Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/BA8Btb0H_xUg6q02NYdf_llgva4.roa
File: BA8Btb0H_xUg6q02NYdf_llgva4.roa (raw, json)
Hash identifier: ghclfy054a0Es6lAin1lXi0YYQU1lOcu806+HSSMqkw=
Subject key identifier: 04:0F:01:B5:BD:07:FF:15:20:EA:AD:36:35:87:5F:FE:59:60:BD:AE
Certificate issuer: /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial: 0188427CF413ABC9868D358300E5382E6C34
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/BA8Btb0H_xUg6q02NYdf_llgva4.roa
Signing time: Mon 22 May 2023 08:04:25 +0000
ROA not before: Mon 22 May 2023 08:04:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202228
IP address blocks: 94.240.52.0/22 maxlen: 22
94.240.52.0/24 maxlen: 24
94.240.53.0/24 maxlen: 24
94.240.54.0/24 maxlen: 24
94.240.55.0/24 maxlen: 24
94.240.60.0/24 maxlen: 24
94.240.60.0/23 maxlen: 23
94.240.61.0/24 maxlen: 24
91.106.26.0/23 maxlen: 23
91.106.26.0/24 maxlen: 24
91.106.27.0/24 maxlen: 24
94.240.16.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:42:7c:f4:13:ab:c9:86:8d:35:83:00:e5:38:2e:6c:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Validity
Not Before: May 22 08:04:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=040f01b5bd07ff1520eaad3635875ffe5960bdae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:07:6e:c3:0a:06:dc:76:1f:ec:05:ea:de:7e:
43:bb:8b:6d:f3:e4:58:33:98:bf:4a:fb:1d:8a:b1:
1a:f8:37:93:e2:ac:60:bf:d4:f2:5c:d8:65:db:a9:
2d:09:16:15:46:12:3a:d6:13:b9:dc:35:ed:f9:58:
bb:b6:7b:d2:f6:35:d9:26:ae:48:d2:eb:8a:b4:53:
93:fc:6f:ff:8a:d5:9d:66:38:dd:6d:2d:53:c0:7e:
83:73:87:2a:14:87:4d:eb:95:8a:b7:91:9d:82:3b:
ca:a2:f6:1f:39:31:a1:c6:6d:1e:9d:4e:ec:ec:d2:
5a:b9:9c:ec:ba:ca:cb:3d:58:de:f5:75:44:b3:6a:
07:9d:49:c2:40:2b:20:cb:57:11:c8:6c:a1:d2:1f:
62:43:87:3b:19:7a:f1:78:07:a5:fd:ab:58:d1:bc:
1a:2e:64:80:d6:90:97:b8:01:e4:0b:0f:31:ff:f8:
0c:ed:67:29:72:44:e4:32:ca:cc:8d:84:f5:d1:6d:
6f:a5:99:b4:3c:fa:ee:dd:04:7f:21:6d:ab:16:75:
95:f2:38:c3:08:e3:53:e3:a0:3d:d9:c4:d3:e7:b8:
5f:ef:8e:01:94:b8:da:c8:36:bb:96:e0:d2:11:3c:
e1:bf:bc:ca:dd:52:58:4a:fd:2a:75:97:2c:bb:e6:
88:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:0F:01:B5:BD:07:FF:15:20:EA:AD:36:35:87:5F:FE:59:60:BD:AE
X509v3 Authority Key Identifier:
keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/BA8Btb0H_xUg6q02NYdf_llgva4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.106.26.0/23
94.240.16.0/22
94.240.52.0/22
94.240.60.0/23
Signature Algorithm: sha256WithRSAEncryption
4d:c3:13:35:7a:69:4b:15:e1:91:6d:da:8f:80:9e:14:7c:42:
1c:5b:4c:c7:1c:ec:f7:94:61:28:fc:ec:97:4c:39:9e:63:e1:
7f:f4:06:f7:69:38:d0:f0:62:94:f2:23:de:95:d8:12:ec:dc:
59:00:b9:8d:aa:75:c4:f3:0d:4b:de:8d:3a:6f:7b:ff:c3:63:
af:9c:8e:b7:1b:a9:0a:04:56:41:20:7b:7a:45:f2:fd:47:38:
84:43:a5:2c:37:5e:86:9e:e8:7d:bf:94:31:80:ae:ce:2c:a8:
74:c3:3d:c4:6f:ae:04:2c:46:7c:d0:eb:69:70:77:0d:84:ab:
50:41:df:dd:aa:83:b9:cd:43:5e:31:50:f5:1a:d9:d4:76:4d:
4e:91:85:b5:0a:1c:b9:9f:b9:da:3d:bb:49:9f:74:a5:2e:92:
b5:6f:ba:43:f8:7b:a6:6f:c5:8a:53:57:0c:89:8a:af:69:36:
f3:35:90:8a:e4:11:bb:6d:7e:fa:34:2c:ad:65:4a:b8:92:e1:
ae:d3:c6:56:17:99:e5:1a:a8:71:33:46:33:ce:d1:a1:a0:c0:
1a:c3:12:a5:c9:d1:95:b5:54:01:67:ae:aa:0a:20:51:37:5b:
10:47:e5:57:25:74:f2:f7:ff:c0:fd:d4:d6:1d:95:07:60:d5:
0a:e5:1f:3a
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYhCfPQTq8mGjTWDAOU4Lmw0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjMwNTIyMDgwNDI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDBmMDFiNWJkMDdmZjE1MjBlYWFkMzYzNTg3NWZmZTU5NjBiZGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7wduwwoG3HYf7AXq3n5Du4tt8+RY
M5i/SvsdirEa+DeT4qxgv9TyXNhl26ktCRYVRhI61hO53DXt+Vi7tnvS9jXZJq5I
0uuKtFOT/G//itWdZjjdbS1TwH6Dc4cqFIdN65WKt5GdgjvKovYfOTGhxm0enU7s
7NJauZzsusrLPVje9XVEs2oHnUnCQCsgy1cRyGyh0h9iQ4c7GXrxeAel/atY0bwa
LmSA1pCXuAHkCw8x//gM7WcpckTkMsrMjYT10W1vpZm0PPru3QR/IW2rFnWV8jjD
CONT46A92cTT57hf744BlLjayDa7luDSETzhv7zK3VJYSv0qdZcsu+aI5QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFAQPAbW9B/8VIOqtNjWHX/5ZYL2uMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvQkE4QnRiMEhfeFVnNnEwMk5ZZGZfbGxndmE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBW2oaAwQC
XvAQAwQCXvA0AwQBXvA8MA0GCSqGSIb3DQEBCwUAA4IBAQBNwxM1emlLFeGRbdqP
gJ4UfEIcW0zHHOz3lGEo/OyXTDmeY+F/9Ab3aTjQ8GKU8iPeldgS7NxZALmNqnXE
8w1L3o06b3v/w2OvnI63G6kKBFZBIHt6RfL9RziEQ6UsN16Gnuh9v5QxgK7OLKh0
wz3Eb64ELEZ80OtpcHcNhKtQQd/dqoO5zUNeMVD1GtnUdk1OkYW1Chy5n7naPbtJ
n3SlLpK1b7pD+Humb8WKU1cMiYqvaTbzNZCK5BG7bX76NCytZUq4kuGu08ZWF5nl
GqhxM0YzztGhoMAawxKlydGVtVQBZ66qCiBRN1sQR+VXJXTy9//A/dTWHZUHYNUK
5R86
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:18 2024 by rpki-client on console-fra.rpki-client.org