Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f0/f4ca1c-35dd-4cb1-84fa-8115cafd38ce/1/u2CBX4RUktEGADj5XJx4FvW4gT8.roa
File: u2CBX4RUktEGADj5XJx4FvW4gT8.roa (raw, json)
Hash identifier: kxcg5F6Gucdb0dN6Ocj98SV7aHGTSj+kDjxdL/22sJw=
Subject key identifier: BB:60:81:5F:84:54:92:D1:06:00:38:F9:5C:9C:78:16:F5:B8:81:3F
Certificate issuer: /CN=b0bd68e370e7ec25bec8e01497b2138d95dc6ebc
Certificate serial: 018CC5010117870DE93739C8FCFF7A485EB8
Authority key identifier: B0:BD:68:E3:70:E7:EC:25:BE:C8:E0:14:97:B2:13:8D:95:DC:6E:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/sL1o43Dn7CW-yOAUl7ITjZXcbrw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f0/f4ca1c-35dd-4cb1-84fa-8115cafd38ce/1/u2CBX4RUktEGADj5XJx4FvW4gT8.roa
Signing time: Mon 01 Jan 2024 12:30:26 +0000
ROA not before: Mon 01 Jan 2024 12:30:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8423
IP address blocks: 193.222.57.0/24 maxlen: 24
193.200.141.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:01:01:17:87:0d:e9:37:39:c8:fc:ff:7a:48:5e:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b0bd68e370e7ec25bec8e01497b2138d95dc6ebc
Validity
Not Before: Jan 1 12:30:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=bb60815f845492d1060038f95c9c7816f5b8813f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:ae:c6:eb:27:4f:94:02:8f:49:07:02:8d:02:
1d:b9:be:9d:7d:80:53:52:f3:a0:15:e9:6c:1b:0a:
d4:1c:91:1d:b0:71:74:c7:7f:72:52:06:cc:96:de:
9c:47:cb:76:9f:53:02:be:3d:12:97:3a:5b:38:c1:
a9:e1:4a:93:0d:4a:02:4f:ae:e6:ea:09:f0:2a:71:
53:2a:b8:e7:65:f0:52:42:8a:30:12:93:a1:6c:07:
e5:79:59:47:ad:35:ba:30:da:fa:b9:17:47:7c:b4:
f4:10:ba:23:44:54:c4:51:97:4a:45:ef:e4:6c:32:
23:0e:23:60:3a:b5:bd:21:64:0f:23:d0:d2:bf:3e:
56:75:89:d0:f5:4e:6c:41:5f:1a:57:04:22:2c:a4:
bf:d9:bd:48:fa:b7:0b:22:e1:cc:fe:a7:88:d5:82:
56:91:e9:36:e2:94:df:0f:79:bd:e0:67:b5:14:c1:
c3:05:71:d2:bb:b6:aa:c1:68:b0:75:ed:37:37:68:
29:20:8a:5c:2a:43:b4:25:3d:03:ec:a1:82:43:39:
c6:18:99:4e:99:2d:31:10:ff:9f:a8:d9:67:4d:40:
f5:dc:2b:30:70:fd:7a:86:3d:88:37:8a:d3:24:6a:
cf:5d:d2:7d:3f:2c:81:ce:5c:52:8c:e9:de:48:cd:
a8:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:60:81:5F:84:54:92:D1:06:00:38:F9:5C:9C:78:16:F5:B8:81:3F
X509v3 Authority Key Identifier:
keyid:B0:BD:68:E3:70:E7:EC:25:BE:C8:E0:14:97:B2:13:8D:95:DC:6E:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/sL1o43Dn7CW-yOAUl7ITjZXcbrw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/f4ca1c-35dd-4cb1-84fa-8115cafd38ce/1/u2CBX4RUktEGADj5XJx4FvW4gT8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f0/f4ca1c-35dd-4cb1-84fa-8115cafd38ce/1/sL1o43Dn7CW-yOAUl7ITjZXcbrw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.200.141.0/24
