Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/a11567-259e-4d1b-bfcb-281fade2834b/1/0wVGSyxjZTarX5xUB7q03HO1RH8.roa
File: 0wVGSyxjZTarX5xUB7q03HO1RH8.roa (raw, json)
Hash identifier: Ms6gWqlP27GvrHp2YkAR+e/y0JjU5P3CJFXtYtUyDTg=
Subject key identifier: D3:05:46:4B:2C:63:65:36:AB:5F:9C:54:07:BA:B4:DC:73:B5:44:7F
Certificate issuer: /CN=d03febfd537e320cbbec2b4e22677b9ae66f604e
Certificate serial: 018D13D7EF934530F2BCA42C8A6211323C1C
Authority key identifier: D0:3F:EB:FD:53:7E:32:0C:BB:EC:2B:4E:22:67:7B:9A:E6:6F:60:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0D_r_VN-Mgy77CtOImd7muZvYE4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cb/a11567-259e-4d1b-bfcb-281fade2834b/1/0wVGSyxjZTarX5xUB7q03HO1RH8.roa
Signing time: Tue 16 Jan 2024 19:55:35 +0000
ROA not before: Tue 16 Jan 2024 19:55:35 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 58061
IP address blocks: 80.91.210.0/24 maxlen: 24
194.26.221.0/24 maxlen: 24
212.52.5.0/24 maxlen: 24
217.114.32.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:13:d7:ef:93:45:30:f2:bc:a4:2c:8a:62:11:32:3c:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d03febfd537e320cbbec2b4e22677b9ae66f604e
Validity
Not Before: Jan 16 19:55:35 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d305464b2c636536ab5f9c5407bab4dc73b5447f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:09:ce:11:79:81:c8:54:8b:3a:38:ca:6b:25:
08:08:ab:ef:0d:00:c5:ec:cc:b7:f7:b3:aa:25:90:
c4:6c:15:6f:32:dd:b9:dd:3b:22:ec:10:2d:2c:38:
8b:9b:96:40:54:8e:cf:6e:92:1c:73:c4:ee:72:88:
a3:b4:d9:c0:84:30:c2:06:a4:91:3c:f5:3a:a8:26:
64:43:af:fe:38:99:d6:47:44:16:28:dd:7a:36:29:
cc:5e:27:1b:28:55:d4:02:4f:c3:9b:6a:9f:52:af:
e9:d4:b2:30:8f:90:94:f5:ca:3c:e1:7b:06:1c:ff:
7c:a9:b8:bc:7c:a6:df:fa:3c:75:f2:fe:fe:1c:18:
21:8e:52:46:6b:96:a1:28:47:45:93:43:fe:f4:de:
8b:08:68:6f:10:86:b0:6b:3e:5a:62:37:92:e4:2f:
1a:96:8d:8b:3e:4b:b6:64:55:a1:6c:19:7a:b7:c3:
2c:ab:96:10:14:1a:b4:61:84:21:2e:d1:38:f7:2e:
45:68:4d:82:1e:c9:e3:74:07:8c:9d:d2:2f:9a:bd:
39:2c:0f:e0:7a:60:69:f6:d5:ee:c5:d5:95:a6:26:
41:cb:0f:a6:9b:87:2b:e9:8b:7c:83:0e:ab:be:85:
c7:d5:42:06:e4:62:00:e9:e0:0d:fc:33:36:b2:96:
df:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:05:46:4B:2C:63:65:36:AB:5F:9C:54:07:BA:B4:DC:73:B5:44:7F
X509v3 Authority Key Identifier:
keyid:D0:3F:EB:FD:53:7E:32:0C:BB:EC:2B:4E:22:67:7B:9A:E6:6F:60:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0D_r_VN-Mgy77CtOImd7muZvYE4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/a11567-259e-4d1b-bfcb-281fade2834b/1/0wVGSyxjZTarX5xUB7q03HO1RH8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/a11567-259e-4d1b-bfcb-281fade2834b/1/0D_r_VN-Mgy77CtOImd7muZvYE4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.91.210.0/24
