Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/11/ebacbd-8190-4e5a-a03a-cd439492b7ae/1/xaxKbaAmjXwDiHpqNpXb8lOiSNc.roa
File: xaxKbaAmjXwDiHpqNpXb8lOiSNc.roa (raw, json)
Hash identifier: 0eA3X9ksjXhWrllHoURo5ZnxnV2iNojVGLvX0x5JFDg=
Subject key identifier: C5:AC:4A:6D:A0:26:8D:7C:03:88:7A:6A:36:95:DB:F2:53:A2:48:D7
Certificate issuer: /CN=6811e125cb357076f2fa3138c93e9a2681b17893
Certificate serial: 01856F42A025BA9DE31CC4B12517DC2A4250
Authority key identifier: 68:11:E1:25:CB:35:70:76:F2:FA:31:38:C9:3E:9A:26:81:B1:78:93
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/aBHhJcs1cHby-jE4yT6aJoGxeJM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/11/ebacbd-8190-4e5a-a03a-cd439492b7ae/1/xaxKbaAmjXwDiHpqNpXb8lOiSNc.roa
Signing time: Sun 01 Jan 2023 21:35:15 +0000
ROA not before: Sun 01 Jan 2023 21:35:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 19905
IP address blocks: 31.186.226.0/24 maxlen: 24
31.186.243.0/24 maxlen: 24
95.172.76.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:42:a0:25:ba:9d:e3:1c:c4:b1:25:17:dc:2a:42:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6811e125cb357076f2fa3138c93e9a2681b17893
Validity
Not Before: Jan 1 21:35:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c5ac4a6da0268d7c03887a6a3695dbf253a248d7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:76:11:a7:6a:63:62:02:b1:d1:c4:0c:8e:20:
c1:2d:f4:77:71:82:97:ff:ca:9e:25:32:ec:69:a5:
45:0e:d1:93:48:9b:b4:d7:ff:88:30:0f:1d:0f:3b:
34:df:7b:3d:78:11:2e:42:4f:af:7e:ed:30:15:d2:
eb:52:64:9e:4b:14:f6:5e:53:97:b0:5f:d5:d7:b2:
09:e7:1a:e0:ef:65:3d:59:7b:ac:df:6c:e6:92:3a:
5f:72:b4:ae:a6:a9:51:83:0d:64:3c:c4:ef:51:c6:
72:f3:df:70:42:54:52:c7:6f:07:3c:fe:28:3c:ef:
6a:ae:d0:7b:4f:78:f8:a5:70:a1:c2:65:96:48:6e:
4e:73:fb:b6:15:c8:b7:b4:65:f4:99:a7:43:e3:a2:
93:0e:6d:96:66:9a:bc:a0:43:bb:59:cc:1c:7e:bf:
33:ad:05:8d:b3:4f:36:bd:1d:12:ae:19:3c:51:ff:
33:4e:75:1b:05:71:d4:0e:ab:d0:b0:4e:8e:9f:3b:
5a:30:91:65:05:42:71:ed:09:b6:2f:51:b1:1c:28:
7b:67:fa:d1:d5:4f:86:b6:db:d0:be:45:47:45:b2:
0b:df:c0:a4:2e:2f:e4:fc:49:66:2c:d5:70:14:d2:
c5:58:b8:1d:40:13:8e:c5:32:b4:f6:22:cc:c0:72:
e8:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:AC:4A:6D:A0:26:8D:7C:03:88:7A:6A:36:95:DB:F2:53:A2:48:D7
X509v3 Authority Key Identifier:
keyid:68:11:E1:25:CB:35:70:76:F2:FA:31:38:C9:3E:9A:26:81:B1:78:93
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/aBHhJcs1cHby-jE4yT6aJoGxeJM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/11/ebacbd-8190-4e5a-a03a-cd439492b7ae/1/xaxKbaAmjXwDiHpqNpXb8lOiSNc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/11/ebacbd-8190-4e5a-a03a-cd439492b7ae/1/aBHhJcs1cHby-jE4yT6aJoGxeJM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.186.226.0/24
