Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/Z2H3fwqj39roRgrHuixmUk8g9fs.roa
File: Z2H3fwqj39roRgrHuixmUk8g9fs.roa (raw, json)
Hash identifier: FyfjufIeyXr5ikgKlWrLjN5p9kNLhcdK2RyM64OU7TY=
Subject key identifier: 67:61:F7:7F:0A:A3:DF:DA:E8:46:0A:C7:BA:2C:66:52:4F:20:F5:FB
Certificate issuer: /CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Certificate serial: 018D13D7ED4C621C1716BAEBC95A67E4B8D1
Authority key identifier: C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/Z2H3fwqj39roRgrHuixmUk8g9fs.roa
Signing time: Tue 16 Jan 2024 19:55:34 +0000
ROA not before: Tue 16 Jan 2024 19:55:34 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 58061
IP address blocks: 62.233.45.0/24 maxlen: 24
146.19.108.0/24 maxlen: 24
195.96.159.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:13:d7:ed:4c:62:1c:17:16:ba:eb:c9:5a:67:e4:b8:d1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c38280c5300b74888ac7eb4bfa6417d9a2e7b0be
Validity
Not Before: Jan 16 19:55:34 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6761f77f0aa3dfdae8460ac7ba2c66524f20f5fb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:0c:e1:1d:a1:ba:48:ce:1c:bc:f7:8c:aa:e0:
d8:41:42:5f:fa:bb:9e:18:82:4e:21:bb:8c:9a:85:
8d:51:a1:29:0e:d3:6d:05:e4:b8:4b:6a:75:ac:7d:
d3:9c:5b:08:26:5c:2d:9b:ef:c7:86:0a:8e:4a:83:
4e:68:fb:74:43:c4:4c:22:d6:0c:e5:72:74:fc:49:
81:c2:be:e0:15:ca:22:2e:4e:86:94:5f:7f:39:ab:
44:f5:7b:70:85:8b:3f:cc:33:0e:85:d0:d1:99:43:
55:74:44:08:18:a7:27:4a:15:7a:24:a6:8d:3d:da:
ca:1f:88:60:5b:86:37:24:f0:a2:c2:c8:46:2e:3b:
f4:48:6e:b5:84:4d:14:3d:d0:24:92:e0:a1:8f:7c:
b6:a4:7e:78:7d:68:a9:46:68:7f:9e:db:2d:ef:24:
7c:e0:a0:b9:58:0a:18:53:b4:71:23:87:d3:96:1d:
c9:dc:46:65:9f:d3:0b:ac:9e:a0:b8:9e:33:db:77:
01:2d:cb:67:36:d7:4f:fe:21:e0:b2:5f:8e:ba:b9:
2e:52:0b:f0:ed:7c:dd:d7:c1:7e:02:5e:b7:f8:2b:
bb:5a:79:55:88:f0:c0:da:4b:aa:aa:0a:b9:52:82:
8d:2c:ff:ec:e7:cc:fa:b8:63:87:59:c5:0f:64:9b:
71:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:61:F7:7F:0A:A3:DF:DA:E8:46:0A:C7:BA:2C:66:52:4F:20:F5:FB
X509v3 Authority Key Identifier:
keyid:C3:82:80:C5:30:0B:74:88:8A:C7:EB:4B:FA:64:17:D9:A2:E7:B0:BE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/w4KAxTALdIiKx-tL-mQX2aLnsL4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/Z2H3fwqj39roRgrHuixmUk8g9fs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f3/897449-e9cf-4a79-89cf-41bb21ac2801/1/w4KAxTALdIiKx-tL-mQX2aLnsL4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.233.45.0/24
146.19.108.0/24
