Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/938a07-2758-4223-a947-49c844791ae2/1/UfcyH5OOOk6bGw3ND4AzsjHaZnM.roa
File: UfcyH5OOOk6bGw3ND4AzsjHaZnM.roa (raw, json)
Hash identifier: yHnjcCjJd3cpwbQqFVbyhUS2M+i92a+iD7xiTeCDuo4=
Subject key identifier: 51:F7:32:1F:93:8E:3A:4E:9B:1B:0D:CD:0F:80:33:B2:31:DA:66:73
Certificate issuer: /CN=8dcf82690262f0622eebfaad1433d58fb9ca9e1f
Certificate serial: 018C39229A0575F230C66C4B3AD0B062FA48
Authority key identifier: 8D:CF:82:69:02:62:F0:62:2E:EB:FA:AD:14:33:D5:8F:B9:CA:9E:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jc-CaQJi8GIu6_qtFDPVj7nKnh8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/95/938a07-2758-4223-a947-49c844791ae2/1/UfcyH5OOOk6bGw3ND4AzsjHaZnM.roa
Signing time: Tue 05 Dec 2023 08:40:18 +0000
ROA not before: Tue 05 Dec 2023 08:40:18 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 199493
IP address blocks: 37.220.64.0/24 maxlen: 24
37.220.64.0/20 maxlen: 24
37.220.71.0/24 maxlen: 24
37.220.70.0/24 maxlen: 24
37.220.65.0/24 maxlen: 24
37.220.67.0/24 maxlen: 24
37.220.66.0/24 maxlen: 24
37.220.69.0/24 maxlen: 24
37.220.68.0/24 maxlen: 24
37.220.78.0/24 maxlen: 24
37.220.77.0/24 maxlen: 24
37.220.72.0/23 maxlen: 23
37.220.74.0/24 maxlen: 24
37.220.74.0/23 maxlen: 23
37.220.76.0/24 maxlen: 24
37.220.75.0/24 maxlen: 24
37.220.79.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:39:22:9a:05:75:f2:30:c6:6c:4b:3a:d0:b0:62:fa:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8dcf82690262f0622eebfaad1433d58fb9ca9e1f
Validity
Not Before: Dec 5 08:40:18 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=51f7321f938e3a4e9b1b0dcd0f8033b231da6673
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:c5:22:25:d3:4f:75:58:1e:cb:f6:93:1f:fc:
26:74:c8:80:71:38:fa:93:83:75:d9:fe:ef:9e:55:
07:67:ab:af:14:7e:96:92:fe:83:d0:77:f6:90:fe:
89:6d:45:b2:7e:ce:1e:1a:22:50:3c:1f:df:bf:53:
e2:11:94:7c:43:2b:49:aa:52:f6:d1:7f:04:35:c9:
50:7d:89:eb:56:1d:a4:ee:b2:d7:c1:40:94:da:e6:
0a:14:43:5b:eb:d9:67:4c:70:be:b6:32:53:9e:d0:
93:e4:30:44:68:64:03:11:bd:01:3a:b4:f7:5b:2c:
df:8d:21:8a:55:a1:f1:30:f8:a1:0c:86:2a:6c:7b:
16:13:99:40:3f:a2:1d:49:a0:ee:9a:ea:b0:ad:ec:
46:1d:09:72:f4:1f:ec:dc:8c:2e:f5:da:e2:34:49:
6f:59:e0:fe:c7:5b:9b:d1:3a:27:24:9a:fc:28:db:
e6:20:4a:bc:0c:3a:3b:15:f6:fb:4d:6a:9e:f5:c8:
43:50:70:dd:fe:52:0d:3f:fb:e9:7c:7d:09:5e:2b:
2b:d4:b6:dd:04:3b:e6:e9:c5:a8:ae:26:4c:5f:74:
39:85:39:65:ea:ff:b1:fe:63:7c:15:46:cc:b3:cb:
c1:c6:d7:0f:be:92:70:01:7e:37:02:42:c5:51:67:
8a:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
51:F7:32:1F:93:8E:3A:4E:9B:1B:0D:CD:0F:80:33:B2:31:DA:66:73
X509v3 Authority Key Identifier:
