Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/k-3g_9R3mXsl4nTorpM2ZFWCp14.roa
File: k-3g_9R3mXsl4nTorpM2ZFWCp14.roa (raw, json)
Hash identifier: OwH5/8aYrQTgtvDBhBVdmQmdKgzwBqHHhm8+WZuLMhY=
Subject key identifier: 93:ED:E0:FF:D4:77:99:7B:25:E2:74:E8:AE:93:36:64:55:82:A7:5E
Certificate issuer: /CN=dbcc2bbaf3e0d4342a014f8b70f873cee9a8cac5
Certificate serial: 018CC870A57D55156A7D908CF368AFC468C6
Authority key identifier: DB:CC:2B:BA:F3:E0:D4:34:2A:01:4F:8B:70:F8:73:CE:E9:A8:CA:C5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/28wruvPg1DQqAU-LcPhzzumoysU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/k-3g_9R3mXsl4nTorpM2ZFWCp14.roa
Signing time: Tue 02 Jan 2024 04:31:14 +0000
ROA not before: Tue 02 Jan 2024 04:31:14 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 28788
IP address blocks: 62.133.192.0/18 maxlen: 18
193.16.234.0/24 maxlen: 24
2001:4128::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:70:a5:7d:55:15:6a:7d:90:8c:f3:68:af:c4:68:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dbcc2bbaf3e0d4342a014f8b70f873cee9a8cac5
Validity
Not Before: Jan 2 04:31:14 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=93ede0ffd477997b25e274e8ae9336645582a75e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:34:39:96:61:70:41:08:dd:02:60:1b:6d:2d:
1c:c7:22:71:e4:1c:30:e7:b4:b0:a6:07:4b:7a:65:
84:bd:20:58:9a:28:eb:f4:b8:b6:0f:96:59:c2:55:
92:36:ea:c3:a8:aa:55:ff:4f:73:8d:58:7e:3f:65:
f2:04:6a:73:a0:f6:3d:31:62:92:57:67:aa:92:ca:
ec:1e:aa:84:80:a5:58:2d:1f:ff:f6:ac:a7:0e:43:
ae:36:7d:eb:8f:91:ce:c1:57:ad:36:5d:e4:45:dd:
55:4d:52:7a:d8:80:a0:0e:8f:bd:f7:5e:71:29:67:
23:cf:ed:47:41:f3:32:a0:b0:da:3a:3d:c7:43:9c:
10:12:ad:f3:87:3e:0d:ff:20:52:36:30:b9:ee:4a:
41:ab:d7:7d:32:71:9b:a0:da:ef:78:29:a1:5b:5d:
5e:1d:10:40:7f:1a:d8:b4:f4:6e:4c:13:7c:55:fc:
9f:11:72:1f:ff:da:14:e2:1b:59:36:6e:19:08:08:
1e:fe:99:6f:1a:7f:a5:dd:b7:4e:c6:4b:d4:9b:ba:
9f:c4:2a:5d:eb:9b:10:81:f6:e5:73:2f:df:d2:5f:
be:9c:7d:cc:20:c1:15:dd:b4:87:90:24:61:61:f1:
e0:27:7f:57:7f:e2:6a:c7:f4:d7:e5:2a:3c:eb:6f:
6c:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:ED:E0:FF:D4:77:99:7B:25:E2:74:E8:AE:93:36:64:55:82:A7:5E
X509v3 Authority Key Identifier:
keyid:DB:CC:2B:BA:F3:E0:D4:34:2A:01:4F:8B:70:F8:73:CE:E9:A8:CA:C5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/28wruvPg1DQqAU-LcPhzzumoysU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/k-3g_9R3mXsl4nTorpM2ZFWCp14.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f8/414ef4-4c1f-4256-88c9-f4d5e84ac1dd/1/28wruvPg1DQqAU-LcPhzzumoysU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.133.192.0/18
193.16.234.0/24
IPv6:
2001:4128::/32
Signature Algorithm: sha256WithRSAEncryption
2d:aa:9d:ea:9a:01:29:93:06:5c:86:c4:92:0b:c8:96:83:20:
c0:03:74:5d:55:28:77:67:77:a7:b2:0c:be:b4:58:ad:eb:f3:
52:12:e1:7f:4c:8e:ce:b9:6e:41:a1:e3:be:5b:f3:e3:07:c9:
bf:a7:85:f9:d5:b8:8c:8d:5a:1a:c6:16:02:04:67:a8:63:5b:
db:25:31:bf:bd:eb:2d:b5:21:e1:66:eb:d9:7c:91:83:7a:91:
59:63:41:59:26:5e:0b:b1:a2:aa:f8:80:55:79:1b:de:d0:ca:
61:85:73:96:4e:9c:9c:62:25:ba:5d:65:51:2f:0a:9c:e3:65:
65:d9:97:11:23:4e:15:d4:79:21:97:05:41:7a:7b:1e:e7:b0:
1e:5d:e7:1d:27:9d:99:d6:8b:a3:49:96:eb:e1:3c:72:a4:87:
24:9b:ca:a9:a4:d0:de:ab:ed:3c:07:ae:55:65:c8:f1:00:1c:
05:45:15:c0:f1:f5:08:ae:a9:e9:a0:80:0c:6a:4f:7e:5f:bd:
ed:c7:27:ad:de:ce:43:e4:16:95:f8:75:14:cd:22:bd:36:40:
5b:0e:fd:b2:68:12:92:e6:37:f3:68:b9:d4:6d:2b:d9:cd:fe:
7e:5e:55:16:11:e1:e4:b3:f2:0a:52:4c:a7:3e:22:ac:97:50:
44:99:4e:31
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYzIcKV9VRVqfZCM82ivxGjGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiY2MyYmJhZjNlMGQ0MzQyYTAxNGY4YjcwZjg3M2NlZTlh
OGNhYzUwHhcNMjQwMTAyMDQzMTE0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5M2VkZTBmZmQ0Nzc5OTdiMjVlMjc0ZThhZTkzMzY2NDU1ODJhNzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgDQ5lmFwQQjdAmAbbS0cxyJx5Bww
57SwpgdLemWEvSBYmijr9Li2D5ZZwlWSNurDqKpV/09zjVh+P2XyBGpzoPY9MWKS
V2eqksrsHqqEgKVYLR//9qynDkOuNn3rj5HOwVetNl3kRd1VTVJ62ICgDo+9915x
KWcjz+1HQfMyoLDaOj3HQ5wQEq3zhz4N/yBSNjC57kpBq9d9MnGboNrveCmhW11e
HRBAfxrYtPRuTBN8VfyfEXIf/9oU4htZNm4ZCAge/plvGn+l3bdOxkvUm7qfxCpd
65sQgfblcy/f0l++nH3MIMEV3bSHkCRhYfHgJ39Xf+Jqx/TX5So8629sXwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJPt4P/Ud5l7JeJ06K6TNmRVgqdeMB8GA1UdIwQY
MBaAFNvMK7rz4NQ0KgFPi3D4c87pqMrFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjh3cnV2UGcxRFFxQVUtTGNQaHp6dW1veXNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mOC80MTRlZjQtNGMxZi00MjU2LTg4Yzkt
ZjRkNWU4NGFjMWRkLzEvay0zZ185UjNtWHNsNG5Ub3JwTTJaRldDcDE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mOC80MTRlZjQtNGMxZi00MjU2LTg4YzktZjRkNWU4NGFjMWRk
LzEvMjh3cnV2UGcxRFFxQVUtTGNQaHp6dW1veXNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzASBAIAATAMAwQGPoXAAwQA
wRDqMA0EAgACMAcDBQAgAUEoMA0GCSqGSIb3DQEBCwUAA4IBAQAtqp3qmgEpkwZc
hsSSC8iWgyDAA3RdVSh3Z3ensgy+tFit6/NSEuF/TI7OuW5BoeO+W/PjB8m/p4X5
1biMjVoaxhYCBGeoY1vbJTG/vesttSHhZuvZfJGDepFZY0FZJl4LsaKq+IBVeRve
0MphhXOWTpycYiW6XWVRLwqc42Vl2ZcRI04V1HkhlwVBense57AeXecdJ52Z1ouj
SZbr4TxypIckm8qppNDeq+08B65VZcjxABwFRRXA8fUIrqnpoIAMak9+X73txyet
3s5D5BaV+HUUzSK9NkBbDv2yaBKS5jfzaLnUbSvZzf5+XlUWEeHks/IKUkynPiKs
l1BEmU4x
-----END CERTIFICATE-----
Generated at Tue Oct 8 17:14:56 2024 by rpki-client on console-fra.rpki-client.org