Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/8cca33-c2b1-4541-9ef2-aa0eb53e90b9/1/1zCuwsi2PjyKOMfLb9VN19eLGIk.roa
File: 1zCuwsi2PjyKOMfLb9VN19eLGIk.roa (raw, json)
Hash identifier: +r8mXDT8G4Hu/pN0TapikVGT3q9bvsscc4EyIOcUbvI=
Subject key identifier: D7:30:AE:C2:C8:B6:3E:3C:8A:38:C7:CB:6F:D5:4D:D7:D7:8B:18:89
Certificate issuer: /CN=f89e229f860b058d23fd28a2926161b8786330c6
Certificate serial: 018CC2DAE51AF7C05B1A568B1AEC910EE39E
Authority key identifier: F8:9E:22:9F:86:0B:05:8D:23:FD:28:A2:92:61:61:B8:78:63:30:C6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-J4in4YLBY0j_SiikmFhuHhjMMY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a4/8cca33-c2b1-4541-9ef2-aa0eb53e90b9/1/1zCuwsi2PjyKOMfLb9VN19eLGIk.roa
Signing time: Mon 01 Jan 2024 02:29:34 +0000
ROA not before: Mon 01 Jan 2024 02:29:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 58092
IP address blocks: 193.102.77.0/24 maxlen: 24
193.102.78.0/24 maxlen: 24
193.102.79.0/24 maxlen: 24
194.62.20.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:da:e5:1a:f7:c0:5b:1a:56:8b:1a:ec:91:0e:e3:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f89e229f860b058d23fd28a2926161b8786330c6
Validity
Not Before: Jan 1 02:29:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d730aec2c8b63e3c8a38c7cb6fd54dd7d78b1889
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:4b:8f:f7:55:e5:df:6d:f2:57:1a:07:06:ca:
02:a4:44:46:91:7a:a8:9c:a5:f6:ca:7b:6f:af:2c:
b2:40:db:1f:34:cc:d9:05:6f:42:ae:29:de:e3:a6:
fa:c7:86:49:f7:38:10:ea:36:f7:78:10:ef:dc:38:
b7:d0:14:69:ec:d2:bd:1e:7d:65:7e:4a:47:16:83:
8e:7e:ff:c5:d9:90:b9:38:fa:84:5f:0f:6a:cd:a3:
ab:b5:b0:e2:e0:37:42:19:a0:f3:04:ae:e7:91:c6:
2a:92:ad:e0:bc:75:8e:4c:8a:da:9f:ce:c9:61:a9:
74:2d:08:1c:46:bb:4e:1a:dd:f8:11:b7:ed:3d:b9:
9c:f5:82:06:18:70:d1:80:40:cd:df:29:12:8e:b9:
56:6b:93:ae:66:fd:9e:91:28:9f:d7:08:55:fc:ed:
69:0d:2a:1a:4d:d3:49:4a:47:df:07:93:43:13:94:
40:7b:8b:b7:01:49:6c:a9:4e:78:c1:90:fb:6d:27:
91:b3:17:9c:30:b9:8b:6d:dc:5d:6a:69:bc:91:14:
74:1d:8d:d3:95:e6:61:e6:3f:64:7e:9d:fa:c9:44:
10:53:aa:8b:66:58:32:1c:6d:66:35:d6:80:ec:08:
b5:be:d0:77:f9:9b:16:26:24:9a:b4:fc:af:46:93:
2e:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:30:AE:C2:C8:B6:3E:3C:8A:38:C7:CB:6F:D5:4D:D7:D7:8B:18:89
X509v3 Authority Key Identifier:
keyid:F8:9E:22:9F:86:0B:05:8D:23:FD:28:A2:92:61:61:B8:78:63:30:C6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-J4in4YLBY0j_SiikmFhuHhjMMY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/8cca33-c2b1-4541-9ef2-aa0eb53e90b9/1/1zCuwsi2PjyKOMfLb9VN19eLGIk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/8cca33-c2b1-4541-9ef2-aa0eb53e90b9/1/1-J4in4YLBY0j_SiikmFhuHhjMMY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.102.77.0-193.102.79.255
