Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/Gh0m0FS2VfIqe3D01ZM97cz9RTQ.roa
File: Gh0m0FS2VfIqe3D01ZM97cz9RTQ.roa (raw, json)
Hash identifier: 9YyWit0IV543UMBQl5nzNplqNkCYnUidr7OOgaTDXsE=
Subject key identifier: 1A:1D:26:D0:54:B6:55:F2:2A:7B:70:F4:D5:93:3D:ED:CC:FD:45:34
Certificate issuer: /CN=b9f1d5b06f5701555ff5888154dd141b48896117
Certificate serial: 018CC9BC5F905B5F0D4A55CF9A51E46B674F
Authority key identifier: B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/Gh0m0FS2VfIqe3D01ZM97cz9RTQ.roa
Signing time: Tue 02 Jan 2024 10:33:34 +0000
ROA not before: Tue 02 Jan 2024 10:33:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 52000
IP address blocks: 176.114.69.0/24 maxlen: 24
176.114.71.0/24 maxlen: 24
176.114.76.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bc:5f:90:5b:5f:0d:4a:55:cf:9a:51:e4:6b:67:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b9f1d5b06f5701555ff5888154dd141b48896117
Validity
Not Before: Jan 2 10:33:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1a1d26d054b655f22a7b70f4d5933dedccfd4534
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:e4:c3:81:79:45:db:83:44:e7:4c:cc:ec:ef:
cd:27:57:18:d9:c3:b6:a9:5c:5d:e5:a8:b1:c3:5f:
b5:4b:98:0a:9b:97:e0:ce:17:f6:98:a9:1b:a0:ff:
ab:13:e1:c6:96:68:b5:0a:16:38:8d:88:24:31:ff:
1f:94:b1:1c:db:bc:ee:03:c4:ed:23:5f:e3:ae:6c:
8b:af:10:a2:00:82:cf:57:4f:1d:9a:ff:c6:c2:80:
6f:d4:09:72:67:33:1f:e4:9a:99:e4:cb:6e:47:72:
1b:cf:ad:26:d9:50:0f:7b:b4:ee:89:66:17:cd:50:
84:6a:5a:2c:28:16:c7:8a:9b:25:39:84:bb:11:48:
b8:9f:fa:91:f5:74:13:e9:a8:54:a4:d0:5d:47:a6:
6c:cb:85:9b:2a:e6:9f:96:95:51:a7:01:61:c7:68:
a9:4b:f4:a9:fe:fb:a0:d9:82:cf:b4:9c:7f:a9:9d:
d7:39:86:bd:ab:fc:98:b3:bb:da:d4:cd:29:8d:4f:
5b:bf:74:44:74:94:7d:6e:39:7e:ae:3d:85:62:1f:
35:1f:b2:5a:00:82:c3:a8:a5:7c:56:e3:61:c6:8b:
1c:52:50:7b:17:c5:e1:1d:2a:93:e9:8d:f5:bd:fe:
05:72:7d:ce:e6:b2:d2:07:14:2e:5a:41:ac:6a:3c:
06:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:1D:26:D0:54:B6:55:F2:2A:7B:70:F4:D5:93:3D:ED:CC:FD:45:34
X509v3 Authority Key Identifier:
keyid:B9:F1:D5:B0:6F:57:01:55:5F:F5:88:81:54:DD:14:1B:48:89:61:17
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ufHVsG9XAVVf9YiBVN0UG0iJYRc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/Gh0m0FS2VfIqe3D01ZM97cz9RTQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d1/caf5ea-626e-455a-8708-f5ca8fa7270d/1/ufHVsG9XAVVf9YiBVN0UG0iJYRc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.114.69.0/24
176.114.71.0/24
176.114.76.0/22
