Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/sbe8sDMTdczleXoWS7idOlYmq6o.roa
File: sbe8sDMTdczleXoWS7idOlYmq6o.roa (raw, json)
Hash identifier: it5Lux8mNIijHKs85IzV4UyXbfjsSNuT9kHb9z/y2Bg=
Subject key identifier: B1:B7:BC:B0:33:13:75:CC:E5:79:7A:16:4B:B8:9D:3A:56:26:AB:AA
Certificate issuer: /CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
Certificate serial: 01856FF03558EE3DB30AD6F21E253A78E0EC
Authority key identifier: AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/sbe8sDMTdczleXoWS7idOlYmq6o.roa
Signing time: Mon 02 Jan 2023 00:44:51 +0000
ROA not before: Mon 02 Jan 2023 00:44:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 28716
IP address blocks: 147.123.84.0/22 maxlen: 22
147.123.80.0/22 maxlen: 22
77.95.136.0/21 maxlen: 24
147.123.88.0/22 maxlen: 24
80.94.116.0/24 maxlen: 24
80.94.112.0/20 maxlen: 24
217.19.144.0/20 maxlen: 24
78.159.216.0/21 maxlen: 24
147.123.96.0/22 maxlen: 22
185.61.12.0/22 maxlen: 24
147.123.92.0/22 maxlen: 22
147.123.100.0/22 maxlen: 22
45.89.180.0/22 maxlen: 24
185.41.212.0/22 maxlen: 22
78.159.192.0/21 maxlen: 24
46.243.32.0/21 maxlen: 24
2001:1bd0::/29 maxlen: 48
2a01:5d20::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:f0:35:58:ee:3d:b3:0a:d6:f2:1e:25:3a:78:e0:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ac7cc334f51d2b6eb4e27d6d56b9bce3e85560cc
Validity
Not Before: Jan 2 00:44:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b1b7bcb0331375cce5797a164bb89d3a5626abaa
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:41:ff:b5:30:90:b6:18:8f:5e:3b:04:e2:75:
59:0a:81:e9:60:ad:aa:fc:61:e0:e2:df:ca:1a:d6:
ea:4d:3a:99:de:84:99:89:c5:3a:1e:9c:b8:10:2d:
7b:56:f2:30:00:88:ea:2a:b6:76:a1:fc:5f:32:31:
ff:1c:e1:f1:0d:8f:77:7e:a3:5f:bf:7c:ce:74:05:
0c:8b:54:c0:15:e5:e2:ca:04:1d:de:20:45:21:f5:
66:c7:b2:a4:f2:10:62:4a:48:57:d2:d9:46:49:8b:
75:30:f3:75:25:dd:de:08:0e:4f:e7:a7:97:32:06:
53:54:aa:8b:1a:12:86:7b:48:2c:83:68:bb:a9:31:
47:68:be:bd:8a:1c:93:33:e1:36:35:ad:46:f9:b4:
63:01:f7:ce:ed:5b:97:4d:72:a0:9c:cb:d3:2d:61:
ef:4a:87:3e:84:0f:ee:4a:94:f6:c4:0b:ea:31:a2:
59:65:da:6c:99:53:ff:cb:63:99:c2:bc:7e:22:db:
40:83:bd:af:2e:75:2e:6a:e0:38:d1:fd:cd:e1:ff:
70:16:d1:7b:23:af:6f:06:88:8a:20:09:1d:0a:69:
3c:26:60:82:cf:34:d9:6e:3f:d4:bc:b1:9e:97:a8:
68:58:db:51:4d:96:3c:b9:7c:02:b0:56:64:66:c5:
88:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:B7:BC:B0:33:13:75:CC:E5:79:7A:16:4B:B8:9D:3A:56:26:AB:AA
X509v3 Authority Key Identifier:
keyid:AC:7C:C3:34:F5:1D:2B:6E:B4:E2:7D:6D:56:B9:BC:E3:E8:55:60:CC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rHzDNPUdK2604n1tVrm84-hVYMw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/sbe8sDMTdczleXoWS7idOlYmq6o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/55/dd55e8-febd-49d0-a5a7-1cf15b2ba7be/1/rHzDNPUdK2604n1tVrm84-hVYMw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.89.180.0/22
