Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/gUD-x6Dvw0Yz-OqqM2fO9gW-pmA.roa
File: gUD-x6Dvw0Yz-OqqM2fO9gW-pmA.roa (raw, json)
Hash identifier: mvxrlanDt6nMcIqwXrhgOuq2TgtvIhvNmBe+k2a2UcY=
Subject key identifier: 81:40:FE:C7:A0:EF:C3:46:33:F8:EA:AA:33:67:CE:F6:05:BE:A6:60
Certificate issuer: /CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Certificate serial: 01909CA12B79FE2BFD2FE03318BC7A8A8EF7
Authority key identifier: 3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/gUD-x6Dvw0Yz-OqqM2fO9gW-pmA.roa
Signing time: Wed 10 Jul 2024 12:32:06 +0000
ROA not before: Wed 10 Jul 2024 12:32:06 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 208913
IP address blocks: 46.247.144.0/20 maxlen: 24
89.200.240.0/23 maxlen: 24
194.42.100.0/23 maxlen: 24
194.106.212.0/23 maxlen: 24
195.189.186.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:9c:a1:2b:79:fe:2b:fd:2f:e0:33:18:bc:7a:8a:8e:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Validity
Not Before: Jul 10 12:32:06 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8140fec7a0efc34633f8eaaa3367cef605bea660
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:eb:0a:e5:6e:8f:53:1d:11:9d:94:cb:63:9f:
4e:6c:ed:39:8b:69:05:23:16:5b:ef:23:9d:ef:e6:
3e:c8:5c:17:6d:7d:3f:db:a8:d7:88:b8:a3:f9:75:
02:9f:58:e9:14:bc:eb:09:c9:90:7f:b9:f3:b7:4e:
a7:b2:36:a2:5d:f2:c1:3e:8c:eb:0c:7a:12:f7:86:
19:f6:15:98:8c:55:16:13:a5:0c:84:06:27:c6:ef:
57:87:94:06:d0:d6:41:57:86:28:d2:23:fd:cd:f8:
52:95:2e:09:68:f9:1b:4d:c9:e4:14:1e:80:87:ad:
6e:8f:ea:05:63:9f:63:13:1a:75:5e:c5:d8:02:f0:
20:56:b2:fb:01:bc:3d:06:d3:cb:5b:24:d1:94:dc:
57:5a:31:91:28:5b:6d:85:3c:57:65:98:99:21:f9:
c1:39:16:cf:0a:52:b2:7c:0c:16:0d:1f:7a:f9:84:
ff:6a:3c:72:0f:c1:e4:3d:e4:9a:a1:c7:7d:5a:07:
81:b8:7f:89:d5:5b:85:ba:3a:82:c2:d8:a1:1e:87:
a2:eb:7d:12:21:79:ad:45:64:f6:5b:0f:27:9b:cf:
e9:f9:b5:b4:f1:f5:de:dc:fa:40:d0:2f:84:86:4f:
8a:6c:96:cb:dc:07:40:99:b9:c1:6b:67:4c:60:11:
02:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:40:FE:C7:A0:EF:C3:46:33:F8:EA:AA:33:67:CE:F6:05:BE:A6:60
X509v3 Authority Key Identifier:
keyid:3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/gUD-x6Dvw0Yz-OqqM2fO9gW-pmA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.247.144.0/20
89.200.240.0/23
194.42.100.0/23
194.106.212.0/23
195.189.186.0/23
Signature Algorithm: sha256WithRSAEncryption
