Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/8b1EarESYDOCNB9K6xvxTMPFkic.roa
File: 8b1EarESYDOCNB9K6xvxTMPFkic.roa (raw, json)
Hash identifier: xZgXMWlJTHu6ulAvpGFhSDIWU93O0JUhrUkJB5fwrhk=
Subject key identifier: F1:BD:44:6A:B1:12:60:33:82:34:1F:4A:EB:1B:F1:4C:C3:C5:92:27
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 018AFBBF12C5CFE49569DC00A1BB6E6DB781
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/8b1EarESYDOCNB9K6xvxTMPFkic.roa
Signing time: Wed 04 Oct 2023 17:31:57 +0000
ROA not before: Wed 04 Oct 2023 17:31:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7018
IP address blocks: 89.40.161.0/24 maxlen: 24
185.255.99.0/24 maxlen: 24
195.138.103.0/24 maxlen: 24
195.138.104.0/24 maxlen: 24
89.39.242.0/24 maxlen: 24
185.15.136.0/23 maxlen: 24
185.243.140.0/22 maxlen: 24
185.212.11.0/24 maxlen: 24
194.180.238.0/24 maxlen: 24
91.242.103.0/24 maxlen: 24
185.40.105.0/24 maxlen: 24
194.213.10.0/24 maxlen: 24
194.242.28.0/23 maxlen: 24
195.149.127.0/24 maxlen: 24
185.173.247.0/24 maxlen: 24
89.32.126.0/24 maxlen: 24
193.46.211.0/24 maxlen: 24
92.118.108.0/24 maxlen: 24
176.126.223.0/24 maxlen: 24
91.242.71.0/24 maxlen: 24
45.149.160.0/22 maxlen: 24
91.242.72.0/23 maxlen: 24
91.242.75.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:fb:bf:12:c5:cf:e4:95:69:dc:00:a1:bb:6e:6d:b7:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Oct 4 17:31:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f1bd446ab112603382341f4aeb1bf14cc3c59227
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:7f:ca:07:af:21:eb:0b:ab:49:7d:5b:b0:80:
d5:e1:1b:ba:35:50:9b:1b:20:0c:f9:97:c4:70:eb:
50:4a:15:40:dd:45:23:a2:23:9f:ee:cc:dd:61:00:
38:c9:2c:1c:bb:3d:66:77:e2:12:6a:71:ca:a6:5b:
c0:1d:74:45:47:f3:ae:95:9f:bc:79:e1:8a:a0:93:
1d:c6:b7:99:81:ce:b3:dc:fe:81:76:3b:7d:4d:0b:
dc:e8:a5:3d:93:3e:fc:55:2a:b9:28:e4:47:20:02:
45:11:e6:53:15:79:5d:77:73:73:e6:05:e8:e5:59:
d1:6f:0d:c6:ad:2e:45:d7:35:1c:08:9a:c2:de:14:
fe:6b:6e:0b:66:c0:6e:00:61:82:70:e6:b2:15:80:
6f:bb:e0:2e:64:f6:2b:cd:43:e8:a1:14:b3:31:fd:
3f:1f:fb:bf:ea:4d:8e:58:1c:68:85:e9:4a:64:ab:
38:5f:a2:3e:d3:db:75:4d:e8:ad:42:e4:3b:69:3b:
be:b5:40:ee:96:cf:8a:c7:ae:34:d5:17:25:04:44:
39:8d:e7:46:8c:60:c1:88:8d:0f:92:cf:38:8a:b9:
33:93:f3:72:9f:c3:08:52:58:83:1b:32:59:78:26:
77:3d:e7:93:07:d2:04:14:46:8e:c5:a8:b6:79:73:
7f:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:BD:44:6A:B1:12:60:33:82:34:1F:4A:EB:1B:F1:4C:C3:C5:92:27
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/8b1EarESYDOCNB9K6xvxTMPFkic.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.149.160.0/22
89.32.126.0/24
89.39.242.0/24
89.40.161.0/24
