Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/oBg3zINmC3fIvH0MfGtgnpUH060.roa
File: oBg3zINmC3fIvH0MfGtgnpUH060.roa (raw, json)
Hash identifier: F4RqGoLsztQq0RqNgjgmkaFSfdzaRXwdhilvG5q0/r4=
Subject key identifier: A0:18:37:CC:83:66:0B:77:C8:BC:7D:0C:7C:6B:60:9E:95:07:D3:AD
Certificate issuer: /CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Certificate serial: 018D8E43A6178E775D1AF3FCAC456B3AB48A
Authority key identifier: 23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/oBg3zINmC3fIvH0MfGtgnpUH060.roa
Signing time: Fri 09 Feb 2024 14:26:54 +0000
ROA not before: Fri 09 Feb 2024 14:26:54 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 197248
IP address blocks: 62.112.192.0/21 maxlen: 21
62.112.208.0/21 maxlen: 21
77.111.88.0/21 maxlen: 24
77.111.96.0/20 maxlen: 24
93.88.192.0/21 maxlen: 21
93.88.194.0/24 maxlen: 24
109.61.0.0/22 maxlen: 22
109.61.8.0/21 maxlen: 21
109.61.20.0/22 maxlen: 22
109.61.22.0/24 maxlen: 24
109.61.24.0/21 maxlen: 21
109.61.48.0/20 maxlen: 20
109.61.64.0/20 maxlen: 20
109.61.96.0/21 maxlen: 21
109.61.112.0/21 maxlen: 21
2a01:be00::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:8e:43:a6:17:8e:77:5d:1a:f3:fc:ac:45:6b:3a:b4:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=23394a125fa3ace0c47a6fe34f4086b4d3ba5588
Validity
Not Before: Feb 9 14:26:54 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a01837cc83660b77c8bc7d0c7c6b609e9507d3ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:9d:9b:29:83:e0:65:15:bc:a5:7f:b4:09:2e:
d7:88:1a:ed:ef:7f:d5:ba:65:18:96:40:55:d7:85:
9c:4d:9e:4f:c3:d6:9a:31:14:ea:fd:43:d4:ce:65:
39:90:1d:c0:c1:f5:20:22:b2:da:1c:2c:bf:a1:ba:
56:76:a2:7c:f2:16:f6:ca:b8:ed:e2:cf:7d:4d:bf:
88:77:ca:39:97:4d:9a:37:6e:46:6c:75:54:b8:49:
66:36:92:15:e1:ae:ec:18:e7:fc:6f:5a:84:db:43:
9e:e3:bc:5f:8e:af:5f:34:8f:28:6c:2f:d0:33:3e:
8b:77:cb:81:dc:2d:b7:bd:1c:7f:75:dd:6e:93:7e:
d4:f4:19:d1:45:9f:85:3c:93:07:82:ef:3e:26:0e:
d5:03:34:2e:13:34:ac:21:46:66:da:45:d9:7c:a7:
7d:c6:50:ab:d7:ee:ef:9f:34:5a:53:32:bf:c9:32:
4f:6e:24:84:f4:64:09:e9:3a:b2:81:f8:4e:f8:a9:
70:ca:7a:9e:98:07:6a:09:05:a9:84:0c:72:2c:7f:
3f:a0:bc:25:c5:65:be:8b:4a:0d:24:03:ac:e3:29:
78:c2:e2:8d:51:c1:d6:40:99:49:8e:16:8f:e7:e6:
2b:a1:91:1b:c7:e5:cd:0e:2f:d7:38:d0:26:2c:41:
9b:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:18:37:CC:83:66:0B:77:C8:BC:7D:0C:7C:6B:60:9E:95:07:D3:AD
X509v3 Authority Key Identifier:
keyid:23:39:4A:12:5F:A3:AC:E0:C4:7A:6F:E3:4F:40:86:B4:D3:BA:55:88
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IzlKEl-jrODEem_jT0CGtNO6VYg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/oBg3zINmC3fIvH0MfGtgnpUH060.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7f/afd415-0a86-431f-bc3a-d43207d62dfe/1/IzlKEl-jrODEem_jT0CGtNO6VYg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.112.192.0/21
