Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/ff2a1c-18af-4ba5-a49f-ecad3b714938/1/OcPeP0XzDRGxr4I2WR0Xm8Ayga0.roa
File: OcPeP0XzDRGxr4I2WR0Xm8Ayga0.roa (raw, json)
Hash identifier: gamqavA2Z+/2516B8Fs+2l+O8Wrxti4xhDCwZffqzbc=
Subject key identifier: 39:C3:DE:3F:45:F3:0D:11:B1:AF:82:36:59:1D:17:9B:C0:32:81:AD
Certificate issuer: /CN=4e5ecfec9f54e4ec39c2005ef4e63e70b51faed4
Certificate serial: 018C8BE56ED171FD6C51468B5F3FF5C9887F
Authority key identifier: 4E:5E:CF:EC:9F:54:E4:EC:39:C2:00:5E:F4:E6:3E:70:B5:1F:AE:D4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Tl7P7J9U5Ow5wgBe9OY-cLUfrtQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/ff2a1c-18af-4ba5-a49f-ecad3b714938/1/OcPeP0XzDRGxr4I2WR0Xm8Ayga0.roa
Signing time: Thu 21 Dec 2023 10:21:58 +0000
ROA not before: Thu 21 Dec 2023 10:21:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48960
IP address blocks: 95.173.192.0/21 maxlen: 21
95.173.195.0/24 maxlen: 24
95.173.198.0/24 maxlen: 24
95.173.194.0/24 maxlen: 24
95.173.196.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:8b:e5:6e:d1:71:fd:6c:51:46:8b:5f:3f:f5:c9:88:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4e5ecfec9f54e4ec39c2005ef4e63e70b51faed4
Validity
Not Before: Dec 21 10:21:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=39c3de3f45f30d11b1af8236591d179bc03281ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:84:bd:4b:0f:14:3f:ad:6e:39:25:c5:fd:64:
d9:6d:61:04:47:2d:34:cd:f1:46:ca:5a:d7:de:93:
60:bc:4d:ac:a6:bf:b2:55:68:00:d7:25:e7:29:b8:
e3:25:ff:2d:79:5b:2b:ea:9b:5c:8b:82:d2:2c:92:
89:80:07:b2:cf:3d:bb:80:c2:d5:9b:6c:09:81:fc:
fc:ca:9e:91:e6:44:a3:0f:f4:ce:c1:ef:20:7c:7d:
8b:fb:7e:2f:d3:ce:0b:e5:ed:97:8c:55:d6:00:68:
5b:97:d5:7f:ef:88:cd:9d:a1:5e:dd:fd:b3:26:e4:
ff:44:b6:6c:18:e3:d9:59:2d:96:77:0b:21:ea:72:
02:10:74:b2:2c:3a:fb:54:4d:85:5c:01:01:b7:ed:
f5:b5:25:81:0e:76:4e:02:91:f6:1d:d0:76:ea:5f:
b6:b6:a5:cf:59:f0:71:5c:08:d8:bd:db:fb:08:93:
57:f1:30:1f:34:71:0c:6f:39:f1:ca:c3:57:3d:84:
bc:f8:d3:67:61:ee:f3:b8:1b:d8:b8:bf:42:38:60:
e1:75:34:69:82:de:aa:5a:65:62:4b:a0:76:a8:9b:
60:40:7d:77:ea:64:c6:69:c0:19:3d:76:24:9d:54:
39:d2:2a:d7:4f:70:a7:b3:a7:37:93:f4:e6:99:18:
3f:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:C3:DE:3F:45:F3:0D:11:B1:AF:82:36:59:1D:17:9B:C0:32:81:AD
X509v3 Authority Key Identifier:
keyid:4E:5E:CF:EC:9F:54:E4:EC:39:C2:00:5E:F4:E6:3E:70:B5:1F:AE:D4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Tl7P7J9U5Ow5wgBe9OY-cLUfrtQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/ff2a1c-18af-4ba5-a49f-ecad3b714938/1/OcPeP0XzDRGxr4I2WR0Xm8Ayga0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/ff2a1c-18af-4ba5-a49f-ecad3b714938/1/Tl7P7J9U5Ow5wgBe9OY-cLUfrtQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.173.192.0/21