91.242.71.0-91.242.73.255
91.242.75.0/24
91.242.103.0/24
92.118.108.0/24
176.126.223.0/24
185.15.136.0/23
185.40.105.0/24
185.173.247.0/24
185.212.11.0/24
185.243.140.0/22
185.255.99.0/24
193.46.211.0/24
194.180.238.0/24
194.213.10.0/24
194.242.28.0/23
195.138.103.0-195.138.104.255
195.149.127.0/24
Signature Algorithm: sha256WithRSAEncryption
58:95:30:67:94:ee:74:61:cf:ec:95:5e:aa:a7:4a:61:3d:da:
44:0b:bb:40:6f:06:eb:05:1e:df:e0:97:a7:d5:c1:17:53:ed:
b1:0d:b9:97:11:fb:59:1a:12:a0:49:6b:66:ca:38:34:8e:24:
0b:f5:f2:56:f1:3b:d6:ff:24:08:04:c8:e3:7b:82:13:01:dc:
ae:80:0f:27:63:91:9d:bb:53:43:03:01:ba:02:84:82:d6:36:
23:1f:63:21:90:a0:1d:12:72:01:01:43:f0:08:7a:11:da:9f:
26:69:be:6c:89:0d:a8:fb:7e:ab:95:59:b2:f5:3d:4c:37:94:
59:75:c1:54:10:f6:a7:11:e7:98:5c:dc:51:86:64:eb:f2:26:
e0:74:ba:58:05:99:bf:96:87:85:0f:5d:6e:f8:f9:64:a5:f5:
20:d7:80:47:0e:cd:6c:6e:aa:06:9c:ae:fe:52:66:89:80:53:
16:79:7d:55:86:93:16:5f:17:dc:6d:2d:e5:c2:20:a3:76:a0:
78:f8:ad:e3:e2:e5:ec:27:19:5e:de:4d:0c:a4:55:08:02:20:
7d:5e:22:8c:b6:e7:1c:00:b3:ed:e4:74:df:f9:83:17:4a:d2:
bd:88:62:bd:f8:89:b9:79:17:e7:0c:a8:f4:3f:3e:3b:cb:66:
39:67:a4:14
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgISAYr7vxLFz+SVadwAobtubbeBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMxMDA0MTczMTU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMWJkNDQ2YWIxMTI2MDMzODIzNDFmNGFlYjFiZjE0Y2MzYzU5MjI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlX/KB68h6wurSX1bsIDV4Ru6NVCb
GyAM+ZfEcOtQShVA3UUjoiOf7szdYQA4ySwcuz1md+ISanHKplvAHXRFR/OulZ+8
eeGKoJMdxreZgc6z3P6Bdjt9TQvc6KU9kz78VSq5KORHIAJFEeZTFXldd3Nz5gXo
5VnRbw3GrS5F1zUcCJrC3hT+a24LZsBuAGGCcOayFYBvu+AuZPYrzUPooRSzMf0/
H/u/6k2OWBxohelKZKs4X6I+09t1TeitQuQ7aTu+tUDuls+Kx6401RclBEQ5jedG
jGDBiI0Pks84irkzk/Nyn8MIUliDGzJZeCZ3PeeTB9IEFEaOxai2eXN/AQIDAQAB
o4ICljCCApIwHQYDVR0OBBYEFPG9RGqxEmAzgjQfSusb8UzDxZInMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvOGIxRWFyRVNZRE9DTkI5SzZ4dnhUTVBGa2ljLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGrBggrBgEFBQcBBwEB/wSBmzCBmDCBlQQCAAEwgY4DBAIt
laADBABZIH4DBABZJ/IDBABZKKEwDAMEAFvyRwMEAVvySAMEAFvySwMEAFvyZwME
AFx2bAMEALB+3wMEAbkPiAMEALkoaQMEALmt9wMEALnUCwMEArnzjAMEALn/YwME
AMEu0wMEAMK07gMEAMLVCgMEAcLyHDAMAwQAw4pnAwQAw4poAwQAw5V/MA0GCSqG
SIb3DQEBCwUAA4IBAQBYlTBnlO50Yc/slV6qp0phPdpEC7tAbwbrBR7f4Jen1cEX
U+2xDbmXEftZGhKgSWtmyjg0jiQL9fJW8TvW/yQIBMjje4ITAdyugA8nY5Gdu1ND
AwG6AoSC1jYjH2MhkKAdEnIBAUPwCHoR2p8mab5siQ2o+36rlVmy9T1MN5RZdcFU
EPanEeeYXNxRhmTr8ibgdLpYBZm/loeFD11u+PlkpfUg14BHDs1sbqoGnK7+UmaJ
gFMWeX1VhpMWXxfcbS3lwiCjdqB4+K3j4uXsJxle3k0MpFUIAiB9XiKMtuccALPt
5HTf+YMXStK9iGK9+Im5eRfnDKj0Pz47y2Y5Z6QU
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org