Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/1-XPtaN-iiXkYMCK2_5m-UGuTZVk.roa
File: 1-XPtaN-iiXkYMCK2_5m-UGuTZVk.roa (raw, json)
Hash identifier: oUQE5wf6PqErJ609rQRDGcvPCGziu5dCHk3zrboYZVo=
Subject key identifier: F9:73:ED:68:DF:A2:89:79:18:30:22:B6:FF:99:BE:50:6B:93:65:59
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 018CAC8FDCD8A40AEEF0BC9B1EA49F4097F0
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/1-XPtaN-iiXkYMCK2_5m-UGuTZVk.roa
Signing time: Wed 27 Dec 2023 18:35:58 +0000
ROA not before: Wed 27 Dec 2023 18:35:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7018
IP address blocks: 194.180.238.0/24 maxlen: 24
91.242.103.0/24 maxlen: 24
185.40.105.0/24 maxlen: 24
194.213.10.0/24 maxlen: 24
194.242.28.0/23 maxlen: 24
185.173.247.0/24 maxlen: 24
45.67.117.0/24 maxlen: 24
91.242.71.0/24 maxlen: 24
91.242.72.0/23 maxlen: 24
94.231.198.0/24 maxlen: 24
194.56.153.0/24 maxlen: 24
91.242.75.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ac:8f:dc:d8:a4:0a:ee:f0:bc:9b:1e:a4:9f:40:97:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Dec 27 18:35:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f973ed68dfa28979183022b6ff99be506b936559
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:5e:e0:5d:3e:0b:58:f0:37:8f:80:8c:6f:d6:
a8:33:8a:64:06:e2:41:7e:9f:ef:18:a6:d8:9f:dc:
88:5f:33:75:a6:2a:51:c4:8b:25:da:7a:22:60:a2:
32:a4:e3:5e:6d:db:2e:a7:57:77:e2:4c:42:ac:f4:
17:93:13:94:d0:3e:55:5a:d3:b4:07:fc:44:36:66:
af:c6:12:ff:77:48:47:f5:9a:8c:50:3e:0f:64:f1:
fa:8b:f4:1d:c3:76:1e:3c:c5:1b:30:75:ca:1d:26:
91:05:7e:fa:fc:73:e6:c2:e3:5e:2e:bd:dc:e1:a3:
bc:e2:14:c1:fe:3d:a9:37:2c:28:7e:0f:2d:71:b9:
82:37:cc:1d:f5:32:ce:49:b5:6f:86:fa:41:02:6e:
21:d4:86:9c:28:0d:70:a7:28:3d:ae:91:a6:a4:15:
2a:05:03:1c:d9:b2:a6:ff:a3:d7:cc:3d:e4:23:c3:
d2:da:18:f4:cf:74:81:4d:19:b8:60:1a:f1:67:7e:
ac:d9:16:ab:a4:16:4a:da:aa:bf:ae:20:1a:95:6e:
d4:43:e0:69:b8:71:0e:ea:6a:f2:e6:4a:69:9d:4a:
8d:93:92:c0:8b:45:f4:92:97:88:64:68:7d:89:a0:
2a:c9:00:46:c2:ab:a6:1d:df:62:e0:03:cc:ac:81:
6f:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:73:ED:68:DF:A2:89:79:18:30:22:B6:FF:99:BE:50:6B:93:65:59
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/1-XPtaN-iiXkYMCK2_5m-UGuTZVk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.67.117.0/24
91.242.71.0-91.242.73.255
91.242.75.0/24
91.242.103.0/24
94.231.198.0/24
185.40.105.0/24
185.173.247.0/24
194.56.153.0/24
194.180.238.0/24
194.213.10.0/24
194.242.28.0/23
