Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/3V1qeg4UBTk-617KTa8N4JpK1rA.roa
File: 3V1qeg4UBTk-617KTa8N4JpK1rA.roa (raw, json)
Hash identifier: U0GjH0KU7cgmEUrPpXOmws+wfAb74CaYEZksTqDWir0=
Subject key identifier: DD:5D:6A:7A:0E:14:05:39:3E:EB:5E:CA:4D:AF:0D:E0:9A:4A:D6:B0
Certificate issuer: /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial: 018E3243C392D18A69AD0EA31EC55708BD09
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/3V1qeg4UBTk-617KTa8N4JpK1rA.roa
Signing time: Tue 12 Mar 2024 10:44:45 +0000
ROA not before: Tue 12 Mar 2024 10:44:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 62240
IP address blocks: 176.126.102.0/24 maxlen: 24
185.128.43.0/24 maxlen: 24
185.128.224.0/24 maxlen: 24
193.163.17.0/24 maxlen: 24
193.228.129.0/24 maxlen: 24
194.62.18.0/24 maxlen: 24
194.104.143.0/24 maxlen: 24
2a11:b687::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:32:43:c3:92:d1:8a:69:ad:0e:a3:1e:c5:57:08:bd:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Validity
Not Before: Mar 12 10:44:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=dd5d6a7a0e1405393eeb5eca4daf0de09a4ad6b0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:8d:6e:31:e9:b5:9c:a4:f2:01:11:e5:44:6a:
c2:b5:9f:dd:57:30:4a:65:13:2d:25:d9:6b:5c:89:
d7:ae:41:d8:13:97:72:44:78:40:00:4c:5e:78:fc:
ed:b9:1e:10:55:10:3d:8b:34:bc:05:31:c7:5a:53:
e3:21:07:12:13:58:93:84:76:47:70:0f:01:ef:db:
54:0a:ac:7c:0e:4f:a1:c7:c7:1f:96:d3:15:a2:03:
55:89:78:71:b2:0b:8d:97:dc:11:7d:45:1a:db:e3:
c5:b4:2f:aa:3a:37:82:80:90:fc:56:50:cf:43:30:
8e:09:e7:05:87:65:40:9d:c5:44:26:b4:ce:89:b9:
d0:b0:9f:5b:a2:3b:3e:ed:be:27:2f:09:4e:be:2c:
ac:c4:c0:16:ec:e1:3e:fb:27:d1:39:a8:57:08:a3:
ac:ba:fc:a8:21:d9:37:41:25:97:bd:51:9c:b8:ec:
d1:7f:d9:81:6e:6b:21:b4:8e:f3:21:44:e1:14:52:
45:6d:71:0a:9e:e8:d2:8d:3d:20:30:60:30:ae:cc:
14:42:73:d4:f2:93:16:19:34:91:db:59:74:e1:03:
22:97:5b:b4:85:eb:0f:7e:99:f7:12:b2:10:a6:ab:
e9:6b:86:4d:08:b6:02:c2:fe:ac:a8:a1:35:08:c6:
ae:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:5D:6A:7A:0E:14:05:39:3E:EB:5E:CA:4D:AF:0D:E0:9A:4A:D6:B0
X509v3 Authority Key Identifier:
keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/3V1qeg4UBTk-617KTa8N4JpK1rA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
176.126.102.0/24
185.128.43.0/24
185.128.224.0/24
193.163.17.0/24
193.228.129.0/24
194.62.18.0/24
194.104.143.0/24
IPv6:
2a11:b687::/32
Signature Algorithm: sha256WithRSAEncryption
03:f6:dc:10:01:ff:9b:65:dc:77:c0:a4:b8:5b:08:ce:48:d9:
ab:d0:0d:65:90:f5:b0:70:48:47:4c:c3:20:d1:ba:1a:d1:ed:
dc:6d:b8:a3:3f:a0:d8:a1:fb:28:4a:6b:04:66:61:f6:90:1c:
4e:68:e7:1c:90:8b:d2:3f:32:50:7b:c7:c7:b9:5e:48:94:8e:
b6:24:d0:af:57:fd:81:54:9e:ef:a7:b0:f8:cb:08:f8:0c:81:
22:9a:47:59:4f:41:87:e7:c1:53:d3:5d:4e:1a:ad:88:1e:19:
c4:37:c7:80:bc:cb:95:9c:1c:ef:2e:1f:3f:a3:ec:76:1a:16:
56:9a:69:bd:f1:73:7e:0c:c6:ab:15:6a:15:e0:0b:8c:90:16:
46:ea:34:b7:8f:4a:d3:ec:21:21:21:53:ef:a3:76:c2:0d:f6:
80:4c:c0:aa:2f:83:0c:82:a8:64:7e:47:52:9b:68:7d:3a:d2:
03:77:db:4f:fe:70:4d:46:14:16:23:b4:79:f6:fb:50:2e:90:
12:ba:46:df:cf:05:0b:3c:09:4b:eb:de:08:f6:04:c9:6c:cd:
a8:9f:9e:9c:3e:f4:3c:91:24:5b:64:9b:96:45:a0:da:59:46:
97:01:55:f4:be:3d:64:8d:5b:d8:d3:66:88:e8:a8:64:b5:f8:
90:71:d9:a5
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAY4yQ8OS0YpprQ6jHsVXCL0JMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjQwMzEyMTA0NDQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDVkNmE3YTBlMTQwNTM5M2VlYjVlY2E0ZGFmMGRlMDlhNGFkNmIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzo1uMem1nKTyARHlRGrCtZ/dVzBK
ZRMtJdlrXInXrkHYE5dyRHhAAExeePztuR4QVRA9izS8BTHHWlPjIQcSE1iThHZH
cA8B79tUCqx8Dk+hx8cfltMVogNViXhxsguNl9wRfUUa2+PFtC+qOjeCgJD8VlDP
QzCOCecFh2VAncVEJrTOibnQsJ9bojs+7b4nLwlOviysxMAW7OE++yfROahXCKOs
uvyoIdk3QSWXvVGcuOzRf9mBbmshtI7zIUThFFJFbXEKnujSjT0gMGAwrswUQnPU
8pMWGTSR21l04QMil1u0hesPfpn3ErIQpqvpa4ZNCLYCwv6sqKE1CMau1wIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFN1danoOFAU5Puteyk2vDeCaStawMB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvM1YxcWVnNFVCVGstNjE3S1RhOE40SnBLMXJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQAsH5mAwQA
uYArAwQAuYDgAwQAwaMRAwQAweSBAwQAwj4SAwQAwmiPMA0EAgACMAcDBQAqEbaH
MA0GCSqGSIb3DQEBCwUAA4IBAQAD9twQAf+bZdx3wKS4WwjOSNmr0A1lkPWwcEhH
TMMg0boa0e3cbbijP6DYofsoSmsEZmH2kBxOaOcckIvSPzJQe8fHuV5IlI62JNCv
V/2BVJ7vp7D4ywj4DIEimkdZT0GH58FT011OGq2IHhnEN8eAvMuVnBzvLh8/o+x2
GhZWmmm98XN+DMarFWoV4AuMkBZG6jS3j0rT7CEhIVPvo3bCDfaATMCqL4MMgqhk
fkdSm2h9OtIDd9tP/nBNRhQWI7R59vtQLpASukbfzwULPAlL694I9gTJbM2on56c
PvQ8kSRbZJuWRaDaWUaXAVX0vj1kjVvY02aI6KhktfiQcdml
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:27 2024 by rpki-client on console-ams.rpki-client.org