Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/nOMLmo5lT2vf7oy45W-ltnXaTWU.roa
File: nOMLmo5lT2vf7oy45W-ltnXaTWU.roa (raw, json)
Hash identifier: C7PbjIFLlzhSP6+dxYZOVXglI2WKKt89lFsGFYLV2mU=
Subject key identifier: 9C:E3:0B:9A:8E:65:4F:6B:DF:EE:8C:B8:E5:6F:A5:B6:75:DA:4D:65
Certificate issuer: /CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Certificate serial: 0188E7052FD16F63760752E26AEEE4B10972
Authority key identifier: 23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/nOMLmo5lT2vf7oy45W-ltnXaTWU.roa
Signing time: Fri 23 Jun 2023 06:50:56 +0000
ROA not before: Fri 23 Jun 2023 06:50:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 197248
IP address blocks: 77.111.96.0/20 maxlen: 20
62.112.192.0/19 maxlen: 19
93.88.192.0/20 maxlen: 20
109.61.96.0/19 maxlen: 19
109.61.0.0/18 maxlen: 19
109.61.22.0/24 maxlen: 24
77.111.64.0/19 maxlen: 21
109.61.64.0/20 maxlen: 20
77.111.88.0/21 maxlen: 21
2a01:be00::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:e7:05:2f:d1:6f:63:76:07:52:e2:6a:ee:e4:b1:09:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Validity
Not Before: Jun 23 06:50:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9ce30b9a8e654f6bdfee8cb8e56fa5b675da4d65
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:d0:3b:29:72:7f:3d:9d:ff:fc:be:0d:5e:ad:
76:4c:50:c3:1a:40:cb:be:e9:bf:6a:4f:20:5b:f5:
ff:32:30:4b:c1:19:7e:41:f8:f3:3f:91:1b:b3:7b:
9d:c5:08:a0:5a:df:c9:d2:d4:bd:58:8a:91:41:58:
66:b1:c9:8d:f9:78:b9:ec:44:bc:f2:59:eb:d0:a0:
f4:77:3a:2d:a0:27:78:39:97:48:71:d2:18:fb:42:
23:d5:73:6e:90:42:cf:03:c5:d7:96:e2:d0:11:9f:
70:89:83:99:88:60:a6:5b:d5:22:c8:13:6d:1b:55:
cf:16:dd:81:74:48:b1:9f:9d:81:01:98:2b:7a:59:
9f:af:1f:a0:14:0b:bc:a3:e6:be:5c:f5:ba:92:fd:
12:91:f2:8d:5c:d1:77:df:a6:24:ce:05:63:03:2c:
25:1c:da:b3:d3:ed:f2:ee:47:cb:93:c9:45:7a:11:
e5:22:98:39:5a:aa:ec:ac:45:fe:7a:0e:04:43:57:
e5:8e:84:ec:af:02:64:f9:94:52:0e:98:76:e7:27:
ee:6f:11:6a:de:40:2b:5b:3e:3c:15:b8:3c:8e:08:
b6:dc:9b:e4:e7:8d:91:98:f4:02:5c:d3:ef:46:46:
cb:6e:ea:0a:c7:63:f2:a4:38:2c:5d:b6:74:89:f5:
ca:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:E3:0B:9A:8E:65:4F:6B:DF:EE:8C:B8:E5:6F:A5:B6:75:DA:4D:65
X509v3 Authority Key Identifier:
keyid:23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/nOMLmo5lT2vf7oy45W-ltnXaTWU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/IzlKEl-jrODEem_jT0CGtNO6VYg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.112.192.0/19
77.111.64.0-77.111.111.255
93.88.192.0/20
109.61.0.0-109.61.79.255