194.26.221.0/24
212.52.5.0/24
217.114.32.0/24
Signature Algorithm: sha256WithRSAEncryption
5a:28:d0:c6:84:a8:e8:9c:06:07:69:ff:a8:b6:69:83:e4:f7:
7b:2c:e2:f7:d6:4c:94:4f:14:b5:0c:c9:83:48:2d:3b:53:2e:
90:4c:31:43:be:11:14:2a:4e:5f:54:9b:a9:9c:f6:14:6c:13:
48:28:e7:f3:4b:e1:5d:56:55:b8:c7:83:ac:7e:43:9a:7a:d7:
36:a5:cc:82:8e:b9:e5:40:a5:51:16:53:f4:73:2e:9f:21:a7:
e9:2a:28:ca:c5:01:d8:44:5b:c8:85:f8:7d:b2:00:e2:99:db:
f3:50:3e:e6:7b:10:0f:b6:e7:c0:b3:f0:5e:67:16:28:d0:49:
75:48:07:78:f8:44:95:5b:c9:a6:48:8c:05:fc:da:53:fe:ca:
f3:c5:cc:d4:a7:5f:65:f5:b5:ed:8c:76:7e:23:1f:b5:f0:39:
03:04:d4:df:c2:8b:d9:a8:61:83:52:13:5e:fa:c5:19:a8:46:
85:77:94:8f:5e:3a:d5:a4:d4:93:65:13:12:bd:cc:67:c8:99:
fa:6f:88:be:fe:3d:75:c3:3c:80:b1:d4:77:71:5d:16:51:ad:
e1:28:19:c1:5b:aa:14:ea:15:83:b9:71:2e:0f:d2:a2:36:51:
2f:35:25:a9:c3:d6:eb:07:aa:21:08:b5:96:2b:38:fc:c8:70:
13:aa:ce:95
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY0T1++TRTDyvKQsimIRMjwcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwM2ZlYmZkNTM3ZTMyMGNiYmVjMmI0ZTIyNjc3YjlhZTY2
ZjYwNGUwHhcNMjQwMTE2MTk1NTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzA1NDY0YjJjNjM2NTM2YWI1ZjljNTQwN2JhYjRkYzczYjU0NDdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3wnOEXmByFSLOjjKayUICKvvDQDF
7My397OqJZDEbBVvMt253Tsi7BAtLDiLm5ZAVI7PbpIcc8TucoijtNnAhDDCBqSR
PPU6qCZkQ6/+OJnWR0QWKN16NinMXicbKFXUAk/Dm2qfUq/p1LIwj5CU9co84XsG
HP98qbi8fKbf+jx18v7+HBghjlJGa5ahKEdFk0P+9N6LCGhvEIawaz5aYjeS5C8a
lo2LPku2ZFWhbBl6t8Msq5YQFBq0YYQhLtE49y5FaE2CHsnjdAeMndIvmr05LA/g
emBp9tXuxdWVpiZByw+mm4cr6Yt8gw6rvoXH1UIG5GIA6eAN/DM2spbfswIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFNMFRkssY2U2q1+cVAe6tNxztUR/MB8GA1UdIwQY
MBaAFNA/6/1TfjIMu+wrTiJne5rmb2BOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMERfcl9WTi1NZ3k3N0N0T0ltZDdtdVp2WUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9hMTE1NjctMjU5ZS00ZDFiLWJmY2It
MjgxZmFkZTI4MzRiLzEvMHdWR1N5eGpaVGFyWDV4VUI3cTAzSE8xUkg4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9hMTE1NjctMjU5ZS00ZDFiLWJmY2ItMjgxZmFkZTI4MzRi
LzEvMERfcl9WTi1NZ3k3N0N0T0ltZDdtdVp2WUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQAUFvSAwQA
whrdAwQA1DQFAwQA2XIgMA0GCSqGSIb3DQEBCwUAA4IBAQBaKNDGhKjonAYHaf+o
tmmD5Pd7LOL31kyUTxS1DMmDSC07Uy6QTDFDvhEUKk5fVJupnPYUbBNIKOfzS+Fd
VlW4x4OsfkOaetc2pcyCjrnlQKVRFlP0cy6fIafpKijKxQHYRFvIhfh9sgDimdvz
UD7mexAPtufAs/BeZxYo0El1SAd4+ESVW8mmSIwF/NpT/srzxczUp19l9bXtjHZ+
Ix+18DkDBNTfwovZqGGDUhNe+sUZqEaFd5SPXjrVpNSTZRMSvcxnyJn6b4i+/j11
wzyAsdR3cV0WUa3hKBnBW6oU6hWDuXEuD9KiNlEvNSWpw9brB6ohCLWWKzj8yHAT
qs6V
-----END CERTIFICATE-----
Generated at Thu Feb 29 16:39:22 2024 by rpki-client on console-fra.rpki-client.org