Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/q65WELdoEL7rrkmcI6hpGpxOduM.roa
File: q65WELdoEL7rrkmcI6hpGpxOduM.roa (raw, json)
Hash identifier: CwWfKeiUEJaVNAoSJE4LjgPgllD5OBcB0WM/NV2Wwjg=
Subject key identifier: AB:AE:56:10:B7:68:10:BE:EB:AE:49:9C:23:A8:69:1A:9C:4E:76:E3
Certificate issuer: /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial: 018558CC98BF055688ED7BD862267A7962EC
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/q65WELdoEL7rrkmcI6hpGpxOduM.roa
Signing time: Wed 28 Dec 2022 12:54:41 +0000
ROA not before: Wed 28 Dec 2022 12:54:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 47223
IP address blocks: 94.240.52.0/22 maxlen: 22
94.240.63.0/24 maxlen: 24
94.240.62.0/23 maxlen: 23
91.106.30.0/23 maxlen: 23
91.106.26.0/23 maxlen: 23
94.240.23.0/24 maxlen: 24
185.139.16.0/22 maxlen: 22
94.240.32.0/21 maxlen: 21
94.240.40.0/24 maxlen: 24
94.240.42.0/24 maxlen: 24
94.240.44.0/22 maxlen: 22
94.240.46.0/24 maxlen: 24
94.240.48.0/22 maxlen: 22
94.240.48.0/24 maxlen: 24
94.240.48.0/21 maxlen: 21
91.106.24.0/23 maxlen: 23
194.152.46.0/23 maxlen: 23
2a01:6e80::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:58:cc:98:bf:05:56:88:ed:7b:d8:62:26:7a:79:62:ec
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Validity
Not Before: Dec 28 12:54:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=abae5610b76810beebae499c23a8691a9c4e76e3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:41:21:60:a1:ae:4e:a1:58:9e:fc:86:b3:3d:
5f:06:12:1b:68:3f:88:b2:52:20:45:ee:bb:cb:68:
80:19:e2:6d:65:6e:7b:67:c1:f1:96:08:de:85:c9:
09:29:29:f4:d9:bc:b0:5b:4c:4e:93:f7:a2:68:5c:
b3:39:b4:c7:e2:23:8b:eb:ab:e1:0c:6f:c4:5a:25:
da:79:65:ff:2f:94:83:3d:59:6e:99:d5:e0:75:cb:
a5:9e:2f:a9:e0:59:e7:af:05:8a:1d:19:90:c1:3c:
a0:db:a8:80:9d:5d:65:e8:d3:96:0b:32:59:4e:1f:
a3:63:c3:75:d5:1d:15:ca:5f:0a:05:79:d9:0b:a0:
41:85:75:08:2e:66:04:51:c9:71:ec:f6:57:c8:03:
67:18:44:e3:89:3e:a1:9b:97:11:28:31:8c:26:86:
fd:39:63:c7:c4:96:55:06:db:2d:ac:1e:f6:2b:b2:
73:24:d1:2f:48:5d:52:33:17:af:57:b5:bd:e2:ee:
13:c2:e9:fa:a0:95:1f:90:a2:de:df:95:ae:3b:6f:
0e:e2:41:8e:49:ca:a2:bf:ab:c2:17:7d:52:10:d8:
64:52:d6:85:06:66:6e:f2:f6:75:6d:24:68:17:56:
31:94:06:dd:79:50:27:e4:83:ff:84:ff:9c:5b:b8:
b3:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:AE:56:10:B7:68:10:BE:EB:AE:49:9C:23:A8:69:1A:9C:4E:76:E3
X509v3 Authority Key Identifier:
keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/q65WELdoEL7rrkmcI6hpGpxOduM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.106.24.0/22
