Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/sIrPxGL_6ca-GFwDRLDQsR2ougk.roa
File: sIrPxGL_6ca-GFwDRLDQsR2ougk.roa (raw, json)
Hash identifier: VqNGI/nf7hfVQ78FxZqEVM6i5EYWydo/maIr2KQbE5s=
Subject key identifier: B0:8A:CF:C4:62:FF:E9:C6:BE:18:5C:03:44:B0:D0:B1:1D:A8:BA:09
Certificate issuer: /CN=27516d20ebefd12f072d413c4d2606bdb258691a
Certificate serial: 018D63E6CA9912D40527D7338D56370C9B6C
Authority key identifier: 27:51:6D:20:EB:EF:D1:2F:07:2D:41:3C:4D:26:06:BD:B2:58:69:1A
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J1FtIOvv0S8HLUE8TSYGvbJYaRo.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/sIrPxGL_6ca-GFwDRLDQsR2ougk.roa
Signing time: Thu 01 Feb 2024 09:01:25 +0000
ROA not before: Thu 01 Feb 2024 09:01:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 35575
IP address blocks: 185.190.44.0/24 maxlen: 24
185.190.45.0/24 maxlen: 24
185.190.46.0/24 maxlen: 24
185.190.47.0/24 maxlen: 24
193.238.68.0/22 maxlen: 22
195.66.27.0/24 maxlen: 24
195.66.31.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:63:e6:ca:99:12:d4:05:27:d7:33:8d:56:37:0c:9b:6c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=27516d20ebefd12f072d413c4d2606bdb258691a
Validity
Not Before: Feb 1 09:01:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b08acfc462ffe9c6be185c0344b0d0b11da8ba09
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f1:0e:27:06:c3:2b:26:14:48:93:08:ab:b7:a6:
35:6d:ab:a2:47:86:b6:38:bc:37:de:88:48:03:d1:
f1:bc:ca:b8:c3:a6:41:4f:11:91:fa:51:74:95:4e:
4a:06:51:fe:f5:fc:8e:8f:85:87:8f:c2:d5:a1:22:
92:7b:fc:17:4a:aa:c8:ec:b4:31:19:e2:54:ca:93:
1e:53:e5:34:10:ec:7f:f0:2a:43:bf:00:43:42:d7:
6e:99:45:a6:01:0a:da:a3:8a:53:02:05:4f:73:e4:
ba:1a:09:3d:6f:06:d7:94:b1:d1:c8:fb:5e:e1:72:
19:ad:ec:23:7f:c0:af:25:66:07:e7:c9:1e:28:1f:
8a:c4:9f:96:a3:3f:db:15:b8:d7:2a:9f:4a:9a:56:
38:a3:bd:4a:e0:9d:a2:ac:0c:ab:6f:3f:bf:f7:c0:
ad:e1:44:19:fb:e3:15:66:6c:d8:06:a8:7d:30:bf:
5a:43:a8:47:1b:7b:30:64:f4:ae:6b:87:b0:12:bd:
b5:b3:46:37:00:7d:aa:c9:c9:5b:8f:78:a1:3a:ed:
97:15:6f:b0:bc:d4:31:36:3a:6d:4b:3f:2a:28:be:
f2:92:fa:0d:8d:c3:eb:fe:e7:49:c3:b8:57:a8:14:
65:b3:9f:f7:36:c2:40:66:1e:bd:da:a3:74:2e:59:
93:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:8A:CF:C4:62:FF:E9:C6:BE:18:5C:03:44:B0:D0:B1:1D:A8:BA:09
X509v3 Authority Key Identifier:
keyid:27:51:6D:20:EB:EF:D1:2F:07:2D:41:3C:4D:26:06:BD:B2:58:69:1A
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J1FtIOvv0S8HLUE8TSYGvbJYaRo.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/sIrPxGL_6ca-GFwDRLDQsR2ougk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/59d808-154f-42ae-af8f-790244508df4/1/J1FtIOvv0S8HLUE8TSYGvbJYaRo.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.190.44.0/22
