Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/RvBLuIXqjsXLsG6DzvUWFdq0lxc.roa
File: RvBLuIXqjsXLsG6DzvUWFdq0lxc.roa (raw, json)
Hash identifier: 87NSSrHD0OLO1bN3zVzr9Qf0iAqzEy7P0U8GXZQCUiU=
Subject key identifier: 46:F0:4B:B8:85:EA:8E:C5:CB:B0:6E:83:CE:F5:16:15:DA:B4:97:17
Certificate issuer: /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial: 018AAE30D3DE8697C8731E2C2E49FEC4F314
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/RvBLuIXqjsXLsG6DzvUWFdq0lxc.roa
Signing time: Tue 19 Sep 2023 16:05:50 +0000
ROA not before: Tue 19 Sep 2023 16:05:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 35913
IP address blocks: 194.113.35.0/24 maxlen: 24
5.181.3.0/24 maxlen: 24
5.181.1.0/24 maxlen: 24
5.181.2.0/24 maxlen: 24
5.181.0.0/24 maxlen: 24
2a11:6e40::/32 maxlen: 32
2a09:fb86::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:ae:30:d3:de:86:97:c8:73:1e:2c:2e:49:fe:c4:f3:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Validity
Not Before: Sep 19 16:05:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=46f04bb885ea8ec5cbb06e83cef51615dab49717
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:ac:f6:32:79:59:b7:54:c3:c2:cc:33:be:b1:
a7:81:ff:8e:4a:a7:2f:c3:8f:ff:91:41:31:ac:ec:
d4:c2:aa:fb:df:6e:96:ae:a1:6a:e5:4d:6f:6f:f2:
6b:e1:ee:44:51:f8:64:a3:49:23:41:c7:81:f9:c5:
61:6a:fa:14:d9:e0:fe:d3:d6:3b:16:b1:31:ab:eb:
1c:9e:15:65:87:d8:e4:a3:48:e0:73:d0:6b:05:a8:
90:3d:c2:d5:e1:f8:41:ac:08:6a:06:ae:08:d3:d9:
40:ca:2a:df:62:45:43:6e:14:d4:1f:65:f3:a1:e3:
98:67:49:9b:1d:cb:76:d0:a0:82:35:86:42:18:1f:
71:5e:c2:8d:22:3e:0e:73:bf:c9:e4:42:26:42:73:
bd:f6:66:18:0b:bc:99:e8:d4:57:21:4b:df:17:76:
62:e1:e6:44:d1:09:30:b9:4c:b6:3e:d2:d9:ac:36:
55:3f:28:f6:cf:4e:2d:79:6c:d2:08:da:65:34:bb:
36:5a:e3:a0:5a:dd:b5:e7:f1:21:a8:6c:b6:13:53:
88:f7:17:9d:d2:29:8f:b8:70:08:46:1d:fa:b4:2c:
cd:1c:fe:6a:6b:58:c6:98:ed:02:82:8c:93:a3:99:
00:9b:ea:e7:c4:1f:62:d7:30:94:49:b5:fb:f3:01:
08:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:F0:4B:B8:85:EA:8E:C5:CB:B0:6E:83:CE:F5:16:15:DA:B4:97:17
X509v3 Authority Key Identifier:
keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/RvBLuIXqjsXLsG6DzvUWFdq0lxc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.181.0.0/22
194.113.35.0/24
IPv6:
2a09:fb86::/32
2a11:6e40::/32
Signature Algorithm: sha256WithRSAEncryption
22:67:41:73:1c:5a:06:00:ae:a3:b4:a7:4e:70:95:81:35:af:
de:76:0d:9d:98:8f:18:5c:55:2a:55:d6:82:5c:6f:17:8d:83:
ee:9f:d9:5b:a2:f5:86:91:c3:48:ae:8f:5b:7f:15:26:88:e4:
50:78:02:fe:db:8d:6c:0a:b3:d5:7e:b4:56:05:d9:af:dd:fd:
d9:c4:ad:9b:83:40:39:f2:f0:d2:6c:ec:67:cd:1a:0b:07:72:
06:3a:0e:65:b9:1a:be:15:6a:4e:45:73:9d:02:7a:5f:e6:88:
62:55:7f:cd:f9:d3:d9:a6:be:f5:3e:64:c8:fc:0b:c5:03:ad:
c2:0e:b4:4b:ce:2d:fe:e5:eb:4f:7d:5c:ef:ca:ad:f9:a1:0d:
65:9b:3d:9a:ae:aa:27:0f:6c:3f:29:5f:5d:6c:04:3f:87:a0:
8a:35:de:7a:21:c9:4a:cb:78:04:f4:6b:f7:95:3a:e3:e5:47:
bc:16:07:88:bb:d2:a4:3e:57:de:d3:2f:f3:cc:44:4b:33:7f:
99:43:35:21:40:c5:72:cb:34:06:ca:3a:5d:fb:74:e4:e2:d5:
81:7a:f5:70:4b:6f:f6:9d:6d:56:df:5d:b3:b5:60:73:41:9d:
63:6a:fc:23:4b:15:3a:22:3f:b7:5b:10:09:cf:d8:33:92:29:
6f:dc:af:c5
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYquMNPehpfIcx4sLkn+xPMUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjMwOTE5MTYwNTUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmYwNGJiODg1ZWE4ZWM1Y2JiMDZlODNjZWY1MTYxNWRhYjQ5NzE3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKz2MnlZt1TDwswzvrGngf+OSqcv
w4//kUExrOzUwqr7326WrqFq5U1vb/Jr4e5EUfhko0kjQceB+cVhavoU2eD+09Y7
FrExq+scnhVlh9jko0jgc9BrBaiQPcLV4fhBrAhqBq4I09lAyirfYkVDbhTUH2Xz
oeOYZ0mbHct20KCCNYZCGB9xXsKNIj4Oc7/J5EImQnO99mYYC7yZ6NRXIUvfF3Zi
4eZE0QkwuUy2PtLZrDZVPyj2z04teWzSCNplNLs2WuOgWt215/EhqGy2E1OI9xed
0imPuHAIRh36tCzNHP5qa1jGmO0CgoyTo5kAm+rnxB9i1zCUSbX78wEIgQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFEbwS7iF6o7Fy7Bug871FhXatJcXMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvUnZCTHVJWHFqc1hMc0c2RHp2VVdGZHEwbHhjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQCBbUAAwQA
wnEjMBQEAgACMA4DBQAqCfuGAwUAKhFuQDANBgkqhkiG9w0BAQsFAAOCAQEAImdB
cxxaBgCuo7SnTnCVgTWv3nYNnZiPGFxVKlXWglxvF42D7p/ZW6L1hpHDSK6PW38V
JojkUHgC/tuNbAqz1X60VgXZr9392cStm4NAOfLw0mzsZ80aCwdyBjoOZbkavhVq
TkVznQJ6X+aIYlV/zfnT2aa+9T5kyPwLxQOtwg60S84t/uXrT31c78qt+aENZZs9
mq6qJw9sPylfXWwEP4egijXeeiHJSst4BPRr95U64+VHvBYHiLvSpD5X3tMv88xE
SzN/mUM1IUDFcss0Bso6Xft05OLVgXr1cEtv9p1tVt9ds7Vgc0GdY2r8I0sVOiI/
t1sQCc/YM5Ipb9yvxQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:00 2024 by rpki-client on console-ams.rpki-client.org