193.222.57.0/24
Signature Algorithm: sha256WithRSAEncryption
8f:65:8a:d3:03:21:01:d2:6f:28:24:b5:ee:51:d2:f8:6e:18:
33:7a:84:1e:7a:91:4a:1b:a7:50:51:d6:36:b0:2a:2f:cf:5d:
12:f9:82:6a:46:e5:03:d6:36:cc:a9:9c:0f:56:0c:54:50:7f:
d7:35:bf:a8:1c:76:c0:b6:a8:6c:9f:ea:7a:57:73:77:63:62:
c9:7d:35:91:e4:92:49:0f:69:da:61:05:15:41:2c:20:61:37:
46:a0:d4:b6:ca:c6:11:9c:27:37:e2:e0:41:d9:e4:b1:ee:71:
8f:90:63:13:ce:62:da:af:93:1e:a8:3c:d1:dc:71:7c:b9:36:
64:2c:bf:ba:7e:24:dd:45:ec:af:c2:b3:db:e1:a6:c5:35:3e:
7e:bd:69:9c:76:89:f7:e1:09:ad:b9:e4:d6:54:d5:24:9e:a5:
00:03:62:07:d0:ea:3d:a5:32:ed:64:4b:a8:b5:9c:8d:48:cb:
2b:9d:6e:50:67:59:6a:61:62:6f:5e:c4:05:03:cd:12:db:b3:
d3:a7:10:a6:50:17:40:fc:34:6f:15:6f:c5:84:77:d7:22:34:
32:06:60:1c:b3:c6:0c:d3:c7:74:5c:32:2f:7a:76:50:f8:18:
52:15:20:91:82:0b:bd:54:3b:79:48:ae:73:81:18:30:45:b0:
dc:6c:92:1d
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzFAQEXhw3pNznI/P96SF64MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIwYmQ2OGUzNzBlN2VjMjViZWM4ZTAxNDk3YjIxMzhkOTVk
YzZlYmMwHhcNMjQwMTAxMTIzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYjYwODE1Zjg0NTQ5MmQxMDYwMDM4Zjk1YzljNzgxNmY1Yjg4MTNmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvq7G6ydPlAKPSQcCjQIdub6dfYBT
UvOgFelsGwrUHJEdsHF0x39yUgbMlt6cR8t2n1MCvj0SlzpbOMGp4UqTDUoCT67m
6gnwKnFTKrjnZfBSQoowEpOhbAfleVlHrTW6MNr6uRdHfLT0ELojRFTEUZdKRe/k
bDIjDiNgOrW9IWQPI9DSvz5WdYnQ9U5sQV8aVwQiLKS/2b1I+rcLIuHM/qeI1YJW
kek24pTfD3m94Ge1FMHDBXHSu7aqwWiwde03N2gpIIpcKkO0JT0D7KGCQznGGJlO
mS0xEP+fqNlnTUD13CswcP16hj2IN4rTJGrPXdJ9PyyBzlxSjOneSM2oqQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFLtggV+EVJLRBgA4+VyceBb1uIE/MB8GA1UdIwQY
MBaAFLC9aONw5+wlvsjgFJeyE42V3G68MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc0wxbzQzRG43Q1cteU9BVWw3SVRqWlhjYnJ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMC9mNGNhMWMtMzVkZC00Y2IxLTg0ZmEt
ODExNWNhZmQzOGNlLzEvdTJDQlg0UlVrdEVHQURqNVhKeDRGdlc0Z1Q4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMC9mNGNhMWMtMzVkZC00Y2IxLTg0ZmEtODExNWNhZmQzOGNl
LzEvc0wxbzQzRG43Q1cteU9BVWw3SVRqWlhjYnJ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAwciNAwQA
wd45MA0GCSqGSIb3DQEBCwUAA4IBAQCPZYrTAyEB0m8oJLXuUdL4bhgzeoQeepFK
G6dQUdY2sCovz10S+YJqRuUD1jbMqZwPVgxUUH/XNb+oHHbAtqhsn+p6V3N3Y2LJ
fTWR5JJJD2naYQUVQSwgYTdGoNS2ysYRnCc34uBB2eSx7nGPkGMTzmLar5MeqDzR
3HF8uTZkLL+6fiTdReyvwrPb4abFNT5+vWmcdon34QmtueTWVNUknqUAA2IH0Oo9
pTLtZEuotZyNSMsrnW5QZ1lqYWJvXsQFA80S27PTpxCmUBdA/DRvFW/FhHfXIjQy
BmAcs8YM08d0XDIvenZQ+BhSFSCRggu9VDt5SK5zgRgwRbDcbJId
-----END CERTIFICATE-----
Generated at Tue Oct 1 09:28:06 2024 by rpki-client on console-ams.rpki-client.org