Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/12e7d5-3a0f-4bc6-9611-05435efd8bf6/1/wYCoAVUdTOAKep7FOsoY_UGQd00.roa
File: wYCoAVUdTOAKep7FOsoY_UGQd00.roa (raw, json)
Hash identifier: SrhDnjD+hQCM4nlsB4N9P+BZPmGZno1DOx9yjPg3DQU=
Subject key identifier: C1:80:A8:01:55:1D:4C:E0:0A:7A:9E:C5:3A:CA:18:FD:41:90:77:4D
Certificate issuer: /CN=6d3ee1a52a5d65b9091de5a5b464fb97032d0e9b
Certificate serial: 01922E8B0F98F26494EDEEB383FDA3B04E96
Authority key identifier: 6D:3E:E1:A5:2A:5D:65:B9:09:1D:E5:A5:B4:64:FB:97:03:2D:0E:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bT7hpSpdZbkJHeWltGT7lwMtDps.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/12e7d5-3a0f-4bc6-9611-05435efd8bf6/1/wYCoAVUdTOAKep7FOsoY_UGQd00.roa
Signing time: Thu 26 Sep 2024 13:35:18 +0000
ROA not before: Thu 26 Sep 2024 13:35:18 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 27970
IP address blocks: 193.16.100.0/24 maxlen: 24
195.246.98.0/24 maxlen: 24
195.246.99.0/24 maxlen: 24
2a00:12f0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:2e:8b:0f:98:f2:64:94:ed:ee:b3:83:fd:a3:b0:4e:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d3ee1a52a5d65b9091de5a5b464fb97032d0e9b
Validity
Not Before: Sep 26 13:35:18 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c180a801551d4ce00a7a9ec53aca18fd4190774d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c0:7f:cc:a0:0c:2c:7c:22:93:5b:16:8d:e6:34:
48:28:1e:f0:88:f6:67:87:f7:33:08:3b:ec:3f:14:
35:62:ff:15:09:d3:f7:0d:e6:7c:98:88:0e:ac:7a:
d9:35:95:11:68:25:f5:86:9c:b2:12:d6:29:d0:f6:
ab:af:69:38:55:f8:a4:ac:90:9d:75:e8:65:e7:e5:
af:c5:dc:5c:38:81:a3:01:f6:0b:53:31:84:77:c0:
22:7b:e3:78:ee:54:85:25:21:cd:e9:8c:e1:ed:12:
f3:35:36:77:c7:82:48:2f:06:26:90:d7:73:cb:e6:
04:3a:69:cb:0d:df:d5:98:8d:e5:55:18:b1:22:79:
10:e3:37:2a:97:59:4f:66:15:ec:16:3d:13:c1:ac:
8e:41:a3:f8:eb:0b:08:64:c8:7a:ad:e3:b7:14:ef:
ff:90:d0:26:22:e1:93:03:77:55:31:ab:ff:48:68:
1c:80:87:f2:39:3d:39:16:7b:64:80:4a:52:62:dd:
bb:19:f9:d6:cd:c6:1c:46:86:d3:e1:fa:eb:65:1c:
cc:70:bf:48:0f:2f:a1:95:25:57:1a:a0:f9:ab:d3:
82:86:e9:ab:08:8d:cf:29:50:2a:42:e7:1a:31:00:
36:57:53:98:b0:a2:45:1f:e2:f0:90:58:0a:4b:aa:
34:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C1:80:A8:01:55:1D:4C:E0:0A:7A:9E:C5:3A:CA:18:FD:41:90:77:4D
X509v3 Authority Key Identifier:
keyid:6D:3E:E1:A5:2A:5D:65:B9:09:1D:E5:A5:B4:64:FB:97:03:2D:0E:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bT7hpSpdZbkJHeWltGT7lwMtDps.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/12e7d5-3a0f-4bc6-9611-05435efd8bf6/1/wYCoAVUdTOAKep7FOsoY_UGQd00.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/12e7d5-3a0f-4bc6-9611-05435efd8bf6/1/bT7hpSpdZbkJHeWltGT7lwMtDps.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.16.100.0/24
