Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/cb/a11567-259e-4d1b-bfcb-281fade2834b/1/7AfbhcE07G78sTbRBrcgxKDDPzI.roa
File: 7AfbhcE07G78sTbRBrcgxKDDPzI.roa (raw, json)
Hash identifier: yITdydHVDLaRAt386QEtabYpvRyjFu9np1BvTB7PCZc=
Subject key identifier: EC:07:DB:85:C1:34:EC:6E:FC:B1:36:D1:06:B7:20:C4:A0:C3:3F:32
Certificate issuer: /CN=d03febfd537e320cbbec2b4e22677b9ae66f604e
Certificate serial: 018D8430EF609AB092C81DE1062293C61F76
Authority key identifier: D0:3F:EB:FD:53:7E:32:0C:BB:EC:2B:4E:22:67:7B:9A:E6:6F:60:4E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0D_r_VN-Mgy77CtOImd7muZvYE4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/cb/a11567-259e-4d1b-bfcb-281fade2834b/1/7AfbhcE07G78sTbRBrcgxKDDPzI.roa
Signing time: Wed 07 Feb 2024 15:30:15 +0000
ROA not before: Wed 07 Feb 2024 15:30:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 49505
IP address blocks: 62.233.34.0/24 maxlen: 24
91.199.189.0/24 maxlen: 24
93.190.120.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:84:30:ef:60:9a:b0:92:c8:1d:e1:06:22:93:c6:1f:76
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d03febfd537e320cbbec2b4e22677b9ae66f604e
Validity
Not Before: Feb 7 15:30:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ec07db85c134ec6efcb136d106b720c4a0c33f32
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:86:84:24:32:74:e2:02:b8:ac:aa:04:33:c6:
ba:9a:18:64:0d:8e:5d:ee:c6:82:e5:7a:72:46:31:
09:aa:c3:c0:d3:f6:a4:f5:f9:b9:52:ee:b6:4f:e0:
7d:e3:83:c3:77:0f:e7:51:8e:72:7f:62:40:c3:1d:
bd:58:4a:ab:81:77:5f:a4:1b:5c:8b:54:bc:42:84:
31:73:ad:12:08:d3:3a:8a:d3:c5:44:eb:99:bd:37:
52:9d:04:d1:90:36:a7:58:ff:e1:9e:a8:cd:5a:12:
d7:ee:9b:3d:09:fa:4b:2b:4d:87:74:55:0f:70:99:
af:5a:f1:45:bd:7d:d1:7c:8c:35:82:a6:1c:e0:4f:
3c:0d:b3:74:8c:90:6d:fe:ce:f1:3a:d7:2e:b7:87:
8f:f2:12:ee:85:52:25:79:5c:c0:06:53:c7:5d:0a:
a2:52:29:e6:d5:32:88:ee:03:3a:b6:84:4d:16:f2:
b2:07:75:08:0d:87:35:42:4f:fd:e9:fa:ae:56:7e:
84:21:25:5f:b6:6a:90:94:a9:72:7f:ad:d4:f3:05:
ad:d3:9e:31:4d:9c:f7:dd:ac:40:7f:1a:cf:39:8c:
9a:27:b0:66:1d:88:15:42:30:51:4b:7a:59:08:1b:
2b:41:bd:7b:31:a1:69:eb:bd:f3:93:d8:42:7f:2a:
41:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:07:DB:85:C1:34:EC:6E:FC:B1:36:D1:06:B7:20:C4:A0:C3:3F:32
X509v3 Authority Key Identifier:
keyid:D0:3F:EB:FD:53:7E:32:0C:BB:EC:2B:4E:22:67:7B:9A:E6:6F:60:4E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0D_r_VN-Mgy77CtOImd7muZvYE4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/a11567-259e-4d1b-bfcb-281fade2834b/1/7AfbhcE07G78sTbRBrcgxKDDPzI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/cb/a11567-259e-4d1b-bfcb-281fade2834b/1/0D_r_VN-Mgy77CtOImd7muZvYE4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.233.34.0/24
