Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/4WpmEFhun6cQASSUeAunZDEVD8c.roa
File: 4WpmEFhun6cQASSUeAunZDEVD8c.roa (raw, json)
Hash identifier: vMTngCK87IYZYuzMGb4xIwbY9Kke56hSJbOEpPwkbIs=
Subject key identifier: E1:6A:66:10:58:6E:9F:A7:10:01:24:94:78:0B:A7:64:31:15:0F:C7
Certificate issuer: /CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Certificate serial: 018CB4F8D5A119DE344A9CBCF9E42DEB8D5E
Authority key identifier: 23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/4WpmEFhun6cQASSUeAunZDEVD8c.roa
Signing time: Fri 29 Dec 2023 09:47:35 +0000
ROA not before: Fri 29 Dec 2023 09:47:35 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 197248
IP address blocks: 77.111.96.0/20 maxlen: 24
93.88.192.0/21 maxlen: 21
93.88.194.0/24 maxlen: 24
109.61.0.0/22 maxlen: 22
109.61.8.0/21 maxlen: 21
77.111.88.0/21 maxlen: 24
62.112.192.0/21 maxlen: 21
109.61.96.0/21 maxlen: 21
109.61.112.0/20 maxlen: 20
62.112.208.0/20 maxlen: 20
109.61.22.0/24 maxlen: 24
109.61.20.0/22 maxlen: 22
109.61.24.0/21 maxlen: 21
109.61.32.0/19 maxlen: 19
109.61.64.0/20 maxlen: 20
2a01:be00::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:b4:f8:d5:a1:19:de:34:4a:9c:bc:f9:e4:2d:eb:8d:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Validity
Not Before: Dec 29 09:47:35 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e16a6610586e9fa710012494780ba76431150fc7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:10:e7:96:74:de:8e:2d:29:1d:f4:2d:6c:df:
96:62:28:75:70:45:7f:55:f8:8b:4c:df:d1:da:e1:
00:de:87:0c:a2:63:72:ff:b3:48:8c:d4:a7:41:2e:
7e:ef:8f:66:ee:85:2c:bb:17:36:ef:6d:e5:dd:db:
c4:8d:bb:b2:a8:d5:78:2d:69:d0:6f:2f:28:cb:f3:
5c:7c:68:a1:2a:8c:c3:9f:ff:c1:c1:ce:da:2f:a0:
99:20:82:b8:50:e0:be:32:56:26:bc:fb:4f:4b:2d:
2c:09:cc:ec:09:d9:d0:a0:76:b6:9b:7b:0d:f6:0e:
ef:7d:5e:10:2e:99:75:d3:46:9c:e7:72:b2:a1:fd:
24:4d:71:f3:35:1f:0d:a5:84:b1:80:7d:3e:d9:39:
96:db:f4:b3:5c:31:7f:5c:30:ec:1b:8b:a7:ce:69:
4c:f0:96:97:9d:cb:6a:02:84:a9:26:0f:15:98:fa:
0e:d6:20:e4:4c:9a:35:08:ae:97:03:00:62:6a:66:
91:ca:40:4a:c3:2d:7c:d8:10:fd:67:4d:38:45:68:
ea:cf:bc:4f:12:0b:dd:dc:3d:90:6e:08:4f:72:4a:
31:12:63:01:ab:70:27:84:89:1e:d1:7b:69:3d:88:
2a:58:cf:e5:48:44:a0:1c:95:5b:9f:3b:46:7a:2c:
49:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:6A:66:10:58:6E:9F:A7:10:01:24:94:78:0B:A7:64:31:15:0F:C7
X509v3 Authority Key Identifier:
keyid:23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/4WpmEFhun6cQASSUeAunZDEVD8c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/IzlKEl-jrODEem_jT0CGtNO6VYg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.112.192.0/21
62.112.208.0/20
77.111.88.0-77.111.111.255
