80:17:a0:10:02:
bb:15:fa:88:22:ee:94:a6:66:a4:92:8d:98:dc:75:
c1:91:7a:15:d0:89:2a:9b:57:21:58:86:81:e1:9a:
49:41:30:b9:19:c7:4f:cf:b1:ef:4e:47:8d:0d:fc:
a6:f5:c7:46:a9:a5:f5:25:fc:c5:85:5d:dc:0a:0d:
36:5c:49:eb:ad:6f:8b:80:78:c0:54:3c:27:6e:97:
0b:43:a3:e4:f0:fc:b0:f7:ff:86:f0:71:1e:46:5f:
ef:85:9b:d5:4e:18:d0:bd:7c:29:ee:98:43:8d:17:
65:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:F5:ED:C7:B3:61:26:DE:E9:83:A1:9D:F2:67:7D:F6:43:C7:D3:28
X509v3 Authority Key Identifier:
keyid:AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/xPXtx7NhJt7pg6Gd8md99kPH0yg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.46.32.0-194.46.95.255
212.104.128.0/19
212.108.80.0-212.108.91.255
IPv6:
2a02:c2c0::/29
Signature Algorithm: sha256WithRSAEncryption
21:4c:46:ca:ec:22:e2:d9:db:e4:b7:e7:8a:0d:e5:f4:4c:ec:
1e:e1:b2:f8:58:3a:42:6b:ef:47:e3:bf:ea:95:7a:0f:91:64:
0e:aa:e5:2e:4a:5b:3a:0d:be:42:49:19:7f:85:ed:cd:7e:91:
d8:d6:67:48:b4:75:7d:40:c8:9f:c9:f2:f1:07:f3:56:25:f4:
dc:77:bd:1c:32:af:ab:5b:dc:cd:09:ef:60:69:52:c9:bd:0b:
04:43:88:44:38:91:40:f8:92:64:e2:f7:6f:05:b9:03:ae:6a:
c8:f7:d0:d9:e9:52:d1:88:74:58:26:12:2b:ef:f2:35:3d:e3:
aa:44:be:7d:37:3a:54:1b:fb:90:f7:a6:38:08:10:a2:fb:62:
6e:24:34:f2:5e:3d:a1:30:93:44:8c:e5:04:d5:2e:0e:63:83:
dc:ef:17:fb:9c:ec:d5:50:aa:93:cf:6d:73:9b:57:b3:5e:68:
fa:44:28:48:17:a6:5d:d3:41:e8:dc:02:62:ff:a6:f3:c7:f7:
78:e3:cf:e7:13:c5:c4:37:36:18:2b:78:50:23:f4:da:3b:a6:
23:13:b3:55:42:e1:c5:4b:04:e1:c4:9e:e7:dd:f8:e6:08:6f:
87:7c:62:78:2e:dd:3c:51:b3:84:c0:1d:87:a4:71:68:34:57:
b7:20:1d:04
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgISAYxoTBqj0R8Z2WDjYkXE3qtrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDM1MzkzMzY3NGE1NjA4ZjZkMWVlMmRhYjRmNjRjOGJm
ZjhmMzkwHhcNMjMxMjE0MTIyNzQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGY1ZWRjN2IzNjEyNmRlZTk4M2ExOWRmMjY3N2RmNjQzYzdkMzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkSJhJlzdFrolUSgmg6O0WBBVFR58
Kt6CJkMuZs7JpXaJ5NnsmuLrswWD8gbLA1WfLLIvTO6Tuulllaw+sqj3lrPZEMVs
xhQX3zlobXIyRbB19TdeaC45MNbluD/c15+eu1hmO85cJq+UEItBgV77mLAj/gGd
mPUzsU3fM8iEqdYXZcKtgfsfnYZsMO5FSbYUgBegEAK7FfqIIu6Upmakko2Y3HXB
kXoV0Ikqm1chWIaB4ZpJQTC5GcdPz7HvTkeNDfym9cdGqaX1JfzFhV3cCg02XEnr
rW+LgHjAVDwnbpcLQ6Pk8Pyw9/+G8HEeRl/vhZvVThjQvXwp7phDjRdlFQIDAQAB
o4ICNDCCAjAwHQYDVR0OBBYEFMT17cezYSbe6YOhnfJnffZDx9MoMB8GA1UdIwQY
MBaAFK3TU5M2dKVgj20e4tq09kyL/485MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgt
NzJjODMxMjg3NjFiLzEveFBYdHg3TmhKdDdwZzZHZDhtZDk5a1BIMHlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgtNzJjODMxMjg3NjFi
LzEvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEoGCCsGAQUFBwEHAQH/BDswOTAoBAIAATAiMAwDBAXCLiAD
BAXCLkADBAXUaIAwDAMEBNRsUAMEAtRsWDANBAIAAjAHAwUDKgLCwDANBgkqhkiG
9w0BAQsFAAOCAQEAIUxGyuwi4tnb5Lfnig3l9EzsHuGy+Fg6QmvvR+O/6pV6D5Fk
DqrlLkpbOg2+QkkZf4XtzX6R2NZnSLR1fUDIn8ny8QfzViX03He9HDKvq1vczQnv
YGlSyb0LBEOIRDiRQPiSZOL3bwW5A65qyPfQ2elS0Yh0WCYSK+/yNT3jqkS+fTc6
VBv7kPemOAgQovtibiQ08l49oTCTRIzlBNUuDmOD3O8X+5zs1VCqk89tc5tXs15o
+kQoSBemXdNB6NwCYv+m88f3eOPP5xPFxDc2GCt4UCP02jumIxOzVULhxUsE4cSe
59345ghvh3xieC7dPFGzhMAdh6RxaDRXtyAdBA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:14 2024 by rpki-client on console-fra.rpki-client.org