Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/8GTFnxh6Y4HrfScbZIjO46VAoL0.roa
File: 8GTFnxh6Y4HrfScbZIjO46VAoL0.roa (raw, json)
Hash identifier: Ut7HPCE0MK5yY7kZP9/dV47LKN4XSCv20DIhrcUEkzM=
Subject key identifier: F0:64:C5:9F:18:7A:63:81:EB:7D:27:1B:64:88:CE:E3:A5:40:A0:BD
Certificate issuer: /CN=27516d20ebefd12f072d413c4d2606bdb258691a
Certificate serial: 018437FABC05C1D2F2238D11C35A30DB54EA
Authority key identifier: 27:51:6D:20:EB:EF:D1:2F:07:2D:41:3C:4D:26:06:BD:B2:58:69:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J1FtIOvv0S8HLUE8TSYGvbJYaRo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/8GTFnxh6Y4HrfScbZIjO46VAoL0.roa
Signing time: Wed 02 Nov 2022 10:54:49 +0000
ROA not before: Wed 02 Nov 2022 10:54:49 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 35575
IP address blocks: 185.190.44.0/23 maxlen: 23
185.190.46.0/24 maxlen: 24
185.190.47.0/24 maxlen: 24
193.238.68.0/22 maxlen: 22
195.66.24.0/24 maxlen: 24
195.66.24.0/21 maxlen: 21
195.66.27.0/24 maxlen: 24
195.66.26.0/24 maxlen: 24
195.66.29.0/24 maxlen: 24
195.66.28.0/24 maxlen: 24
195.66.31.0/24 maxlen: 24
195.66.25.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:37:fa:bc:05:c1:d2:f2:23:8d:11:c3:5a:30:db:54:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=27516d20ebefd12f072d413c4d2606bdb258691a
Validity
Not Before: Nov 2 10:54:49 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=f064c59f187a6381eb7d271b6488cee3a540a0bd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:24:92:36:c9:44:81:87:87:3c:62:2d:91:38:
80:9e:b4:cf:61:78:95:ae:7a:92:20:e3:bb:f9:ba:
7f:bd:50:43:d8:48:eb:e8:d8:7b:b6:2c:9a:18:05:
54:3a:26:e6:f7:e2:dd:10:ef:0c:1b:54:fd:b7:99:
e2:27:ea:f1:90:1c:89:c7:36:43:27:b1:cc:1e:7c:
bc:a6:bb:51:34:22:ee:89:d5:f2:6f:fb:3e:f1:68:
9a:a6:be:2c:91:d3:c4:0e:2d:0e:57:ed:d7:b6:76:
99:3d:b3:18:5c:ec:04:75:78:f5:5e:a2:f6:3b:84:
73:a9:02:6c:be:44:f1:20:53:b5:eb:bc:0c:5c:fb:
ee:b3:bf:43:30:1c:e6:4b:e6:87:75:47:21:f5:c5:
59:e9:e5:85:da:95:e8:09:d7:e0:3b:6b:31:22:fe:
c2:b8:ce:95:e8:88:b6:0d:72:1d:84:16:d8:31:10:
6a:5f:78:74:5d:9c:e6:4d:a7:0c:8a:a4:a9:e1:5e:
54:5b:41:a1:fb:47:1d:06:80:f9:48:0f:c8:0d:92:
f1:9c:dd:c3:4d:b1:b4:fc:8b:2d:db:ea:03:99:78:
5e:db:c5:74:bb:30:57:aa:a7:68:4b:47:47:2d:b5:
5c:db:4a:6d:20:6f:1e:7b:e9:79:34:22:35:c4:b2:
74:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:64:C5:9F:18:7A:63:81:EB:7D:27:1B:64:88:CE:E3:A5:40:A0:BD
X509v3 Authority Key Identifier:
keyid:27:51:6D:20:EB:EF:D1:2F:07:2D:41:3C:4D:26:06:BD:B2:58:69:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J1FtIOvv0S8HLUE8TSYGvbJYaRo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/8GTFnxh6Y4HrfScbZIjO46VAoL0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/J1FtIOvv0S8HLUE8TSYGvbJYaRo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.190.44.0/22
