Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/WLJ8Z1_98YqYMmMHWAjp3dkNQyg.roa
File: WLJ8Z1_98YqYMmMHWAjp3dkNQyg.roa (raw, json)
Hash identifier: 7o29w7exPfJTTMbE8C8vs4vWWW9MdPylGaqnobReXxE=
Subject key identifier: 58:B2:7C:67:5F:FD:F1:8A:98:32:63:07:58:08:E9:DD:D9:0D:43:28
Certificate issuer: /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial: 0184137A9F05C847052BD943F81C11F1ABCA
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/WLJ8Z1_98YqYMmMHWAjp3dkNQyg.roa
Signing time: Wed 26 Oct 2022 08:48:33 +0000
ROA not before: Wed 26 Oct 2022 08:48:33 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 209813
IP address blocks: 91.243.42.0/24 maxlen: 24
185.238.152.0/24 maxlen: 24
46.161.31.0/24 maxlen: 24
5.8.66.0/24 maxlen: 24
5.8.67.0/24 maxlen: 24
185.238.153.0/24 maxlen: 24
185.238.155.0/24 maxlen: 24
185.238.154.0/24 maxlen: 24
5.188.50.0/24 maxlen: 24
5.188.194.0/24 maxlen: 24
5.188.195.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:13:7a:9f:05:c8:47:05:2b:d9:43:f8:1c:11:f1:ab:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Validity
Not Before: Oct 26 08:48:33 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=58b27c675ffdf18a983263075808e9ddd90d4328
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:a0:20:dd:d3:f4:86:9b:36:cc:5d:4b:9d:b0:
7d:54:f1:04:51:ec:31:9e:cb:4b:dc:ef:c2:e1:fb:
03:04:57:1a:68:d2:18:84:d6:c6:ca:b5:21:bb:ca:
31:35:42:2e:c4:21:f5:41:ea:63:b3:ee:82:33:fe:
52:07:c0:d4:42:2d:12:86:20:ae:57:bc:56:aa:14:
6c:31:89:25:41:91:70:aa:75:ec:7b:10:c1:2c:d1:
c3:18:48:7d:81:93:61:ed:67:67:6e:69:26:d0:38:
52:96:31:c1:62:bc:08:8e:e8:74:45:6b:8b:90:ed:
9e:07:cd:2f:c5:f3:60:0c:7c:29:e9:40:3e:bc:fe:
3f:69:be:46:db:6e:65:24:f0:32:fe:2e:22:31:7f:
15:47:76:5c:bc:d6:e5:26:3e:8f:01:9c:9c:c9:9e:
79:11:22:d3:6f:66:77:4d:1b:d7:20:93:02:2c:2a:
8c:82:80:95:0a:57:cd:d2:e3:d9:75:5f:1e:1b:a0:
94:ae:7a:ab:93:a3:90:e3:ac:98:d5:b9:06:dc:da:
ab:7f:c1:08:04:87:f4:a2:80:e9:77:fb:ee:b3:49:
cb:75:94:fd:00:34:a8:d0:29:77:6c:73:5d:3a:28:
ac:da:31:d9:3e:73:19:6b:6a:78:72:6e:98:25:13:
01:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:B2:7C:67:5F:FD:F1:8A:98:32:63:07:58:08:E9:DD:D9:0D:43:28
X509v3 Authority Key Identifier:
keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/WLJ8Z1_98YqYMmMHWAjp3dkNQyg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.8.66.0/23
5.188.50.0/24
5.188.194.0/23
46.161.31.0/24
91.243.42.0/24
185.238.152.0/22
Signature Algorithm: sha256WithRSAEncryption
9c:02:34:9f:89:83:7e:5b:74:69:ba:ca:16:e5:85:72:98:43:
86:8e:09:4b:3c:ce:db:c6:f4:d7:e8:b1:6d:34:d3:1f:2a:de:
c3:9d:c2:ea:28:81:0f:c0:46:19:b4:d9:23:8f:04:3f:33:a5:
8f:0c:d0:e6:52:7a:8e:b3:48:d9:2c:01:90:ae:e1:42:cd:3a:
98:e9:12:df:e1:54:24:ee:35:b2:4a:24:cb:a1:8b:92:90:2a:
4a:f0:79:98:08:e8:91:c9:ef:34:70:94:4b:b0:f0:d9:14:d2:
17:38:e9:c5:1b:f7:55:c9:2b:28:21:3b:51:40:81:cb:76:e4:
89:d3:e4:27:3c:80:88:25:fa:f4:2c:58:eb:49:dd:25:5f:79:
78:76:0a:95:74:60:c0:bc:52:ff:0c:72:29:0a:b7:17:2f:d3:
c9:89:b5:cd:ce:5d:11:1c:97:55:3b:66:99:3b:51:a7:32:39:
ed:a7:fc:a0:14:c0:18:91:37:51:37:4b:33:95:ad:dc:c6:28:
01:79:d7:70:5c:24:02:0b:3d:ac:d0:07:1e:26:48:8e:79:08:
ae:63:26:2b:b2:10:e2:7e:28:d1:cc:b1:d1:72:59:83:dd:7b:
bb:e8:aa:4a:b4:ee:c3:aa:14:1b:b4:48:20:b1:6b:9b:3a:2d:
22:f7:e8:ca
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYQTep8FyEcFK9lD+BwR8avKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjIxMDI2MDg0ODMzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGIyN2M2NzVmZmRmMThhOTgzMjYzMDc1ODA4ZTlkZGQ5MGQ0MzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlKAg3dP0hps2zF1LnbB9VPEEUewx
nstL3O/C4fsDBFcaaNIYhNbGyrUhu8oxNUIuxCH1Qepjs+6CM/5SB8DUQi0ShiCu
V7xWqhRsMYklQZFwqnXsexDBLNHDGEh9gZNh7Wdnbmkm0DhSljHBYrwIjuh0RWuL
kO2eB80vxfNgDHwp6UA+vP4/ab5G225lJPAy/i4iMX8VR3ZcvNblJj6PAZycyZ55
ESLTb2Z3TRvXIJMCLCqMgoCVClfN0uPZdV8eG6CUrnqrk6OQ46yY1bkG3Nqrf8EI
BIf0ooDpd/vus0nLdZT9ADSo0Cl3bHNdOiis2jHZPnMZa2p4cm6YJRMBrwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFFiyfGdf/fGKmDJjB1gI6d3ZDUMoMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvV0xKOFoxXzk4WXFZTW1NSFdBanAzZGtOUXlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBBQhCAwQA
BbwyAwQBBbzCAwQALqEfAwQAW/MqAwQCue6YMA0GCSqGSIb3DQEBCwUAA4IBAQCc
AjSfiYN+W3RpusoW5YVymEOGjglLPM7bxvTX6LFtNNMfKt7DncLqKIEPwEYZtNkj
jwQ/M6WPDNDmUnqOs0jZLAGQruFCzTqY6RLf4VQk7jWySiTLoYuSkCpK8HmYCOiR
ye80cJRLsPDZFNIXOOnFG/dVySsoITtRQIHLduSJ0+QnPICIJfr0LFjrSd0lX3l4
dgqVdGDAvFL/DHIpCrcXL9PJibXNzl0RHJdVO2aZO1GnMjntp/ygFMAYkTdRN0sz
la3cxigBeddwXCQCCz2s0AceJkiOeQiuYyYrshDifijRzLHRclmD3Xu76KpKtO7D
qhQbtEggsWubOi0i9+jK
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:44:56 2023 by rpki-client on console-fra.rpki-client.org