Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/aKuM6GFjQdZNZtKOXPQKEVJ9ESQ.roa
File: aKuM6GFjQdZNZtKOXPQKEVJ9ESQ.roa (raw, json)
Hash identifier: JEMRAR2hFjVNE6wt/VxIsOJXXEY/fAAvRbe+MFZpHBg=
Subject key identifier: 68:AB:8C:E8:61:63:41:D6:4D:66:D2:8E:5C:F4:0A:11:52:7D:11:24
Certificate issuer: /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial: 0183A27CB7A6A7564E4E4727137175BF0211
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/aKuM6GFjQdZNZtKOXPQKEVJ9ESQ.roa
Signing time: Tue 04 Oct 2022 10:13:45 +0000
ROA not before: Tue 04 Oct 2022 10:13:45 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 209813
IP address blocks: 185.238.152.0/24 maxlen: 24
46.161.31.0/24 maxlen: 24
185.238.153.0/24 maxlen: 24
185.238.155.0/24 maxlen: 24
185.238.154.0/24 maxlen: 24
31.184.203.0/24 maxlen: 24
31.184.202.0/24 maxlen: 24
31.184.201.0/24 maxlen: 24
31.184.200.0/24 maxlen: 24
5.188.50.0/24 maxlen: 24
5.188.194.0/24 maxlen: 24
5.188.195.0/24 maxlen: 24
91.243.42.0/24 maxlen: 24
91.243.41.0/24 maxlen: 24
5.8.66.0/24 maxlen: 24
5.8.67.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:a2:7c:b7:a6:a7:56:4e:4e:47:27:13:71:75:bf:02:11
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Validity
Not Before: Oct 4 10:13:45 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=68ab8ce8616341d64d66d28e5cf40a11527d1124
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:97:68:fe:e4:65:cb:c7:69:e1:ce:77:b6:9b:
7a:e7:e4:4d:84:1a:52:9c:75:6d:5e:4d:2f:a7:88:
5a:16:82:85:f2:be:e7:58:99:b1:82:59:ce:b1:9f:
c5:4c:c8:87:7e:2e:6a:c6:ff:86:e4:13:f1:b2:1b:
8f:63:b4:30:c0:2b:82:75:a4:02:78:6f:0d:5e:24:
3a:fc:c5:ee:21:a9:56:b4:d3:ad:3f:3c:cd:b5:0a:
76:3b:cc:d1:53:6c:7f:e8:b8:b9:f0:b5:80:2f:1b:
75:57:88:d9:07:2b:19:94:ce:4e:67:8c:4f:41:d1:
90:76:d2:75:da:87:e6:76:0d:32:c3:22:b1:b8:c1:
27:ac:54:6a:8e:d2:d8:61:cc:05:59:2f:6a:99:0a:
5d:68:7d:7e:83:88:be:31:74:12:54:6d:34:df:0a:
7f:2e:6d:77:71:4b:c5:d1:91:6e:18:00:85:42:ba:
e2:69:95:66:cd:e6:30:6d:64:70:ac:d6:ad:fb:cc:
58:67:3d:3b:d5:54:81:0c:02:cb:00:99:13:24:7a:
81:b1:e5:22:3f:08:44:18:24:e3:bd:c8:a3:ec:0f:
46:06:8f:07:c5:6b:f2:72:60:fd:91:07:88:ba:54:
46:d2:66:e4:d5:ab:a5:5f:2a:d3:14:fe:e4:bf:52:
16:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:AB:8C:E8:61:63:41:D6:4D:66:D2:8E:5C:F4:0A:11:52:7D:11:24
X509v3 Authority Key Identifier:
keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/aKuM6GFjQdZNZtKOXPQKEVJ9ESQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.8.66.0/23
5.188.50.0/24
5.188.194.0/23
31.184.200.0/22
46.161.31.0/24
91.243.41.0-91.243.42.255
