Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/kR-dM48KtzjuIhBr1-MsyWf-cK0.roa
File: kR-dM48KtzjuIhBr1-MsyWf-cK0.roa (raw, json)
Hash identifier: hbObVV4gUbC10Kb3zb13LpbSHGbLTWsqDful/LbaV6A=
Subject key identifier: 91:1F:9D:33:8F:0A:B7:38:EE:22:10:6B:D7:E3:2C:C9:67:FE:70:AD
Certificate issuer: /CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Certificate serial: 018CC5003B25DD3A412EB7E901D7D5199A2B
Authority key identifier: 6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/kR-dM48KtzjuIhBr1-MsyWf-cK0.roa
Signing time: Mon 01 Jan 2024 12:29:35 +0000
ROA not before: Mon 01 Jan 2024 12:29:35 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 26042
IP address blocks: 194.110.246.0/24 maxlen: 24
194.113.34.0/24 maxlen: 24
194.113.35.0/24 maxlen: 24
192.144.12.0/22 maxlen: 24
45.143.164.0/24 maxlen: 24
45.143.165.0/24 maxlen: 24
2a11:2a47::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:00:3b:25:dd:3a:41:2e:b7:e9:01:d7:d5:19:9a:2b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d20ddd398dac8f62cc12526325f1821fb724f75
Validity
Not Before: Jan 1 12:29:35 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=911f9d338f0ab738ee22106bd7e32cc967fe70ad
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:e9:03:bf:cf:08:16:b7:2b:8a:c7:43:10:d6:
d3:75:a7:ee:b2:9b:8a:4a:f5:a2:91:85:7f:b5:9d:
d8:c6:da:5f:dc:a3:30:6e:9b:c5:50:64:29:a0:f7:
de:45:5d:1a:b8:cc:c7:68:b5:ef:86:d6:f3:f7:e5:
b6:79:6e:54:6d:b7:4a:53:24:02:e7:15:f1:78:13:
ac:d7:64:c5:96:1f:b9:c3:6d:bc:14:9f:3e:4f:70:
0f:e6:59:ac:dc:4f:7d:ce:75:d2:0c:33:1c:45:f9:
7a:c5:00:32:4d:b7:f5:66:a8:cc:c9:90:44:d8:3b:
9e:b0:ef:4f:8a:3a:90:49:af:11:83:a3:b2:e5:80:
04:a1:58:6b:a8:43:b0:08:78:30:f9:32:f1:49:ee:
26:25:78:fd:24:b7:bf:a4:19:72:0f:e6:97:b6:24:
30:70:3c:fc:80:5b:06:a4:c0:5f:68:f6:11:e1:3a:
70:f9:0f:45:f0:26:68:9c:e4:c8:9e:11:b8:24:b8:
4d:eb:6b:14:ab:c7:46:77:ea:93:32:e1:71:7d:77:
aa:3c:90:ff:bb:95:7b:03:35:1c:c2:c1:7f:29:bf:
e4:27:cb:f3:d2:49:e3:0e:2c:18:9c:eb:ce:66:00:
64:c6:51:f7:64:78:bb:35:8c:bb:af:ec:77:7c:4b:
ed:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:1F:9D:33:8F:0A:B7:38:EE:22:10:6B:D7:E3:2C:C9:67:FE:70:AD
X509v3 Authority Key Identifier:
keyid:6D:20:DD:D3:98:DA:C8:F6:2C:C1:25:26:32:5F:18:21:FB:72:4F:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bSDd05jayPYswSUmMl8YIftyT3U.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/kR-dM48KtzjuIhBr1-MsyWf-cK0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/a1a88f-1dff-4eff-826b-36de657232be/1/bSDd05jayPYswSUmMl8YIftyT3U.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.143.164.0/23