195.246.98.0/23
IPv6:
2a00:12f0::/32
Signature Algorithm: sha256WithRSAEncryption
54:fa:26:2b:4d:a6:04:96:17:94:27:8b:fb:35:a9:7f:ee:70:
dc:34:f2:6d:33:86:e5:b9:40:8c:c7:6e:a2:5a:98:12:fa:7e:
ed:9d:ba:a1:32:bb:e5:d8:48:0d:a5:f4:78:1b:36:21:3c:40:
8a:4f:c3:83:15:44:54:0e:e3:c5:f3:d0:f5:df:76:b0:46:f2:
08:26:6e:db:c8:82:be:d6:d0:4c:f6:e0:d0:fc:d7:f0:31:9f:
e3:28:a9:58:68:8e:41:da:4a:5f:89:92:4e:6e:b7:03:58:76:
85:d3:39:4e:14:5a:76:1c:ee:4b:d1:3f:b3:04:67:3e:a4:02:
c3:15:73:30:85:c8:5e:19:c7:63:7a:0c:ee:bc:06:82:3d:08:
43:5f:02:da:23:77:73:e5:b1:c8:17:23:ec:11:fe:2d:3f:b5:
ef:3a:e8:79:f7:34:5f:13:46:3f:ef:03:04:d4:ae:e5:e0:79:
bf:58:b3:88:38:ee:11:f5:8d:78:bb:0b:c0:17:60:8e:69:34:
3f:f9:81:6e:d8:05:56:da:d5:df:d6:cf:f1:59:43:e1:e9:ef:
73:ec:bc:d7:bf:ca:70:03:78:d5:d2:2e:5e:cb:90:7a:e3:31:
79:ea:8c:fa:86:7e:f7:19:1d:54:2d:d8:c4:fc:9d:e2:01:83:
d5:7b:13:78
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAZIuiw+Y8mSU7e6zg/2jsE6WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkM2VlMWE1MmE1ZDY1YjkwOTFkZTVhNWI0NjRmYjk3MDMy
ZDBlOWIwHhcNMjQwOTI2MTMzNTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMTgwYTgwMTU1MWQ0Y2UwMGE3YTllYzUzYWNhMThmZDQxOTA3NzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwH/MoAwsfCKTWxaN5jRIKB7wiPZn
h/czCDvsPxQ1Yv8VCdP3DeZ8mIgOrHrZNZURaCX1hpyyEtYp0Parr2k4VfikrJCd
dehl5+WvxdxcOIGjAfYLUzGEd8Aie+N47lSFJSHN6Yzh7RLzNTZ3x4JILwYmkNdz
y+YEOmnLDd/VmI3lVRixInkQ4zcql1lPZhXsFj0TwayOQaP46wsIZMh6reO3FO//
kNAmIuGTA3dVMav/SGgcgIfyOT05FntkgEpSYt27GfnWzcYcRobT4frrZRzMcL9I
Dy+hlSVXGqD5q9OChumrCI3PKVAqQucaMQA2V1OYsKJFH+LwkFgKS6o08QIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFMGAqAFVHUzgCnqexTrKGP1BkHdNMB8GA1UdIwQY
MBaAFG0+4aUqXWW5CR3lpbRk+5cDLQ6bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlQ3aHBTcGRaYmtKSGVXbHRHVDdsd010RHBzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS8xMmU3ZDUtM2EwZi00YmM2LTk2MTEt
MDU0MzVlZmQ4YmY2LzEvd1lDb0FWVWRUT0FLZXA3Rk9zb1lfVUdRZDAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS8xMmU3ZDUtM2EwZi00YmM2LTk2MTEtMDU0MzVlZmQ4YmY2
LzEvYlQ3aHBTcGRaYmtKSGVXbHRHVDdsd010RHBzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQAwRBkAwQB
w/ZiMA0EAgACMAcDBQAqABLwMA0GCSqGSIb3DQEBCwUAA4IBAQBU+iYrTaYElheU
J4v7Nal/7nDcNPJtM4bluUCMx26iWpgS+n7tnbqhMrvl2EgNpfR4GzYhPECKT8OD
FURUDuPF89D133awRvIIJm7byIK+1tBM9uDQ/NfwMZ/jKKlYaI5B2kpfiZJObrcD
WHaF0zlOFFp2HO5L0T+zBGc+pALDFXMwhcheGcdjegzuvAaCPQhDXwLaI3dz5bHI
FyPsEf4tP7XvOuh59zRfE0Y/7wME1K7l4Hm/WLOIOO4R9Y14uwvAF2COaTQ/+YFu
2AVW2tXf1s/xWUPh6e9z7LzXv8pwA3jV0i5ey5B64zF56oz6hn73GR1ULdjE/J3i
AYPVexN4
-----END CERTIFICATE-----
Generated at Wed Oct 30 14:14:25 2024 by rpki-client on console-fra.rpki-client.org