Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/csKThNsQr65TyvMM_lHnrEUyWFc.roa
File: csKThNsQr65TyvMM_lHnrEUyWFc.roa (raw, json)
Hash identifier: R4K/21+eZ2nOB41mzs5IoHKjvc1K0Q7znONDohBp7Is=
Subject key identifier: 72:C2:93:84:DB:10:AF:AE:53:CA:F3:0C:FE:51:E7:AC:45:32:58:57
Certificate issuer: /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial: 06211753
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/csKThNsQr65TyvMM_lHnrEUyWFc.roa
Signing time: Wed 20 Apr 2022 13:36:17 +0000
ROA not before: Wed 20 Apr 2022 13:36:17 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 35913
IP address blocks: 194.110.247.0/24 maxlen: 24
194.113.35.0/24 maxlen: 24
5.181.3.0/24 maxlen: 24
5.181.1.0/24 maxlen: 24
5.181.2.0/24 maxlen: 24
5.181.0.0/24 maxlen: 24
45.143.164.0/24 maxlen: 24
2a09:fb86::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 102831955 (0x6211753)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Validity
Not Before: Apr 20 13:36:17 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=72c29384db10afae53caf30cfe51e7ac45325857
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:8c:fe:e3:11:60:bd:7b:46:8e:bc:13:ac:a0:
53:db:c1:4c:47:3c:47:55:b8:bd:b2:27:bd:16:1c:
8c:de:70:3b:4a:16:4e:b3:de:30:19:a7:6e:05:19:
d5:01:dc:be:67:0d:3b:d9:12:f6:a6:7d:6c:56:37:
11:fc:eb:dd:e9:6f:e2:68:4f:81:fe:8d:e0:19:75:
44:87:ae:f0:78:84:af:60:fe:ac:12:75:ad:12:16:
8d:9d:32:ba:08:32:91:36:e2:dc:87:1f:3f:26:e0:
d7:3c:07:a3:0b:e3:2f:30:66:88:e7:15:d6:0c:5d:
c0:5a:e9:f9:28:2f:63:e0:de:22:ae:ea:87:37:66:
8a:4b:93:32:26:dc:52:44:62:86:8c:a2:e3:98:2d:
66:58:3d:7b:f1:a1:5b:9b:f0:50:5a:20:a1:ee:fa:
2a:20:20:a3:91:b3:e9:31:1e:62:73:10:a4:e2:0b:
ef:59:4c:05:60:71:66:d3:e0:3f:69:0b:49:54:93:
59:40:d5:ca:30:09:e0:b1:91:28:f2:44:57:2e:d7:
cf:d6:21:3c:1c:d9:83:23:98:cc:21:71:4f:91:43:
a3:22:a3:10:27:b4:3c:a1:51:93:4a:b1:11:cd:d2:
3c:60:bf:a3:4b:12:07:d8:e7:ac:1f:b7:ce:a6:23:
25:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:C2:93:84:DB:10:AF:AE:53:CA:F3:0C:FE:51:E7:AC:45:32:58:57
X509v3 Authority Key Identifier:
keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/csKThNsQr65TyvMM_lHnrEUyWFc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.181.0.0/22
45.143.164.0/24
194.110.247.0/24
194.113.35.0/24
IPv6:
2a09:fb86::/32
Signature Algorithm: sha256WithRSAEncryption
02:b5:9e:bd:0e:58:a2:08:58:1f:55:04:aa:5b:66:7e:a0:3a:
43:0e:46:bc:cc:a3:ce:ce:b4:d9:8e:6a:2d:78:21:83:d4:98:
60:03:2c:88:a1:f8:7a:9b:22:a2:5c:c8:23:2b:e1:6b:6e:4f:
3b:7b:c1:e1:9a:27:7b:ff:7a:3c:f0:47:22:1f:34:87:77:0a:
e5:a2:c7:16:b7:b2:83:41:24:8c:14:4d:dd:04:d0:98:1f:a2:
28:33:33:c0:7b:46:69:ca:f0:0e:f8:b3:be:4a:1c:8d:87:c0:
b5:be:e4:c2:0c:1c:5d:94:4c:49:83:10:24:7f:6f:be:33:35:
1e:9f:6b:06:d4:4e:dc:d3:7f:f2:b7:ea:dd:38:ae:63:6d:00:
36:14:45:a3:9b:04:14:d5:36:d1:d5:5c:31:27:e8:04:c7:3b:
5b:c0:fe:a2:a6:16:86:5b:ce:b5:b3:54:f4:29:60:9f:b7:45:
2f:8f:9c:ce:3b:a0:d0:89:77:74:a0:fc:a1:d5:01:1b:05:b2:
1c:00:47:d6:48:42:f1:d4:c9:b0:2e:65:e1:3b:7c:c8:2d:8b:
a2:88:f0:32:2c:29:84:bd:3f:39:3a:47:16:20:bd:54:eb:d1:
14:b9:64:a6:42:07:90:5f:68:98:99:e7:60:89:d6:6b:9c:27:
c8:98:88:53
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgIEBiEXUzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
ZDIwZGRkMzk4ZGFjOGY2MmNjMTI1MjYzMjVmMTgyMWZiNzI0Zjc1MB4XDTIyMDQy
MDEzMzYxN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzJjMjkzODRkYjEw
YWZhZTUzY2FmMzBjZmU1MWU3YWM0NTMyNTg1NzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL+M/uMRYL17Ro68E6ygU9vBTEc8R1W4vbInvRYcjN5wO0oW
TrPeMBmnbgUZ1QHcvmcNO9kS9qZ9bFY3Efzr3elv4mhPgf6N4Bl1RIeu8HiEr2D+
rBJ1rRIWjZ0yuggykTbi3IcfPybg1zwHowvjLzBmiOcV1gxdwFrp+SgvY+DeIq7q
hzdmikuTMibcUkRihoyi45gtZlg9e/GhW5vwUFogoe76KiAgo5Gz6TEeYnMQpOIL
71lMBWBxZtPgP2kLSVSTWUDVyjAJ4LGRKPJEVy7Xz9YhPBzZgyOYzCFxT5FDoyKj
ECe0PKFRk0qxEc3SPGC/o0sSB9jnrB+3zqYjJakCAwEAAaOCAiowggImMB0GA1Ud
DgQWBBRywpOE2xCvrlPK8wz+UeesRTJYVzAfBgNVHSMEGDAWgBRtIN3TmNrI9izB
JSYyXxgh+3JPdTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2JTRGQwNWpheVBZc3dTVW1NbDhZSWZ0eVQzVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDEvYTFhODhmLTFkZmYtNGVmZi04MjZiLTM2ZGU2NTcyMzJiZS8x
L2NzS1RoTnNRcjY1VHl2TU1fbEhuckVVeVdGYy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDEv
YTFhODhmLTFkZmYtNGVmZi04MjZiLTM2ZGU2NTcyMzJiZS8xL2JTRGQwNWpheVBZ
c3dTVW1NbDhZSWZ0eVQzVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBA
BggrBgEFBQcBBwEB/wQxMC8wHgQCAAEwGAMEAgW1AAMEAC2PpAMEAMJu9wMEAMJx
IzANBAIAAjAHAwUAKgn7hjANBgkqhkiG9w0BAQsFAAOCAQEAArWevQ5YoghYH1UE
qltmfqA6Qw5GvMyjzs602Y5qLXghg9SYYAMsiKH4epsiolzIIyvha25PO3vB4Zon
e/96PPBHIh80h3cK5aLHFreyg0EkjBRN3QTQmB+iKDMzwHtGacrwDvizvkocjYfA
tb7kwgwcXZRMSYMQJH9vvjM1Hp9rBtRO3NN/8rfq3TiuY20ANhRFo5sEFNU20dVc
MSfoBMc7W8D+oqYWhlvOtbNU9Clgn7dFL4+czjug0Il3dKD8odUBGwWyHABH1khC
8dTJsC5l4Tt8yC2LoojwMiwphL0/OTpHFiC9VOvRFLlkpkIHkF9omJnnYInWa5wn
yJiIUw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:37 2024 by rpki-client on console-fra.rpki-client.org