Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/3KWZhFuH5i1vqUooM7quJzqtYk0.roa
File: 3KWZhFuH5i1vqUooM7quJzqtYk0.roa (raw, json)
Hash identifier: eRMtR2o0VfLlyqd+85AHGefvJBgjTYInMBAwIm9keD0=
Subject key identifier: DC:A5:99:84:5B:87:E6:2D:6F:A9:4A:28:33:BA:AE:27:3A:AD:62:4D
Certificate issuer: /CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Certificate serial: 01894FE05DEF2D0925E703FA30D9630206AD
Authority key identifier: 23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/3KWZhFuH5i1vqUooM7quJzqtYk0.roa
Signing time: Thu 13 Jul 2023 15:30:51 +0000
ROA not before: Thu 13 Jul 2023 15:30:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 197248
IP address blocks: 77.111.96.0/20 maxlen: 24
93.88.192.0/20 maxlen: 24
62.112.192.0/19 maxlen: 19
109.61.96.0/19 maxlen: 19
109.61.0.0/18 maxlen: 19
109.61.22.0/24 maxlen: 24
77.111.64.0/19 maxlen: 21
109.61.64.0/20 maxlen: 20
77.111.88.0/21 maxlen: 24
2a01:be00::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:4f:e0:5d:ef:2d:09:25:e7:03:fa:30:d9:63:02:06:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Validity
Not Before: Jul 13 15:30:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dca599845b87e62d6fa94a2833baae273aad624d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:2c:73:96:f1:cf:21:ca:af:ec:74:5f:d0:8a:
25:85:89:54:62:73:69:ea:07:43:e0:b8:de:18:5a:
af:a3:06:b6:16:ac:13:8b:57:0f:33:49:68:9a:88:
ee:ee:a3:25:88:4f:1a:92:b8:31:e0:88:dc:8f:4c:
57:bb:ea:98:70:c1:be:17:82:82:c0:82:0b:45:59:
81:b9:01:93:0a:9e:14:d4:61:8f:95:b4:4f:c4:b5:
75:f9:42:e1:94:fb:05:b0:25:3d:63:f1:6e:cb:d9:
91:25:28:ae:e2:70:2a:79:81:cb:5b:43:3e:30:0c:
b6:ee:88:c4:a3:2b:09:e2:40:2a:f8:2d:34:c1:77:
05:2d:b7:a3:09:0a:4f:a1:59:d3:3a:27:37:0f:42:
9d:bc:9b:2e:41:11:9d:fe:5b:b5:30:be:e3:58:a2:
a0:39:59:11:a8:9d:7f:74:91:83:45:84:57:99:be:
16:7b:3a:0f:28:b2:1e:24:89:2a:aa:62:67:b4:50:
6a:d4:d8:17:ea:75:15:f5:18:7f:9e:05:d8:6e:3d:
8c:2e:91:a0:5c:fe:24:3b:b6:cd:ea:59:07:f4:24:
df:f1:a9:c2:de:64:b4:28:dd:3c:89:f5:3a:7c:9c:
6f:de:04:4c:ea:62:44:56:24:a1:ce:ca:66:4c:d6:
00:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DC:A5:99:84:5B:87:E6:2D:6F:A9:4A:28:33:BA:AE:27:3A:AD:62:4D
X509v3 Authority Key Identifier:
keyid:23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/3KWZhFuH5i1vqUooM7quJzqtYk0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/IzlKEl-jrODEem_jT0CGtNO6VYg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.112.192.0/19
77.111.64.0-77.111.111.255
93.88.192.0/20
109.61.0.0-109.61.79.255
