Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/iUmO-oUL6YZlie3CmXMQcuLrW9E.roa
File: iUmO-oUL6YZlie3CmXMQcuLrW9E.roa (raw, json)
Hash identifier: QTA2jihYgrafLZQUYmlJDPNG6gsnBx/D4ZNgUBC/95M=
Subject key identifier: 89:49:8E:FA:85:0B:E9:86:65:89:ED:C2:99:73:10:72:E2:EB:5B:D1
Certificate issuer: /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial: 018CC5003BE29C47F8D37E8A8AB02B2B1F42
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/iUmO-oUL6YZlie3CmXMQcuLrW9E.roa
Signing time: Mon 01 Jan 2024 12:29:36 +0000
ROA not before: Mon 01 Jan 2024 12:29:36 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 35913
IP address blocks: 194.113.35.0/24 maxlen: 24
5.181.3.0/24 maxlen: 24
5.181.1.0/24 maxlen: 24
5.181.2.0/24 maxlen: 24
5.181.0.0/24 maxlen: 24
2a11:6e40::/32 maxlen: 32
2a09:fb86::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:00:3b:e2:9c:47:f8:d3:7e:8a:8a:b0:2b:2b:1f:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Validity
Not Before: Jan 1 12:29:36 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=89498efa850be9866589edc299731072e2eb5bd1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:b9:f2:f4:e3:84:06:ee:32:99:7e:49:01:45:
8d:c6:8d:e1:78:6d:b2:9f:57:41:93:8b:a3:61:f7:
e6:b5:8d:e8:41:49:3c:90:6a:84:33:35:59:65:df:
f5:e6:73:fd:10:90:6a:f8:06:1d:63:32:14:a3:01:
10:f1:33:b0:b0:cd:1e:95:05:74:b6:a1:ec:0f:ec:
89:f4:b8:52:06:d3:06:c2:f1:9f:94:1c:a9:c8:39:
3b:f8:60:ff:ea:86:63:e3:46:62:dc:63:d2:bf:44:
32:ab:c0:53:00:91:1a:e6:e3:7a:e7:62:47:df:8f:
8f:6f:a0:1a:33:aa:fa:98:57:bd:ea:74:c7:48:f3:
c9:a9:fb:0e:74:97:4b:24:c7:b4:2b:1c:7a:eb:33:
16:bd:10:24:f1:a5:6c:f3:91:3d:fd:ae:3a:41:28:
54:71:9b:4b:8c:37:03:42:66:22:ca:ff:e6:fe:50:
d3:69:34:21:91:bd:c4:8b:99:d7:1e:fb:6e:4f:52:
6f:e7:a2:16:51:f2:54:ed:c5:ff:f7:dd:f9:5c:aa:
a0:4d:0b:56:44:5e:43:0d:1f:23:9e:6d:af:b9:1a:
77:6f:2a:24:6e:11:bc:c7:c1:6e:69:c6:dd:1f:37:
c7:47:6a:f7:e4:db:70:60:7d:60:a0:6f:5f:b6:30:
89:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:49:8E:FA:85:0B:E9:86:65:89:ED:C2:99:73:10:72:E2:EB:5B:D1
X509v3 Authority Key Identifier:
keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/iUmO-oUL6YZlie3CmXMQcuLrW9E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.181.0.0/22
194.113.35.0/24
IPv6:
2a09:fb86::/32
2a11:6e40::/32
Signature Algorithm: sha256WithRSAEncryption
45:d0:d8:ec:4b:50:9f:fe:8c:48:ee:83:7d:01:a2:64:68:85:
28:f4:06:21:6f:1e:c8:4d:77:0a:1d:ba:5d:8d:2b:b9:9e:8d:
f1:d4:a7:bd:82:2e:ed:e2:23:a4:5a:10:98:8a:7c:06:24:49:
1c:a4:d1:32:51:44:72:35:34:b8:55:e5:60:86:3d:8e:60:10:
d6:52:0f:6a:af:bf:a8:0d:c7:50:e1:67:78:cd:b0:47:a1:d1:
27:89:8d:d4:9c:63:b9:86:35:b4:cc:9a:3f:45:7f:fc:37:71:
40:08:f5:a1:70:4f:90:d8:f5:b4:1e:ee:da:53:92:0a:7e:ce:
36:c8:d0:8c:13:e5:eb:11:b0:68:82:f7:4b:8f:73:ea:ab:8f:
53:b2:29:ba:e6:03:13:6d:e6:cc:d6:9b:59:34:de:17:e0:1d:
7b:ac:a6:64:15:e7:f5:80:eb:20:28:88:d4:c5:68:de:a4:cd:
6c:30:d3:b1:29:ed:b7:77:e3:2a:b8:a6:fa:b7:ae:5d:58:f9:
ec:29:0d:45:3d:87:76:89:36:da:65:b4:54:4e:62:f3:5a:b6:
37:90:b5:35:61:30:45:81:32:41:e9:9d:12:ee:81:a7:87:10:
68:3f:a2:e4:80:53:49:43:b6:83:01:2e:22:14:34:18:9f:46:
c0:7b:58:2f
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgISAYzFADvinEf4036KirArKx9CMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjQwMTAxMTIyOTM2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTQ5OGVmYTg1MGJlOTg2NjU4OWVkYzI5OTczMTA3MmUyZWI1YmQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh7ny9OOEBu4ymX5JAUWNxo3heG2y
n1dBk4ujYffmtY3oQUk8kGqEMzVZZd/15nP9EJBq+AYdYzIUowEQ8TOwsM0elQV0
tqHsD+yJ9LhSBtMGwvGflBypyDk7+GD/6oZj40Zi3GPSv0Qyq8BTAJEa5uN652JH
34+Pb6AaM6r6mFe96nTHSPPJqfsOdJdLJMe0Kxx66zMWvRAk8aVs85E9/a46QShU
cZtLjDcDQmYiyv/m/lDTaTQhkb3Ei5nXHvtuT1Jv56IWUfJU7cX/9935XKqgTQtW
RF5DDR8jnm2vuRp3byokbhG8x8FuacbdHzfHR2r35NtwYH1goG9ftjCJqQIDAQAB
o4ICJTCCAiEwHQYDVR0OBBYEFIlJjvqFC+mGZYntwplzEHLi61vRMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEvaVVtTy1vVUw2WVpsaWUzQ21YTVFjdUxyVzlFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDsGCCsGAQUFBwEHAQH/BCwwKjASBAIAATAMAwQCBbUAAwQA
wnEjMBQEAgACMA4DBQAqCfuGAwUAKhFuQDANBgkqhkiG9w0BAQsFAAOCAQEARdDY
7EtQn/6MSO6DfQGiZGiFKPQGIW8eyE13Ch26XY0ruZ6N8dSnvYIu7eIjpFoQmIp8
BiRJHKTRMlFEcjU0uFXlYIY9jmAQ1lIPaq+/qA3HUOFneM2wR6HRJ4mN1JxjuYY1
tMyaP0V//DdxQAj1oXBPkNj1tB7u2lOSCn7ONsjQjBPl6xGwaIL3S49z6quPU7Ip
uuYDE23mzNabWTTeF+Ade6ymZBXn9YDrICiI1MVo3qTNbDDTsSntt3fjKrim+reu
XVj57CkNRT2Hdok22mW0VE5i81q2N5C1NWEwRYEyQemdEu6Bp4cQaD+i5IBTSUO2
gwEuIhQ0GJ9GwHtYLw==
-----END CERTIFICATE-----
Generated at Sun Feb 16 22:28:58 2025 by rpki-client