91.106.30.0/23
94.240.23.0/24
94.240.32.0-94.240.40.255
94.240.42.0/24
94.240.44.0-94.240.55.255
94.240.62.0/23
185.139.16.0/22
194.152.46.0/23
IPv6:
2a01:6e80::/32
Signature Algorithm: sha256WithRSAEncryption
1b:30:ed:65:84:56:1f:f0:68:01:98:ee:4f:a5:c5:54:53:78:
b2:16:9d:66:44:f1:3b:3b:c0:97:58:4b:58:dc:a6:da:59:99:
94:6a:35:3b:cf:83:54:0a:90:72:55:60:45:16:ed:4c:4d:7a:
8f:15:0a:78:c4:ed:31:be:29:de:43:7d:f4:ad:d2:3f:7a:92:
f1:79:b1:72:9e:c4:75:1f:5e:59:07:13:5b:e6:2a:24:f1:cb:
e3:be:69:28:d5:d9:13:b3:12:de:c6:f5:ad:ae:5b:c5:49:b1:
f8:e2:0b:e4:11:33:4b:80:89:5c:de:3d:58:da:82:78:2f:7b:
c9:1c:e7:21:2e:70:d4:2a:3f:16:08:db:c9:c1:11:8f:dd:4a:
d6:91:fc:0b:0b:00:5f:11:a4:cd:fc:64:c0:61:68:0a:45:c3:
28:b0:a1:18:16:98:3e:4d:62:02:f0:6a:f5:97:81:55:52:95:
9a:20:2c:a5:3e:9d:ec:20:d9:39:cc:c9:a3:bd:0d:92:36:06:
c5:d2:88:c1:03:22:8d:b6:cf:f9:2d:16:66:6a:24:03:1d:c9:
9d:a4:d6:0a:1d:d4:13:ad:4c:55:1b:6d:30:69:ab:0f:3b:03:
3b:32:d1:7f:ef:73:75:b6:7b:aa:64:87:0b:97:36:5d:6b:4d:
79:12:a8:d3
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAYVYzJi/BVaI7XvYYiZ6eWLsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjIxMjI4MTI1NDQxWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYmFlNTYxMGI3NjgxMGJlZWJhZTQ5OWMyM2E4NjkxYTljNGU3NmUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlEEhYKGuTqFYnvyGsz1fBhIbaD+I
slIgRe67y2iAGeJtZW57Z8HxlgjehckJKSn02bywW0xOk/eiaFyzObTH4iOL66vh
DG/EWiXaeWX/L5SDPVlumdXgdculni+p4FnnrwWKHRmQwTyg26iAnV1l6NOWCzJZ
Th+jY8N11R0Vyl8KBXnZC6BBhXUILmYEUclx7PZXyANnGETjiT6hm5cRKDGMJob9
OWPHxJZVBtstrB72K7JzJNEvSF1SMxevV7W94u4Twun6oJUfkKLe35WuO28O4kGO
Scqiv6vCF31SENhkUtaFBmZu8vZ1bSRoF1YxlAbdeVAn5IP/hP+cW7izbQIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFKuuVhC3aBC+665JnCOoaRqcTnbjMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvcTY1V0VMZG9FTDdycmttY0k2aHBHcHhPZHVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBMBAIAATBGAwQCW2oYAwQB
W2oeAwQAXvAXMAwDBAVe8CADBABe8CgDBABe8CowDAMEAl7wLAMEA17wMAMEAV7w
PgMEArmLEAMEAcKYLjANBAIAAjAHAwUAKgFugDANBgkqhkiG9w0BAQsFAAOCAQEA
GzDtZYRWH/BoAZjuT6XFVFN4shadZkTxOzvAl1hLWNym2lmZlGo1O8+DVAqQclVg
RRbtTE16jxUKeMTtMb4p3kN99K3SP3qS8Xmxcp7EdR9eWQcTW+YqJPHL475pKNXZ
E7MS3sb1ra5bxUmx+OIL5BEzS4CJXN49WNqCeC97yRznIS5w1Co/FgjbycERj91K
1pH8CwsAXxGkzfxkwGFoCkXDKLChGBaYPk1iAvBq9ZeBVVKVmiAspT6d7CDZOczJ
o70NkjYGxdKIwQMijbbP+S0WZmokAx3JnaTWCh3UE61MVRttMGmrDzsDOzLRf+9z
dbZ7qmSHC5c2XWtNeRKo0w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:18 2024 by rpki-client on console-fra.rpki-client.org