Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/F1wKTnbKZwHe3PBo9BtEaTBmqrA.roa
File: F1wKTnbKZwHe3PBo9BtEaTBmqrA.roa (raw, json)
Hash identifier: oTuH3Ppm5ej+HfAsXgSJ3juvdHrqzRQbokkH/5Lobqg=
Subject key identifier: 17:5C:0A:4E:76:CA:67:01:DE:DC:F0:68:F4:1B:44:69:30:66:AA:B0
Certificate issuer: /CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
Certificate serial: 018E0A821595A8CB676054590E51E5D74FB8
Authority key identifier: 54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/F1wKTnbKZwHe3PBo9BtEaTBmqrA.roa
Signing time: Mon 04 Mar 2024 17:28:01 +0000
ROA not before: Mon 04 Mar 2024 17:28:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 65632
IP address blocks: 188.125.162.0/24 maxlen: 24
188.125.163.0/24 maxlen: 24
188.125.164.0/24 maxlen: 24
188.125.165.0/24 maxlen: 24
188.125.166.0/24 maxlen: 24
188.125.170.0/24 maxlen: 24
188.125.174.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:0a:82:15:95:a8:cb:67:60:54:59:0e:51:e5:d7:4f:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
Validity
Not Before: Mar 4 17:28:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=175c0a4e76ca6701dedcf068f41b44693066aab0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:a9:f1:b0:3c:51:cd:f9:75:cf:25:5c:fc:8a:
cd:9a:46:78:18:c0:77:4b:cd:92:89:58:fb:3e:47:
26:b8:35:20:0c:19:fa:87:65:d1:dc:96:ac:58:b1:
d4:82:97:15:e9:79:f5:93:4c:32:07:73:92:d7:dd:
d6:44:48:c5:01:27:a2:fb:11:ab:3f:fa:e1:71:8f:
72:1b:96:b5:61:9f:37:1d:62:10:8c:be:63:cb:94:
10:60:00:ce:04:c4:35:8a:84:63:a2:61:60:af:fb:
14:06:b1:87:fe:f7:70:af:92:44:df:7d:e4:a8:d2:
30:51:91:53:0b:d2:76:53:ae:41:08:46:31:bb:ab:
2e:b8:e0:47:ac:1c:26:4a:d8:8f:b5:ed:3a:a8:84:
e2:71:6c:e6:b7:56:64:9c:7f:bd:e5:ae:c2:ca:44:
66:b7:4b:59:07:d5:f9:2f:00:9e:b4:34:fc:3a:fb:
14:a3:5e:69:3a:65:e3:35:23:48:c0:93:f6:b8:ff:
7a:32:36:a9:87:7f:12:a0:f4:37:88:fc:bf:b2:2d:
98:7d:3b:ed:2b:c9:45:a5:87:b5:48:98:a1:28:ac:
d7:f3:93:34:c7:19:7c:e3:55:3b:1b:51:f3:be:83:
67:92:2a:a7:51:c9:00:43:3b:c6:50:2c:b7:03:72:
fd:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:5C:0A:4E:76:CA:67:01:DE:DC:F0:68:F4:1B:44:69:30:66:AA:B0
X509v3 Authority Key Identifier:
keyid:54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/F1wKTnbKZwHe3PBo9BtEaTBmqrA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.125.162.0-188.125.166.255
188.125.170.0/24
188.125.174.0/24
Signature Algorithm: sha256WithRSAEncryption