193.238.68.0/22
195.66.27.0/24
195.66.31.0/24
Signature Algorithm: sha256WithRSAEncryption
24:2a:a2:6f:c4:d3:1c:ff:fe:1d:48:a5:e2:87:13:5b:38:5a:
20:27:8f:35:56:fe:57:51:31:92:44:1a:6a:c2:6c:a2:64:48:
91:40:08:f6:a5:33:86:03:c8:70:ef:7c:4c:97:60:2a:c7:ef:
bf:e0:aa:3d:d8:f3:ed:2b:11:fd:1c:fd:da:b3:38:d3:46:0e:
5a:90:06:77:6c:0c:87:72:d3:81:23:85:4e:e9:4d:b5:18:d8:
d7:e9:fc:09:43:6a:ad:6d:b7:fa:71:52:5e:c3:f8:7e:9e:f7:
14:fa:3b:62:31:20:f1:1f:f9:ac:f4:0d:92:44:ef:75:5d:9e:
f9:87:4e:24:3e:ab:d0:a1:43:b3:46:d4:02:4f:4d:26:07:26:
1f:c6:b9:3b:02:93:5b:28:42:01:bc:51:4f:bf:48:c5:03:7a:
fe:34:d5:6c:34:cd:70:dc:db:a1:06:18:d0:82:4b:98:2f:cd:
c7:fb:c4:99:9a:97:1f:ee:7b:9a:93:14:b9:bc:34:3f:be:b6:
6f:ca:e6:62:54:be:1a:90:d4:eb:01:7e:21:f0:fe:39:8b:64:
a2:ac:31:c4:d1:65:b7:1b:01:2f:cc:21:14:91:05:46:ad:9b:
a0:3a:5f:fb:51:9e:75:b8:ca:33:4e:f0:03:a9:6c:dc:66:2f:
9c:5d:d9:52
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAY1j5sqZEtQFJ9czjVY3DJtsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3NTE2ZDIwZWJlZmQxMmYwNzJkNDEzYzRkMjYwNmJkYjI1
ODY5MWEwHhcNMjQwMjAxMDkwMTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDhhY2ZjNDYyZmZlOWM2YmUxODVjMDM0NGIwZDBiMTFkYThiYTA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Q4nBsMrJhRIkwirt6Y1bauiR4a2
OLw33ohIA9HxvMq4w6ZBTxGR+lF0lU5KBlH+9fyOj4WHj8LVoSKSe/wXSqrI7LQx
GeJUypMeU+U0EOx/8CpDvwBDQtdumUWmAQrao4pTAgVPc+S6Ggk9bwbXlLHRyPte
4XIZrewjf8CvJWYH58keKB+KxJ+Woz/bFbjXKp9KmlY4o71K4J2irAyrbz+/98Ct
4UQZ++MVZmzYBqh9ML9aQ6hHG3swZPSua4ewEr21s0Y3AH2qyclbj3ihOu2XFW+w
vNQxNjptSz8qKL7ykvoNjcPr/udJw7hXqBRls5/3NsJAZh692qN0LlmTxQIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFLCKz8Ri/+nGvhhcA0Sw0LEdqLoJMB8GA1UdIwQY
MBaAFCdRbSDr79EvBy1BPE0mBr2yWGkaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjFGdElPdnYwUzhITFVFOFRTWUd2YkpZYVJvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xYy81OWQ4MDgtMTU0Zi00MmFlLWFmOGYt
NzkwMjQ0NTA4ZGY0LzEvc0lyUHhHTF82Y2EtR0Z3RFJMRFFzUjJvdWdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xYy81OWQ4MDgtMTU0Zi00MmFlLWFmOGYtNzkwMjQ0NTA4ZGY0
LzEvSjFGdElPdnYwUzhITFVFOFRTWUd2YkpZYVJvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCub4sAwQC
we5EAwQAw0IbAwQAw0IfMA0GCSqGSIb3DQEBCwUAA4IBAQAkKqJvxNMc//4dSKXi
hxNbOFogJ481Vv5XUTGSRBpqwmyiZEiRQAj2pTOGA8hw73xMl2Aqx++/4Ko92PPt
KxH9HP3aszjTRg5akAZ3bAyHctOBI4VO6U21GNjX6fwJQ2qtbbf6cVJew/h+nvcU
+jtiMSDxH/ms9A2SRO91XZ75h04kPqvQoUOzRtQCT00mByYfxrk7ApNbKEIBvFFP
v0jFA3r+NNVsNM1w3NuhBhjQgkuYL83H+8SZmpcf7nuakxS5vDQ/vrZvyuZiVL4a
kNTrAX4h8P45i2SirDHE0WW3GwEvzCEUkQVGrZugOl/7UZ51uMozTvADqWzcZi+c
XdlS
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:25:40 2025 by rpki-client