193.238.68.0/22
195.66.24.0/21
Signature Algorithm: sha256WithRSAEncryption
87:bb:33:02:03:00:24:f4:d5:bd:ab:e5:35:0c:56:e3:b7:ff:
4c:8a:eb:92:63:6c:c2:1f:a7:0d:23:70:59:04:2f:75:63:ee:
4b:63:44:d2:ee:a7:a6:fa:a3:fb:1a:b7:30:05:f6:e6:16:6c:
8d:69:c9:67:cc:68:d9:a1:4e:39:51:57:b3:d4:2f:de:40:80:
ab:e7:58:c6:30:b8:64:84:db:d7:62:08:7c:13:26:9c:42:d9:
00:27:5a:eb:59:ce:e6:29:88:d1:7d:a4:c5:7c:d8:4e:89:af:
82:15:4b:9b:45:96:83:d7:31:ba:6b:ea:ab:82:88:a9:44:b8:
5f:d2:71:4b:eb:b1:81:cf:98:04:77:4b:50:76:fd:e9:32:4a:
c9:a4:ab:93:f9:3d:ba:88:a5:7f:28:76:c0:2f:b7:12:a3:32:
15:10:c5:9c:53:8d:de:93:a5:0c:1f:e3:bc:37:a4:52:66:e1:
80:10:85:68:30:cf:e7:95:8c:ce:bf:81:a2:78:8e:42:56:3d:
9e:37:fb:02:2e:c9:c5:22:76:a6:fc:92:cc:f4:bd:11:d5:f5:
7c:cc:ea:a8:83:e4:95:70:65:91:3f:1a:8c:5a:18:11:61:0f:
a8:00:6e:51:c7:8b:c2:b5:97:4f:b3:41:4f:46:3d:fa:fc:92:
da:5b:05:97
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYQ3+rwFwdLyI40Rw1ow21TqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3NTE2ZDIwZWJlZmQxMmYwNzJkNDEzYzRkMjYwNmJkYjI1
ODY5MWEwHhcNMjIxMTAyMTA1NDQ5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDY0YzU5ZjE4N2E2MzgxZWI3ZDI3MWI2NDg4Y2VlM2E1NDBhMGJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjySSNslEgYeHPGItkTiAnrTPYXiV
rnqSIOO7+bp/vVBD2Ejr6Nh7tiyaGAVUOibm9+LdEO8MG1T9t5niJ+rxkByJxzZD
J7HMHny8prtRNCLuidXyb/s+8Wiapr4skdPEDi0OV+3XtnaZPbMYXOwEdXj1XqL2
O4RzqQJsvkTxIFO167wMXPvus79DMBzmS+aHdUch9cVZ6eWF2pXoCdfgO2sxIv7C
uM6V6Ii2DXIdhBbYMRBqX3h0XZzmTacMiqSp4V5UW0Gh+0cdBoD5SA/IDZLxnN3D
TbG0/Ist2+oDmXhe28V0uzBXqqdoS0dHLbVc20ptIG8ee+l5NCI1xLJ0ZQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPBkxZ8YemOB630nG2SIzuOlQKC9MB8GA1UdIwQY
MBaAFCdRbSDr79EvBy1BPE0mBr2yWGkaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjFGdElPdnYwUzhITFVFOFRTWUd2YkpZYVJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81OWQ4MDgtMTU0Zi00MmFlLWFmOGYt
NzkwMjQ0NTA4ZGY0LzEvOEdURm54aDZZNEhyZlNjYlpJak80NlZBb0wwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81OWQ4MDgtMTU0Zi00MmFlLWFmOGYtNzkwMjQ0NTA4ZGY0
LzEvSjFGdElPdnYwUzhITFVFOFRTWUd2YkpZYVJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQCub4sAwQC
we5EAwQDw0IYMA0GCSqGSIb3DQEBCwUAA4IBAQCHuzMCAwAk9NW9q+U1DFbjt/9M
iuuSY2zCH6cNI3BZBC91Y+5LY0TS7qem+qP7GrcwBfbmFmyNaclnzGjZoU45UVez
1C/eQICr51jGMLhkhNvXYgh8EyacQtkAJ1rrWc7mKYjRfaTFfNhOia+CFUubRZaD
1zG6a+qrgoipRLhf0nFL67GBz5gEd0tQdv3pMkrJpKuT+T26iKV/KHbAL7cSozIV
EMWcU43ek6UMH+O8N6RSZuGAEIVoMM/nlYzOv4GieI5CVj2eN/sCLsnFInam/JLM
9L0R1fV8zOqog+SVcGWRPxqMWhgRYQ+oAG5Rx4vCtZdPs0FPRj36/JLaWwWX
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:56:58 2024 by rpki-client on console-ams.rpki-client.org