98:af:70:c3:80:49:d0:18:dc:0c:b7:ce:81:c1:3c:0f:fb:6c:
56:45:7d:cd:f2:3a:6a:32:bd:4f:92:e4:ab:86:c4:3a:6e:1f:
90:8b:3c:cb:86:a1:20:38:ba:a8:34:87:0f:23:a4:c6:b0:01:
9d:ce:b7:85:83:62:ec:fd:2a:33:4f:1c:1e:b4:ea:03:57:6a:
07:1d:16:38:e6:70:c8:fb:57:88:6d:76:2d:e5:76:01:e8:18:
77:e4:df:9a:71:47:98:2e:04:4c:32:bb:39:85:3e:db:d9:08:
fa:9a:c9:de:c9:62:85:3d:ea:ef:3c:21:9b:63:35:df:c7:35:
83:40:57:00:64:f7:de:66:35:8b:b8:08:b7:b8:4b:60:c4:84:
ce:99:65:bf:e9:12:dd:b5:12:d4:ec:71:19:9d:b4:1a:72:23:
e8:27:c3:e1:cc:2a:f7:5c:3d:14:aa:57:c1:a0:99:9e:a2:a9:
66:f9:26:3d:33:b3:fd:05:e2:6f:9e:d8:ae:a7:55:47:a5:f8:
fd:15:26:6f:51:9d:78:9d:fa:47:93:cb:97:40:35:dd:f2:9b:
20:d1:4b:be:92:67:35:c8:a5:df:22:d6:e8:13:99:54:30:2d:
11:4d:7c:bc:56:2c:dd:48:44:3e:ef:a2:60:6b:96:c2:ef:05:
73:19:6b:a3
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAY4KghWVqMtnYFRZDlHl10+4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MmY2MzNmNzZlOGQ4YWFlYWEzMmI1YWNlMTZhM2RiMzk0
M2Q4MGMwHhcNMjQwMzA0MTcyODAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzVjMGE0ZTc2Y2E2NzAxZGVkY2YwNjhmNDFiNDQ2OTMwNjZhYWIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAianxsDxRzfl1zyVc/IrNmkZ4GMB3
S82SiVj7PkcmuDUgDBn6h2XR3JasWLHUgpcV6Xn1k0wyB3OS193WREjFASei+xGr
P/rhcY9yG5a1YZ83HWIQjL5jy5QQYADOBMQ1ioRjomFgr/sUBrGH/vdwr5JE333k
qNIwUZFTC9J2U65BCEYxu6suuOBHrBwmStiPte06qITicWzmt1ZknH+95a7CykRm
t0tZB9X5LwCetDT8OvsUo15pOmXjNSNIwJP2uP96Mjaph38SoPQ3iPy/si2YfTvt
K8lFpYe1SJihKKzX85M0xxl841U7G1HzvoNnkiqnUckAQzvGUCy3A3L9qwIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFBdcCk52ymcB3tzwaPQbRGkwZqqwMB8GA1UdIwQY
MBaAFFQvYz926Niq6qMrWs4Wo9s5Q9gMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDIt
NjliOTUzYzlkNWFhLzEvRjF3S1RuYktad0hlM1BCbzlCdEVhVEJtcXJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDItNjliOTUzYzlkNWFh
LzEvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaMAwDBAG8faID
BAC8faYDBAC8faoDBAC8fa4wDQYJKoZIhvcNAQELBQADggEBAJivcMOASdAY3Ay3
zoHBPA/7bFZFfc3yOmoyvU+S5KuGxDpuH5CLPMuGoSA4uqg0hw8jpMawAZ3Ot4WD
Yuz9KjNPHB606gNXagcdFjjmcMj7V4htdi3ldgHoGHfk35pxR5guBEwyuzmFPtvZ
CPqayd7JYoU96u88IZtjNd/HNYNAVwBk995mNYu4CLe4S2DEhM6ZZb/pEt21EtTs
cRmdtBpyI+gnw+HMKvdcPRSqV8GgmZ6iqWb5Jj0zs/0F4m+e2K6nVUel+P0VJm9R
nXid+keTy5dANd3ymyDRS76SZzXIpd8i1ugTmVQwLRFNfLxWLN1IRD7vomBrlsLv
BXMZa6M=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:47 2024 by rpki-client on console-fra.rpki-client.org