Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/DJFXhOx3nb6gXhoE3Q81V8JPRG4.roa
File: DJFXhOx3nb6gXhoE3Q81V8JPRG4.roa (raw, json)
Hash identifier: xLeOLeMnf80HAGEvXsU4Av67ekVQ3UMWWfCOtPxarfE=
Subject key identifier: 0C:91:57:84:EC:77:9D:BE:A0:5E:1A:04:DD:0F:35:57:C2:4F:44:6E
Certificate issuer: /CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Certificate serial: 0188004614C895FDDB457C3D864290D7737E
Authority key identifier: 23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/DJFXhOx3nb6gXhoE3Q81V8JPRG4.roa
Signing time: Tue 09 May 2023 11:29:32 +0000
ROA not before: Tue 09 May 2023 11:29:32 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 197248
IP address blocks: 77.111.96.0/20 maxlen: 20
62.112.192.0/19 maxlen: 19
93.88.192.0/20 maxlen: 20
109.61.96.0/19 maxlen: 19
109.61.0.0/18 maxlen: 19
109.61.22.0/24 maxlen: 24
77.111.64.0/19 maxlen: 21
109.61.64.0/20 maxlen: 20
2a01:be00::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:00:46:14:c8:95:fd:db:45:7c:3d:86:42:90:d7:73:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Validity
Not Before: May 9 11:29:32 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0c915784ec779dbea05e1a04dd0f3557c24f446e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:c3:8d:1a:e8:48:4c:58:10:f4:2b:21:39:7c:
19:87:28:bc:61:31:1a:a2:39:a3:c6:15:7c:59:5b:
15:2f:a3:c5:eb:09:3f:fd:15:40:30:a2:c2:f7:37:
eb:04:1e:95:c4:82:82:92:e1:c7:98:0c:21:2f:f6:
1f:81:ab:fb:7b:02:26:b7:f1:e0:1d:97:12:59:93:
96:10:48:c4:e2:5d:cc:4a:6f:ee:9d:5e:c5:f2:97:
bc:f3:16:40:c1:50:fd:ce:fd:bc:de:77:96:5d:8a:
58:73:6b:a8:e1:66:38:28:e8:46:83:98:50:f9:59:
17:9d:54:62:a0:29:dc:85:de:ef:57:ee:4e:0c:32:
de:87:68:95:81:38:2e:10:8b:26:f4:8b:0b:15:2f:
dc:f6:bf:5d:40:db:fa:99:8b:93:bb:1e:1f:96:05:
46:51:10:c3:a0:1a:20:c1:6b:b2:bc:96:a2:33:8b:
c0:ce:bc:f0:59:6f:74:59:8e:62:ad:bb:8d:e9:8c:
db:a3:0e:a2:a3:25:15:94:28:80:cc:d8:77:0f:6a:
1e:8c:77:5a:86:11:d2:e9:93:fa:ea:eb:3c:ca:6d:
d3:1d:6c:6a:ea:6a:4e:2e:08:f1:18:94:de:4f:5f:
e2:6c:d5:cb:31:38:40:54:89:50:b7:60:f8:40:e7:
21:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0C:91:57:84:EC:77:9D:BE:A0:5E:1A:04:DD:0F:35:57:C2:4F:44:6E
X509v3 Authority Key Identifier:
keyid:23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/DJFXhOx3nb6gXhoE3Q81V8JPRG4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/IzlKEl-jrODEem_jT0CGtNO6VYg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.112.192.0/19
77.111.64.0-77.111.111.255
93.88.192.0/20
109.61.0.0-109.61.79.255
109.61.96.0/19