185.238.152.0/22
Signature Algorithm: sha256WithRSAEncryption
7a:79:60:6e:a6:55:39:d7:62:2b:f4:9b:40:f9:7d:9e:7f:c7:
ac:c5:dd:b2:47:ff:b2:9d:e8:a0:96:02:f3:6b:00:09:a0:55:
32:30:ce:17:1e:13:96:76:55:ed:df:cc:6b:87:2e:9e:a4:98:
66:b0:43:7a:df:2a:73:24:cd:c6:cc:a7:66:5f:85:22:57:6b:
48:79:e7:30:34:5d:40:39:c9:a5:65:b0:bb:33:b8:75:23:54:
49:b9:25:c3:fd:95:04:a2:43:c3:71:d3:5b:1b:ad:6f:8e:ea:
d7:e8:a0:01:6f:d0:b9:6c:3c:e3:79:a6:89:5a:53:d9:6f:6a:
d7:f3:91:f9:35:e2:5e:e6:53:e2:20:f3:0a:21:49:a4:20:3f:
93:89:79:60:e1:1e:01:c6:b2:7f:41:e4:51:5f:a1:a9:09:8f:
38:33:80:2e:f2:fc:84:5c:84:1c:92:e2:01:ee:b1:43:4a:0e:
e2:a1:3d:ea:ed:52:d9:79:71:c1:fa:b6:6e:56:1b:b0:8c:5f:
4e:b2:cc:01:cf:bb:cc:1c:cc:bf:31:03:1f:61:ce:e9:33:84:
50:8e:7e:12:95:6e:40:59:a1:94:70:ed:76:6a:2d:8a:2e:5f:
67:e6:67:f7:c0:8d:d2:ec:8e:a3:36:76:f7:dd:56:e2:2f:cf:
9a:c9:42:d7
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYOifLemp1ZOTkcnE3F1vwIRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVhYWE4YTBhNWZkZmQ2OThlMTA0YmUzNmEyYWVlYzgxM2Fl
Y2EwNzEwHhcNMjIxMDA0MTAxMzQ1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGFiOGNlODYxNjM0MWQ2NGQ2NmQyOGU1Y2Y0MGExMTUyN2QxMTI0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArZdo/uRly8dp4c53tpt65+RNhBpS
nHVtXk0vp4haFoKF8r7nWJmxglnOsZ/FTMiHfi5qxv+G5BPxshuPY7QwwCuCdaQC
eG8NXiQ6/MXuIalWtNOtPzzNtQp2O8zRU2x/6Li58LWALxt1V4jZBysZlM5OZ4xP
QdGQdtJ12ofmdg0ywyKxuMEnrFRqjtLYYcwFWS9qmQpdaH1+g4i+MXQSVG003wp/
Lm13cUvF0ZFuGACFQrriaZVmzeYwbWRwrNat+8xYZz071VSBDALLAJkTJHqBseUi
PwhEGCTjvcij7A9GBo8HxWvycmD9kQeIulRG0mbk1aulXyrTFP7kv1IWrQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFGirjOhhY0HWTWbSjlz0ChFSfREkMB8GA1UdIwQY
MBaAFOqqigpf39aY4QS+NqKu7IE67KBxMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQt
ODlkMDkyNDBjNDNiLzEvYUt1TTZHRmpRZFpOWnRLT1hQUUtFVko5RVNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy8yOTMyZGYtYTRiZC00YWY1LWE0ZDQtODlkMDkyNDBjNDNi
LzEvNnFxS0NsX2YxcGpoQkw0Mm9xN3NnVHJzb0hFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQBBQhCAwQA
BbwyAwQBBbzCAwQCH7jIAwQALqEfMAwDBABb8ykDBABb8yoDBAK57pgwDQYJKoZI
hvcNAQELBQADggEBAHp5YG6mVTnXYiv0m0D5fZ5/x6zF3bJH/7Kd6KCWAvNrAAmg
VTIwzhceE5Z2Ve3fzGuHLp6kmGawQ3rfKnMkzcbMp2ZfhSJXa0h55zA0XUA5yaVl
sLszuHUjVEm5JcP9lQSiQ8Nx01sbrW+O6tfooAFv0LlsPON5polaU9lvatfzkfk1
4l7mU+Ig8wohSaQgP5OJeWDhHgHGsn9B5FFfoakJjzgzgC7y/IRchByS4gHusUNK
DuKhPertUtl5ccH6tm5WG7CMX06yzAHPu8wczL8xAx9hzukzhFCOfhKVbkBZoZRw
7XZqLYouX2fmZ/fAjdLsjqM2dvfdVuIvz5rJQtc=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:44:56 2023 by rpki-client on console-fra.rpki-client.org