Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/gki1C-OB3kccp1IkkdVYZ6oaQ00.roa
File: gki1C-OB3kccp1IkkdVYZ6oaQ00.roa (raw, json)
Hash identifier: i+AUrHyAHndaqEjICmqr+6KSfCZWudYFR1LBJ4Y6mOI=
Subject key identifier: 82:48:B5:0B:E3:81:DE:47:1C:A7:52:24:91:D5:58:67:AA:1A:43:4D
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 03B9948D
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/gki1C-OB3kccp1IkkdVYZ6oaQ00.roa
Signing time: Tue 19 Apr 2022 03:19:09 +0000
ROA not before: Tue 19 Apr 2022 03:19:09 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 200019
IP address blocks: 193.124.20.0/23 maxlen: 24
195.133.208.0/23 maxlen: 24
89.39.172.0/23 maxlen: 24
188.240.40.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 62493837 (0x3b9948d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Apr 19 03:19:09 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=8248b50be381de471ca7522491d55867aa1a434d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:43:4c:2d:42:ee:b9:16:11:30:7d:a5:6d:31:
c6:18:8f:c3:d9:cf:12:e6:ce:c7:50:d8:fa:0c:86:
b2:e8:c1:e9:81:57:93:67:de:63:9f:f7:90:21:15:
ee:bd:b7:71:74:b3:75:19:80:4d:ef:5f:84:b5:46:
5b:76:b3:c6:f5:8e:f5:2e:a8:70:cc:65:49:f0:87:
fd:93:6c:8f:44:4b:bb:ca:a6:33:92:ba:26:9c:a6:
7c:c1:9f:85:af:e6:e2:11:0b:00:33:e9:2b:74:26:
16:08:24:1d:fc:34:f7:88:44:a6:a7:d0:89:aa:10:
6e:dd:9c:6b:37:00:d0:88:a5:19:20:18:58:61:92:
09:1a:27:fa:a5:79:d2:35:60:74:3e:5a:c1:28:10:
a8:6f:af:5d:99:56:02:0e:5a:f0:6c:30:9d:5e:4f:
57:20:04:f6:b1:8a:a9:87:5b:6b:04:90:53:c7:96:
a7:fb:94:fb:fd:2f:82:3a:f0:d8:e2:e6:69:51:9e:
7a:f7:8c:01:9a:69:78:59:46:40:a6:fa:c4:7e:32:
16:0b:a7:5c:13:35:b2:c6:c9:a6:16:ac:fe:14:f8:
a0:67:ad:5e:fe:32:17:26:53:49:76:b3:8d:17:93:
19:a5:81:07:c1:25:90:97:c9:80:8c:24:a5:40:d9:
3a:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:48:B5:0B:E3:81:DE:47:1C:A7:52:24:91:D5:58:67:AA:1A:43:4D
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/gki1C-OB3kccp1IkkdVYZ6oaQ00.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.39.172.0/23
188.240.40.0/23
193.124.20.0/23
195.133.208.0/23
Signature Algorithm: sha256WithRSAEncryption
8f:95:36:f6:c2:20:3e:b7:41:10:4c:e8:45:88:91:79:53:3a:
86:a9:43:4b:03:15:f6:b9:c1:a6:a0:bc:bd:7f:bf:1c:1f:6e:
a3:7e:df:85:59:40:77:ae:dc:60:29:b6:38:a8:01:38:26:5d:
c3:03:c0:6d:57:ab:47:69:5d:72:13:e7:2b:ce:c9:f2:ab:f2:
df:89:9c:2b:78:61:2c:b4:e9:7f:d6:5b:1d:8b:e2:2d:27:f4:
73:37:26:33:c7:99:da:c6:4b:f2:ad:db:21:02:17:34:e0:26:
2b:1f:d5:10:7f:96:9b:70:07:e8:4d:d6:5b:77:bb:4b:a4:c1:
1c:ba:1e:fe:71:0d:fb:ca:f8:41:48:3b:df:96:9d:73:bf:74:
da:16:4a:f5:06:a8:99:5b:87:5d:c5:12:5d:a2:cd:ad:86:26:
8a:4c:2b:24:92:a4:9b:08:1d:a9:73:01:63:9c:f0:20:df:fd:
5f:b4:b8:b5:93:36:2b:0d:e6:23:9e:d0:da:b2:c0:98:18:d6:
c9:2f:06:cc:e8:4f:0c:22:b6:30:16:9f:c7:9d:6c:be:16:e5:
27:f3:b6:10:4c:8a:c9:3a:e2:83:2d:d9:4e:ad:3e:f5:9c:35:
24:ed:2b:b3:25:65:e3:30:36:3f:30:64:d6:1c:f1:6a:57:3f:
5c:b9:be:b7
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEA7mUjTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
YTAwZTk4MTk1MzA2MTk3MmM4OTZiZDZkMjc3MzhkMDgzYWFkYjBlMB4XDTIyMDQx
OTAzMTkwOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODI0OGI1MGJlMzgx
ZGU0NzFjYTc1MjI0OTFkNTU4NjdhYTFhNDM0ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM5DTC1C7rkWETB9pW0xxhiPw9nPEubOx1DY+gyGsujB6YFX
k2feY5/3kCEV7r23cXSzdRmATe9fhLVGW3azxvWO9S6ocMxlSfCH/ZNsj0RLu8qm
M5K6JpymfMGfha/m4hELADPpK3QmFggkHfw094hEpqfQiaoQbt2cazcA0IilGSAY
WGGSCRon+qV50jVgdD5awSgQqG+vXZlWAg5a8GwwnV5PVyAE9rGKqYdbawSQU8eW
p/uU+/0vgjrw2OLmaVGeeveMAZppeFlGQKb6xH4yFgunXBM1ssbJphas/hT4oGet
Xv4yFyZTSXazjReTGaWBB8ElkJfJgIwkpUDZOjUCAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBSCSLUL44HeRxynUiSR1VhnqhpDTTAfBgNVHSMEGDAWgBTaAOmBlTBhlyyJ
a9bSdzjQg6rbDjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzJnRHBnWlV3WVpjc2lXdlcwbmM0MElPcTJ3NC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmYvODJhN2Q2LTkyYTktNDIwNC05YWUwLTlhNDhlY2Y5ZTE1ZS8x
L2draTFDLU9CM2tjY3AxSWtrZFZZWjZvYVEwMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmYv
ODJhN2Q2LTkyYTktNDIwNC05YWUwLTlhNDhlY2Y5ZTE1ZS8xLzJnRHBnWlV3WVpj
c2lXdlcwbmM0MElPcTJ3NC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAVknrAMEAbzwKAMEAcF8FAMEAcOF
0DANBgkqhkiG9w0BAQsFAAOCAQEAj5U29sIgPrdBEEzoRYiReVM6hqlDSwMV9rnB
pqC8vX+/HB9uo37fhVlAd67cYCm2OKgBOCZdwwPAbVerR2ldchPnK87J8qvy34mc
K3hhLLTpf9ZbHYviLSf0czcmM8eZ2sZL8q3bIQIXNOAmKx/VEH+Wm3AH6E3WW3e7
S6TBHLoe/nEN+8r4QUg735adc7902hZK9QaomVuHXcUSXaLNrYYmikwrJJKkmwgd
qXMBY5zwIN/9X7S4tZM2Kw3mI57Q2rLAmBjWyS8GzOhPDCK2MBafx51svhblJ/O2
EEyKyTrigy3ZTq0+9Zw1JO0rsyVl4zA2PzBk1hzxalc/XLm+tw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:49 2024 by rpki-client on console-ams.rpki-client.org