192.144.12.0/22
194.110.246.0/24
194.113.34.0/23
IPv6:
2a11:2a47::/32
Signature Algorithm: sha256WithRSAEncryption
60:c2:e6:f6:ea:f0:57:3a:ad:2b:ee:7b:38:25:86:b3:d2:9c:
93:4c:01:bf:56:f4:59:42:99:cd:07:ed:61:8c:f0:ff:8a:6a:
b6:10:aa:13:92:55:11:14:c7:cd:0d:2c:96:a8:8a:c7:da:e6:
ea:b9:20:95:23:20:13:ac:56:9a:69:a2:d8:2d:a1:90:a0:6a:
f2:a0:a7:a3:44:d4:da:ac:1f:60:36:5d:cd:fc:b1:1c:0a:a4:
c8:46:22:f1:f0:f8:38:e6:6e:e0:61:ea:bd:bc:d2:6d:54:e3:
b5:7f:4e:a1:c4:c1:03:43:fc:18:e2:8e:84:b6:dd:09:4d:8b:
3c:a9:2d:24:9d:ab:9a:ef:3b:92:01:0b:cb:c1:74:63:6b:c0:
7b:5d:64:04:40:45:7c:da:3f:0b:8e:1b:1b:68:ae:d1:ba:7d:
95:1c:8a:22:a9:53:b3:db:0d:df:ea:97:45:e6:70:4c:ef:d8:
07:cf:5f:21:b4:22:c8:89:ef:92:de:d3:dc:02:e6:e3:a2:2f:
1d:8c:0d:36:0e:83:a0:45:9d:a9:05:99:4c:0f:ec:fb:76:2c:
43:d4:b7:14:bc:43:f2:f5:60:55:85:41:81:4f:be:8c:51:a4:
05:85:81:77:c4:f3:11:e3:31:41:24:6e:87:7d:8d:dd:99:14:
72:10:3f:b3
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzFADsl3TpBLrfpAdfVGZorMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkMjBkZGQzOThkYWM4ZjYyY2MxMjUyNjMyNWYxODIxZmI3
MjRmNzUwHhcNMjQwMTAxMTIyOTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTFmOWQzMzhmMGFiNzM4ZWUyMjEwNmJkN2UzMmNjOTY3ZmU3MGFkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApOkDv88IFrcrisdDENbTdafuspuK
SvWikYV/tZ3Yxtpf3KMwbpvFUGQpoPfeRV0auMzHaLXvhtbz9+W2eW5UbbdKUyQC
5xXxeBOs12TFlh+5w228FJ8+T3AP5lms3E99znXSDDMcRfl6xQAyTbf1ZqjMyZBE
2DuesO9PijqQSa8Rg6Oy5YAEoVhrqEOwCHgw+TLxSe4mJXj9JLe/pBlyD+aXtiQw
cDz8gFsGpMBfaPYR4Tpw+Q9F8CZonOTInhG4JLhN62sUq8dGd+qTMuFxfXeqPJD/
u5V7AzUcwsF/Kb/kJ8vz0knjDiwYnOvOZgBkxlH3ZHi7NYy7r+x3fEvtBQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFJEfnTOPCrc47iIQa9fjLMln/nCtMB8GA1UdIwQY
MBaAFG0g3dOY2sj2LMElJjJfGCH7ck91MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmIt
MzZkZTY1NzIzMmJlLzEva1ItZE00OEt0emp1SWhCcjEtTXN5V2YtY0swLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS9hMWE4OGYtMWRmZi00ZWZmLTgyNmItMzZkZTY1NzIzMmJl
LzEvYlNEZDA1amF5UFlzd1NVbU1sOFlJZnR5VDNVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQBLY+kAwQC
wJAMAwQAwm72AwQBwnEiMA0EAgACMAcDBQAqESpHMA0GCSqGSIb3DQEBCwUAA4IB
AQBgwub26vBXOq0r7ns4JYaz0pyTTAG/VvRZQpnNB+1hjPD/imq2EKoTklURFMfN
DSyWqIrH2ubquSCVIyATrFaaaaLYLaGQoGryoKejRNTarB9gNl3N/LEcCqTIRiLx
8Pg45m7gYeq9vNJtVOO1f06hxMEDQ/wY4o6Ett0JTYs8qS0knaua7zuSAQvLwXRj
a8B7XWQEQEV82j8LjhsbaK7Run2VHIoiqVOz2w3f6pdF5nBM79gHz18htCLIie+S
3tPcAubjoi8djA02DoOgRZ2pBZlMD+z7dixD1LcUvEPy9WBVhUGBT76MUaQFhYF3
xPMR4zFBJG6HfY3dmRRyED+z
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:37 2024 by rpki-client on console-fra.rpki-client.org