Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/sJ8G9hC8AgkitjAN37JKjiCKVCc.roa
File: sJ8G9hC8AgkitjAN37JKjiCKVCc.roa (raw, json)
Hash identifier: cvKS1+r/SwQgfPUlrqaA2xgVzGCZUuNuaVI7TWUu9CI=
Subject key identifier: B0:9F:06:F6:10:BC:02:09:22:B6:30:0D:DF:B2:4A:8E:20:8A:54:27
Certificate issuer: /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial: 0189B0D68003A1697F44F666D6571F6A7641
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/sJ8G9hC8AgkitjAN37JKjiCKVCc.roa
Signing time: Tue 01 Aug 2023 11:23:14 +0000
ROA not before: Tue 01 Aug 2023 11:23:14 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48031
IP address blocks: 194.105.60.0/24 maxlen: 24
194.107.92.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:b0:d6:80:03:a1:69:7f:44:f6:66:d6:57:1f:6a:76:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Validity
Not Before: Aug 1 11:23:14 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b09f06f610bc020922b6300ddfb24a8e208a5427
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:ef:eb:96:14:e3:a6:24:2c:c0:41:40:50:32:
94:9f:93:33:66:94:ec:43:4c:3d:c3:11:ca:22:e3:
81:cd:3c:60:d2:e5:49:43:82:fa:ee:a9:49:5c:15:
a1:d5:20:d4:c5:bf:6b:92:18:0d:19:c0:19:93:fb:
00:2b:5a:2c:3f:41:80:34:62:59:99:db:22:32:9e:
a3:67:3f:33:9f:c0:d2:85:9a:fb:03:ca:f1:6c:9c:
55:73:25:c9:cb:3f:20:31:d4:c8:d7:1e:fe:cf:8e:
94:fd:5b:e3:4a:e7:35:5f:5a:fd:ad:40:c2:33:39:
2d:86:8c:e2:e4:6b:91:ca:86:03:c5:56:04:2b:17:
ae:42:36:d6:25:51:8b:9a:e2:71:1d:37:39:eb:ce:
e9:a8:6f:d7:c4:c0:ac:9b:c8:20:1d:90:2a:db:cd:
b3:66:38:84:2f:6b:c7:7a:5d:fd:6a:72:3e:3f:f1:
da:30:40:8e:48:b5:08:5e:5e:4b:41:c0:c2:29:4a:
15:a0:15:1f:7f:2c:48:63:da:20:b8:ab:71:a0:22:
fa:ce:6f:95:d6:c4:b9:3b:fb:59:3a:ca:80:69:14:
52:65:83:f9:1e:c7:1d:c1:1c:6f:5c:cd:2a:73:39:
3f:53:09:dd:92:ef:2c:c4:90:30:0f:10:c8:92:c5:
66:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:9F:06:F6:10:BC:02:09:22:B6:30:0D:DF:B2:4A:8E:20:8A:54:27
X509v3 Authority Key Identifier:
keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/sJ8G9hC8AgkitjAN37JKjiCKVCc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.105.60.0/24
194.107.92.0/24
Signature Algorithm: sha256WithRSAEncryption
8d:ea:f5:22:b5:82:a3:bf:64:b7:eb:3f:92:a9:28:cd:69:d4:
02:53:95:5e:b6:50:c4:0b:63:91:ec:ca:6e:46:6e:39:66:31:
df:6b:e8:84:5b:c5:fb:1b:59:58:24:32:93:25:3c:70:f1:c1:
e0:50:58:f5:d7:98:83:13:0c:54:03:cf:c5:fa:ad:78:6b:ec:
2d:03:f4:a6:0b:86:da:98:62:e3:c1:26:5f:f7:b2:bd:11:ff:
90:e2:73:c0:f4:0a:4f:1e:b0:a1:f6:ea:ed:56:72:58:1c:c2:
8e:62:dd:f7:4f:82:c2:db:91:03:79:e7:6a:3f:10:2e:93:ec:
19:5d:59:d3:ec:b1:51:c1:c1:c6:b2:8a:1e:78:bf:3c:8f:d9:
89:a3:ac:b3:50:79:23:de:ca:69:4d:fc:d7:2e:24:1b:07:72:
8f:ab:72:26:fc:82:3c:aa:39:c1:02:7d:fd:55:d9:66:06:54:
7e:6b:6c:39:59:30:98:9f:82:27:ec:e8:1e:8b:32:6a:b3:67:
c0:74:c7:13:5a:f2:7f:83:82:19:8a:8d:51:e9:54:5b:90:ee:
9d:2e:ff:dd:88:1a:83:43:33:01:2a:dc:72:d7:21:14:39:ea:
8f:e4:1c:cb:df:03:49:a6:01:c6:a5:13:66:08:dd:a3:ce:97:
5e:1b:c5:04
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYmw1oADoWl/RPZm1lcfanZBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjMwODAxMTEyMzE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDlmMDZmNjEwYmMwMjA5MjJiNjMwMGRkZmIyNGE4ZTIwOGE1NDI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn+/rlhTjpiQswEFAUDKUn5MzZpTs
Q0w9wxHKIuOBzTxg0uVJQ4L67qlJXBWh1SDUxb9rkhgNGcAZk/sAK1osP0GANGJZ
mdsiMp6jZz8zn8DShZr7A8rxbJxVcyXJyz8gMdTI1x7+z46U/VvjSuc1X1r9rUDC
Mzkthozi5GuRyoYDxVYEKxeuQjbWJVGLmuJxHTc5687pqG/XxMCsm8ggHZAq282z
ZjiEL2vHel39anI+P/HaMECOSLUIXl5LQcDCKUoVoBUffyxIY9oguKtxoCL6zm+V
1sS5O/tZOsqAaRRSZYP5HscdwRxvXM0qczk/Uwndku8sxJAwDxDIksVmxQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLCfBvYQvAIJIrYwDd+ySo4gilQnMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvc0o4RzloQzhBZ2tpdGpBTjM3SktqaUNLVkNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwmk8AwQA
wmtcMA0GCSqGSIb3DQEBCwUAA4IBAQCN6vUitYKjv2S36z+SqSjNadQCU5VetlDE
C2OR7MpuRm45ZjHfa+iEW8X7G1lYJDKTJTxw8cHgUFj115iDEwxUA8/F+q14a+wt
A/SmC4bamGLjwSZf97K9Ef+Q4nPA9ApPHrCh9urtVnJYHMKOYt33T4LC25EDeedq
PxAuk+wZXVnT7LFRwcHGsooeeL88j9mJo6yzUHkj3sppTfzXLiQbB3KPq3Im/II8
qjnBAn39VdlmBlR+a2w5WTCYn4In7OgeizJqs2fAdMcTWvJ/g4IZio1R6VRbkO6d
Lv/diBqDQzMBKtxy1yEUOeqP5BzL3wNJpgHGpRNmCN2jzpdeG8UE
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:25 2024 by rpki-client on console-ams.rpki-client.org