Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/PYzEzA_m6pfRJ7Ny8cUcooJh1uo.roa
File: PYzEzA_m6pfRJ7Ny8cUcooJh1uo.roa (raw, json)
Hash identifier: xwVwc7JxjxxUoHRQmQ8Pczysd6ykky8KrFUoOfalL5I=
Subject key identifier: 3D:8C:C4:CC:0F:E6:EA:97:D1:27:B3:72:F1:C5:1C:A2:82:61:D6:EA
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 018DEFF8AD0B182EDDCBF5034CA1F838DD8D
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/PYzEzA_m6pfRJ7Ny8cUcooJh1uo.roa
Signing time: Wed 28 Feb 2024 13:47:48 +0000
ROA not before: Wed 28 Feb 2024 13:47:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 206509
IP address blocks: 193.108.169.0/24 maxlen: 24
194.164.97.0/24 maxlen: 24
194.164.114.0/24 maxlen: 24
194.164.181.0/24 maxlen: 24
195.200.0.0/19 maxlen: 19
213.254.171.0/24 maxlen: 24
213.254.178.0/24 maxlen: 24
213.254.185.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:ef:f8:ad:0b:18:2e:dd:cb:f5:03:4c:a1:f8:38:dd:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Feb 28 13:47:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3d8cc4cc0fe6ea97d127b372f1c51ca28261d6ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:de:44:af:df:67:44:2a:c9:1d:b6:ca:b4:09:43:
f2:51:e3:58:fd:59:88:c2:f9:a3:70:3f:dc:e5:50:
87:70:34:b2:d0:3d:79:ea:67:95:09:af:27:10:5a:
42:2c:71:36:ca:81:29:f4:4a:5d:65:61:2b:65:d1:
11:03:1f:3f:be:d0:54:8f:f8:d6:e5:4f:d3:2a:1b:
79:63:b0:37:d8:1e:b7:66:34:c2:a9:9e:95:c8:df:
ed:9b:41:cd:18:2f:84:0f:9c:da:f0:a4:f9:5d:35:
38:e8:2c:d0:84:24:be:88:3d:85:3b:65:a2:83:c5:
ea:63:e4:b9:dc:25:b1:e4:c8:ce:c1:2e:7f:4c:4d:
64:56:6f:09:b7:34:3d:9c:a8:5d:51:f9:1e:d2:0e:
dc:77:dd:28:2f:60:91:d9:bb:30:e7:9e:e9:f8:e7:
57:df:ea:7a:e2:5e:7d:21:c4:28:46:f5:b6:79:0d:
5e:1d:41:72:a8:a7:22:79:f9:c6:20:96:56:ba:9c:
3b:33:f0:d4:ac:98:15:90:fb:2c:38:84:af:d5:20:
71:bb:c6:4b:a4:40:43:39:80:d1:ca:fe:7e:56:ca:
ea:2f:98:71:de:6c:d0:3a:77:e8:c8:c0:2f:a9:4a:
b5:6e:0b:93:81:0d:0a:5f:0e:7a:2d:18:44:05:55:
57:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:8C:C4:CC:0F:E6:EA:97:D1:27:B3:72:F1:C5:1C:A2:82:61:D6:EA
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/PYzEzA_m6pfRJ7Ny8cUcooJh1uo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.108.169.0/24
194.164.97.0/24
194.164.114.0/24
194.164.181.0/24
195.200.0.0/19
213.254.171.0/24
213.254.178.0/24
213.254.185.0/24
Signature Algorithm: sha256WithRSAEncryption
48:ac:ad:2b:17:19:67:42:cc:42:f6:51:e1:09:b2:83:58:b8:
cc:ae:68:5f:fd:04:c8:27:88:94:ef:9e:80:7f:d6:15:6a:3e:
77:d0:ff:42:79:b3:d0:89:7c:46:02:3d:00:0c:6a:eb:9e:0e:
5a:9c:70:db:12:65:5d:dd:61:ce:33:65:24:b1:61:ef:1d:ef:
ec:66:f9:f2:dd:f1:36:ba:a0:3d:d3:e8:4f:a1:38:79:ef:94:
bb:a2:c9:93:36:92:64:05:c0:22:35:8a:dd:2e:04:d5:9e:2e:
58:c2:59:6a:13:7a:8a:1a:44:21:b0:4d:3b:72:f0:40:bd:9b:
1e:ae:ca:ac:13:14:89:d7:92:ab:9f:8d:e2:e6:fa:e6:04:86:
f7:b2:fc:ca:6e:79:17:b2:45:9a:a7:da:3e:e3:24:a5:a0:07:
c3:22:fc:b0:d0:db:c3:12:73:15:73:97:f5:f4:79:19:a3:2e:
85:90:17:f0:f2:e7:11:12:e8:b6:8d:ef:8a:8f:50:50:77:fe:
9c:02:83:7e:8c:24:d0:44:1c:bb:d9:a3:6b:a0:1d:c7:be:f2:
c2:1d:ac:9f:d4:3d:72:18:c7:6c:bf:03:69:71:e4:08:45:c3:
e5:84:1d:84:0f:8f:45:9c:f5:54:6e:68:ef:27:c7:0a:1f:f8:
0f:09:08:be
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY3v+K0LGC7dy/UDTKH4ON2NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjQwMjI4MTM0NzQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZDhjYzRjYzBmZTZlYTk3ZDEyN2IzNzJmMWM1MWNhMjgyNjFkNmVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3kSv32dEKskdtsq0CUPyUeNY/VmI
wvmjcD/c5VCHcDSy0D156meVCa8nEFpCLHE2yoEp9EpdZWErZdERAx8/vtBUj/jW
5U/TKht5Y7A32B63ZjTCqZ6VyN/tm0HNGC+ED5za8KT5XTU46CzQhCS+iD2FO2Wi
g8XqY+S53CWx5MjOwS5/TE1kVm8JtzQ9nKhdUfke0g7cd90oL2CR2bsw557p+OdX
3+p64l59IcQoRvW2eQ1eHUFyqKciefnGIJZWupw7M/DUrJgVkPssOISv1SBxu8ZL
pEBDOYDRyv5+VsrqL5hx3mzQOnfoyMAvqUq1bguTgQ0KXw56LRhEBVVXyQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFD2MxMwP5uqX0SezcvHFHKKCYdbqMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvUFl6RXpBX202cGZSSjdOeThjVWNvb0poMXVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAwWypAwQA
wqRhAwQAwqRyAwQAwqS1AwQFw8gAAwQA1f6rAwQA1f6yAwQA1f65MA0GCSqGSIb3
DQEBCwUAA4IBAQBIrK0rFxlnQsxC9lHhCbKDWLjMrmhf/QTIJ4iU756Af9YVaj53
0P9CebPQiXxGAj0ADGrrng5anHDbEmVd3WHOM2UksWHvHe/sZvny3fE2uqA90+hP
oTh575S7osmTNpJkBcAiNYrdLgTVni5YwllqE3qKGkQhsE07cvBAvZsersqsExSJ
15Krn43i5vrmBIb3svzKbnkXskWap9o+4ySloAfDIvyw0NvDEnMVc5f19HkZoy6F
kBfw8ucREui2je+Kj1BQd/6cAoN+jCTQRBy72aNroB3HvvLCHayf1D1yGMdsvwNp
ceQIRcPlhB2ED49FnPVUbmjvJ8cKH/gPCQi+
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:41:33 2025 by rpki-client