194.62.20.0/24
Signature Algorithm: sha256WithRSAEncryption
80:43:b0:6e:d9:17:42:2d:33:4b:7f:65:81:41:d5:e5:d4:a3:
2c:86:fe:1a:d5:79:29:f1:00:a5:93:29:55:35:49:72:e7:a3:
be:ba:f1:25:08:ba:12:b6:59:3b:57:33:c0:c5:70:d6:b3:fd:
d8:a6:0b:22:50:d3:64:df:00:8c:d1:1c:72:39:c9:75:5b:3e:
73:e8:ec:76:d9:eb:5d:f7:6b:51:fc:e6:92:0f:29:90:ce:57:
1e:b2:6c:9f:42:74:43:9b:1e:c2:24:26:cc:f4:33:e5:77:4a:
51:4c:1c:b7:15:b4:13:04:a1:53:dd:90:c3:28:6a:dc:da:ba:
5c:05:e9:5c:21:2f:2f:29:aa:a1:f8:43:4a:e1:89:c1:c3:e9:
f6:5d:12:35:25:52:cf:37:4e:b1:b1:d3:dc:d2:0d:99:eb:ca:
01:1c:96:2f:c1:aa:b4:b4:4e:b6:5c:89:37:9f:dc:3a:02:e9:
69:b7:b2:0d:f8:4a:87:1d:b4:00:31:9f:be:e6:5c:4f:03:b9:
dd:b0:e9:69:64:1e:0f:c6:c8:58:08:dc:b3:f3:72:98:8a:86:
10:4f:a2:fa:39:42:0a:48:a8:47:e6:67:5f:c0:c5:b6:da:a2:
26:38:2f:6d:79:79:26:7c:40:94:d3:76:d7:22:d7:9a:a6:72:
dd:a8:ca:74
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgISAYzC2uUa98BbGlaLGuyRDuOeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY4OWUyMjlmODYwYjA1OGQyM2ZkMjhhMjkyNjE2MWI4Nzg2
MzMwYzYwHhcNMjQwMTAxMDIyOTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzMwYWVjMmM4YjYzZTNjOGEzOGM3Y2I2ZmQ1NGRkN2Q3OGIxODg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh0uP91Xl323yVxoHBsoCpERGkXqo
nKX2yntvryyyQNsfNMzZBW9Crine46b6x4ZJ9zgQ6jb3eBDv3Di30BRp7NK9Hn1l
fkpHFoOOfv/F2ZC5OPqEXw9qzaOrtbDi4DdCGaDzBK7nkcYqkq3gvHWOTIran87J
Yal0LQgcRrtOGt34EbftPbmc9YIGGHDRgEDN3ykSjrlWa5OuZv2ekSif1whV/O1p
DSoaTdNJSkffB5NDE5RAe4u3AUlsqU54wZD7bSeRsxecMLmLbdxdamm8kRR0HY3T
leZh5j9kfp36yUQQU6qLZlgyHG1mNdaA7Ai1vtB3+ZsWJiSatPyvRpMuuQIDAQAB
o4ICGTCCAhUwHQYDVR0OBBYEFNcwrsLItj48ijjHy2/VTdfXixiJMB8GA1UdIwQY
MBaAFPieIp+GCwWNI/0oopJhYbh4YzDGMA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1KNGluNFlMQlkwal9TaWlrbUZodUhoak1NWS5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTQvOGNjYTMzLWMyYjEtNDU0MS05ZWYy
LWFhMGViNTNlOTBiOS8xLzF6Q3V3c2kyUGp5S09NZkxiOVZOMTllTEdJay5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTQvOGNjYTMzLWMyYjEtNDU0MS05ZWYyLWFhMGViNTNlOTBi
OS8xLzEtSjRpbjRZTEJZMGpfU2lpa21GaHVIaGpNTVkuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwLQYIKwYBBQUHAQcBAf8EHjAcMBoEAgABMBQwDAMEAMFm
TQMEBMFmQAMEAMI+FDANBgkqhkiG9w0BAQsFAAOCAQEAgEOwbtkXQi0zS39lgUHV
5dSjLIb+GtV5KfEApZMpVTVJcuejvrrxJQi6ErZZO1czwMVw1rP92KYLIlDTZN8A
jNEccjnJdVs+c+jsdtnrXfdrUfzmkg8pkM5XHrJsn0J0Q5sewiQmzPQz5XdKUUwc
txW0EwShU92Qwyhq3Nq6XAXpXCEvLymqofhDSuGJwcPp9l0SNSVSzzdOsbHT3NIN
mevKARyWL8GqtLROtlyJN5/cOgLpabeyDfhKhx20ADGfvuZcTwO53bDpaWQeD8bI
WAjcs/NymIqGEE+i+jlCCkioR+ZnX8DFttqiJjgvbXl5JnxAlNN21yLXmqZy3ajK
dA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:36:29 2024 by rpki-client on console-ams.rpki-client.org