109.61.96.0/19
IPv6:
2a01:be00::/32
Signature Algorithm: sha256WithRSAEncryption
64:25:44:1c:2c:19:96:f7:bf:a7:eb:e4:27:77:38:1b:09:3a:
a9:09:91:fd:bd:8d:1a:10:ef:6e:2b:9a:0d:b5:3f:c5:eb:e1:
80:d2:93:5b:58:0b:b7:aa:84:0e:ee:0d:a0:b9:40:78:f9:96:
30:a3:dd:3c:4f:54:46:fe:ab:21:d7:b9:34:e1:88:d5:3d:b8:
87:6d:aa:cf:d4:fd:5d:2a:b1:7f:28:c5:66:54:f7:b1:32:39:
32:40:d0:ba:03:b3:31:e8:20:64:41:9e:82:ae:df:a4:f1:01:
89:80:db:cb:ba:98:f9:78:0e:d5:e8:1b:c1:73:77:ca:6a:36:
25:9a:0e:89:ae:7e:c8:f2:c7:ae:75:be:da:34:dd:eb:eb:3a:
7f:a5:85:1c:01:27:8a:c4:07:d3:e8:b0:41:76:ea:c5:9c:17:
5a:50:4a:1a:c8:93:67:d8:e8:d3:e8:3f:ef:49:d5:8a:e7:92:
6a:87:d9:df:9e:b9:82:9c:e1:11:d1:f8:ab:be:3c:2e:50:91:
c7:4f:f0:e6:fa:99:72:83:a1:db:bb:00:a7:78:1c:69:f9:7d:
62:4e:4f:52:d1:b9:81:0b:b5:92:db:64:2f:28:5e:16:d1:d0:
d5:76:a3:40:4a:24:a5:b6:fd:5a:ab:12:c0:f3:c9:33:d4:16:
1c:32:ee:aa
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYlP4F3vLQkl5wP6MNljAgatMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzk0YTEyNWZhM2FjZTBjNDdhNmZlMzRmNDA4NmI0ZDNi
YTU1ODgwHhcNMjMwNzEzMTUzMDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkY2E1OTk4NDViODdlNjJkNmZhOTRhMjgzM2JhYWUyNzNhYWQ2MjRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvixzlvHPIcqv7HRf0IolhYlUYnNp
6gdD4LjeGFqvowa2FqwTi1cPM0lomoju7qMliE8akrgx4Ijcj0xXu+qYcMG+F4KC
wIILRVmBuQGTCp4U1GGPlbRPxLV1+ULhlPsFsCU9Y/Fuy9mRJSiu4nAqeYHLW0M+
MAy27ojEoysJ4kAq+C00wXcFLbejCQpPoVnTOic3D0KdvJsuQRGd/lu1ML7jWKKg
OVkRqJ1/dJGDRYRXmb4WezoPKLIeJIkqqmJntFBq1NgX6nUV9Rh/ngXYbj2MLpGg
XP4kO7bN6lkH9CTf8anC3mS0KN08ifU6fJxv3gRM6mJEViShzspmTNYADQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFNylmYRbh+Ytb6lKKDO6ric6rWJNMB8GA1UdIwQY
MBaAFCM5ShJfo6zgxHpv409AhrTTulWIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2Et
ZDQzMjA3ZDYyZGZlLzEvM0tXWmhGdUg1aTF2cVVvb003cXVKenF0WWswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2EtZDQzMjA3ZDYyZGZl
LzEvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAzBAIAATAtAwQFPnDAMAwD
BAZNb0ADBARNb2ADBARdWMAwCwMDAG09AwQEbT1AAwQFbT1gMA0EAgACMAcDBQAq
Ab4AMA0GCSqGSIb3DQEBCwUAA4IBAQBkJUQcLBmW97+n6+QndzgbCTqpCZH9vY0a
EO9uK5oNtT/F6+GA0pNbWAu3qoQO7g2guUB4+ZYwo908T1RG/qsh17k04YjVPbiH
barP1P1dKrF/KMVmVPexMjkyQNC6A7Mx6CBkQZ6Crt+k8QGJgNvLupj5eA7V6BvB
c3fKajYlmg6Jrn7I8seudb7aNN3r6zp/pYUcASeKxAfT6LBBdurFnBdaUEoayJNn
2OjT6D/vSdWK55Jqh9nfnrmCnOER0firvjwuUJHHT/Dm+plyg6HbuwCneBxp+X1i
Tk9S0bmBC7WS22QvKF4W0dDVdqNASiSltv1aqxLA88kz1BYcMu6q
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:13 2024 by rpki-client on console-ams.rpki-client.org