Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/1-3KM5hzAuXkeE9ttQbr9Jr7IVko.roa
File: 1-3KM5hzAuXkeE9ttQbr9Jr7IVko.roa (raw, json)
Hash identifier: zZ10fFxJ0HAtCLtABLWVepa9eDZY36UhEN9BLrX7vAI=
Subject key identifier: FB:72:8C:E6:1C:C0:B9:79:1E:13:DB:6D:41:BA:FD:26:BE:C8:56:4A
Certificate issuer: /CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Certificate serial: 018404BEF14A0FF9C19DC3396B018513FC42
Authority key identifier: 05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/1-3KM5hzAuXkeE9ttQbr9Jr7IVko.roa
Signing time: Sun 23 Oct 2022 12:08:53 +0000
ROA not before: Sun 23 Oct 2022 12:08:53 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 395800
IP address blocks: 85.92.109.0/24 maxlen: 24
194.5.92.0/24 maxlen: 24
89.191.232.0/24 maxlen: 24
5.44.47.0/24 maxlen: 24
109.236.58.0/24 maxlen: 24
46.16.15.0/24 maxlen: 24
91.107.116.0/24 maxlen: 24
194.31.174.0/24 maxlen: 24
194.31.173.0/24 maxlen: 24
91.107.124.0/23 maxlen: 23
91.107.127.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:04:be:f1:4a:0f:f9:c1:9d:c3:39:6b:01:85:13:fc:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=05b1d13c2e26e12786246a5ec4c5bea69864b20f
Validity
Not Before: Oct 23 12:08:53 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=fb728ce61cc0b9791e13db6d41bafd26bec8564a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:99:64:cd:24:7c:49:9e:43:98:41:f8:c0:b4:
6c:ae:4c:e3:25:34:c7:25:36:fc:22:de:55:b9:6b:
15:69:4b:c6:b0:28:55:94:71:a2:6b:3a:2f:5f:84:
a9:ee:de:fb:77:82:4b:5a:7a:15:9b:20:35:f4:25:
57:8b:fb:f6:14:92:a9:fa:80:2d:12:f6:49:17:f1:
21:af:df:13:25:7a:a0:cb:7f:38:05:c1:5a:29:83:
30:f0:6e:be:88:0d:ad:47:59:97:78:af:03:db:4d:
40:16:f5:77:0a:dd:25:20:f0:cd:88:b5:2c:7d:00:
e8:d6:37:f5:a2:0e:5d:44:ac:fe:6c:9d:ee:25:ed:
2e:18:ab:52:82:76:7f:c5:7d:f5:89:6e:71:ed:70:
f4:d5:be:64:7b:de:3c:75:29:2a:27:79:99:c0:b8:
d9:9f:0b:22:42:00:7b:a9:80:7c:54:74:37:b7:fc:
92:29:e7:67:ac:d1:78:a3:a7:73:55:df:ba:82:13:
7c:ce:86:31:b6:a9:05:5a:ca:85:40:64:5a:23:ae:
c3:44:6f:16:36:55:2c:dc:d9:c5:8c:fc:1b:17:1b:
43:df:70:d7:fa:44:ad:a2:fd:8a:08:5e:47:d2:60:
f2:51:b2:4a:04:2a:8d:cd:d5:2a:fd:72:d2:85:a3:
29:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FB:72:8C:E6:1C:C0:B9:79:1E:13:DB:6D:41:BA:FD:26:BE:C8:56:4A
X509v3 Authority Key Identifier:
keyid:05:B1:D1:3C:2E:26:E1:27:86:24:6A:5E:C4:C5:BE:A6:98:64:B2:0F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BbHRPC4m4SeGJGpexMW-pphksg8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/1-3KM5hzAuXkeE9ttQbr9Jr7IVko.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/c61092-734a-4eef-9d67-4905243bc828/1/BbHRPC4m4SeGJGpexMW-pphksg8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.44.47.0/24
46.16.15.0/24
85.92.109.0/24
89.191.232.0/24
91.107.116.0/24
91.107.124.0/23
