Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/CHy3Lp7S7HCLCh_7IFHzOp9kMRw.roa
File: CHy3Lp7S7HCLCh_7IFHzOp9kMRw.roa (raw, json)
Hash identifier: Sckd2oXqBgqV2/SODVjugA9wQp8yXp8tIKYZzP3DF2E=
Subject key identifier: 08:7C:B7:2E:9E:D2:EC:70:8B:0A:1F:FB:20:51:F3:3A:9F:64:31:1C
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 018AFE78B53DC271B855C7D172C93D5A5D8B
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/CHy3Lp7S7HCLCh_7IFHzOp9kMRw.roa
Signing time: Thu 05 Oct 2023 06:13:58 +0000
ROA not before: Thu 05 Oct 2023 06:13:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7018
IP address blocks: 185.255.99.0/24 maxlen: 24
89.39.242.0/24 maxlen: 24
194.56.152.0/24 maxlen: 24
185.243.140.0/22 maxlen: 24
94.231.198.0/24 maxlen: 24
194.56.153.0/24 maxlen: 24
185.212.11.0/24 maxlen: 24
91.242.103.0/24 maxlen: 24
185.40.105.0/24 maxlen: 24
194.242.28.0/23 maxlen: 24
195.149.127.0/24 maxlen: 24
193.46.211.0/24 maxlen: 24
91.242.71.0/24 maxlen: 24
45.149.160.0/22 maxlen: 24
91.242.72.0/23 maxlen: 24
91.242.75.0/24 maxlen: 24
89.40.161.0/24 maxlen: 24
195.138.103.0/24 maxlen: 24
195.138.104.0/24 maxlen: 24
185.15.136.0/23 maxlen: 24
80.94.80.0/23 maxlen: 24
45.67.117.0/24 maxlen: 24
45.15.64.0/22 maxlen: 24
194.180.238.0/24 maxlen: 24
194.213.10.0/24 maxlen: 24
185.173.247.0/24 maxlen: 24
89.32.126.0/24 maxlen: 24
92.118.108.0/24 maxlen: 24
176.126.223.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:fe:78:b5:3d:c2:71:b8:55:c7:d1:72:c9:3d:5a:5d:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Oct 5 06:13:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=087cb72e9ed2ec708b0a1ffb2051f33a9f64311c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:9f:f9:a6:7e:82:4d:0f:eb:9d:5e:ee:42:68:
3f:be:47:65:76:3d:77:9d:ac:a3:52:18:0d:4a:55:
4d:32:3d:22:7c:33:33:bf:7d:e2:93:79:35:16:5d:
a2:bd:55:71:aa:9a:7a:48:68:9e:4a:9f:78:5e:7d:
3f:ed:f4:6f:64:d3:9e:d2:f2:81:66:7d:5b:b9:3b:
f3:a0:d4:ab:dd:c2:f3:ff:c4:6f:b9:c7:2e:ab:73:
f1:23:89:84:54:c2:e5:29:38:da:9c:be:e6:c6:22:
d6:56:a1:c4:39:b1:a7:47:db:59:b4:07:94:e4:20:
51:b2:43:0b:09:ee:00:c2:c7:e5:c9:05:0f:21:20:
aa:b7:9c:23:2a:fc:6a:c1:66:8f:6a:e5:11:0d:be:
d0:56:f7:f3:93:44:a2:17:08:64:b5:6c:c5:e4:2a:
41:b3:be:bc:e4:a6:b6:50:4e:bb:77:00:da:2c:e7:
22:36:d5:17:97:2f:62:49:40:d1:3c:f6:9e:00:7f:
a7:15:df:3e:e1:98:61:90:a5:08:fc:57:f7:d0:32:
13:37:f2:47:92:9d:65:e0:af:d5:01:cb:3b:ab:3d:
fc:cd:15:e8:d5:cb:cd:db:c0:ae:17:d2:49:73:bd:
da:f8:9e:8f:82:2a:7d:a4:ec:32:24:e0:22:6e:bf:
b1:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:7C:B7:2E:9E:D2:EC:70:8B:0A:1F:FB:20:51:F3:3A:9F:64:31:1C
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/CHy3Lp7S7HCLCh_7IFHzOp9kMRw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.15.64.0/22
45.67.117.0/24
45.149.160.0/22
80.94.80.0/23
89.32.126.0/24
