Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/P1GwU5jxY3Wr7A192x5t5t9h81s.roa
File: P1GwU5jxY3Wr7A192x5t5t9h81s.roa (raw, json)
Hash identifier: oskS4pLd8nK+ZPXi1le0OOEZa4MSG+BhFGQ+a2g3P3I=
Subject key identifier: 3F:51:B0:53:98:F1:63:75:AB:EC:0D:7D:DB:1E:6D:E6:DF:61:F3:5B
Certificate issuer: /CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
Certificate serial: 018CC8DF01BC8E526D893E51A8487A419F95
Authority key identifier: 54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/P1GwU5jxY3Wr7A192x5t5t9h81s.roa
Signing time: Tue 02 Jan 2024 06:31:47 +0000
ROA not before: Tue 02 Jan 2024 06:31:47 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 65632
IP address blocks: 188.125.174.0/24 maxlen: 24
188.125.163.0/24 maxlen: 24
188.125.162.0/24 maxlen: 24
188.125.160.0/24 maxlen: 24
188.125.166.0/24 maxlen: 24
188.125.165.0/24 maxlen: 24
188.125.164.0/24 maxlen: 24
188.125.170.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:df:01:bc:8e:52:6d:89:3e:51:a8:48:7a:41:9f:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=542f633f76e8d8aaeaa32b5ace16a3db3943d80c
Validity
Not Before: Jan 2 06:31:47 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3f51b05398f16375abec0d7ddb1e6de6df61f35b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:d1:69:8b:63:bd:a1:03:6f:ea:63:7e:33:97:
82:64:6a:26:10:68:f5:45:8c:38:09:3b:1c:64:82:
3c:1a:69:96:44:63:b2:02:de:65:50:fa:f7:a7:4c:
cf:9b:9b:c7:7d:ff:d8:3f:a8:9c:3e:8b:ba:8c:c6:
63:95:f7:d8:54:ff:5e:a9:62:bc:a3:48:ed:a5:7f:
e4:2c:1f:5b:40:00:e5:db:d8:69:8c:77:b9:04:86:
31:69:90:1c:4d:a3:4e:00:d6:37:2a:8e:ac:c5:e5:
25:4c:4d:12:87:9f:f9:9d:c0:7d:fa:d0:05:68:7e:
5c:96:55:8b:de:57:fb:23:bf:fa:58:53:3e:72:64:
3e:4c:ce:ad:27:a1:f3:59:c2:7b:41:20:34:e1:c2:
85:c0:6f:dd:e2:45:d2:5c:85:98:23:f1:b9:12:ec:
c9:6d:40:1d:39:74:b6:9e:8f:b6:b3:fd:ea:1a:6b:
c6:ff:5e:7b:b2:e5:9e:1b:be:ff:1c:fc:7d:36:74:
d1:7b:39:29:91:bc:26:d0:ef:13:ef:1d:a7:21:d8:
23:9d:e0:dd:43:25:bf:4c:1a:3d:82:46:2a:c5:92:
90:c4:9f:49:7a:f6:10:74:66:1f:16:68:87:21:61:
ff:45:97:3b:17:d1:4c:8e:70:fd:d5:c6:96:be:c1:
ad:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:51:B0:53:98:F1:63:75:AB:EC:0D:7D:DB:1E:6D:E6:DF:61:F3:5B
X509v3 Authority Key Identifier:
keyid:54:2F:63:3F:76:E8:D8:AA:EA:A3:2B:5A:CE:16:A3:DB:39:43:D8:0C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/VC9jP3bo2Krqoytazhaj2zlD2Aw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/P1GwU5jxY3Wr7A192x5t5t9h81s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/d6b874-aea8-4b7e-b0d2-69b953c9d5aa/1/VC9jP3bo2Krqoytazhaj2zlD2Aw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.125.160.0/24
