Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/47HSHCDwIGmThl67gpeQQOJDkvQ.roa
File: 47HSHCDwIGmThl67gpeQQOJDkvQ.roa (raw, json)
Hash identifier: 4EJWicgMyozu6omeF8iiXFGZEGYw1tHtMA07v5R/7EM=
Subject key identifier: E3:B1:D2:1C:20:F0:20:69:93:86:5E:BB:82:97:90:40:E2:43:92:F4
Certificate issuer: /CN=27516d20ebefd12f072d413c4d2606bdb258691a
Certificate serial: 01846106295657CF2E9F396CE4397A5C4D8E
Authority key identifier: 27:51:6D:20:EB:EF:D1:2F:07:2D:41:3C:4D:26:06:BD:B2:58:69:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J1FtIOvv0S8HLUE8TSYGvbJYaRo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/47HSHCDwIGmThl67gpeQQOJDkvQ.roa
Signing time: Thu 10 Nov 2022 10:11:44 +0000
ROA not before: Thu 10 Nov 2022 10:11:44 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 35575
IP address blocks: 185.190.44.0/24 maxlen: 24
185.190.46.0/24 maxlen: 24
185.190.47.0/24 maxlen: 24
193.238.68.0/22 maxlen: 22
195.66.24.0/24 maxlen: 24
195.66.27.0/24 maxlen: 24
195.66.26.0/24 maxlen: 24
195.66.29.0/24 maxlen: 24
195.66.28.0/24 maxlen: 24
195.66.31.0/24 maxlen: 24
195.66.25.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:61:06:29:56:57:cf:2e:9f:39:6c:e4:39:7a:5c:4d:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=27516d20ebefd12f072d413c4d2606bdb258691a
Validity
Not Before: Nov 10 10:11:44 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=e3b1d21c20f0206993865ebb82979040e24392f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:0d:e3:28:9f:21:4f:ca:52:09:5d:fd:c2:d9:
d6:bb:25:03:23:71:b3:3f:bf:05:3f:54:67:3f:95:
6d:70:4f:85:81:4b:72:76:9e:a5:e6:f1:65:78:9c:
52:cf:a8:d1:55:80:77:49:d2:35:00:23:15:5b:e1:
ba:8b:ca:84:ec:28:6b:18:e6:69:f5:71:c2:63:bf:
b9:3c:78:bd:99:87:b9:21:1c:21:13:ba:bc:1b:c4:
f2:91:a0:32:b0:a1:24:00:89:6e:70:15:1c:8b:c8:
a5:42:2f:86:01:9f:9b:b3:e8:b1:7a:62:a2:70:d4:
a7:c3:a7:70:14:b0:72:e8:1d:92:94:64:a9:5a:37:
b9:41:bd:b9:7c:91:15:7f:e2:d0:29:cc:7b:d7:5f:
6b:67:e9:63:67:7b:76:bd:d8:7b:2f:a3:c1:a3:72:
0f:26:07:4b:73:f6:e1:aa:72:54:4c:a7:47:7d:89:
73:f1:e9:45:f6:21:85:fa:b6:be:e4:78:1b:52:88:
68:c3:fb:5d:a3:be:4e:e7:53:b0:a3:ea:5b:49:83:
95:fc:78:c6:e0:19:87:c5:08:99:3a:7e:85:b5:fd:
e4:23:97:7e:4c:0d:0b:b2:33:c1:34:99:69:05:f6:
57:48:19:f9:4b:62:bf:fc:a1:bd:67:d8:f7:a5:61:
9f:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:B1:D2:1C:20:F0:20:69:93:86:5E:BB:82:97:90:40:E2:43:92:F4
X509v3 Authority Key Identifier:
keyid:27:51:6D:20:EB:EF:D1:2F:07:2D:41:3C:4D:26:06:BD:B2:58:69:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J1FtIOvv0S8HLUE8TSYGvbJYaRo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/47HSHCDwIGmThl67gpeQQOJDkvQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/J1FtIOvv0S8HLUE8TSYGvbJYaRo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.190.44.0/24