IPv6:
2a01:be00::/32
Signature Algorithm: sha256WithRSAEncryption
8c:f0:8c:b2:67:3e:5f:93:84:30:42:96:e1:6f:91:a2:7e:cb:
af:03:40:71:cd:90:67:75:3e:cf:0b:a4:5e:fa:ab:5f:b6:73:
0a:1c:f4:6c:0b:a1:4e:30:39:e4:c3:b1:b0:43:03:05:01:f2:
35:6a:28:0c:b4:e9:f2:c8:84:f6:bf:77:92:6e:22:55:86:f5:
7c:3f:46:83:43:c7:3e:21:eb:b0:e9:e0:30:dc:69:27:d1:3b:
15:4b:b5:a7:85:98:09:ba:db:7d:bc:d0:0b:a8:32:35:60:15:
b0:cf:d8:5a:bd:0f:d2:62:21:9d:cf:09:fb:32:96:ba:0e:1c:
e2:b9:ad:05:bd:05:75:4f:bc:1b:d3:3e:64:e7:7f:c8:48:e5:
89:50:30:b5:d9:7f:a8:ff:98:68:11:f5:da:41:f6:46:2d:0f:
34:05:c3:a3:77:3d:a8:71:0c:57:5d:94:a0:66:4c:19:0e:3c:
97:23:0c:0b:ef:72:7c:c3:69:63:53:af:d2:1a:f3:6c:7c:3c:
5b:0d:ab:35:8c:64:26:0f:b1:22:8b:1c:09:e5:ed:7c:8c:1f:
df:86:f6:21:19:89:c8:99:ef:f9:e0:e6:39:87:57:96:a0:70:
1f:b5:23:b8:3a:b8:9c:1e:28:9d:b6:2d:23:c3:f1:11:2b:cb:
c8:a0:36:37
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYgARhTIlf3bRXw9hkKQ13N+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzk0YTEyNWZhM2FjZTBjNDdhNmZlMzRmNDA4NmI0ZDNi
YTU1ODgwHhcNMjMwNTA5MTEyOTMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYzkxNTc4NGVjNzc5ZGJlYTA1ZTFhMDRkZDBmMzU1N2MyNGY0NDZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzMONGuhITFgQ9CshOXwZhyi8YTEa
ojmjxhV8WVsVL6PF6wk//RVAMKLC9zfrBB6VxIKCkuHHmAwhL/Yfgav7ewImt/Hg
HZcSWZOWEEjE4l3MSm/unV7F8pe88xZAwVD9zv283neWXYpYc2uo4WY4KOhGg5hQ
+VkXnVRioCnchd7vV+5ODDLeh2iVgTguEIsm9IsLFS/c9r9dQNv6mYuTux4flgVG
URDDoBogwWuyvJaiM4vAzrzwWW90WY5irbuN6Yzbow6ioyUVlCiAzNh3D2oejHda
hhHS6ZP66us8ym3THWxq6mpOLgjxGJTeT1/ibNXLMThAVIlQt2D4QOchBwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFAyRV4Tsd52+oF4aBN0PNVfCT0RuMB8GA1UdIwQY
MBaAFCM5ShJfo6zgxHpv409AhrTTulWIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2Et
ZDQzMjA3ZDYyZGZlLzEvREpGWGhPeDNuYjZnWGhvRTNRODFWOEpQUkc0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2EtZDQzMjA3ZDYyZGZl
LzEvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAzBAIAATAtAwQFPnDAMAwD
BAZNb0ADBARNb2ADBARdWMAwCwMDAG09AwQEbT1AAwQFbT1gMA0EAgACMAcDBQAq
Ab4AMA0GCSqGSIb3DQEBCwUAA4IBAQCM8IyyZz5fk4QwQpbhb5GifsuvA0BxzZBn
dT7PC6Re+qtftnMKHPRsC6FOMDnkw7GwQwMFAfI1aigMtOnyyIT2v3eSbiJVhvV8
P0aDQ8c+Ieuw6eAw3Gkn0TsVS7WnhZgJutt9vNALqDI1YBWwz9havQ/SYiGdzwn7
Mpa6Dhziua0FvQV1T7wb0z5k53/ISOWJUDC12X+o/5hoEfXaQfZGLQ80BcOjdz2o
cQxXXZSgZkwZDjyXIwwL73J8w2ljU6/SGvNsfDxbDas1jGQmD7EiixwJ5e18jB/f
hvYhGYnIme/54OY5h1eWoHAftSO4OricHiidti0jw/ERK8vIoDY3
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:39 2024 by rpki-client on console-fra.rpki-client.org