Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/23/741668-d2e5-4ea2-a55a-a7514fc4eb48/1/mo-vjrrvPMJ-55ZFQ9R8dk5XaRg.roa
File: mo-vjrrvPMJ-55ZFQ9R8dk5XaRg.roa (raw, json)
Hash identifier: gmngK1eL46YWshmtW3trtaFSWokogvbrpaS/kxaNC98=
Subject key identifier: 9A:8F:AF:8E:BA:EF:3C:C2:7E:E7:96:45:43:D4:7C:76:4E:57:69:18
Certificate issuer: /CN=108e1a53b1eb11d821be966dfa4af17f70cc08bd
Certificate serial: 04BC2C95
Authority key identifier: 10:8E:1A:53:B1:EB:11:D8:21:BE:96:6D:FA:4A:F1:7F:70:CC:08:BD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EI4aU7HrEdghvpZt-krxf3DMCL0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/23/741668-d2e5-4ea2-a55a-a7514fc4eb48/1/mo-vjrrvPMJ-55ZFQ9R8dk5XaRg.roa
Signing time: Sun 10 Apr 2022 17:30:57 +0000
ROA not before: Sun 10 Apr 2022 17:30:57 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 41011
IP address blocks: 193.238.244.0/24 maxlen: 24
193.238.245.0/24 maxlen: 24
193.238.246.0/24 maxlen: 24
185.249.132.0/24 maxlen: 24
185.249.133.0/24 maxlen: 24
185.249.134.0/24 maxlen: 24
185.238.161.0/24 maxlen: 24
185.108.156.0/24 maxlen: 24
185.244.208.0/24 maxlen: 24
185.244.209.0/24 maxlen: 24
185.244.210.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 79441045 (0x4bc2c95)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=108e1a53b1eb11d821be966dfa4af17f70cc08bd
Validity
Not Before: Apr 10 17:30:57 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9a8faf8ebaef3cc27ee7964543d47c764e576918
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:64:2b:d4:d9:e3:53:d4:58:ff:a7:0e:45:6e:
b2:fb:d1:5e:bf:0a:b2:5f:d2:e9:2a:ba:fb:a0:87:
60:bc:40:04:42:5c:fb:5e:e5:e1:ed:e2:40:6c:df:
a3:e5:ea:e6:d5:c2:54:00:36:dd:b9:86:a1:bf:b8:
b0:d6:3e:ed:df:4d:08:41:7b:04:f3:39:9f:52:88:
e1:50:79:89:31:f7:6d:e5:b8:6a:00:39:3e:fa:c8:
1e:13:6c:b4:d5:68:d2:a1:bd:0f:b3:08:54:a7:b2:
34:bc:3b:b4:53:51:2d:e9:7c:d0:75:3c:8b:98:1a:
b7:a5:30:65:3a:95:cb:49:ee:0d:87:ac:f3:f0:ee:
ab:b9:bc:6f:0d:6d:72:e6:91:67:3a:d4:54:b8:48:
14:2f:0d:c7:76:a6:11:08:78:8f:87:c0:b3:f4:f8:
87:89:32:2a:18:3d:db:50:79:50:cf:10:d3:ec:5b:
2c:5e:01:25:16:ff:3f:8d:64:6c:f8:38:4d:09:a8:
89:6a:1d:5a:c3:7d:7f:7b:bc:72:dd:c6:4d:4a:be:
f9:84:7a:d0:7c:3c:e5:c1:32:a7:22:ed:dd:62:67:
73:66:7d:89:92:f6:ac:9d:e7:5a:c6:05:44:50:14:
f5:e3:1c:d9:38:8f:99:80:d8:4b:ae:0d:0b:ab:57:
18:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:8F:AF:8E:BA:EF:3C:C2:7E:E7:96:45:43:D4:7C:76:4E:57:69:18
X509v3 Authority Key Identifier:
keyid:10:8E:1A:53:B1:EB:11:D8:21:BE:96:6D:FA:4A:F1:7F:70:CC:08:BD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EI4aU7HrEdghvpZt-krxf3DMCL0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/23/741668-d2e5-4ea2-a55a-a7514fc4eb48/1/mo-vjrrvPMJ-55ZFQ9R8dk5XaRg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/23/741668-d2e5-4ea2-a55a-a7514fc4eb48/1/EI4aU7HrEdghvpZt-krxf3DMCL0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.108.156.0/24