Signature Algorithm: sha256WithRSAEncryption
77:ec:ff:7b:e5:ad:ee:c6:6e:41:74:46:f7:99:ca:3c:ac:42:
1f:6f:a4:35:54:89:b8:46:74:fb:86:18:e2:7e:71:7d:5f:62:
26:75:f9:2e:45:19:33:c9:78:3f:00:11:42:a4:08:62:78:ff:
55:f2:31:46:ec:8c:44:59:a3:12:c3:74:ef:b1:86:9e:2c:a7:
fe:27:86:14:2e:e5:d6:df:92:f3:8b:68:53:79:00:62:52:41:
8e:f2:66:c1:8d:a7:a9:f6:8a:eb:97:4d:3b:4b:18:9f:a9:e9:
e8:b9:4c:59:38:87:b5:a9:1e:57:a1:8a:db:96:81:80:38:53:
53:9b:c8:96:a3:ef:1f:0e:2b:62:fa:b6:e3:0f:45:ce:4d:1f:
62:35:fc:db:47:26:52:d4:d7:d5:bb:0e:d3:f8:e9:b7:73:0b:
53:a4:c8:5c:b9:a8:5c:b8:de:c2:ff:ea:7a:bc:4d:ca:0a:0f:
ba:05:2e:26:07:8f:fa:14:06:15:e3:23:cf:2f:d4:9e:95:74:
0b:5f:e0:57:e8:f9:3e:8f:ae:ec:9e:58:2b:d2:5e:9a:82:53:
14:74:5d:c8:e0:ae:34:e3:79:90:1e:0b:38:44:93:89:7c:97:
f0:a6:84:01:c2:8c:23:16:c4:f7:a7:3e:3b:53:bf:5f:e2:68:
34:06:3c:d0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYzJvF+QW18NSlXPmlHka2dPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI5ZjFkNWIwNmY1NzAxNTU1ZmY1ODg4MTU0ZGQxNDFiNDg4
OTYxMTcwHhcNMjQwMTAyMTAzMzM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTFkMjZkMDU0YjY1NWYyMmE3YjcwZjRkNTkzM2RlZGNjZmQ0NTM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAouTDgXlF24NE50zM7O/NJ1cY2cO2
qVxd5aixw1+1S5gKm5fgzhf2mKkboP+rE+HGlmi1ChY4jYgkMf8flLEc27zuA8Tt
I1/jrmyLrxCiAILPV08dmv/GwoBv1AlyZzMf5JqZ5MtuR3Ibz60m2VAPe7TuiWYX
zVCEalosKBbHipslOYS7EUi4n/qR9XQT6ahUpNBdR6Zsy4WbKuaflpVRpwFhx2ip
S/Sp/vug2YLPtJx/qZ3XOYa9q/yYs7va1M0pjU9bv3REdJR9bjl+rj2FYh81H7Ja
AILDqKV8VuNhxoscUlB7F8XhHSqT6Y31vf4Fcn3O5rLSBxQuWkGsajwG+wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBodJtBUtlXyKntw9NWTPe3M/UU0MB8GA1UdIwQY
MBaAFLnx1bBvVwFVX/WIgVTdFBtIiWEXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgt
ZjVjYThmYTcyNzBkLzEvR2gwbTBGUzJWZklxZTNEMDFaTTk3Y3o5UlRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kMS9jYWY1ZWEtNjI2ZS00NTVhLTg3MDgtZjVjYThmYTcyNzBk
LzEvdWZIVnNHOVhBVlZmOVlpQlZOMFVHMGlKWVJjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAsHJFAwQA
sHJHAwQCsHJMMA0GCSqGSIb3DQEBCwUAA4IBAQB37P975a3uxm5BdEb3mco8rEIf
b6Q1VIm4RnT7hhjifnF9X2ImdfkuRRkzyXg/ABFCpAhieP9V8jFG7IxEWaMSw3Tv
sYaeLKf+J4YULuXW35Lzi2hTeQBiUkGO8mbBjaep9orrl007SxifqenouUxZOIe1
qR5XoYrbloGAOFNTm8iWo+8fDiti+rbjD0XOTR9iNfzbRyZS1NfVuw7T+Om3cwtT
pMhcuahcuN7C/+p6vE3KCg+6BS4mB4/6FAYV4yPPL9SelXQLX+BX6Pk+j67snlgr
0l6aglMUdF3I4K4043mQHgs4RJOJfJfwpoQBwowjFsT3pz47U79f4mg0BjzQ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:54:57 2024 by rpki-client on console-fra.rpki-client.org