46.243.32.0/21
77.95.136.0/21
78.159.192.0/21
78.159.216.0/21
80.94.112.0/20
147.123.80.0-147.123.103.255
185.41.212.0/22
185.61.12.0/22
217.19.144.0/20
IPv6:
2001:1bd0::/29
2a01:5d20::/29
Signature Algorithm: sha256WithRSAEncryption
7a:a5:11:e5:51:e5:4c:c3:2e:43:10:14:d6:c6:e0:5e:88:bf:
49:6a:d6:82:f2:6b:fa:a1:dd:63:dc:b0:73:5c:16:df:45:8a:
19:d2:c1:e0:bb:45:94:66:cf:31:d1:b0:88:0b:a3:67:95:8c:
4a:44:0b:37:b0:a9:20:57:e8:f9:79:e5:e8:6e:ca:85:ad:e8:
cc:55:24:87:0b:91:67:ba:f0:38:75:36:08:4b:91:85:64:e5:
61:af:68:39:65:32:3a:44:34:b3:76:09:40:f3:db:d0:4d:bc:
25:19:e8:27:29:f8:30:b4:16:3d:58:d5:ac:79:38:5e:b1:80:
a8:5b:21:f4:36:1c:bb:a8:06:3e:36:00:6b:52:9f:ae:49:67:
91:70:72:80:3c:c3:6a:d0:3e:f1:ea:08:be:78:a6:63:a5:ca:
b1:a4:1a:08:46:43:c8:4e:5b:39:17:60:80:46:af:73:e8:dd:
60:32:3d:75:14:9f:2a:d8:bd:37:18:43:ba:15:66:00:9b:f5:
98:98:8c:ef:46:01:a2:fb:e8:fc:66:13:7f:34:14:9a:5d:94:
0f:68:ac:fe:ea:1f:b6:9d:fb:c6:ec:00:d5:82:f2:85:d9:e9:
82:2d:16:99:3f:f2:7c:6e:da:47:7b:e1:ed:15:8e:16:dd:25:
99:15:d9:76
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYVv8DVY7j2zCtbyHiU6eODsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFjN2NjMzM0ZjUxZDJiNmViNGUyN2Q2ZDU2YjliY2UzZTg1
NTYwY2MwHhcNMjMwMTAyMDA0NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMWI3YmNiMDMzMTM3NWNjZTU3OTdhMTY0YmI4OWQzYTU2MjZhYmFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjkH/tTCQthiPXjsE4nVZCoHpYK2q
/GHg4t/KGtbqTTqZ3oSZicU6Hpy4EC17VvIwAIjqKrZ2ofxfMjH/HOHxDY93fqNf
v3zOdAUMi1TAFeXiygQd3iBFIfVmx7Kk8hBiSkhX0tlGSYt1MPN1Jd3eCA5P56eX
MgZTVKqLGhKGe0gsg2i7qTFHaL69ihyTM+E2Na1G+bRjAffO7VuXTXKgnMvTLWHv
Soc+hA/uSpT2xAvqMaJZZdpsmVP/y2OZwrx+IttAg72vLnUuauA40f3N4f9wFtF7
I69vBoiKIAkdCmk8JmCCzzTZbj/UvLGel6hoWNtRTZY8uXwCsFZkZsWISwIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFLG3vLAzE3XM5Xl6Fku4nTpWJquqMB8GA1UdIwQY
MBaAFKx8wzT1HStutOJ9bVa5vOPoVWDMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTct
MWNmMTViMmJhN2JlLzEvc2JlOHNETVRkY3psZVhvV1M3aWRPbFltcTZvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81NS9kZDU1ZTgtZmViZC00OWQwLWE1YTctMWNmMTViMmJhN2Jl
LzEvckh6RE5QVWRLMjYwNG4xdFZybTg0LWhWWU13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBKBAIAATBEAwQCLVm0AwQD
LvMgAwQDTV+IAwQDTp/AAwQDTp/YAwQEUF5wMAwDBASTe1ADBAOTe2ADBAK5KdQD
BAK5PQwDBATZE5AwFAQCAAIwDgMFAyABG9ADBQMqAV0gMA0GCSqGSIb3DQEBCwUA
A4IBAQB6pRHlUeVMwy5DEBTWxuBeiL9JataC8mv6od1j3LBzXBbfRYoZ0sHgu0WU
Zs8x0bCIC6NnlYxKRAs3sKkgV+j5eeXobsqFrejMVSSHC5FnuvA4dTYIS5GFZOVh
r2g5ZTI6RDSzdglA89vQTbwlGegnKfgwtBY9WNWseThesYCoWyH0Nhy7qAY+NgBr
Up+uSWeRcHKAPMNq0D7x6gi+eKZjpcqxpBoIRkPITls5F2CARq9z6N1gMj11FJ8q
2L03GEO6FWYAm/WYmIzvRgGi++j8ZhN/NBSaXZQPaKz+6h+2nfvG7ADVgvKF2emC
LRaZP/J8btpHe+HtFY4W3SWZFdl2
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:10:23 2024 by rpki-client on console-ams.rpki-client.org