2e:eb:35:cb:e3:a1:2f:e8:97:13:b6:31:d2:d8:05:01:03:83:
52:16:23:f5:1e:18:2f:4e:4f:ee:91:fd:6b:72:1a:f7:54:58:
77:09:2a:08:38:35:81:ac:c7:30:55:d4:2a:1a:ce:10:06:e7:
d6:a3:bb:a9:b9:a4:dc:49:8b:47:fa:0e:51:a3:a5:63:18:b7:
6b:d5:03:7e:89:fd:95:cb:8c:bf:35:7e:f1:2c:b3:ce:b9:d0:
c7:fd:d5:df:31:2b:32:72:e6:2f:ea:12:2f:57:0a:df:1d:94:
1f:88:8a:fb:7e:af:31:81:dd:7e:5f:8c:67:59:a0:a9:4a:64:
0f:e9:21:4c:67:82:c5:82:ba:ff:fd:e0:cd:5c:4a:b6:c3:e1:
96:b9:2e:05:81:a1:a0:d3:9d:98:44:2b:95:7d:b1:67:c3:26:
40:71:49:49:69:30:c2:60:1d:cb:9e:62:3a:6f:4e:14:3d:58:
8e:77:63:05:fe:d2:82:31:61:6a:e9:32:ef:a1:7b:72:3d:e0:
fc:56:79:89:c3:4c:a4:c0:57:e1:4e:c4:e9:31:c6:fa:a4:22:
f7:4b:5a:6d:91:f5:ab:6b:f7:16:28:4a:4a:d0:91:79:ea:6f:
6d:c2:e6:9e:8b:74:4f:88:c5:7b:d9:36:b2:d3:46:b3:44:d3:
2f:5f:16:36
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZCcoSt5/iv9L+AzGLx6io73MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWYzMmQwY2ZhN2E4NmQzMGU3ZTExYTczZWJiZDBiMjRk
YmY0MWYwHhcNMjQwNzEwMTIzMjA2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTQwZmVjN2EwZWZjMzQ2MzNmOGVhYWEzMzY3Y2VmNjA1YmVhNjYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwesK5W6PUx0RnZTLY59ObO05i2kF
IxZb7yOd7+Y+yFwXbX0/26jXiLij+XUCn1jpFLzrCcmQf7nzt06nsjaiXfLBPozr
DHoS94YZ9hWYjFUWE6UMhAYnxu9Xh5QG0NZBV4Yo0iP9zfhSlS4JaPkbTcnkFB6A
h61uj+oFY59jExp1XsXYAvAgVrL7Abw9BtPLWyTRlNxXWjGRKFtthTxXZZiZIfnB
ORbPClKyfAwWDR96+YT/ajxyD8HkPeSaocd9WgeBuH+J1VuFujqCwtihHoei630S
IXmtRWT2Ww8nm8/p+bW08fXe3PpA0C+Ehk+KbJbL3AdAmbnBa2dMYBEClwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFIFA/seg78NGM/jqqjNnzvYFvqZgMB8GA1UdIwQY
MBaAFD4fMtDPp6htMOfhGnPrvQsk2/QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUt
NjA2OGMwNGQxYmUwLzEvZ1VELXg2RHZ3MFl6LU9xcU0yZk85Z1ctcG1BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUtNjA2OGMwNGQxYmUw
LzEvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQELveQAwQB
WcjwAwQBwipkAwQBwmrUAwQBw726MA0GCSqGSIb3DQEBCwUAA4IBAQAu6zXL46Ev
6JcTtjHS2AUBA4NSFiP1HhgvTk/ukf1rchr3VFh3CSoIODWBrMcwVdQqGs4QBufW
o7upuaTcSYtH+g5Ro6VjGLdr1QN+if2Vy4y/NX7xLLPOudDH/dXfMSsycuYv6hIv
VwrfHZQfiIr7fq8xgd1+X4xnWaCpSmQP6SFMZ4LFgrr//eDNXEq2w+GWuS4FgaGg
052YRCuVfbFnwyZAcUlJaTDCYB3LnmI6b04UPViOd2MF/tKCMWFq6TLvoXtyPeD8
VnmJw0ykwFfhTsTpMcb6pCL3S1ptkfWra/cWKEpK0JF56m9twuaei3RPiMV72Tay
00azRNMvXxY2
-----END CERTIFICATE-----
Generated at Thu Jul 25 13:50:37 2024 by rpki-client on console-ams.rpki-client.org