185.190.46.0/23
193.238.68.0/22
195.66.24.0-195.66.29.255
195.66.31.0/24
Signature Algorithm: sha256WithRSAEncryption
c2:72:de:f9:57:dd:5d:35:b3:7c:45:78:48:94:a2:6d:76:57:
c4:68:bb:e4:e5:d1:32:42:8c:69:3d:b3:9d:35:95:08:dd:f0:
97:a7:20:d6:53:8f:de:fe:1d:93:28:8d:33:4e:47:51:b0:fa:
a7:b9:82:ba:57:cb:22:ab:21:a7:5e:51:a4:da:c0:f4:5e:cb:
b5:1b:4a:d1:e4:20:2f:f6:a6:c0:bf:9b:49:4e:ae:85:c1:46:
fc:23:98:b1:16:66:8a:8a:1d:30:d1:6e:54:00:68:2d:51:24:
68:c0:29:c7:c6:23:38:ca:34:79:56:db:6b:90:c1:3a:6d:be:
39:c7:b8:ce:14:c7:de:66:ee:59:d7:27:fc:96:4c:64:b1:58:
2d:59:d4:98:15:78:29:61:af:90:c4:61:f3:80:c9:38:95:22:
70:63:25:4b:a0:56:1a:d3:92:8a:5a:fe:b0:08:df:8b:3b:8a:
08:72:51:5d:3f:c6:e3:8e:99:60:c1:e9:74:51:5c:55:fb:30:
e9:e1:af:ce:5e:79:fe:7a:f2:9f:e0:f5:21:eb:ac:39:d5:94:
90:5f:08:84:c8:3b:85:7f:f3:47:34:af:6e:74:af:89:a8:2f:
e3:6c:d8:ba:4c:50:50:e7:78:88:85:13:a5:61:6f:e4:cb:49:
5a:d4:fe:29
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYRhBilWV88unzls5Dl6XE2OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3NTE2ZDIwZWJlZmQxMmYwNzJkNDEzYzRkMjYwNmJkYjI1
ODY5MWEwHhcNMjIxMTEwMTAxMTQ0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlM2IxZDIxYzIwZjAyMDY5OTM4NjVlYmI4Mjk3OTA0MGUyNDM5MmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjw3jKJ8hT8pSCV39wtnWuyUDI3Gz
P78FP1RnP5VtcE+FgUtydp6l5vFleJxSz6jRVYB3SdI1ACMVW+G6i8qE7ChrGOZp
9XHCY7+5PHi9mYe5IRwhE7q8G8TykaAysKEkAIlucBUci8ilQi+GAZ+bs+ixemKi
cNSnw6dwFLBy6B2SlGSpWje5Qb25fJEVf+LQKcx7119rZ+ljZ3t2vdh7L6PBo3IP
JgdLc/bhqnJUTKdHfYlz8elF9iGF+ra+5HgbUohow/tdo75O51Owo+pbSYOV/HjG
4BmHxQiZOn6Ftf3kI5d+TA0LsjPBNJlpBfZXSBn5S2K//KG9Z9j3pWGfuQIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFOOx0hwg8CBpk4Zeu4KXkEDiQ5L0MB8GA1UdIwQY
MBaAFCdRbSDr79EvBy1BPE0mBr2yWGkaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjFGdElPdnYwUzhITFVFOFRTWUd2YkpZYVJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81OWQ4MDgtMTU0Zi00MmFlLWFmOGYt
NzkwMjQ0NTA4ZGY0LzEvNDdIU0hDRHdJR21UaGw2N2dwZVFRT0pEa3ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81OWQ4MDgtMTU0Zi00MmFlLWFmOGYtNzkwMjQ0NTA4ZGY0
LzEvSjFGdElPdnYwUzhITFVFOFRTWUd2YkpZYVJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmAwQAub4sAwQB
ub4uAwQCwe5EMAwDBAPDQhgDBAHDQhwDBADDQh8wDQYJKoZIhvcNAQELBQADggEB
AMJy3vlX3V01s3xFeEiUom12V8Rou+Tl0TJCjGk9s501lQjd8JenINZTj97+HZMo
jTNOR1Gw+qe5grpXyyKrIadeUaTawPRey7UbStHkIC/2psC/m0lOroXBRvwjmLEW
ZoqKHTDRblQAaC1RJGjAKcfGIzjKNHlW22uQwTptvjnHuM4Ux95m7lnXJ/yWTGSx
WC1Z1JgVeClhr5DEYfOAyTiVInBjJUugVhrTkopa/rAI34s7ighyUV0/xuOOmWDB
6XRRXFX7MOnhr85eef568p/g9SHrrDnVlJBfCITIO4V/80c0r250r4moL+Ns2LpM
UFDneIiFE6Vhb+TLSVrU/ik=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:56:58 2024 by rpki-client on console-ams.rpki-client.org