195.96.159.0/24
Signature Algorithm: sha256WithRSAEncryption
02:02:64:10:f1:36:e2:d5:74:81:75:c3:ea:53:27:64:25:01:
c1:3c:96:3b:79:05:15:e0:7b:53:47:e8:08:95:4f:45:f6:8c:
7d:57:f8:c2:6e:f0:4d:69:d1:c3:76:7b:87:a1:37:f2:cc:19:
cf:57:61:42:5b:63:c2:10:56:6f:5c:52:88:ab:f5:ab:6d:f9:
67:36:3a:28:25:be:c6:89:b3:85:bd:c8:6f:e7:da:02:0f:20:
3d:19:0f:24:5d:b9:a9:4d:68:6c:17:30:a4:e8:b0:5c:6e:d9:
aa:46:70:bd:a9:49:e4:c7:42:57:c4:ac:c5:db:94:2b:59:20:
1b:d4:99:49:66:77:90:a9:c8:f8:2d:af:5d:d3:de:f3:50:3a:
18:a2:5b:74:ba:9c:3b:c4:2b:64:77:83:db:56:fd:93:0c:50:
e2:54:36:3a:69:a5:0e:07:b3:87:56:66:89:58:6c:db:f0:27:
ea:4d:86:23:ce:1e:e3:10:5a:7a:1e:7a:50:28:d1:08:a9:a6:
f9:56:02:2d:f1:d0:e2:2a:ca:4e:de:a6:21:56:61:6d:94:7a:
a3:da:0b:cb:59:ea:51:4e:13:ef:5b:95:eb:f8:7e:6a:d9:e5:
d3:85:98:ae:1a:28:72:30:c4:6f:29:3a:1d:1f:bd:7f:b2:00:
98:09:28:92
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAY0T1+1MYhwXFrrryVpn5LjRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGMzODI4MGM1MzAwYjc0ODg4YWM3ZWI0YmZhNjQxN2Q5YTJl
N2IwYmUwHhcNMjQwMTE2MTk1NTM0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NzYxZjc3ZjBhYTNkZmRhZTg0NjBhYzdiYTJjNjY1MjRmMjBmNWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgwzhHaG6SM4cvPeMquDYQUJf+rue
GIJOIbuMmoWNUaEpDtNtBeS4S2p1rH3TnFsIJlwtm+/HhgqOSoNOaPt0Q8RMItYM
5XJ0/EmBwr7gFcoiLk6GlF9/OatE9XtwhYs/zDMOhdDRmUNVdEQIGKcnShV6JKaN
PdrKH4hgW4Y3JPCiwshGLjv0SG61hE0UPdAkkuChj3y2pH54fWipRmh/ntst7yR8
4KC5WAoYU7RxI4fTlh3J3EZln9MLrJ6guJ4z23cBLctnNtdP/iHgsl+OurkuUgvw
7Xzd18F+Al63+Cu7WnlViPDA2kuqqgq5UoKNLP/s58z6uGOHWcUPZJtxtwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFGdh938Ko9/a6EYKx7osZlJPIPX7MB8GA1UdIwQY
MBaAFMOCgMUwC3SIisfrS/pkF9mi57C+MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2Yt
NDFiYjIxYWMyODAxLzEvWjJIM2Z3cWozOXJvUmdySHVpeG1VazhnOWZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMy84OTc0NDktZTljZi00YTc5LTg5Y2YtNDFiYjIxYWMyODAx
LzEvdzRLQXhUQUxkSWlLeC10TC1tUVgyYUxuc0w0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAPuktAwQA
khNsAwQAw2CfMA0GCSqGSIb3DQEBCwUAA4IBAQACAmQQ8Tbi1XSBdcPqUydkJQHB
PJY7eQUV4HtTR+gIlU9F9ox9V/jCbvBNadHDdnuHoTfyzBnPV2FCW2PCEFZvXFKI
q/WrbflnNjooJb7GibOFvchv59oCDyA9GQ8kXbmpTWhsFzCk6LBcbtmqRnC9qUnk
x0JXxKzF25QrWSAb1JlJZneQqcj4La9d097zUDoYolt0upw7xCtkd4PbVv2TDFDi
VDY6aaUOB7OHVmaJWGzb8CfqTYYjzh7jEFp6HnpQKNEIqab5VgIt8dDiKspO3qYh
VmFtlHqj2gvLWepRThPvW5Xr+H5q2eXThZiuGihyMMRvKTodH71/sgCYCSiS
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:27 2024 by rpki-client on console-ams.rpki-client.org