185.238.161.0/24
185.244.208.0-185.244.210.255
185.249.132.0-185.249.134.255
193.238.244.0-193.238.246.255
Signature Algorithm: sha256WithRSAEncryption
90:21:0d:5c:cb:1f:0b:60:c3:93:08:c0:49:43:c6:7f:3e:64:
1d:71:ed:ed:a0:fd:b9:20:55:ce:f6:3c:ac:2c:95:c9:a4:8f:
83:6a:7a:70:7b:6a:62:27:a5:0a:1e:69:4b:ca:79:72:95:0e:
bf:1e:ad:02:37:e2:7a:89:f1:d9:7c:d5:e7:f7:60:f6:c9:74:
c7:1d:f6:0a:3b:77:f4:53:ea:18:f3:94:20:0f:3c:ce:21:a9:
38:0e:96:61:68:ab:34:e0:b2:21:69:dc:2e:55:f1:e5:66:2b:
9a:c0:f8:74:01:3e:ea:65:5a:6c:4e:ba:cb:ee:fb:b3:d8:a2:
23:03:cf:89:05:e0:f9:de:4e:87:12:ef:cd:21:71:10:e7:7e:
31:2b:5a:a4:a3:7b:a5:80:10:3b:97:33:90:59:d5:9f:5a:c1:
06:93:9a:b5:d2:a3:7c:ce:e4:f1:79:aa:3a:36:f6:e7:27:a7:
6b:2a:6b:e1:4d:2a:2c:11:97:b9:1e:57:a8:fc:a6:bf:f3:8a:
d7:40:f5:1d:3d:9a:bf:40:38:e0:0c:bd:91:1e:07:bb:e7:b4:
84:ad:8a:7b:26:94:6a:02:0e:e3:fb:f4:ad:57:d8:22:50:d6:
f1:86:b9:26:6b:d5:c6:e3:32:85:6e:53:89:8f:7a:02:e6:39:
82:0b:03:a1
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIEBLwslTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MDhlMWE1M2IxZWIxMWQ4MjFiZTk2NmRmYTRhZjE3ZjcwY2MwOGJkMB4XDTIyMDQx
MDE3MzA1N1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWE4ZmFmOGViYWVm
M2NjMjdlZTc5NjQ1NDNkNDdjNzY0ZTU3NjkxODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAINkK9TZ41PUWP+nDkVusvvRXr8Ksl/S6Sq6+6CHYLxABEJc
+17l4e3iQGzfo+Xq5tXCVAA23bmGob+4sNY+7d9NCEF7BPM5n1KI4VB5iTH3beW4
agA5PvrIHhNstNVo0qG9D7MIVKeyNLw7tFNRLel80HU8i5gat6UwZTqVy0nuDYes
8/Duq7m8bw1tcuaRZzrUVLhIFC8Nx3amEQh4j4fAs/T4h4kyKhg921B5UM8Q0+xb
LF4BJRb/P41kbPg4TQmoiWodWsN9f3u8ct3GTUq++YR60Hw85cEypyLt3WJnc2Z9
iZL2rJ3nWsYFRFAU9eMc2TiPmYDYS64NC6tXGHcCAwEAAaOCAjkwggI1MB0GA1Ud
DgQWBBSaj6+Ouu88wn7nlkVD1Hx2TldpGDAfBgNVHSMEGDAWgBQQjhpTsesR2CG+
lm36SvF/cMwIvTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VJNGFVN0hyRWRnaHZwWnQta3J4ZjNETUNMMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMjMvNzQxNjY4LWQyZTUtNGVhMi1hNTVhLWE3NTE0ZmM0ZWI0OC8x
L21vLXZqcnJ2UE1KLTU1WkZROVI4ZGs1WGFSZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMjMv
NzQxNjY4LWQyZTUtNGVhMi1hNTVhLWE3NTE0ZmM0ZWI0OC8xL0VJNGFVN0hyRWRn
aHZwWnQta3J4ZjNETUNMMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBP
BggrBgEFBQcBBwEB/wRAMD4wPAQCAAEwNgMEALlsnAMEALnuoTAMAwQEufTQAwQA
ufTSMAwDBAK5+YQDBAC5+YYwDAMEAsHu9AMEAMHu9jANBgkqhkiG9w0BAQsFAAOC
AQEAkCENXMsfC2DDkwjASUPGfz5kHXHt7aD9uSBVzvY8rCyVyaSPg2p6cHtqYiel
Ch5pS8p5cpUOvx6tAjfieonx2XzV5/dg9sl0xx32Cjt39FPqGPOUIA88ziGpOA6W
YWirNOCyIWncLlXx5WYrmsD4dAE+6mVabE66y+77s9iiIwPPiQXg+d5OhxLvzSFx
EOd+MStapKN7pYAQO5czkFnVn1rBBpOatdKjfM7k8XmqOjb25yenaypr4U0qLBGX
uR5XqPymv/OK10D1HT2av0A44Ay9kR4Hu+e0hK2KeyaUagIO4/v0rVfYIlDW8Ya5
JmvVxuMyhW5TiY96AuY5ggsDoQ==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:49:04 2023 by rpki-client on console-ams.rpki-client.org