Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8f/64fe7d-862d-4e1a-9fd0-06b41ef1398d/1/g4FquJkfivpnuFumTv2bF0gb4Ls.roa
File: g4FquJkfivpnuFumTv2bF0gb4Ls.roa (raw, json)
Hash identifier: TY+XnmHMYbENc1+18lG7UzfzxIZ6A+ULzbcUW8ZxvKo=
Subject key identifier: 83:81:6A:B8:99:1F:8A:FA:67:B8:5B:A6:4E:FD:9B:17:48:1B:E0:BB
Certificate issuer: /CN=2956584b70ce847c1a9b400548b14db031bedff2
Certificate serial: 018E99603D7E1944D097552680648278F775
Authority key identifier: 29:56:58:4B:70:CE:84:7C:1A:9B:40:05:48:B1:4D:B0:31:BE:DF:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KVZYS3DOhHwam0AFSLFNsDG-3_I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8f/64fe7d-862d-4e1a-9fd0-06b41ef1398d/1/g4FquJkfivpnuFumTv2bF0gb4Ls.roa
Signing time: Mon 01 Apr 2024 11:16:44 +0000
ROA not before: Mon 01 Apr 2024 11:16:44 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 50225
IP address blocks: 195.24.232.0/24 maxlen: 24
2a0f:9fc0::/29 maxlen: 29
2a0f:a140::/29 maxlen: 29
2a12:2500::/29 maxlen: 29
2a12:2700::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:99:60:3d:7e:19:44:d0:97:55:26:80:64:82:78:f7:75
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2956584b70ce847c1a9b400548b14db031bedff2
Validity
Not Before: Apr 1 11:16:44 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=83816ab8991f8afa67b85ba64efd9b17481be0bb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:9f:f9:8e:de:a3:76:fe:6a:84:a8:dc:c1:db:
3e:fc:66:bd:b5:60:e4:30:2c:78:8c:9a:b2:e0:e4:
1b:0b:1b:06:75:e5:ab:ca:ad:0c:bc:af:7e:49:00:
cc:a4:53:dd:d7:1e:ea:6b:d1:f8:94:a9:e6:4c:87:
01:52:2d:2b:f1:85:44:e7:73:8f:1d:00:1f:81:89:
7a:d8:0e:60:58:4b:e8:42:a9:b0:5f:a0:f1:e0:da:
89:3c:44:57:66:df:85:37:98:ec:58:da:e7:ea:40:
93:87:1d:22:c1:ae:e8:f8:6c:76:23:dc:ed:b4:15:
44:bb:3d:4f:18:4c:4f:23:ef:33:b9:93:54:17:a7:
49:56:61:54:f1:4e:71:a9:4e:c6:7f:3a:3a:64:ec:
d6:c8:e3:e6:a9:9f:14:fc:e8:a5:5f:98:5e:2b:0e:
bc:1f:bc:bc:5f:3b:91:bd:d3:8b:d2:a4:77:20:cb:
6c:f8:3b:52:2a:52:08:3b:0b:45:59:7b:94:19:e6:
05:b7:41:ff:fa:25:0d:e5:06:ba:37:cd:fe:31:f0:
2b:72:e7:ad:36:f5:d2:f1:25:2a:05:f2:87:36:b7:
24:af:a1:5c:54:fd:59:e7:8c:ce:fe:71:1e:a2:44:
0b:55:79:ab:93:43:e0:14:59:a6:9a:6d:47:ba:a0:
5a:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:81:6A:B8:99:1F:8A:FA:67:B8:5B:A6:4E:FD:9B:17:48:1B:E0:BB
X509v3 Authority Key Identifier:
keyid:29:56:58:4B:70:CE:84:7C:1A:9B:40:05:48:B1:4D:B0:31:BE:DF:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KVZYS3DOhHwam0AFSLFNsDG-3_I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/64fe7d-862d-4e1a-9fd0-06b41ef1398d/1/g4FquJkfivpnuFumTv2bF0gb4Ls.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8f/64fe7d-862d-4e1a-9fd0-06b41ef1398d/1/KVZYS3DOhHwam0AFSLFNsDG-3_I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