91.107.127.0/24
109.236.58.0/24
194.5.92.0/24
194.31.173.0-194.31.174.255
Signature Algorithm: sha256WithRSAEncryption
24:16:20:4e:e1:1a:8d:70:ea:91:57:19:20:ce:b7:32:b0:f8:
48:09:0b:a7:c6:47:96:87:d9:69:67:6a:98:58:52:be:fc:8d:
39:9e:ca:50:bc:fc:a1:56:50:98:6d:b9:3e:36:32:3a:70:81:
bc:55:32:5b:13:3a:1a:2d:b7:c9:be:96:05:25:58:ea:57:df:
2d:bf:d5:fd:6a:b4:85:f0:97:39:b9:6a:cf:37:36:36:78:6e:
7f:b2:4e:0a:57:00:5c:1a:68:22:9c:50:84:84:a4:a7:c0:e1:
9d:3d:53:2d:a1:11:a1:e6:74:2a:3a:04:63:bd:24:3d:46:6c:
ad:0b:56:56:41:c9:38:2e:49:0b:0a:d3:80:75:7e:b9:4b:d5:
2d:e0:49:67:e8:45:95:93:6b:05:60:f3:b3:f5:0a:29:0d:4c:
09:8a:7a:14:ad:86:c9:60:52:b7:db:7e:a9:8a:a4:61:ce:34:
3a:63:52:9b:c2:d5:e9:81:49:a4:48:74:30:4d:2b:70:a9:cd:
44:4e:b9:f5:48:ab:88:76:33:41:17:bd:b6:25:87:ef:b6:84:
37:70:26:94:45:fe:a0:a6:f6:36:99:18:13:80:9a:2b:a2:ee:
48:2d:4b:ca:e3:7f:b6:6f:4a:aa:e8:83:e9:14:20:5f:23:b9:
ad:9c:27:6e
-----BEGIN CERTIFICATE-----
MIIFPDCCBCSgAwIBAgISAYQEvvFKD/nBncM5awGFE/xCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA1YjFkMTNjMmUyNmUxMjc4NjI0NmE1ZWM0YzViZWE2OTg2
NGIyMGYwHhcNMjIxMDIzMTIwODUzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYjcyOGNlNjFjYzBiOTc5MWUxM2RiNmQ0MWJhZmQyNmJlYzg1NjRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmplkzSR8SZ5DmEH4wLRsrkzjJTTH
JTb8It5VuWsVaUvGsChVlHGiazovX4Sp7t77d4JLWnoVmyA19CVXi/v2FJKp+oAt
EvZJF/Ehr98TJXqgy384BcFaKYMw8G6+iA2tR1mXeK8D201AFvV3Ct0lIPDNiLUs
fQDo1jf1og5dRKz+bJ3uJe0uGKtSgnZ/xX31iW5x7XD01b5ke948dSkqJ3mZwLjZ
nwsiQgB7qYB8VHQ3t/ySKednrNF4o6dzVd+6ghN8zoYxtqkFWsqFQGRaI67DRG8W
NlUs3NnFjPwbFxtD33DX+kStov2KCF5H0mDyUbJKBCqNzdUq/XLShaMp9QIDAQAB
o4ICSDCCAkQwHQYDVR0OBBYEFPtyjOYcwLl5HhPbbUG6/Sa+yFZKMB8GA1UdIwQY
MBaAFAWx0TwuJuEnhiRqXsTFvqaYZLIPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQmJIUlBDNG00U2VHSkdwZXhNVy1wcGhrc2c4LmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC9jNjEwOTItNzM0YS00ZWVmLTlkNjct
NDkwNTI0M2JjODI4LzEvMS0zS001aHpBdVhrZUU5dHRRYnI5SnI3SVZrby5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvYTgvYzYxMDkyLTczNGEtNGVlZi05ZDY3LTQ5MDUyNDNiYzgy
OC8xL0JiSFJQQzRtNFNlR0pHcGV4TVctcHBoa3NnOC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBdBggrBgEFBQcBBwEB/wROMEwwSgQCAAEwRAMEAAUsLwME
AC4QDwMEAFVcbQMEAFm/6AMEAFtrdAMEAVtrfAMEAFtrfwMEAG3sOgMEAMIFXDAM
AwQAwh+tAwQAwh+uMA0GCSqGSIb3DQEBCwUAA4IBAQAkFiBO4RqNcOqRVxkgzrcy
sPhICQunxkeWh9lpZ2qYWFK+/I05nspQvPyhVlCYbbk+NjI6cIG8VTJbEzoaLbfJ
vpYFJVjqV98tv9X9arSF8Jc5uWrPNzY2eG5/sk4KVwBcGmginFCEhKSnwOGdPVMt
oRGh5nQqOgRjvSQ9RmytC1ZWQck4LkkLCtOAdX65S9Ut4Eln6EWVk2sFYPOz9Qop
DUwJinoUrYbJYFK3236piqRhzjQ6Y1KbwtXpgUmkSHQwTStwqc1ETrn1SKuIdjNB
F722JYfvtoQ3cCaURf6gpvY2mRgTgJorou5ILUvK43+2b0qq6IPpFCBfI7mtnCdu
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:54 2023 by rpki-client on console-fra.rpki-client.org