188.125.162.0-188.125.166.255
188.125.170.0/24
188.125.174.0/24
Signature Algorithm: sha256WithRSAEncryption
60:cf:f7:ce:db:18:f8:39:2a:a5:70:cf:41:88:88:64:f1:08:
fc:b5:3d:c0:34:42:97:91:79:5d:5f:24:48:0a:db:c6:41:bb:
81:69:25:d0:3d:a0:c3:bf:87:d1:7c:93:bf:7a:e4:52:f9:37:
1a:f6:a1:b9:43:0c:01:95:40:f0:ff:7d:8c:19:dc:1d:3f:75:
6d:9a:ea:a2:af:3f:0c:4e:db:6d:dd:08:b1:91:56:03:59:88:
34:bd:a0:3d:c1:aa:ab:5e:b6:3a:9a:ee:1c:39:80:53:96:e8:
2d:44:0a:51:03:b7:5d:1a:5c:82:8e:1a:5c:a9:21:d0:71:b4:
dc:61:e0:30:63:1a:e1:3e:04:ed:4c:83:df:07:ca:15:d5:f7:
08:14:50:02:25:ea:05:72:57:19:7c:95:19:c0:b1:03:0f:fa:
e1:17:00:a3:a8:a4:63:64:02:de:63:ae:ad:9e:7a:57:f2:3e:
e1:49:61:16:60:b9:5c:7c:45:bc:ad:fc:26:76:6a:70:ec:61:
e0:21:e0:d4:8b:16:79:0a:66:2e:ea:c2:b9:2c:5c:e5:6f:80:
49:32:9e:fc:1f:d3:43:4c:18:25:8f:08:71:49:bb:88:ae:37:
62:20:e4:7b:ba:f2:c7:bd:dc:f0:fc:cf:4b:ba:fb:23:f7:37:
63:0e:9a:77
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYzI3wG8jlJtiT5RqEh6QZ+VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDU0MmY2MzNmNzZlOGQ4YWFlYWEzMmI1YWNlMTZhM2RiMzk0
M2Q4MGMwHhcNMjQwMTAyMDYzMTQ3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZjUxYjA1Mzk4ZjE2Mzc1YWJlYzBkN2RkYjFlNmRlNmRmNjFmMzViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAptFpi2O9oQNv6mN+M5eCZGomEGj1
RYw4CTscZII8GmmWRGOyAt5lUPr3p0zPm5vHff/YP6icPou6jMZjlffYVP9eqWK8
o0jtpX/kLB9bQADl29hpjHe5BIYxaZAcTaNOANY3Ko6sxeUlTE0Sh5/5ncB9+tAF
aH5cllWL3lf7I7/6WFM+cmQ+TM6tJ6HzWcJ7QSA04cKFwG/d4kXSXIWYI/G5EuzJ
bUAdOXS2no+2s/3qGmvG/157suWeG77/HPx9NnTRezkpkbwm0O8T7x2nIdgjneDd
QyW/TBo9gkYqxZKQxJ9JevYQdGYfFmiHIWH/RZc7F9FMjnD91caWvsGt7wIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFD9RsFOY8WN1q+wNfdsebebfYfNbMB8GA1UdIwQY
MBaAFFQvYz926Niq6qMrWs4Wo9s5Q9gMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDIt
NjliOTUzYzlkNWFhLzEvUDFHd1U1anhZM1dyN0ExOTJ4NXQ1dDloODFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9kNmI4NzQtYWVhOC00YjdlLWIwZDItNjliOTUzYzlkNWFh
LzEvVkM5alAzYm8yS3Jxb3l0YXpoYWoyemxEMkF3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQAvH2gMAwD
BAG8faIDBAC8faYDBAC8faoDBAC8fa4wDQYJKoZIhvcNAQELBQADggEBAGDP987b
GPg5KqVwz0GIiGTxCPy1PcA0QpeReV1fJEgK28ZBu4FpJdA9oMO/h9F8k7965FL5
Nxr2oblDDAGVQPD/fYwZ3B0/dW2a6qKvPwxO223dCLGRVgNZiDS9oD3Bqqtetjqa
7hw5gFOW6C1EClEDt10aXIKOGlypIdBxtNxh4DBjGuE+BO1Mg98HyhXV9wgUUAIl
6gVyVxl8lRnAsQMP+uEXAKOopGNkAt5jrq2eelfyPuFJYRZguVx8Rbyt/CZ2anDs
YeAh4NSLFnkKZi7qwrksXOVvgEkynvwf00NMGCWPCHFJu4iuN2Ig5Hu68se93PD8
z0u6+yP3N2MOmnc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:47 2024 by rpki-client on console-fra.rpki-client.org