31.186.243.0/24
95.172.76.0/24
Signature Algorithm: sha256WithRSAEncryption
8c:62:a7:37:e2:74:c7:56:7a:cf:d3:ce:ab:85:27:94:91:86:
e6:ae:d4:9b:bc:a4:7f:bf:a6:72:4e:fa:0b:81:ea:27:2f:e2:
c1:f3:4d:3b:d5:4e:f7:d8:78:ac:f6:26:e3:bd:71:3a:0e:d2:
32:ad:6b:da:f4:58:3a:09:81:18:8d:7f:b9:a3:70:21:c8:d2:
99:a9:19:f3:f7:4c:f9:d7:b6:09:40:e2:28:4a:3f:e0:ec:4d:
19:c3:9a:bd:1b:27:9e:01:df:55:49:25:88:cd:2a:64:62:fe:
ff:33:44:9f:0a:3b:ed:14:5d:0f:bd:63:28:07:56:35:cb:8d:
d4:01:ac:e0:af:0f:32:fd:99:4d:d5:b6:29:84:08:69:26:89:
de:10:4a:3e:f1:85:0e:61:de:1b:52:ed:ce:06:3c:19:43:59:
84:77:b0:18:00:04:e3:bf:47:10:73:47:df:74:bb:a8:25:e0:
48:6c:5a:87:ba:f4:2d:05:8c:70:df:85:75:75:dc:67:58:6c:
ca:e6:c6:a5:0d:c2:72:38:15:5b:4d:c0:d6:c9:60:fc:b6:8c:
4a:e7:e8:f6:ee:b1:94:d4:04:9d:88:86:16:26:09:b1:e6:f0:
33:d1:5f:45:46:75:c8:40:b1:e2:2c:33:fd:17:e7:40:76:0f:
d7:5a:47:41
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVvQqAlup3jHMSxJRfcKkJQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY4MTFlMTI1Y2IzNTcwNzZmMmZhMzEzOGM5M2U5YTI2ODFi
MTc4OTMwHhcNMjMwMTAxMjEzNTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNWFjNGE2ZGEwMjY4ZDdjMDM4ODdhNmEzNjk1ZGJmMjUzYTI0OGQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2HYRp2pjYgKx0cQMjiDBLfR3cYKX
/8qeJTLsaaVFDtGTSJu01/+IMA8dDzs033s9eBEuQk+vfu0wFdLrUmSeSxT2XlOX
sF/V17IJ5xrg72U9WXus32zmkjpfcrSupqlRgw1kPMTvUcZy899wQlRSx28HPP4o
PO9qrtB7T3j4pXChwmWWSG5Oc/u2Fci3tGX0madD46KTDm2WZpq8oEO7Wcwcfr8z
rQWNs082vR0Srhk8Uf8zTnUbBXHUDqvQsE6OnztaMJFlBUJx7Qm2L1GxHCh7Z/rR
1U+GttvQvkVHRbIL38CkLi/k/ElmLNVwFNLFWLgdQBOOxTK09iLMwHLo1QIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFMWsSm2gJo18A4h6ajaV2/JTokjXMB8GA1UdIwQY
MBaAFGgR4SXLNXB28voxOMk+miaBsXiTMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYUJIaEpjczFjSGJ5LWpFNHlUNmFKb0d4ZUpNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xMS9lYmFjYmQtODE5MC00ZTVhLWEwM2Et
Y2Q0Mzk0OTJiN2FlLzEveGF4S2JhQW1qWHdEaUhwcU5wWGI4bE9pU05jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xMS9lYmFjYmQtODE5MC00ZTVhLWEwM2EtY2Q0Mzk0OTJiN2Fl
LzEvYUJIaEpjczFjSGJ5LWpFNHlUNmFKb0d4ZUpNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAH7riAwQA
H7rzAwQAX6xMMA0GCSqGSIb3DQEBCwUAA4IBAQCMYqc34nTHVnrP086rhSeUkYbm
rtSbvKR/v6ZyTvoLgeonL+LB80071U732His9ibjvXE6DtIyrWva9Fg6CYEYjX+5
o3AhyNKZqRnz90z517YJQOIoSj/g7E0Zw5q9GyeeAd9VSSWIzSpkYv7/M0SfCjvt
FF0PvWMoB1Y1y43UAazgrw8y/ZlN1bYphAhpJoneEEo+8YUOYd4bUu3OBjwZQ1mE
d7AYAATjv0cQc0ffdLuoJeBIbFqHuvQtBYxw34V1ddxnWGzK5salDcJyOBVbTcDW
yWD8toxK5+j27rGU1ASdiIYWJgmx5vAz0V9FRnXIQLHiLDP9F+dAdg/XWkdB
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:19:43 2024 by rpki-client on console-fra.rpki-client.org