62.112.208.0/21
77.111.88.0-77.111.111.255
93.88.192.0/21
109.61.0.0/22
109.61.8.0/21
109.61.20.0-109.61.31.255
109.61.48.0-109.61.79.255
109.61.96.0/21
109.61.112.0/21
IPv6:
2a01:be00::/32
Signature Algorithm: sha256WithRSAEncryption
72:c5:ea:19:f5:bb:6f:76:f2:54:d3:d4:6d:7d:e9:33:64:19:
26:90:5d:22:2f:e4:62:d3:59:8c:e6:79:b3:7f:98:d0:d4:88:
68:a6:9c:11:fb:6d:72:1c:69:f0:79:03:10:06:f5:84:19:8a:
b5:4a:f3:bd:d6:70:3a:a0:46:8b:b2:e2:d9:ed:98:cb:0d:fc:
65:14:89:58:48:f5:24:f1:cc:03:3b:6f:04:d2:9c:4f:f8:b0:
84:c9:ed:4d:0a:07:e3:d3:db:9e:1a:4b:db:dc:8c:70:ff:58:
cd:c2:a1:32:63:0d:ce:90:30:2e:e6:d3:69:12:c1:25:b7:71:
9b:18:18:ca:51:91:37:f5:db:bb:33:73:3a:72:43:c0:f6:0b:
d5:23:6b:e5:19:6a:f1:7d:78:fe:10:a2:16:f8:52:da:87:51:
68:c2:15:05:a1:5f:66:9a:a3:e9:ee:08:ac:e0:c9:ba:d0:3c:
64:c2:10:30:32:51:0f:05:66:ae:62:08:f4:a4:09:c0:87:00:
81:71:a6:8c:65:34:cf:49:a9:51:6f:6b:61:c6:22:72:cf:43:
93:ca:5c:67:30:ae:91:3d:aa:8f:4e:40:b3:98:0f:01:1e:d2:
5a:e2:7d:80:03:b7:b4:cf:b9:f8:7a:02:29:37:2e:ef:96:77:
ef:e8:90:f6
-----BEGIN CERTIFICATE-----
MIIFWjCCBEKgAwIBAgISAY2OQ6YXjnddGvP8rEVrOrSKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIzMzk0YTEyNWZhM2FjZTBjNDdhNmZlMzRmNDA4NmI0ZDNi
YTU1ODgwHhcNMjQwMjA5MTQyNjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDE4MzdjYzgzNjYwYjc3YzhiYzdkMGM3YzZiNjA5ZTk1MDdkM2FkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg52bKYPgZRW8pX+0CS7XiBrt73/V
umUYlkBV14WcTZ5Pw9aaMRTq/UPUzmU5kB3AwfUgIrLaHCy/obpWdqJ88hb2yrjt
4s99Tb+Id8o5l02aN25GbHVUuElmNpIV4a7sGOf8b1qE20Oe47xfjq9fNI8obC/Q
Mz6Ld8uB3C23vRx/dd1uk37U9BnRRZ+FPJMHgu8+Jg7VAzQuEzSsIUZm2kXZfKd9
xlCr1+7vnzRaUzK/yTJPbiSE9GQJ6TqygfhO+KlwynqemAdqCQWphAxyLH8/oLwl
xWW+i0oNJAOs4yl4wuKNUcHWQJlJjhaP5+YroZEbx+XNDi/XONAmLEGbPQIDAQAB
o4ICZjCCAmIwHQYDVR0OBBYEFKAYN8yDZgt3yLx9DHxrYJ6VB9OtMB8GA1UdIwQY
MBaAFCM5ShJfo6zgxHpv409AhrTTulWIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2Et
ZDQzMjA3ZDYyZGZlLzEvb0JnM3pJTm1DM2ZJdkgwTWZHdGducFVIMDYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Zi9hZmQ0MTUtMGE4Ni00MzFmLWJjM2EtZDQzMjA3ZDYyZGZl
LzEvSXpsS0VsLWpyT0RFZW1falQwQ0d0Tk82VllnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHwGCCsGAQUFBwEHAQH/BG0wazBaBAIAATBUAwQDPnDAAwQD
PnDQMAwDBANNb1gDBARNb2ADBANdWMADBAJtPQADBANtPQgwDAMEAm09FAMEBW09
ADAMAwQEbT0wAwQEbT1AAwQDbT1gAwQDbT1wMA0EAgACMAcDBQAqAb4AMA0GCSqG
SIb3DQEBCwUAA4IBAQByxeoZ9btvdvJU09RtfekzZBkmkF0iL+Ri01mM5nmzf5jQ
1IhoppwR+21yHGnweQMQBvWEGYq1SvO91nA6oEaLsuLZ7ZjLDfxlFIlYSPUk8cwD
O28E0pxP+LCEye1NCgfj09ueGkvb3Ixw/1jNwqEyYw3OkDAu5tNpEsElt3GbGBjK
UZE39du7M3M6ckPA9gvVI2vlGWrxfXj+EKIW+FLah1FowhUFoV9mmqPp7gis4Mm6
0DxkwhAwMlEPBWauYgj0pAnAhwCBcaaMZTTPSalRb2thxiJyz0OTylxnMK6RPaqP
TkCzmA8BHtJa4n2AA7e0z7n4egIpNy7vlnfv6JD2
-----END CERTIFICATE-----
Generated at Thu Aug 29 11:52:38 2024 by rpki-client on console-fra.rpki-client.org