Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/15HE0g8A5uiy620Xtz0C5sld5Oo.roa
File: 15HE0g8A5uiy620Xtz0C5sld5Oo.roa (raw, json)
Hash identifier: JSuI2/NPTQ3vTxjZSyScmLM+MKorOcoRGfMUyHlxjX4=
Subject key identifier: D7:91:C4:D2:0F:00:E6:E8:B2:EB:6D:17:B7:3D:02:E6:C9:5D:E4:EA
Certificate issuer: /CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Certificate serial: 018572E83536050CDF04B5D7A0ECA9DB55C5
Authority key identifier: 46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/15HE0g8A5uiy620Xtz0C5sld5Oo.roa
Signing time: Mon 02 Jan 2023 14:34:58 +0000
ROA not before: Mon 02 Jan 2023 14:34:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 395800
IP address blocks: 185.244.50.0/24 maxlen: 24
193.111.250.0/24 maxlen: 24
185.244.48.0/24 maxlen: 24
193.39.168.0/24 maxlen: 24
193.39.170.0/24 maxlen: 24
194.187.120.0/24 maxlen: 24
91.200.151.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:e8:35:36:05:0c:df:04:b5:d7:a0:ec:a9:db:55:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=465eba5c1a80f86a4589278edd9304b3f5169f83
Validity
Not Before: Jan 2 14:34:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d791c4d20f00e6e8b2eb6d17b73d02e6c95de4ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:f5:eb:db:36:96:f9:46:0b:83:08:7d:d9:83:
fd:34:58:45:a4:0b:60:aa:30:9f:48:13:6f:23:e5:
86:26:c1:84:8a:0b:ba:a4:27:d8:c2:7d:70:c1:34:
7c:d3:25:65:d4:f9:30:e3:fe:5c:a8:b1:52:9a:64:
00:f2:ad:66:55:b8:72:28:21:a2:1d:93:b3:4f:c2:
fd:87:e5:d0:16:f6:07:14:c8:73:4a:36:84:70:0b:
1a:62:75:48:ec:be:76:cd:e1:15:ab:3b:54:5e:9c:
dc:fd:bc:8d:5e:3a:1d:f9:ff:26:6a:6e:b2:db:04:
a5:6a:b3:0a:5b:b4:4a:e7:17:45:58:71:25:b2:65:
2e:59:83:df:29:12:ff:7b:a6:32:bf:07:34:2a:b2:
7b:29:3d:ed:0c:6a:de:72:5d:20:07:0b:b2:3a:38:
fc:a9:f6:12:b6:41:71:d2:9d:b6:b1:84:8b:6f:f6:
95:5c:08:5d:bd:95:ca:b8:bb:87:e3:52:60:e3:f9:
38:2b:24:8e:24:54:e0:05:19:69:fe:e3:03:bd:9f:
0d:4f:5c:8f:63:66:41:80:e6:a1:04:71:93:24:dd:
1c:c2:f0:b6:72:08:95:e6:c3:61:fd:02:5f:9e:80:
28:2b:08:8b:87:09:f6:ef:93:22:be:02:0c:fa:cf:
84:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:91:C4:D2:0F:00:E6:E8:B2:EB:6D:17:B7:3D:02:E6:C9:5D:E4:EA
X509v3 Authority Key Identifier:
keyid:46:5E:BA:5C:1A:80:F8:6A:45:89:27:8E:DD:93:04:B3:F5:16:9F:83
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/15HE0g8A5uiy620Xtz0C5sld5Oo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/92/c12a7b-5caf-4e7c-970d-5c476e3325f5/1/Rl66XBqA-GpFiSeO3ZMEs_UWn4M.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.200.151.0/24
185.244.48.0/24
185.244.50.0/24
193.39.168.0/24