93.88.192.0/21
109.61.0.0/22
109.61.8.0/21
109.61.20.0-109.61.79.255
109.61.96.0/21
109.61.112.0/20
IPv6:
2a01:be00::/32
Signature Algorithm: sha256WithRSAEncryption
14:ad:25:a4:9b:df:c4:fd:ad:21:94:51:a1:4b:84:47:f6:1f:
5b:2c:dc:f2:b3:44:aa:2b:d9:de:fc:b2:0b:a4:fb:f3:f3:19:
7d:24:ea:3a:ea:1a:3a:28:5f:d8:2e:df:51:83:11:8b:c2:c8:
7b:b3:13:e6:4f:19:e6:3c:6e:61:38:68:77:ee:41:8e:2d:b2:
03:77:45:c3:56:23:d0:b5:eb:7e:c8:05:36:ad:a7:d2:ee:54:
fa:33:c2:64:31:ea:3a:4f:68:f8:e6:71:2a:60:5d:51:6a:4c:
41:31:26:ee:08:a7:15:b7:10:93:fe:22:40:24:d2:98:4b:40:
f4:0a:a4:a2:99:86:cc:15:0d:a9:21:c5:d5:44:fd:00:ba:d9:
98:89:30:7c:fa:35:56:0d:63:ef:27:85:ac:63:55:b3:bb:18:
e8:fc:d3:8d:a0:c6:0e:e6:23:d0:be:d2:53:63:e7:34:e5:70:
42:93:99:41:db:ca:3e:81:45:e3:3d:2a:49:6f:82:8e:62:ac:
3f:1e:cf:a0:7b:03:e4:77:e5:49:df:f3:95:02:46:e7:98:34:
ff:ed:fc:67:cb:b5:90:67:a2:ad:ee:be:a6:fc:39:b8:b9:ee:
5f:85:1a:00:b9:55:d7:03:d6:37:ce:9a:87:69:5f:70:fb:bd:
cc:33:e7:e5
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAYy0+NWhGd40Spy8+eQt641eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzk0YTEyNWZhM2FjZTBjNDdhNmZlMzRmNDA4NmI0ZDNi
YTU1ODgwHhcNMjMxMjI5MDk0NzM1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTZhNjYxMDU4NmU5ZmE3MTAwMTI0OTQ3ODBiYTc2NDMxMTUwZmM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxDnlnTeji0pHfQtbN+WYih1cEV/
VfiLTN/R2uEA3ocMomNy/7NIjNSnQS5+749m7oUsuxc2723l3dvEjbuyqNV4LWnQ
by8oy/NcfGihKozDn//Bwc7aL6CZIIK4UOC+MlYmvPtPSy0sCczsCdnQoHa2m3sN
9g7vfV4QLpl100ac53Kyof0kTXHzNR8NpYSxgH0+2TmW2/SzXDF/XDDsG4unzmlM
8JaXnctqAoSpJg8VmPoO1iDkTJo1CK6XAwBiamaRykBKwy182BD9Z004RWjqz7xP
Egvd3D2QbghPckoxEmMBq3AnhIke0XtpPYgqWM/lSESgHJVbnztGeixJgQIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFOFqZhBYbp+nEAEklHgLp2QxFQ/HMB8GA1UdIwQY
MBaAFCM5ShJfo6zgxHpv409AhrTTulWIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2Et
ZDQzMjA3ZDYyZGZlLzEvNFdwbUVGaHVuNmNRQVNTVWVBdW5aREVWRDhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2EtZDQzMjA3ZDYyZGZl
LzEvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBMBAIAATBGAwQDPnDAAwQE
PnDQMAwDBANNb1gDBARNb2ADBANdWMADBAJtPQADBANtPQgwDAMEAm09FAMEBG09
QAMEA209YAMEBG09cDANBAIAAjAHAwUAKgG+ADANBgkqhkiG9w0BAQsFAAOCAQEA
FK0lpJvfxP2tIZRRoUuER/YfWyzc8rNEqivZ3vyyC6T78/MZfSTqOuoaOihf2C7f
UYMRi8LIe7MT5k8Z5jxuYThod+5Bji2yA3dFw1Yj0LXrfsgFNq2n0u5U+jPCZDHq
Ok9o+OZxKmBdUWpMQTEm7ginFbcQk/4iQCTSmEtA9AqkopmGzBUNqSHF1UT9ALrZ
mIkwfPo1Vg1j7yeFrGNVs7sY6PzTjaDGDuYj0L7SU2PnNOVwQpOZQdvKPoFF4z0q
SW+CjmKsPx7PoHsD5HflSd/zlQJG55g0/+38Z8u1kGeire6+pvw5uLnuX4UaALlV
1wPWN86ah2lfcPu9zDPn5Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:13 2024 by rpki-client on console-ams.rpki-client.org