Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/72PjvO5A2Z6zyn-EO5vkTZn26fU.roa
File: 72PjvO5A2Z6zyn-EO5vkTZn26fU.roa (raw, json)
Hash identifier: U1ApfnTMJ1CLObN8JdLt1Qr2SOVXHb50XEkjZ2wdebo=
Subject key identifier: EF:63:E3:BC:EE:40:D9:9E:B3:CA:7F:84:3B:9B:E4:4D:99:F6:E9:F5
Certificate issuer: /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial: 018EBDA7983B9BC957BDFBFFCA624D06079F
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/72PjvO5A2Z6zyn-EO5vkTZn26fU.roa
Signing time: Mon 08 Apr 2024 12:21:01 +0000
ROA not before: Mon 08 Apr 2024 12:21:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 62240
IP address blocks: 185.128.43.0/24 maxlen: 24
193.163.17.0/24 maxlen: 24
194.62.18.0/24 maxlen: 24
194.104.143.0/24 maxlen: 24
2a11:b687::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:bd:a7:98:3b:9b:c9:57:bd:fb:ff:ca:62:4d:06:07:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Validity
Not Before: Apr 8 12:21:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ef63e3bcee40d99eb3ca7f843b9be44d99f6e9f5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:6e:2a:35:f2:0c:fd:38:4b:f0:06:0d:00:79:
99:df:21:65:bd:9e:32:01:8e:43:51:37:a5:6c:ae:
c6:6e:f3:3b:4d:32:ad:bc:c8:41:07:e3:bd:77:19:
0d:e3:67:63:e7:99:d1:59:f7:3a:c1:e2:2a:4d:60:
42:35:bb:04:3f:08:f4:a4:00:a0:8e:32:21:e0:47:
d9:d6:97:1e:96:2e:96:69:65:3d:f0:d1:12:d8:42:
66:91:d0:c1:3a:cf:db:37:31:45:72:09:fe:c4:ec:
09:9f:c3:a7:28:4d:42:40:40:68:9a:7f:e5:69:92:
f7:40:59:c9:fc:ba:82:86:10:97:eb:ea:cd:d0:41:
13:9d:a7:1a:51:8e:6c:f6:64:2c:25:3c:5d:fd:60:
9b:60:f8:c4:19:cc:66:7e:19:11:7a:4a:46:93:b0:
bf:fb:69:47:b6:13:58:2e:81:ce:1c:16:fd:24:4f:
64:6a:c2:a4:8f:72:86:69:30:ad:32:75:2e:bf:30:
21:1e:44:63:b9:ee:6c:5f:41:91:0e:0f:88:32:0a:
a9:17:85:c7:46:92:9e:6c:b0:eb:67:74:0c:c4:e6:
f1:88:1b:c1:16:ec:2d:20:69:1d:5b:b3:ec:ff:c1:
71:34:a8:83:75:e4:b3:6b:c1:c7:4a:2f:6d:c9:ce:
86:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:63:E3:BC:EE:40:D9:9E:B3:CA:7F:84:3B:9B:E4:4D:99:F6:E9:F5
X509v3 Authority Key Identifier:
keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/72PjvO5A2Z6zyn-EO5vkTZn26fU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.128.43.0/24
193.163.17.0/24
194.62.18.0/24
194.104.143.0/24
IPv6:
2a11:b687::/32
Signature Algorithm: sha256WithRSAEncryption
3b:8f:6c:ad:e9:bf:32:92:d0:f9:66:b0:bb:ac:90:cc:7f:2c:
23:59:6b:e2:38:28:78:25:de:59:fc:88:4c:b2:ad:eb:f0:f5:
c0:7f:b4:e7:7b:9a:e1:5a:e8:77:fb:d1:e6:13:3c:6a:75:b3:
89:83:9d:6d:6a:e1:ea:f5:82:f5:bb:f0:93:fd:dd:a8:3a:96:
ef:e7:d5:ff:b1:3e:0a:66:87:47:14:ed:de:54:74:d7:6f:1d:
ea:c0:04:1c:80:78:ae:1c:e0:bd:9e:f5:5d:de:35:70:43:c5:
e1:88:e9:9d:e5:f6:70:48:5c:aa:2d:bb:a3:1a:28:cd:4f:9f:
9a:82:06:84:48:eb:b2:a4:96:41:07:ab:46:e2:e0:ab:3b:4d:
29:c9:90:cf:a2:d1:e7:74:7d:3d:ce:96:80:7b:80:29:4f:c2:
bd:76:79:9f:78:91:f7:5f:31:8f:02:12:cb:bf:a4:96:65:3e:
ff:91:c3:2d:c0:0e:be:6a:5e:e3:4b:90:9c:db:56:ec:14:af:
d1:8c:d4:37:9d:f4:79:65:18:06:af:dc:b9:fe:fd:00:50:95:
c4:7b:59:b2:95:da:99:92:80:5e:d6:44:a5:63:aa:d2:09:bc:
d5:f3:56:79:a4:e2:ac:f0:2a:8d:52:23:a3:37:02:1f:d6:34:
92:18:24:0a
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAY69p5g7m8lXvfv/ymJNBgefMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjQwNDA4MTIyMTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZjYzZTNiY2VlNDBkOTllYjNjYTdmODQzYjliZTQ0ZDk5ZjZlOWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA224qNfIM/ThL8AYNAHmZ3yFlvZ4y
AY5DUTelbK7GbvM7TTKtvMhBB+O9dxkN42dj55nRWfc6weIqTWBCNbsEPwj0pACg
jjIh4EfZ1pceli6WaWU98NES2EJmkdDBOs/bNzFFcgn+xOwJn8OnKE1CQEBomn/l
aZL3QFnJ/LqChhCX6+rN0EETnacaUY5s9mQsJTxd/WCbYPjEGcxmfhkRekpGk7C/
+2lHthNYLoHOHBb9JE9kasKkj3KGaTCtMnUuvzAhHkRjue5sX0GRDg+IMgqpF4XH
RpKebLDrZ3QMxObxiBvBFuwtIGkdW7Ps/8FxNKiDdeSza8HHSi9tyc6GYwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFO9j47zuQNmes8p/hDub5E2Z9un1MB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvNzJQanZPNUEyWjZ6eW4tRU81dmtUWm4yNmZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAuYArAwQA
waMRAwQAwj4SAwQAwmiPMA0EAgACMAcDBQAqEbaHMA0GCSqGSIb3DQEBCwUAA4IB
AQA7j2yt6b8yktD5ZrC7rJDMfywjWWviOCh4Jd5Z/IhMsq3r8PXAf7Tne5rhWuh3
+9HmEzxqdbOJg51tauHq9YL1u/CT/d2oOpbv59X/sT4KZodHFO3eVHTXbx3qwAQc
gHiuHOC9nvVd3jVwQ8XhiOmd5fZwSFyqLbujGijNT5+aggaESOuypJZBB6tG4uCr
O00pyZDPotHndH09zpaAe4ApT8K9dnmfeJH3XzGPAhLLv6SWZT7/kcMtwA6+al7j
S5Cc21bsFK/RjNQ3nfR5ZRgGr9y5/v0AUJXEe1myldqZkoBe1kSlY6rSCbzV81Z5
pOKs8CqNUiOjNwIf1jSSGCQK
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:59:31 2024 by rpki-client on console-fra.rpki-client.org