Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Ru1lwf1XcJyykdoD3cM-gJ2D2hI.roa
File: Ru1lwf1XcJyykdoD3cM-gJ2D2hI.roa (raw, json)
Hash identifier: iWKNVMyxVriRti2+/Ne4fOo1bK38vSGovTIXOmQO9fs=
Subject key identifier: 46:ED:65:C1:FD:57:70:9C:B2:91:DA:03:DD:C3:3E:80:9D:83:DA:12
Certificate issuer: /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial: 018572471972A64CED1D91F14867E4330C47
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Ru1lwf1XcJyykdoD3cM-gJ2D2hI.roa
Signing time: Mon 02 Jan 2023 11:39:00 +0000
ROA not before: Mon 02 Jan 2023 11:39:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209813
IP address blocks: 185.238.152.0/24 maxlen: 24
46.161.31.0/24 maxlen: 24
5.8.66.0/24 maxlen: 24
5.8.67.0/24 maxlen: 24
185.238.153.0/24 maxlen: 24
185.238.155.0/24 maxlen: 24
185.238.154.0/24 maxlen: 24
5.188.50.0/24 maxlen: 24
5.188.194.0/24 maxlen: 24
5.188.195.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:47:19:72:a6:4c:ed:1d:91:f1:48:67:e4:33:0c:47
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Validity
Not Before: Jan 2 11:39:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=46ed65c1fd57709cb291da03ddc33e809d83da12
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:c0:cb:9f:59:fb:17:c5:eb:5d:f7:2a:76:5a:
25:9e:5c:3a:73:07:2e:8c:59:0f:7e:61:52:62:dc:
c4:ff:1a:45:f1:20:08:d0:9c:f6:03:a0:6e:c5:f1:
91:35:9f:e9:b5:93:ff:0e:fd:19:db:4e:f3:9f:a5:
c1:64:da:84:3a:fb:bd:3d:43:e4:ce:ff:cb:0e:72:
5d:11:81:8e:dc:12:51:d7:35:44:1b:17:4a:90:b1:
20:c8:5a:6e:e2:ca:69:22:af:b0:3c:39:46:2f:a8:
33:e1:ce:dc:b9:a0:fb:ef:cf:d2:ff:33:42:6f:6e:
e3:57:96:fe:c9:69:bd:6a:d1:14:76:6d:2f:a7:39:
88:e8:08:0f:f6:e7:c7:4d:ad:d1:e5:01:47:98:d1:
b6:af:dd:a9:03:2a:9a:f4:fa:59:91:f0:ca:fb:34:
6a:cb:be:2d:da:af:6c:59:2d:3b:0b:d5:b0:37:57:
99:66:3a:f1:48:50:ba:8e:fe:96:f4:f8:6a:42:68:
9d:92:bb:7d:15:58:8c:56:26:01:ac:fd:16:92:72:
35:8e:f4:ad:20:e7:d3:78:a0:09:9e:b8:a8:f0:f5:
6f:9f:a4:82:81:d7:4c:e4:16:e9:51:e7:01:a8:06:
ce:37:3c:ac:fb:63:50:67:4c:1f:64:b1:e4:59:f0:
b0:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:ED:65:C1:FD:57:70:9C:B2:91:DA:03:DD:C3:3E:80:9D:83:DA:12
X509v3 Authority Key Identifier:
keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/Ru1lwf1XcJyykdoD3cM-gJ2D2hI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.8.66.0/23
5.188.50.0/24
5.188.194.0/23
46.161.31.0/24
185.238.152.0/22
Signature Algorithm: sha256WithRSAEncryption
7a:52:d2:bc:6d:94:79:5e:12:50:90:03:78:42:a4:10:b0:95:
48:54:e0:7a:d7:2a:90:92:2f:86:73:89:2f:a3:9c:1e:76:0e:
60:fb:99:7e:52:28:22:f0:29:51:94:cf:4b:f5:e1:97:60:9c:
a1:f6:6d:39:e0:04:60:0a:95:6d:23:7e:cf:b8:c9:cd:f2:13:
2d:b8:a5:1a:9c:40:5f:4a:34:c6:fd:0e:42:7f:fb:e1:e3:49:
c0:b4:5c:d7:79:3d:3e:19:56:be:ca:5f:4a:66:90:8a:ec:2b:
5b:3e:14:5a:a1:d4:b7:af:eb:a0:3c:db:1f:50:62:9e:b2:ca:
72:03:c3:5d:c6:57:f1:3f:2e:f2:69:cb:8c:37:d1:37:9c:ad:
5e:ef:12:54:24:9f:13:98:66:09:93:71:30:f0:9d:fc:06:6b:
eb:a8:43:65:09:89:26:0e:21:d9:36:13:00:6b:bc:27:21:da:
fc:52:b4:b9:25:e4:ad:d3:df:a2:c0:ce:10:d9:9c:60:4c:af:
62:d4:18:32:72:a2:92:6e:00:fa:1f:bc:21:6f:40:77:10:c7:
42:90:ec:74:ba:76:8a:f4:02:72:d8:20:71:56:37:20:c6:7b:
f9:cc:92:ec:18:f0:77:61:fe:60:ea:4e:7d:80:ca:8f:0d:0e:
a4:6e:fe:a8
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYVyRxlypkztHZHxSGfkMwxHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjMwMTAyMTEzOTAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NmVkNjVjMWZkNTc3MDljYjI5MWRhMDNkZGMzM2U4MDlkODNkYTEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr8DLn1n7F8XrXfcqdlolnlw6cwcu
jFkPfmFSYtzE/xpF8SAI0Jz2A6BuxfGRNZ/ptZP/Dv0Z207zn6XBZNqEOvu9PUPk
zv/LDnJdEYGO3BJR1zVEGxdKkLEgyFpu4sppIq+wPDlGL6gz4c7cuaD778/S/zNC
b27jV5b+yWm9atEUdm0vpzmI6AgP9ufHTa3R5QFHmNG2r92pAyqa9PpZkfDK+zRq
y74t2q9sWS07C9WwN1eZZjrxSFC6jv6W9PhqQmidkrt9FViMViYBrP0WknI1jvSt
IOfTeKAJnrio8PVvn6SCgddM5BbpUecBqAbONzys+2NQZ0wfZLHkWfCwpwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFEbtZcH9V3CcspHaA93DPoCdg9oSMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvUnUxbHdmMVhjSnl5a2RvRDNjTS1nSjJEMmhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBBQhCAwQA
BbwyAwQBBbzCAwQALqEfAwQCue6YMA0GCSqGSIb3DQEBCwUAA4IBAQB6UtK8bZR5
XhJQkAN4QqQQsJVIVOB61yqQki+Gc4kvo5wedg5g+5l+Uigi8ClRlM9L9eGXYJyh
9m054ARgCpVtI37PuMnN8hMtuKUanEBfSjTG/Q5Cf/vh40nAtFzXeT0+GVa+yl9K
ZpCK7CtbPhRaodS3r+ugPNsfUGKesspyA8NdxlfxPy7yacuMN9E3nK1e7xJUJJ8T
mGYJk3Ew8J38BmvrqENlCYkmDiHZNhMAa7wnIdr8UrS5JeSt09+iwM4Q2ZxgTK9i
1BgycqKSbgD6H7whb0B3EMdCkOx0unaK9AJy2CBxVjcgxnv5zJLsGPB3Yf5g6k59
gMqPDQ6kbv6o
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:21:29 2024 by rpki-client on console-fra.rpki-client.org