91.199.189.0/24
93.190.120.0/24
Signature Algorithm: sha256WithRSAEncryption
01:fb:1b:82:19:d8:cb:23:62:69:6c:8b:47:15:34:ac:33:49:
cc:d5:ab:bc:98:5e:d5:3d:be:41:67:b7:62:f3:fc:fb:df:0a:
ee:18:96:95:2a:a4:f0:f6:47:cb:8b:05:67:a4:86:2b:1c:a9:
41:1e:39:f2:f7:6e:7f:f0:16:fe:2b:0f:96:3f:59:d4:f8:8a:
b2:a1:15:f0:0e:03:12:7c:8c:25:f9:4b:49:3d:b0:1b:b6:2b:
63:fc:aa:11:47:10:18:ea:c7:69:49:94:d9:e0:4b:35:e5:d7:
ef:f1:a3:da:0e:e3:c4:45:de:c4:3a:48:a9:24:f8:63:9a:43:
20:35:7e:de:89:32:7e:d3:46:cf:98:0a:06:a4:2d:03:84:89:
cb:be:e1:49:16:7b:21:59:e7:1b:d8:7b:ed:c7:0a:c5:26:41:
49:c9:61:ba:c9:92:91:43:5c:9a:73:7e:0d:fc:61:95:98:cf:
02:19:74:1b:5e:51:f5:ae:c9:b5:83:ad:9d:16:0a:35:07:ed:
a1:32:5f:f5:b2:35:bf:c0:32:95:35:b2:6f:a4:e5:fa:b9:83:
2a:15:87:a0:24:c4:ec:95:d1:96:96:f7:80:be:4d:ce:4f:c4:
8d:9b:39:69:13:21:04:8f:bc:de:d5:0b:f0:0b:4a:e1:80:3c:
23:75:31:5b
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY2EMO9gmrCSyB3hBiKTxh92MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwM2ZlYmZkNTM3ZTMyMGNiYmVjMmI0ZTIyNjc3YjlhZTY2
ZjYwNGUwHhcNMjQwMjA3MTUzMDE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzA3ZGI4NWMxMzRlYzZlZmNiMTM2ZDEwNmI3MjBjNGEwYzMzZjMyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhYaEJDJ04gK4rKoEM8a6mhhkDY5d
7saC5XpyRjEJqsPA0/ak9fm5Uu62T+B944PDdw/nUY5yf2JAwx29WEqrgXdfpBtc
i1S8QoQxc60SCNM6itPFROuZvTdSnQTRkDanWP/hnqjNWhLX7ps9CfpLK02HdFUP
cJmvWvFFvX3RfIw1gqYc4E88DbN0jJBt/s7xOtcut4eP8hLuhVIleVzABlPHXQqi
Uinm1TKI7gM6toRNFvKyB3UIDYc1Qk/96fquVn6EISVftmqQlKlyf63U8wWt054x
TZz33axAfxrPOYyaJ7BmHYgVQjBRS3pZCBsrQb17MaFp673zk9hCfypBeQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFOwH24XBNOxu/LE20Qa3IMSgwz8yMB8GA1UdIwQY
MBaAFNA/6/1TfjIMu+wrTiJne5rmb2BOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMERfcl9WTi1NZ3k3N0N0T0ltZDdtdVp2WUU0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYi9hMTE1NjctMjU5ZS00ZDFiLWJmY2It
MjgxZmFkZTI4MzRiLzEvN0FmYmhjRTA3Rzc4c1RiUkJyY2d4S0REUHpJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYi9hMTE1NjctMjU5ZS00ZDFiLWJmY2ItMjgxZmFkZTI4MzRi
LzEvMERfcl9WTi1NZ3k3N0N0T0ltZDdtdVp2WUU0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPukiAwQA
W8e9AwQAXb54MA0GCSqGSIb3DQEBCwUAA4IBAQAB+xuCGdjLI2JpbItHFTSsM0nM
1au8mF7VPb5BZ7di8/z73wruGJaVKqTw9kfLiwVnpIYrHKlBHjny925/8Bb+Kw+W
P1nU+IqyoRXwDgMSfIwl+UtJPbAbtitj/KoRRxAY6sdpSZTZ4Es15dfv8aPaDuPE
Rd7EOkipJPhjmkMgNX7eiTJ+00bPmAoGpC0DhInLvuFJFnshWecb2HvtxwrFJkFJ
yWG6yZKRQ1yac34N/GGVmM8CGXQbXlH1rsm1g62dFgo1B+2hMl/1sjW/wDKVNbJv
pOX6uYMqFYegJMTsldGWlveAvk3OT8SNmzlpEyEEj7ze1QvwC0rhgDwjdTFb
-----END CERTIFICATE-----
Generated at Thu Feb 29 16:39:03 2024 by rpki-client on console-ams.rpki-client.org