109.61.96.0/19
IPv6:
2a01:be00::/32
Signature Algorithm: sha256WithRSAEncryption
34:97:cf:b0:f6:93:9c:7c:4a:5a:c1:dd:4f:8a:c3:b5:2d:46:
3d:e7:ce:c0:22:f1:0d:1d:9a:ab:f3:9c:89:55:67:5d:72:ce:
f6:1c:1c:bf:a6:a0:5c:4b:7a:df:61:2d:11:ab:20:60:2d:d3:
bf:35:5b:43:81:35:1d:dd:e5:22:2e:f9:79:18:fc:55:c0:82:
1a:58:3c:3e:5d:de:e7:02:c9:3f:cd:a7:e5:ff:90:68:01:0b:
69:c0:5d:2f:bc:54:8f:02:68:66:b1:a2:8d:7a:46:43:c6:c2:
d1:c8:7e:68:f2:2d:f6:21:e5:c1:e0:51:7c:85:13:cf:56:4a:
06:97:2e:a4:0c:66:89:0a:3f:b1:ef:ad:1d:94:c9:7c:fb:17:
83:b1:40:e1:c4:a3:ac:d4:16:f9:ba:0d:a6:fe:0f:2f:ac:ee:
c4:f8:f1:dd:32:70:c3:14:8e:4e:b7:fd:6a:51:9f:22:c7:0e:
a6:a1:72:e0:78:94:e4:5e:df:9a:9b:68:8c:45:a1:80:d8:45:
2c:04:88:20:f2:f7:80:5e:91:69:a4:8c:22:86:34:41:92:ec:
e5:a0:23:de:19:3c:04:ce:85:3b:5b:78:57:d3:17:fd:b5:e3:
9c:1e:24:08:36:b7:23:f5:2d:eb:e5:24:d9:c5:95:ef:20:56:
1c:92:29:79
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYjnBS/Rb2N2B1Liau7ksQlyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzk0YTEyNWZhM2FjZTBjNDdhNmZlMzRmNDA4NmI0ZDNi
YTU1ODgwHhcNMjMwNjIzMDY1MDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2UzMGI5YThlNjU0ZjZiZGZlZThjYjhlNTZmYTViNjc1ZGE0ZDY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm9A7KXJ/PZ3//L4NXq12TFDDGkDL
vum/ak8gW/X/MjBLwRl+QfjzP5Ebs3udxQigWt/J0tS9WIqRQVhmscmN+Xi57ES8
8lnr0KD0dzotoCd4OZdIcdIY+0Ij1XNukELPA8XXluLQEZ9wiYOZiGCmW9UiyBNt
G1XPFt2BdEixn52BAZgrelmfrx+gFAu8o+a+XPW6kv0SkfKNXNF336YkzgVjAywl
HNqz0+3y7kfLk8lFehHlIpg5WqrsrEX+eg4EQ1fljoTsrwJk+ZRSDph25yfubxFq
3kArWz48Fbg8jgi23Jvk542RmPQCXNPvRkbLbuoKx2PypDgsXbZ0ifXK8wIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFJzjC5qOZU9r3+6MuOVvpbZ12k1lMB8GA1UdIwQY
MBaAFCM5ShJfo6zgxHpv409AhrTTulWIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2Et
ZDQzMjA3ZDYyZGZlLzEvbk9NTG1vNWxUMnZmN295NDVXLWx0blhhVFdVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2EtZDQzMjA3ZDYyZGZl
LzEvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDAzBAIAATAtAwQFPnDAMAwD
BAZNb0ADBARNb2ADBARdWMAwCwMDAG09AwQEbT1AAwQFbT1gMA0EAgACMAcDBQAq
Ab4AMA0GCSqGSIb3DQEBCwUAA4IBAQA0l8+w9pOcfEpawd1PisO1LUY9587AIvEN
HZqr85yJVWddcs72HBy/pqBcS3rfYS0RqyBgLdO/NVtDgTUd3eUiLvl5GPxVwIIa
WDw+Xd7nAsk/zafl/5BoAQtpwF0vvFSPAmhmsaKNekZDxsLRyH5o8i32IeXB4FF8
hRPPVkoGly6kDGaJCj+x760dlMl8+xeDsUDhxKOs1Bb5ug2m/g8vrO7E+PHdMnDD
FI5Ot/1qUZ8ixw6moXLgeJTkXt+am2iMRaGA2EUsBIgg8veAXpFppIwihjRBkuzl
oCPeGTwEzoU7W3hX0xf9teOcHiQINrcj9S3r5STZxZXvIFYckil5
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:13 2024 by rpki-client on console-ams.rpki-client.org