Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/DURAqk4drVOQ3cYciI1BAchtuAw.roa
File: DURAqk4drVOQ3cYciI1BAchtuAw.roa (raw, json)
Hash identifier: yr9u6VKROZqhPppH4OjCDMSdRtPiSM3Kx5yhcbzyFj8=
Subject key identifier: 0D:44:40:AA:4E:1D:AD:53:90:DD:C6:1C:88:8D:41:01:C8:6D:B8:0C
Certificate issuer: /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial: 053F496D
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/DURAqk4drVOQ3cYciI1BAchtuAw.roa
Signing time: Fri 14 Jan 2022 10:26:46 +0000
ROA not before: Fri 14 Jan 2022 10:26:46 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 35913
IP address blocks: 194.110.247.0/24 maxlen: 24
194.113.35.0/24 maxlen: 24
5.181.3.0/24 maxlen: 24
5.181.1.0/24 maxlen: 24
5.181.2.0/24 maxlen: 24
5.181.0.0/24 maxlen: 24
45.66.248.0/23 maxlen: 23
45.143.164.0/24 maxlen: 24
2a09:fb86::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 88033645 (0x53f496d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Validity
Not Before: Jan 14 10:26:46 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=0d4440aa4e1dad5390ddc61c888d4101c86db80c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:e8:ed:e8:fe:09:bf:98:30:cd:40:31:ed:bc:
2d:6d:50:1e:cd:22:06:a5:1b:23:2e:6b:bf:6f:c2:
bd:6c:1b:fc:dc:0e:ac:bd:25:c2:74:13:cf:96:f7:
f8:62:61:a0:0f:ed:87:98:0c:80:94:2a:af:b6:51:
71:b4:23:40:b0:2d:2e:5d:eb:2f:7e:fd:62:e5:f5:
de:0b:2a:e4:09:47:e1:37:a0:52:e2:f4:4d:6a:2f:
70:30:47:68:69:16:38:64:fa:fa:5a:6d:3a:8d:0b:
82:ca:18:53:5a:98:1a:da:ff:f5:49:fc:c3:41:36:
a9:c0:84:63:e1:82:85:56:1e:bb:fe:5f:ac:e3:7b:
af:db:b5:6c:31:9b:51:9d:35:34:6f:69:25:e4:59:
a8:74:3a:0d:04:a2:c5:04:6a:d8:eb:e9:8c:2a:d8:
e0:41:e3:53:cc:35:5c:c9:a1:9a:8d:91:a5:d9:6c:
16:f4:b3:82:f6:9f:e4:9a:af:b3:4d:83:f1:fe:cf:
a0:a1:60:5c:e2:e0:7c:f8:bf:7b:37:0c:2b:55:92:
ae:e8:ee:51:85:20:cc:73:f1:ae:d4:e5:57:98:67:
cf:72:6e:21:5d:4a:0b:25:8a:3f:f4:04:b3:ed:b0:
e8:f5:f9:22:0e:45:6b:0b:a2:c9:ae:a8:dd:98:3b:
d8:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0D:44:40:AA:4E:1D:AD:53:90:DD:C6:1C:88:8D:41:01:C8:6D:B8:0C
X509v3 Authority Key Identifier:
keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/DURAqk4drVOQ3cYciI1BAchtuAw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.181.0.0/22
45.66.248.0/23
45.143.164.0/24
194.110.247.0/24
194.113.35.0/24
IPv6:
2a09:fb86::/32
Signature Algorithm: sha256WithRSAEncryption
1c:cf:9f:76:e3:a7:37:79:7a:a0:74:46:61:b7:28:34:38:1d:
3a:f8:44:21:b8:cf:43:8a:a9:d7:a3:70:15:5e:d1:ba:7b:56:
47:68:5e:f6:af:25:7c:36:45:3a:93:c3:96:5f:16:c6:1b:fb:
e5:b9:9c:7d:15:29:fe:7b:db:a6:a7:f1:76:4e:47:cc:e8:36:
cc:88:b4:6a:d0:80:a2:a5:27:1e:36:50:93:fc:64:6a:f3:02:
b3:30:26:03:d2:3c:16:69:2f:36:85:38:3a:00:45:6e:a0:4f:
4a:87:7a:1b:6b:2c:b5:8a:6c:a2:1b:02:8b:52:f1:07:3c:79:
cf:e8:58:f3:cb:fa:22:3c:7e:6e:6f:f1:54:15:23:71:8e:52:
f1:68:ce:bf:33:4a:32:48:e0:30:ec:0b:38:60:5d:ac:0c:36:
79:a0:a7:d0:e7:de:17:cf:f8:15:19:fa:c0:1e:01:e7:47:2a:
85:ca:bf:39:16:95:90:d2:c9:cf:ef:59:cb:d4:d1:0d:88:cb:
f1:77:c1:4c:53:7a:a8:b6:5d:ce:54:5a:38:e3:98:f2:dc:3e:
a0:5e:01:f3:ea:66:c4:d2:80:22:22:47:90:d5:ce:99:d6:4c:
7b:d3:ed:5c:fa:88:b5:91:57:20:e3:a9:ed:52:51:a6:d0:07:
7f:25:86:90
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIEBT9JbTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZDIwZGRkMzk4ZGFjOGY2MmNjMTI1MjYzMjVmMTgyMWZiNzI0Zjc1MB4XDTIyMDEx
NDEwMjY0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGQ0NDQwYWE0ZTFk
YWQ1MzkwZGRjNjFjODg4ZDQxMDFjODZkYjgwYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALno7ej+Cb+YMM1AMe28LW1QHs0iBqUbIy5rv2/CvWwb/NwO
rL0lwnQTz5b3+GJhoA/th5gMgJQqr7ZRcbQjQLAtLl3rL379YuX13gsq5AlH4Teg
UuL0TWovcDBHaGkWOGT6+lptOo0LgsoYU1qYGtr/9Un8w0E2qcCEY+GChVYeu/5f
rON7r9u1bDGbUZ01NG9pJeRZqHQ6DQSixQRq2OvpjCrY4EHjU8w1XMmhmo2Rpdls
FvSzgvaf5Jqvs02D8f7PoKFgXOLgfPi/ezcMK1WSrujuUYUgzHPxrtTlV5hnz3Ju
IV1KCyWKP/QEs+2w6PX5Ig5Fawuiya6o3Zg72FECAwEAAaOCAjAwggIsMB0GA1Ud
DgQWBBQNRECqTh2tU5DdxhyIjUEByG24DDAfBgNVHSMEGDAWgBRtIN3TmNrI9izB
JSYyXxgh+3JPdTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JTRGQwNWpheVBZc3dTVW1NbDhZSWZ0eVQzVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDEvYTFhODhmLTFkZmYtNGVmZi04MjZiLTM2ZGU2NTcyMzJiZS8x
L0RVUkFxazRkclZPUTNjWWNpSTFCQWNodHVBdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDEv
YTFhODhmLTFkZmYtNGVmZi04MjZiLTM2ZGU2NTcyMzJiZS8xL2JTRGQwNWpheVBZ
c3dTVW1NbDhZSWZ0eVQzVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBG
BggrBgEFBQcBBwEB/wQ3MDUwJAQCAAEwHgMEAgW1AAMEAS1C+AMEAC2PpAMEAMJu
9wMEAMJxIzANBAIAAjAHAwUAKgn7hjANBgkqhkiG9w0BAQsFAAOCAQEAHM+fduOn
N3l6oHRGYbcoNDgdOvhEIbjPQ4qp16NwFV7RuntWR2he9q8lfDZFOpPDll8Wxhv7
5bmcfRUp/nvbpqfxdk5HzOg2zIi0atCAoqUnHjZQk/xkavMCszAmA9I8FmkvNoU4
OgBFbqBPSod6G2sstYpsohsCi1LxBzx5z+hY88v6Ijx+bm/xVBUjcY5S8WjOvzNK
MkjgMOwLOGBdrAw2eaCn0OfeF8/4FRn6wB4B50cqhcq/ORaVkNLJz+9Zy9TRDYjL
8XfBTFN6qLZdzlRaOOOY8tw+oF4B8+pmxNKAIiJHkNXOmdZMe9PtXPqItZFXIOOp
7VJRptAHfyWGkA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:37 2024 by rpki-client on console-fra.rpki-client.org