Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/XY9D1lseJxSYHMm5biJtl4WuEe8.roa
File: XY9D1lseJxSYHMm5biJtl4WuEe8.roa (raw, json)
Hash identifier: amuZBno2ar4jdMd0eYJY9cAG4ysEb1ZWF9C6L7LSaiw=
Subject key identifier: 5D:8F:43:D6:5B:1E:27:14:98:1C:C9:B9:6E:22:6D:97:85:AE:11:EF
Certificate issuer: /CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Certificate serial: 0189B685107F2F1CC7FAA948CC9237348E3B
Authority key identifier: 23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/XY9D1lseJxSYHMm5biJtl4WuEe8.roa
Signing time: Wed 02 Aug 2023 13:52:01 +0000
ROA not before: Wed 02 Aug 2023 13:52:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 197248
IP address blocks: 77.111.96.0/20 maxlen: 24
62.112.192.0/19 maxlen: 19
109.61.0.0/18 maxlen: 19
109.61.22.0/24 maxlen: 24
77.111.64.0/19 maxlen: 21
109.61.64.0/20 maxlen: 20
77.111.88.0/21 maxlen: 24
2a01:be00::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:b6:85:10:7f:2f:1c:c7:fa:a9:48:cc:92:37:34:8e:3b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Validity
Not Before: Aug 2 13:52:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5d8f43d65b1e2714981cc9b96e226d9785ae11ef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:d0:08:9a:ce:81:63:b7:61:59:b7:79:a5:bd:
03:86:6e:9d:e1:29:7c:50:e2:73:8b:2c:23:f2:e3:
11:3e:4a:99:c6:3a:6b:1e:4b:4f:9b:c0:47:16:1b:
99:e5:7a:db:0b:a3:cf:da:f2:1e:dc:50:5f:ee:4c:
9a:55:1b:15:92:2e:0a:9a:2c:a1:4f:bb:51:44:a5:
8b:6a:58:2f:39:e4:f7:1a:76:22:3f:e4:c5:fd:f5:
9c:1b:51:b7:86:18:c1:28:fa:09:e5:48:19:ea:1f:
13:ea:98:39:0e:a4:07:df:b1:c7:4b:da:3c:61:f8:
47:39:e6:53:91:19:ed:aa:d0:7a:1a:2a:30:02:d9:
09:f3:fd:b3:59:1c:0c:84:e3:a6:5e:66:55:b1:19:
c9:c7:88:4f:45:54:22:70:ce:93:4a:a7:c8:be:83:
36:cc:96:c4:aa:73:dc:39:09:6d:27:8a:03:b8:96:
5a:12:e8:03:62:7a:57:09:35:45:f0:3e:09:d9:5f:
cc:c4:29:73:83:8c:d5:96:78:26:b8:1c:e0:be:bd:
7b:f7:1b:76:73:9b:00:15:14:ac:10:1b:c4:8e:6d:
f9:2a:78:69:06:cd:66:19:35:9a:f8:6e:15:47:c0:
46:04:46:9f:b3:f9:55:e3:38:63:ff:d6:54:31:64:
59:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:8F:43:D6:5B:1E:27:14:98:1C:C9:B9:6E:22:6D:97:85:AE:11:EF
X509v3 Authority Key Identifier:
keyid:23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/XY9D1lseJxSYHMm5biJtl4WuEe8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/IzlKEl-jrODEem_jT0CGtNO6VYg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.112.192.0/19
77.111.64.0-77.111.111.255
109.61.0.0-109.61.79.255
IPv6:
2a01:be00::/32