195.24.232.0/24
IPv6:
2a0f:9fc0::/29
2a0f:a140::/29
2a12:2500::/29
2a12:2700::/29
Signature Algorithm: sha256WithRSAEncryption
1a:ee:52:e5:db:40:72:37:a7:8a:03:86:17:ca:8b:d5:81:f2:
ac:9d:e9:a0:fa:0b:2e:8d:73:52:dd:5a:cc:71:ed:d1:f5:26:
ef:21:57:90:50:ea:66:a2:f8:0e:b2:a1:a4:27:07:35:c6:2f:
20:c6:57:f4:94:f6:58:8b:f3:9f:38:0b:04:af:bc:e0:09:47:
14:b9:bb:2c:82:35:dc:cb:9e:12:de:7f:33:6f:62:1f:56:54:
6f:a1:f2:7e:cc:45:70:90:fd:96:73:4a:60:7b:a5:9b:c2:a3:
6f:0c:d4:23:0a:31:6a:6f:1b:dc:a7:9b:01:5c:37:57:0b:7b:
9b:43:11:35:e9:42:ac:ae:2a:2e:5d:83:66:c1:ee:36:1a:81:
dc:c7:c8:74:08:a8:bf:e4:01:9b:e5:b7:18:c3:3c:82:0c:3b:
63:af:9c:46:02:31:d5:35:9c:36:92:ce:97:ba:ca:94:8d:73:
4e:ec:ed:74:4f:06:74:da:2a:67:e9:1b:b9:28:1d:9e:5e:5f:
71:d6:0b:cd:34:0e:38:63:57:48:d6:41:32:30:7e:c9:a5:8c:
12:0a:ae:a5:3f:d6:28:c1:31:e3:42:36:59:b5:07:3b:fd:5d:
3c:64:e4:04:77:df:d9:34:f0:b7:61:7f:9e:ba:c3:0a:cb:69:
59:31:b6:24
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAY6ZYD1+GUTQl1UmgGSCePd1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI5NTY1ODRiNzBjZTg0N2MxYTliNDAwNTQ4YjE0ZGIwMzFi
ZWRmZjIwHhcNMjQwNDAxMTExNjQ0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzgxNmFiODk5MWY4YWZhNjdiODViYTY0ZWZkOWIxNzQ4MWJlMGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlp/5jt6jdv5qhKjcwds+/Ga9tWDk
MCx4jJqy4OQbCxsGdeWryq0MvK9+SQDMpFPd1x7qa9H4lKnmTIcBUi0r8YVE53OP
HQAfgYl62A5gWEvoQqmwX6Dx4NqJPERXZt+FN5jsWNrn6kCThx0iwa7o+Gx2I9zt
tBVEuz1PGExPI+8zuZNUF6dJVmFU8U5xqU7Gfzo6ZOzWyOPmqZ8U/OilX5heKw68
H7y8XzuRvdOL0qR3IMts+DtSKlIIOwtFWXuUGeYFt0H/+iUN5Qa6N83+MfArcuet
NvXS8SUqBfKHNrckr6FcVP1Z54zO/nEeokQLVXmrk0PgFFmmmm1HuqBaTwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFIOBariZH4r6Z7hbpk79mxdIG+C7MB8GA1UdIwQY
MBaAFClWWEtwzoR8GptABUixTbAxvt/yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS1ZaWVMzRE9oSHdhbTBBRlNMRk5zREctM19JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84Zi82NGZlN2QtODYyZC00ZTFhLTlmZDAt
MDZiNDFlZjEzOThkLzEvZzRGcXVKa2ZpdnBudUZ1bVR2MmJGMGdiNExzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84Zi82NGZlN2QtODYyZC00ZTFhLTlmZDAtMDZiNDFlZjEzOThk
LzEvS1ZaWVMzRE9oSHdhbTBBRlNMRk5zREctM19JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAMBAIAATAGAwQAwxjoMCIE
AgACMBwDBQMqD5/AAwUDKg+hQAMFAyoSJQADBQMqEicAMA0GCSqGSIb3DQEBCwUA
A4IBAQAa7lLl20ByN6eKA4YXyovVgfKsnemg+gsujXNS3VrMce3R9SbvIVeQUOpm
ovgOsqGkJwc1xi8gxlf0lPZYi/OfOAsEr7zgCUcUubssgjXcy54S3n8zb2IfVlRv
ofJ+zEVwkP2Wc0pge6WbwqNvDNQjCjFqbxvcp5sBXDdXC3ubQxE16UKsriouXYNm
we42GoHcx8h0CKi/5AGb5bcYwzyCDDtjr5xGAjHVNZw2ks6XusqUjXNO7O10TwZ0
2ipn6Ru5KB2eXl9x1gvNNA44Y1dI1kEyMH7JpYwSCq6lP9YowTHjQjZZtQc7/V08
ZOQEd9/ZNPC3YX+eusMKy2lZMbYk
-----END CERTIFICATE-----
Generated at Wed Apr 10 11:16:10 2024 by rpki-client on console-fra.rpki-client.org