Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/aDuhV68u00l17PcZUe-sOk27Mns.roa
File: aDuhV68u00l17PcZUe-sOk27Mns.roa (raw, json)
Hash identifier: nCsHSfZb15aq8QRcmXgP3LixirDAM8I8VZgMQPzPpg0=
Subject key identifier: 68:3B:A1:57:AF:2E:D3:49:75:EC:F7:19:51:EF:AC:3A:4D:BB:32:7B
Certificate issuer: /CN=f97a546b66e2449ce628432dd80ad6d4d00cd03e
Certificate serial: 018D2D73AB55FDD42E1433AD7C2ADF768CE9
Authority key identifier: F9:7A:54:6B:66:E2:44:9C:E6:28:43:2D:D8:0A:D6:D4:D0:0C:D0:3E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1-XpUa2biRJzmKEMt2ArW1NAM0D4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/aDuhV68u00l17PcZUe-sOk27Mns.roa
Signing time: Sun 21 Jan 2024 19:16:11 +0000
ROA not before: Sun 21 Jan 2024 19:16:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 12722
IP address blocks: 94.158.188.0/24 maxlen: 24
194.32.240.0/24 maxlen: 24
195.69.148.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:2d:73:ab:55:fd:d4:2e:14:33:ad:7c:2a:df:76:8c:e9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f97a546b66e2449ce628432dd80ad6d4d00cd03e
Validity
Not Before: Jan 21 19:16:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=683ba157af2ed34975ecf71951efac3a4dbb327b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:b2:e8:ac:1a:f2:d6:ea:7c:81:fa:c7:9f:b7:
82:bd:3a:fe:cb:80:db:ed:5a:09:bb:5e:04:09:72:
38:50:c7:98:c9:43:b4:5b:e8:24:c7:ab:8c:b9:ef:
81:b3:ac:5d:ed:3d:6f:c2:6c:99:24:b0:58:22:69:
7d:96:9d:12:0a:ab:63:ab:b4:37:48:25:a0:fe:1b:
52:4a:fe:43:e3:1c:08:df:2d:3f:fe:71:9e:88:25:
6b:9e:33:39:b7:18:2d:73:77:95:b6:7b:e3:19:16:
70:af:bf:00:4f:9f:2b:c9:a2:7a:9b:3b:6b:29:70:
82:d5:3f:09:f6:d8:90:fc:55:29:00:89:4f:ec:2d:
66:40:65:18:fb:96:16:50:29:ed:29:0c:89:53:15:
f9:53:b4:a9:d5:1c:11:72:a2:e1:33:cd:bf:89:de:
78:e0:29:94:05:0f:a7:90:d6:b1:d3:c2:9d:d7:cf:
0a:c6:9c:d6:7a:87:f0:df:73:1c:17:5c:ac:24:ab:
46:24:c6:be:a2:a9:dd:b7:ff:ed:26:6d:27:12:7e:
d0:dc:a2:92:5b:69:23:e8:91:5d:c5:59:a4:cf:fa:
51:05:7f:77:80:46:24:7c:8b:ba:e3:6e:b0:bc:58:
02:dc:d8:82:8e:a6:00:c7:66:bb:5c:b4:b2:30:53:
3a:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:3B:A1:57:AF:2E:D3:49:75:EC:F7:19:51:EF:AC:3A:4D:BB:32:7B
X509v3 Authority Key Identifier:
keyid:F9:7A:54:6B:66:E2:44:9C:E6:28:43:2D:D8:0A:D6:D4:D0:0C:D0:3E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1-XpUa2biRJzmKEMt2ArW1NAM0D4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/aDuhV68u00l17PcZUe-sOk27Mns.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ed/226996-4b3f-4f5f-8a7e-0b1b6641b8a2/1/1-XpUa2biRJzmKEMt2ArW1NAM0D4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.158.188.0/24
194.32.240.0/24
195.69.148.0/24
Signature Algorithm: sha256WithRSAEncryption
09:22:23:b6:13:1c:cf:fb:76:fa:95:c6:e2:c4:ee:33:99:99:
7d:bd:d4:26:1e:2a:a8:13:1b:97:4b:83:77:c7:e3:37:d4:a8:
fb:d2:e9:9a:60:2f:25:b5:35:a4:6c:28:92:bd:19:56:8c:fb:
2a:93:07:a2:a7:9e:17:d7:da:58:43:42:2e:35:aa:fa:c0:9c:
87:15:9a:14:f3:fb:7e:94:e5:58:64:30:73:9e:d6:16:97:b9:
38:66:43:cc:9d:f2:fa:a5:e5:6e:c2:a1:50:55:56:59:7d:4f:
4c:44:02:8d:7a:b6:a0:5d:c8:50:d7:a3:e1:54:0c:0b:7a:39:
08:1c:02:e1:ae:a0:5c:e4:ee:e9:b2:b5:b6:0d:e9:bf:b9:8b:
b9:65:53:35:e8:89:cb:a3:47:21:9f:57:9d:8a:cf:0b:e4:87:
30:a2:b2:c5:f9:c9:51:16:74:a2:58:08:7a:2c:85:f9:d0:fc:
ac:fa:10:1e:0a:41:51:33:3b:21:cb:80:0c:4d:80:c0:15:7c:
33:19:e5:0a:f0:ab:42:50:0c:b3:b5:33:47:e0:85:d4:b3:46:
1a:2b:36:39:3f:c1:ba:e1:f3:48:95:d6:55:04:02:ed:c6:24:
75:9c:ea:aa:13:a8:80:4e:fa:7d:56:c7:69:26:2a:32:e8:06:
3a:d8:1e:07
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAY0tc6tV/dQuFDOtfCrfdozpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY5N2E1NDZiNjZlMjQ0OWNlNjI4NDMyZGQ4MGFkNmQ0ZDAw
Y2QwM2UwHhcNMjQwMTIxMTkxNjExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODNiYTE1N2FmMmVkMzQ5NzVlY2Y3MTk1MWVmYWMzYTRkYmIzMjdiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwrLorBry1up8gfrHn7eCvTr+y4Db
7VoJu14ECXI4UMeYyUO0W+gkx6uMue+Bs6xd7T1vwmyZJLBYIml9lp0SCqtjq7Q3
SCWg/htSSv5D4xwI3y0//nGeiCVrnjM5txgtc3eVtnvjGRZwr78AT58ryaJ6mztr
KXCC1T8J9tiQ/FUpAIlP7C1mQGUY+5YWUCntKQyJUxX5U7Sp1RwRcqLhM82/id54
4CmUBQ+nkNax08Kd188KxpzWeofw33McF1ysJKtGJMa+oqndt//tJm0nEn7Q3KKS
W2kj6JFdxVmkz/pRBX93gEYkfIu6426wvFgC3NiCjqYAx2a7XLSyMFM6DwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFGg7oVevLtNJdez3GVHvrDpNuzJ7MB8GA1UdIwQY
MBaAFPl6VGtm4kSc5ihDLdgK1tTQDNA+MA4GA1UdDwEB/wQEAwIHgDBlBggrBgEF
BQcBAQRZMFcwVQYIKwYBBQUHMAKGSXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMS1YcFVhMmJpUkp6bUtFTXQyQXJXMU5BTTBENC5jZXIw
gY0GCCsGAQUFBwELBIGAMH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBl
Lm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZWQvMjI2OTk2LTRiM2YtNGY1Zi04YTdl
LTBiMWI2NjQxYjhhMi8xL2FEdWhWNjh1MDBsMTdQY1pVZS1zT2syN01ucy5yb2Ew
gYIGA1UdHwR7MHkwd6B1oHOGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvZWQvMjI2OTk2LTRiM2YtNGY1Zi04YTdlLTBiMWI2NjQxYjhh
Mi8xLzEtWHBVYTJiaVJKem1LRU10MkFyVzFOQU0wRDQuY3JsMBgGA1UdIAEB/wQO
MAwwCgYIKwYBBQUHDgIwKwYIKwYBBQUHAQcBAf8EHDAaMBgEAgABMBIDBABenrwD
BADCIPADBADDRZQwDQYJKoZIhvcNAQELBQADggEBAAkiI7YTHM/7dvqVxuLE7jOZ
mX291CYeKqgTG5dLg3fH4zfUqPvS6ZpgLyW1NaRsKJK9GVaM+yqTB6KnnhfX2lhD
Qi41qvrAnIcVmhTz+36U5VhkMHOe1haXuThmQ8yd8vql5W7CoVBVVll9T0xEAo16
tqBdyFDXo+FUDAt6OQgcAuGuoFzk7umytbYN6b+5i7llUzXoicujRyGfV52Kzwvk
hzCissX5yVEWdKJYCHoshfnQ/Kz6EB4KQVEzOyHLgAxNgMAVfDMZ5Qrwq0JQDLO1
M0fghdSzRhorNjk/wbrh80iV1lUEAu3GJHWc6qoTqIBO+n1Wx2kmKjLoBjrYHgc=
-----END CERTIFICATE-----
Generated at Mon Feb 5 20:17:03 2024 by rpki-client on console-fra.rpki-client.org