Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/974749-4d7e-4450-9793-df854f47baf4/1/gicuq8bdkmJC-UDWIxMidYGqCdE.roa
File: gicuq8bdkmJC-UDWIxMidYGqCdE.roa (raw, json)
Hash identifier: gWNOj3ejtfml0b6TxeMQyt0kgJuEEIK8Vks3aAYO7JE=
Subject key identifier: 82:27:2E:AB:C6:DD:92:62:42:F9:40:D6:23:13:22:75:81:AA:09:D1
Certificate issuer: /CN=b0fa0c7abc10796915e335ba19780e473e027969
Certificate serial: 03331150
Authority key identifier: B0:FA:0C:7A:BC:10:79:69:15:E3:35:BA:19:78:0E:47:3E:02:79:69
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sPoMerwQeWkV4zW6GXgORz4CeWk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/974749-4d7e-4450-9793-df854f47baf4/1/gicuq8bdkmJC-UDWIxMidYGqCdE.roa
Signing time: Sun 15 May 2022 07:58:41 +0000
ROA not before: Sun 15 May 2022 07:58:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 9211
IP address blocks: 213.238.32.0/20 maxlen: 21
213.238.48.0/21 maxlen: 21
212.12.32.0/20 maxlen: 20
212.12.56.0/21 maxlen: 21
2a00:ea8::/32 maxlen: 32
2a00:eab::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 53678416 (0x3331150)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b0fa0c7abc10796915e335ba19780e473e027969
Validity
Not Before: May 15 07:58:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=82272eabc6dd926242f940d62313227581aa09d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:ce:2c:24:77:00:d2:5d:80:f0:e0:70:02:de:
ed:52:57:5d:90:c2:6e:09:9b:1f:ff:09:50:39:cf:
a9:d5:2a:2d:33:6e:09:45:c7:f7:cd:54:86:e9:d0:
9e:72:69:33:12:0a:43:29:6b:55:33:d1:92:6a:0a:
f9:df:b8:cb:06:df:4c:23:da:1b:13:72:65:da:c5:
31:8c:ff:fd:c3:7c:f8:c4:0f:b6:ea:ee:9a:fa:57:
16:a4:70:d1:df:af:27:7f:e6:e7:84:29:73:b4:20:
85:be:20:bf:0f:58:fb:17:f9:d6:0c:ff:a6:d8:11:
a9:8c:b6:5d:5a:09:2c:5f:31:cb:90:2d:b6:5d:e8:
ab:1d:1a:f4:79:73:80:53:7f:6f:e2:bb:1f:ac:87:
f4:1e:e1:42:57:78:d4:5e:01:19:cc:3e:95:ec:d0:
6b:dd:e1:fa:62:6b:ac:c7:be:9e:62:89:e8:f5:53:
83:a0:37:e9:45:b3:fe:cb:e8:be:1d:bd:93:3f:19:
3d:f1:53:ed:0a:17:a9:8e:dd:1f:da:7a:5f:78:e6:
d8:ff:89:8d:78:40:1e:96:3f:3b:90:24:0f:4f:05:
da:72:c6:0a:e7:fe:d4:07:48:fb:24:0c:ea:e8:cd:
fb:f4:c8:a4:4c:7a:cd:58:91:85:9c:02:3f:b8:31:
90:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:27:2E:AB:C6:DD:92:62:42:F9:40:D6:23:13:22:75:81:AA:09:D1
X509v3 Authority Key Identifier:
keyid:B0:FA:0C:7A:BC:10:79:69:15:E3:35:BA:19:78:0E:47:3E:02:79:69
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sPoMerwQeWkV4zW6GXgORz4CeWk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/974749-4d7e-4450-9793-df854f47baf4/1/gicuq8bdkmJC-UDWIxMidYGqCdE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/974749-4d7e-4450-9793-df854f47baf4/1/sPoMerwQeWkV4zW6GXgORz4CeWk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.12.32.0/20