Signature Algorithm: sha256WithRSAEncryption
65:c6:84:c5:2a:56:07:0d:bd:60:99:5a:4c:01:b5:f2:cf:29:
31:41:11:77:ae:06:1f:13:45:16:b3:b5:60:0e:9a:b4:f2:45:
63:f1:51:9d:f6:5a:37:35:da:c4:31:87:e8:a9:21:2e:96:ee:
45:67:c9:70:05:94:e4:a8:17:70:42:27:c7:2d:0f:da:aa:45:
0f:55:71:36:3e:67:f9:05:21:cb:55:b8:06:3a:2d:37:c9:25:
7e:4a:05:41:11:d1:3e:ef:1c:51:14:c3:60:35:44:51:7f:5d:
1e:30:a2:b0:55:d7:68:ad:59:08:a2:64:42:d6:1f:37:0a:79:
c0:19:01:8f:a7:dd:02:e4:a1:32:d1:60:a2:15:52:94:4c:e5:
97:61:60:99:f7:d7:ae:21:60:3c:3a:e1:a4:31:af:f0:6f:3b:
cf:b2:cd:8a:ad:36:9a:07:ea:5b:0f:b2:b7:59:c9:58:7b:4b:
82:b7:2a:35:13:65:1d:39:03:16:11:fa:0a:2f:5a:b5:9b:03:
78:1e:91:38:90:a3:4c:3d:86:3d:e3:34:12:c1:23:4b:ae:8a:
ec:c7:b0:73:28:1c:2b:cb:b1:7f:74:62:05:1f:75:76:a8:f7:
8f:bf:57:79:a2:93:5c:f8:56:b5:8b:06:e2:f4:5e:a2:a6:9f:
8c:4b:70:92
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYyL5W7Rcf1sUUaLXz/1yYh/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRlNWVjZmVjOWY1NGU0ZWMzOWMyMDA1ZWY0ZTYzZTcwYjUx
ZmFlZDQwHhcNMjMxMjIxMTAyMTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOWMzZGUzZjQ1ZjMwZDExYjFhZjgyMzY1OTFkMTc5YmMwMzI4MWFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhoS9Sw8UP61uOSXF/WTZbWEERy00
zfFGylrX3pNgvE2spr+yVWgA1yXnKbjjJf8teVsr6ptci4LSLJKJgAeyzz27gMLV
m2wJgfz8yp6R5kSjD/TOwe8gfH2L+34v084L5e2XjFXWAGhbl9V/74jNnaFe3f2z
JuT/RLZsGOPZWS2Wdwsh6nICEHSyLDr7VE2FXAEBt+31tSWBDnZOApH2HdB26l+2
tqXPWfBxXAjYvdv7CJNX8TAfNHEMbznxysNXPYS8+NNnYe7zuBvYuL9COGDhdTRp
gt6qWmViS6B2qJtgQH136mTGacAZPXYknVQ50irXT3Cns6c3k/TmmRg/vQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFDnD3j9F8w0Rsa+CNlkdF5vAMoGtMB8GA1UdIwQY
MBaAFE5ez+yfVOTsOcIAXvTmPnC1H67UMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVGw3UDdKOVU1T3c1d2dCZTlPWS1jTFVmcnRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC9mZjJhMWMtMThhZi00YmE1LWE0OWYt
ZWNhZDNiNzE0OTM4LzEvT2NQZVAwWHpEUkd4cjRJMldSMFhtOEF5Z2EwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC9mZjJhMWMtMThhZi00YmE1LWE0OWYtZWNhZDNiNzE0OTM4
LzEvVGw3UDdKOVU1T3c1d2dCZTlPWS1jTFVmcnRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQDX63AMA0G
CSqGSIb3DQEBCwUAA4IBAQBlxoTFKlYHDb1gmVpMAbXyzykxQRF3rgYfE0UWs7Vg
Dpq08kVj8VGd9lo3NdrEMYfoqSEulu5FZ8lwBZTkqBdwQifHLQ/aqkUPVXE2Pmf5
BSHLVbgGOi03ySV+SgVBEdE+7xxRFMNgNURRf10eMKKwVddorVkIomRC1h83CnnA
GQGPp90C5KEy0WCiFVKUTOWXYWCZ99euIWA8OuGkMa/wbzvPss2KrTaaB+pbD7K3
WclYe0uCtyo1E2UdOQMWEfoKL1q1mwN4HpE4kKNMPYY94zQSwSNLrorsx7BzKBwr
y7F/dGIFH3V2qPePv1d5opNc+Fa1iwbi9F6ipp+MS3CS
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:00:59 2024 by rpki-client on console-fra.rpki-client.org