193.39.170.0/24
193.111.250.0/24
194.187.120.0/24
Signature Algorithm: sha256WithRSAEncryption
5d:40:93:0b:11:ed:16:4f:91:92:a6:ab:d0:89:30:4c:7a:3d:
39:c5:1e:50:f4:56:04:b9:23:68:43:e2:5b:5f:44:5a:e3:24:
e6:08:0c:6c:50:4a:19:c9:b5:16:ee:38:69:5e:0b:85:49:f7:
9b:94:b0:96:6f:8b:fe:e6:d0:4d:ae:03:2b:2d:ef:5a:83:e5:
4d:86:44:8a:c0:fd:b8:91:89:2e:d4:8b:2e:bf:59:7a:56:de:
0c:7c:33:79:61:19:13:b1:62:51:9c:5f:27:6d:6e:85:40:d5:
28:80:53:c1:96:54:67:6a:77:31:53:a1:9c:44:b1:64:a6:d2:
3c:b7:ad:b7:e6:db:3e:e8:21:3e:c5:1a:19:22:ca:0e:7c:a9:
d5:2d:fd:90:65:ef:9d:f4:7a:ce:4a:8d:c6:a0:05:da:1d:fb:
00:7b:3b:af:1b:29:7c:66:76:8a:9f:c7:7b:6a:f9:17:4a:fd:
e8:58:17:2d:48:21:2f:58:5a:b8:26:99:9f:72:5e:be:cd:83:
8d:4c:ec:15:37:e7:43:b9:eb:af:25:e9:b0:4f:f8:21:f2:28:
82:38:f5:9c:5c:a3:0d:56:b1:0e:06:e4:50:de:b7:ef:2d:74:
fa:39:af:60:c8:50:f2:60:e6:1d:02:ac:c8:a1:82:c3:d8:76:
3e:6c:80:81
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYVy6DU2BQzfBLXXoOyp21XFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQ2NWViYTVjMWE4MGY4NmE0NTg5Mjc4ZWRkOTMwNGIzZjUx
NjlmODMwHhcNMjMwMTAyMTQzNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzkxYzRkMjBmMDBlNmU4YjJlYjZkMTdiNzNkMDJlNmM5NWRlNGVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fXr2zaW+UYLgwh92YP9NFhFpAtg
qjCfSBNvI+WGJsGEigu6pCfYwn1wwTR80yVl1Pkw4/5cqLFSmmQA8q1mVbhyKCGi
HZOzT8L9h+XQFvYHFMhzSjaEcAsaYnVI7L52zeEVqztUXpzc/byNXjod+f8mam6y
2wSlarMKW7RK5xdFWHElsmUuWYPfKRL/e6Yyvwc0KrJ7KT3tDGrecl0gBwuyOjj8
qfYStkFx0p22sYSLb/aVXAhdvZXKuLuH41Jg4/k4KySOJFTgBRlp/uMDvZ8NT1yP
Y2ZBgOahBHGTJN0cwvC2cgiV5sNh/QJfnoAoKwiLhwn275MivgIM+s+EUQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFNeRxNIPAObosuttF7c9AubJXeTqMB8GA1UdIwQY
MBaAFEZeulwagPhqRYknjt2TBLP1Fp+DMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQt
NWM0NzZlMzMyNWY1LzEvMTVIRTBnOEE1dWl5NjIwWHR6MEM1c2xkNU9vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Mi9jMTJhN2ItNWNhZi00ZTdjLTk3MGQtNWM0NzZlMzMyNWY1
LzEvUmw2NlhCcUEtR3BGaVNlTzNaTUVzX1VXbjRNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAW8iXAwQA
ufQwAwQAufQyAwQAwSeoAwQAwSeqAwQAwW/6AwQAwrt4MA0GCSqGSIb3DQEBCwUA
A4IBAQBdQJMLEe0WT5GSpqvQiTBMej05xR5Q9FYEuSNoQ+JbX0Ra4yTmCAxsUEoZ
ybUW7jhpXguFSfeblLCWb4v+5tBNrgMrLe9ag+VNhkSKwP24kYku1Isuv1l6Vt4M
fDN5YRkTsWJRnF8nbW6FQNUogFPBllRnancxU6GcRLFkptI8t6235ts+6CE+xRoZ
IsoOfKnVLf2QZe+d9HrOSo3GoAXaHfsAezuvGyl8ZnaKn8d7avkXSv3oWBctSCEv
WFq4Jpmfcl6+zYONTOwVN+dDueuvJemwT/gh8iiCOPWcXKMNVrEOBuRQ3rfvLXT6
Oa9gyFDyYOYdAqzIoYLD2HY+bICB
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:03:19 2023 by rpki-client on console-ams.rpki-client.org