212.12.56.0/21
213.238.32.0-213.238.55.255
IPv6:
2a00:ea8::/32
2a00:eab::/32
Signature Algorithm: sha256WithRSAEncryption
3e:04:a5:05:a7:ea:f7:7c:33:f7:eb:36:32:6b:79:55:dc:fe:
6f:70:01:bc:91:34:7e:78:30:0b:cc:bf:38:34:c5:0f:89:ef:
cc:8e:54:8a:b0:a1:a3:01:ab:ae:fc:40:70:97:70:30:66:f7:
a8:5f:2f:f6:b7:24:55:af:91:9a:b9:f8:1f:8b:df:b6:1b:6b:
e1:1f:9b:ae:ec:c1:0e:a9:5c:73:06:0f:c6:b5:18:de:c8:29:
8b:29:a4:47:89:9f:36:f1:f7:3f:6d:c4:67:bd:2f:61:0e:61:
cb:95:db:af:53:a7:a5:62:fe:89:4b:19:10:cd:ed:89:96:d2:
e7:71:19:ab:67:14:c7:94:1f:0b:fc:7d:71:60:e9:18:f0:8c:
5a:2d:7a:22:51:ab:60:9b:0f:a9:5f:03:c6:bb:76:35:61:c6:
78:d9:aa:12:96:2e:2b:cf:4f:54:43:4f:7f:23:09:8b:89:97:
45:b6:bb:45:c9:2a:94:89:92:72:4f:33:cf:9f:a5:ad:c9:9e:
b8:69:9b:13:59:5a:99:9e:5e:2a:3d:8a:67:23:c2:c9:e8:9d:
78:f9:b1:8e:8c:49:91:fb:3f:77:93:9c:f6:61:78:62:c8:b8:
b4:b5:f6:43:2e:0f:7b:87:93:fd:7a:7a:95:44:8e:df:79:11:
00:a7:1a:3b
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgIEAzMRUDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhi
MGZhMGM3YWJjMTA3OTY5MTVlMzM1YmExOTc4MGU0NzNlMDI3OTY5MB4XDTIyMDUx
NTA3NTg0MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODIyNzJlYWJjNmRk
OTI2MjQyZjk0MGQ2MjMxMzIyNzU4MWFhMDlkMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANDOLCR3ANJdgPDgcALe7VJXXZDCbgmbH/8JUDnPqdUqLTNu
CUXH981UhunQnnJpMxIKQylrVTPRkmoK+d+4ywbfTCPaGxNyZdrFMYz//cN8+MQP
turumvpXFqRw0d+vJ3/m54Qpc7Qghb4gvw9Y+xf51gz/ptgRqYy2XVoJLF8xy5At
tl3oqx0a9HlzgFN/b+K7H6yH9B7hQld41F4BGcw+lezQa93h+mJrrMe+nmKJ6PVT
g6A36UWz/svovh29kz8ZPfFT7QoXqY7dH9p6X3jm2P+JjXhAHpY/O5AkD08F2nLG
Cuf+1AdI+yQM6ujN+/TIpEx6zViRhZwCP7gxkOECAwEAAaOCAjMwggIvMB0GA1Ud
DgQWBBSCJy6rxt2SYkL5QNYjEyJ1gaoJ0TAfBgNVHSMEGDAWgBSw+gx6vBB5aRXj
NboZeA5HPgJ5aTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3NQb01lcndRZVdrVjR6VzZHWGdPUno0Q2VXay5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjAvOTc0NzQ5LTRkN2UtNDQ1MC05NzkzLWRmODU0ZjQ3YmFmNC8x
L2dpY3VxOGJka21KQy1VRFdJeE1pZFlHcUNkRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjAv
OTc0NzQ5LTRkN2UtNDQ1MC05NzkzLWRmODU0ZjQ3YmFmNC8xL3NQb01lcndRZVdr
VjR6VzZHWGdPUno0Q2VXay5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBJ
BggrBgEFBQcBBwEB/wQ6MDgwIAQCAAEwGgMEBNQMIAMEA9QMODAMAwQF1e4gAwQD
1e4wMBQEAgACMA4DBQAqAA6oAwUAKgAOqzANBgkqhkiG9w0BAQsFAAOCAQEAPgSl
Bafq93wz9+s2Mmt5Vdz+b3ABvJE0fngwC8y/ODTFD4nvzI5UirChowGrrvxAcJdw
MGb3qF8v9rckVa+Rmrn4H4vfthtr4R+bruzBDqlccwYPxrUY3sgpiymkR4mfNvH3
P23EZ70vYQ5hy5Xbr1OnpWL+iUsZEM3tiZbS53EZq2cUx5QfC/x9cWDpGPCMWi16
IlGrYJsPqV8Dxrt2NWHGeNmqEpYuK89PVENPfyMJi4mXRba7RckqlImSck8zz5+l
rcmeuGmbE1lamZ5eKj2KZyPCyeidePmxjoxJkfs/d5Oc9mF4Ysi4tLX2Qy4Pe4eT
/Xp6lUSO33kRAKcaOw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:09 2024 by rpki-client on console-fra.rpki-client.org