89.39.242.0/24
89.40.161.0/24
91.242.71.0-91.242.73.255
91.242.75.0/24
91.242.103.0/24
92.118.108.0/24
94.231.198.0/24
176.126.223.0/24
185.15.136.0/23
185.40.105.0/24
185.173.247.0/24
185.212.11.0/24
185.243.140.0/22
185.255.99.0/24
193.46.211.0/24
194.56.152.0/23
194.180.238.0/24
194.213.10.0/24
194.242.28.0/23
195.138.103.0-195.138.104.255
195.149.127.0/24
Signature Algorithm: sha256WithRSAEncryption
ad:bd:cb:76:57:51:61:d3:28:15:98:2b:e6:82:9f:c2:4a:d7:
ed:ab:71:10:34:d9:1d:d2:4a:34:f6:f2:6f:2f:8c:f1:88:eb:
72:00:05:5e:30:bb:54:e6:89:c1:4c:5e:65:2a:6c:2d:91:59:
0d:84:c7:4a:7b:c3:de:90:b7:cf:2e:b5:14:56:53:08:35:45:
65:c4:04:63:4b:7b:fd:31:e4:c1:84:de:58:db:95:ea:df:b4:
05:84:f1:54:c1:61:71:f2:75:ab:88:79:74:2e:d5:b1:18:ac:
58:75:ab:fc:ae:c9:92:51:46:83:a3:94:4d:f9:98:54:82:c4:
22:90:c7:a3:b0:4e:0c:9b:80:f5:29:34:26:3b:13:25:01:48:
e0:ca:24:4b:69:80:64:2d:25:7f:d2:8d:82:86:c9:42:b1:f2:
98:2e:90:fc:81:cc:df:b0:4b:48:20:43:80:c7:3e:40:82:6f:
ca:fa:19:56:b9:17:82:5e:ff:ab:79:db:b0:3e:16:2d:91:a5:
ce:5b:80:e4:74:24:ec:08:51:11:64:e3:d1:c6:a0:31:3c:62:
e9:85:78:45:7c:48:28:0c:92:0a:e0:45:cf:f4:a7:00:59:9f:
8d:22:d5:f6:4d:51:fe:7a:01:d8:e5:47:ea:c8:ab:2d:cd:ce:
e6:0a:2d:7c
-----BEGIN CERTIFICATE-----
MIIFqDCCBJCgAwIBAgISAYr+eLU9wnG4VcfRcsk9Wl2LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMxMDA1MDYxMzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODdjYjcyZTllZDJlYzcwOGIwYTFmZmIyMDUxZjMzYTlmNjQzMTFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl5/5pn6CTQ/rnV7uQmg/vkdldj13
nayjUhgNSlVNMj0ifDMzv33ik3k1Fl2ivVVxqpp6SGieSp94Xn0/7fRvZNOe0vKB
Zn1buTvzoNSr3cLz/8Rvuccuq3PxI4mEVMLlKTjanL7mxiLWVqHEObGnR9tZtAeU
5CBRskMLCe4AwsflyQUPISCqt5wjKvxqwWaPauURDb7QVvfzk0SiFwhktWzF5CpB
s7685Ka2UE67dwDaLOciNtUXly9iSUDRPPaeAH+nFd8+4ZhhkKUI/Ff30DITN/JH
kp1l4K/VAcs7qz38zRXo1cvN28CuF9JJc73a+J6Pgip9pOwyJOAibr+xcQIDAQAB
o4ICtDCCArAwHQYDVR0OBBYEFAh8ty6e0uxwiwof+yBR8zqfZDEcMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvQ0h5M0xwN1M3SENMQ2hfN0lGSHpPcDlrTVJ3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHJBggrBgEFBQcBBwEB/wSBuTCBtjCBswQCAAEwgawDBAIt
D0ADBAAtQ3UDBAItlaADBAFQXlADBABZIH4DBABZJ/IDBABZKKEwDAMEAFvyRwME
AVvySAMEAFvySwMEAFvyZwMEAFx2bAMEAF7nxgMEALB+3wMEAbkPiAMEALkoaQME
ALmt9wMEALnUCwMEArnzjAMEALn/YwMEAMEu0wMEAcI4mAMEAMK07gMEAMLVCgME
AcLyHDAMAwQAw4pnAwQAw4poAwQAw5V/MA0GCSqGSIb3DQEBCwUAA4IBAQCtvct2
V1Fh0ygVmCvmgp/CStftq3EQNNkd0ko09vJvL4zxiOtyAAVeMLtU5onBTF5lKmwt
kVkNhMdKe8PekLfPLrUUVlMINUVlxARjS3v9MeTBhN5Y25Xq37QFhPFUwWFx8nWr
iHl0LtWxGKxYdav8rsmSUUaDo5RN+ZhUgsQikMejsE4Mm4D1KTQmOxMlAUjgyiRL
aYBkLSV/0o2ChslCsfKYLpD8gczfsEtIIEOAxz5Agm/K+hlWuReCXv+reduwPhYt
kaXOW4DkdCTsCFERZOPRxqAxPGLphXhFfEgoDJIK4EXP9KcAWZ+NItX2TVH+egHY
5UfqyKstzc7mCi18
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:26 2024 by rpki-client on console-ams.rpki-client.org