Signature Algorithm: sha256WithRSAEncryption
7e:6e:ea:4f:f6:6f:94:3a:c4:73:7f:53:ab:4c:39:c6:c4:fd:
42:0a:b9:69:ea:cc:78:f9:7b:df:6e:4a:ae:c0:66:36:cf:f7:
8e:64:34:c0:ee:cf:58:4d:f4:4c:6b:ef:e6:c0:48:dc:78:0e:
12:1e:41:99:b5:6b:b1:d2:7a:8e:3b:c9:3b:51:be:c1:ae:ec:
70:a7:0e:43:2e:c4:dc:ef:01:3e:e5:21:92:ec:14:6b:2f:14:
e4:11:01:4d:c8:c0:36:54:fa:50:4a:f5:9a:ba:05:13:c1:c0:
93:af:cb:2d:11:83:42:ae:18:ce:8a:e9:f0:15:65:86:1c:09:
cd:ac:07:ee:54:b7:35:60:50:4d:37:27:2d:1a:43:cf:fb:38:
37:4e:41:2a:db:ed:4f:9e:fa:37:e9:4c:a3:62:5a:dc:88:bf:
52:d5:ef:cc:ab:be:23:65:d0:64:49:07:b0:db:51:97:d4:75:
4e:51:48:a8:b4:a1:b5:93:29:5a:0d:e9:3b:ac:ff:79:f1:77:
7b:d2:4e:dd:4f:b9:5e:ba:60:df:f5:ec:92:6c:0b:18:a3:ad:
60:c0:00:dc:72:c0:3e:f5:cc:71:8e:85:a4:75:5b:5f:cd:50:
c4:c3:cf:c5:ea:34:f7:03:d1:15:cd:dd:68:b5:02:a0:c9:bf:
88:3b:9e:0e
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYysj9zYpAru8LybHqSfQJfwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMxMjI3MTgzNTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOTczZWQ2OGRmYTI4OTc5MTgzMDIyYjZmZjk5YmU1MDZiOTM2NTU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy17gXT4LWPA3j4CMb9aoM4pkBuJB
fp/vGKbYn9yIXzN1pipRxIsl2noiYKIypONebdsup1d34kxCrPQXkxOU0D5VWtO0
B/xENmavxhL/d0hH9ZqMUD4PZPH6i/Qdw3YePMUbMHXKHSaRBX76/HPmwuNeLr3c
4aO84hTB/j2pNywofg8tcbmCN8wd9TLOSbVvhvpBAm4h1IacKA1wpyg9rpGmpBUq
BQMc2bKm/6PXzD3kI8PS2hj0z3SBTRm4YBrxZ36s2RarpBZK2qq/riAalW7UQ+Bp
uHEO6mry5kppnUqNk5LAi0X0kpeIZGh9iaAqyQBGwqumHd9i4APMrIFvoQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFPlz7Wjfool5GDAitv+ZvlBrk2VZMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvMS1YUHRhTi1paVhrWU1DSzJfNW0tVUd1VFpWay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmIvODFmZDFhLTQ3YTctNDVkOC1iZTc0LTNhYzllNTZjMzA4
OS8xL2k2c3dhRGhaN0g0Q0J2NlNaVFktampseHFhZy5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBjBggrBgEFBQcBBwEB/wRUMFIwUAQCAAEwSgMEAC1DdTAM
AwQAW/JHAwQBW/JIAwQAW/JLAwQAW/JnAwQAXufGAwQAuShpAwQAua33AwQAwjiZ
AwQAwrTuAwQAwtUKAwQBwvIcMA0GCSqGSIb3DQEBCwUAA4IBAQB+bupP9m+UOsRz
f1OrTDnGxP1CCrlp6sx4+XvfbkquwGY2z/eOZDTA7s9YTfRMa+/mwEjceA4SHkGZ
tWux0nqOO8k7Ub7Bruxwpw5DLsTc7wE+5SGS7BRrLxTkEQFNyMA2VPpQSvWaugUT
wcCTr8stEYNCrhjOiunwFWWGHAnNrAfuVLc1YFBNNyctGkPP+zg3TkEq2+1Pnvo3
6UyjYlrciL9S1e/Mq74jZdBkSQew21GX1HVOUUiotKG1kylaDek7rP958Xd70k7d
T7leumDf9eySbAsYo61gwADccsA+9cxxjoWkdVtfzVDEw8/F6jT3A9EVzd1otQKg
yb+IO54O
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:25 2024 by rpki-client on console-ams.rpki-client.org