keyid:8D:CF:82:69:02:62:F0:62:2E:EB:FA:AD:14:33:D5:8F:B9:CA:9E:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jc-CaQJi8GIu6_qtFDPVj7nKnh8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/938a07-2758-4223-a947-49c844791ae2/1/UfcyH5OOOk6bGw3ND4AzsjHaZnM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/95/938a07-2758-4223-a947-49c844791ae2/1/jc-CaQJi8GIu6_qtFDPVj7nKnh8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.220.64.0/20
Signature Algorithm: sha256WithRSAEncryption
09:5a:91:ad:38:7c:6b:a8:3f:b6:85:d9:12:30:52:1b:b2:ac:
f7:45:c3:b5:e9:b4:da:3e:97:54:6e:45:a3:a4:1c:b5:ed:2f:
ed:53:4c:7c:b8:91:91:43:59:40:95:3d:55:0b:c2:1b:49:cb:
fc:f1:15:1e:d4:c2:ac:4a:a5:0d:11:be:23:d6:e0:bf:0b:e4:
1b:f8:8d:61:b4:8d:df:85:b6:e6:35:80:72:40:b6:ae:79:03:
4d:d1:dc:ff:85:60:ec:0e:33:15:57:ec:3a:f1:78:ee:2d:24:
f6:33:12:4e:1c:93:d4:46:ac:96:7e:99:22:6f:cf:91:0a:33:
73:60:e7:30:97:2f:cb:97:79:e5:d6:5b:32:04:1f:2b:37:3a:
84:30:f9:31:06:c4:da:70:5b:59:79:68:67:f7:4d:1d:55:c9:
bd:2e:a7:a4:07:87:21:0b:f8:8e:b8:78:f7:98:2d:2e:6f:e8:
a3:57:8a:31:bf:2a:94:ca:7d:f1:5c:82:75:a2:ca:bb:b4:2f:
f8:f1:73:93:40:9e:87:b9:c4:8a:53:2f:05:26:44:67:31:69:
a1:f0:1c:52:ec:a6:b6:68:87:b1:bf:59:e5:cd:1f:96:cf:b6:
5f:52:e6:fd:b1:b5:33:16:be:66:2c:dd:34:80:51:04:6e:96:
5b:18:6b:1c
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYw5IpoFdfIwxmxLOtCwYvpIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkY2Y4MjY5MDI2MmYwNjIyZWViZmFhZDE0MzNkNThmYjlj
YTllMWYwHhcNMjMxMjA1MDg0MDE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MWY3MzIxZjkzOGUzYTRlOWIxYjBkY2QwZjgwMzNiMjMxZGE2NjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArMUiJdNPdVgey/aTH/wmdMiAcTj6
k4N12f7vnlUHZ6uvFH6Wkv6D0Hf2kP6JbUWyfs4eGiJQPB/fv1PiEZR8QytJqlL2
0X8ENclQfYnrVh2k7rLXwUCU2uYKFENb69lnTHC+tjJTntCT5DBEaGQDEb0BOrT3
WyzfjSGKVaHxMPihDIYqbHsWE5lAP6IdSaDumuqwrexGHQly9B/s3Iwu9driNElv
WeD+x1ub0TonJJr8KNvmIEq8DDo7Ffb7TWqe9chDUHDd/lINP/vpfH0JXisr1Lbd
BDvm6cWoriZMX3Q5hTll6v+x/mN8FUbMs8vBxtcPvpJwAX43AkLFUWeKmQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFFH3Mh+TjjpOmxsNzQ+AM7Ix2mZzMB8GA1UdIwQY
MBaAFI3PgmkCYvBiLuv6rRQz1Y+5yp4fMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamMtQ2FRSmk4R0l1Nl9xdEZEUFZqN25Lbmg4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85NS85MzhhMDctMjc1OC00MjIzLWE5NDct
NDljODQ0NzkxYWUyLzEvVWZjeUg1T09PazZiR3czTkQ0QXpzakhhWm5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85NS85MzhhMDctMjc1OC00MjIzLWE5NDctNDljODQ0NzkxYWUy
LzEvamMtQ2FRSmk4R0l1Nl9xdEZEUFZqN25Lbmg4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQEJdxAMA0G
CSqGSIb3DQEBCwUAA4IBAQAJWpGtOHxrqD+2hdkSMFIbsqz3RcO16bTaPpdUbkWj
pBy17S/tU0x8uJGRQ1lAlT1VC8IbScv88RUe1MKsSqUNEb4j1uC/C+Qb+I1htI3f
hbbmNYByQLaueQNN0dz/hWDsDjMVV+w68XjuLST2MxJOHJPURqyWfpkib8+RCjNz
YOcwly/Ll3nl1lsyBB8rNzqEMPkxBsTacFtZeWhn900dVcm9LqekB4chC/iOuHj3
mC0ub+ijV4oxvyqUyn3xXIJ1osq7tC/48XOTQJ6HucSKUy8FJkRnMWmh8BxS7Ka2
aIexv1nlzR+Wz7ZfUub9sbUzFr5mLN00gFEEbpZbGGsc
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:39:49 2024 by rpki-client on console-fra.rpki-client.org