Signature Algorithm: sha256WithRSAEncryption
52:88:ee:3f:2d:93:55:e4:f3:ed:b9:61:c7:23:55:e4:63:29:
a4:2e:5d:9d:fe:4b:1d:3e:71:12:ed:96:41:21:b4:d0:9c:9b:
dc:b9:83:20:54:d1:41:b5:47:be:39:e5:16:bd:07:49:07:60:
91:30:23:b6:66:35:76:74:3c:cc:da:59:a4:10:25:1c:65:28:
3f:3c:8a:23:d1:32:6b:a9:43:6e:03:7b:d0:25:9d:7d:22:fd:
87:6d:54:c4:2a:ad:bf:32:5c:56:af:ca:17:8d:dd:ae:68:4b:
ba:68:d7:02:6e:d6:68:5b:fc:3b:8d:d1:29:8c:61:af:e9:68:
0b:26:79:83:26:24:91:21:4d:79:93:72:60:df:5b:93:90:2d:
cb:41:e4:65:ef:fe:db:5b:80:57:4c:fd:1c:ad:d9:0d:23:68:
b6:3f:bf:2e:89:b6:d6:04:f4:a1:24:8f:c7:31:d5:28:16:c2:
2e:4e:f8:b2:86:59:0c:fc:6f:72:10:7d:4c:00:87:fb:17:5a:
ab:9f:d5:d1:71:e4:1f:3f:8d:3c:37:8d:4b:97:e7:53:dd:1b:
33:71:47:45:27:16:f6:69:f3:92:64:6d:b2:3a:91:05:d8:67:
8d:5e:69:02:43:16:68:40:b5:d4:9d:e9:09:2b:c8:cc:f7:ab:
54:62:f4:09
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYm2hRB/LxzH+qlIzJI3NI47MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzk0YTEyNWZhM2FjZTBjNDdhNmZlMzRmNDA4NmI0ZDNi
YTU1ODgwHhcNMjMwODAyMTM1MjAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDhmNDNkNjViMWUyNzE0OTgxY2M5Yjk2ZTIyNmQ5Nzg1YWUxMWVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk9AIms6BY7dhWbd5pb0Dhm6d4Sl8
UOJziywj8uMRPkqZxjprHktPm8BHFhuZ5XrbC6PP2vIe3FBf7kyaVRsVki4Kmiyh
T7tRRKWLalgvOeT3GnYiP+TF/fWcG1G3hhjBKPoJ5UgZ6h8T6pg5DqQH37HHS9o8
YfhHOeZTkRntqtB6GiowAtkJ8/2zWRwMhOOmXmZVsRnJx4hPRVQicM6TSqfIvoM2
zJbEqnPcOQltJ4oDuJZaEugDYnpXCTVF8D4J2V/MxClzg4zVlngmuBzgvr179xt2
c5sAFRSsEBvEjm35KnhpBs1mGTWa+G4VR8BGBEafs/lV4zhj/9ZUMWRZlwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFF2PQ9ZbHicUmBzJuW4ibZeFrhHvMB8GA1UdIwQY
MBaAFCM5ShJfo6zgxHpv409AhrTTulWIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2Et
ZDQzMjA3ZDYyZGZlLzEvWFk5RDFsc2VKeFNZSE1tNWJpSnRsNFd1RWU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2EtZDQzMjA3ZDYyZGZl
LzEvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODAnBAIAATAhAwQFPnDAMAwD
BAZNb0ADBARNb2AwCwMDAG09AwQEbT1AMA0EAgACMAcDBQAqAb4AMA0GCSqGSIb3
DQEBCwUAA4IBAQBSiO4/LZNV5PPtuWHHI1XkYymkLl2d/ksdPnES7ZZBIbTQnJvc
uYMgVNFBtUe+OeUWvQdJB2CRMCO2ZjV2dDzM2lmkECUcZSg/PIoj0TJrqUNuA3vQ
JZ19Iv2HbVTEKq2/MlxWr8oXjd2uaEu6aNcCbtZoW/w7jdEpjGGv6WgLJnmDJiSR
IU15k3Jg31uTkC3LQeRl7/7bW4BXTP0crdkNI2i2P78uibbWBPShJI/HMdUoFsIu
TviyhlkM/G9yEH1MAIf7F1qrn9XRceQfP408N41Ll+dT3RszcUdFJxb2afOSZG2y
OpEF2GeNXmkCQxZoQLXUnekJK8jM96tUYvQJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:13 2024 by rpki-client on console-ams.rpki-client.org