Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/D0_dEuLFP8Re0LdkCPWxi8oJbe4.roa
File: D0_dEuLFP8Re0LdkCPWxi8oJbe4.roa (raw, json)
Hash identifier: SjELXSh31w1vfZqdTJYcNmL+3heaGrtjA7YwbgtpUB8=
Subject key identifier: 0F:4F:DD:12:E2:C5:3F:C4:5E:D0:B7:64:08:F5:B1:8B:CA:09:6D:EE
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 0185F2D3757D90AABFBFE9276E596E5A97E4
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/D0_dEuLFP8Re0LdkCPWxi8oJbe4.roa
Signing time: Fri 27 Jan 2023 10:43:42 +0000
ROA not before: Fri 27 Jan 2023 10:43:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209945
IP address blocks: 5.182.28.0/22 maxlen: 22
185.255.98.0/23 maxlen: 23
2.56.0.0/22 maxlen: 22
195.149.127.0/24 maxlen: 24
5.252.168.0/22 maxlen: 22
92.118.108.0/24 maxlen: 24
91.201.107.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:f2:d3:75:7d:90:aa:bf:bf:e9:27:6e:59:6e:5a:97:e4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Jan 27 10:43:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0f4fdd12e2c53fc45ed0b76408f5b18bca096dee
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:48:3d:6a:a2:33:34:99:83:aa:98:b7:cf:a5:
6c:4b:90:a6:e9:81:c3:e0:69:36:17:a1:f7:50:d6:
5c:80:08:9f:16:29:c8:54:15:77:db:94:e8:b6:e8:
96:99:bb:53:22:40:b6:1e:ba:3d:18:43:16:e0:48:
be:c9:99:35:1e:5d:48:cf:1d:86:53:00:a0:2a:fa:
c1:df:f3:fd:e2:2a:16:4a:10:25:6e:f6:ea:29:3c:
6d:13:d4:b4:35:bd:b3:60:12:bf:6c:6d:14:93:f0:
8a:bb:3e:48:e1:36:01:35:45:43:0a:b7:af:15:ad:
02:0d:da:0d:5e:d8:c9:1d:93:9c:2b:d8:1f:9f:80:
ea:b1:21:36:83:30:9f:db:ce:52:aa:ba:fb:2f:32:
5f:fb:cf:1e:60:08:12:c4:d1:c8:5b:be:00:f5:79:
54:e9:12:86:00:e1:90:db:c8:eb:b7:35:ae:63:fd:
54:c6:ef:9b:16:cb:64:5f:d7:58:78:ef:fc:68:d9:
3e:d5:a5:46:57:a0:e4:72:a0:81:5b:92:d9:4a:83:
f6:a0:63:f5:de:92:52:91:6e:40:eb:57:50:77:76:
1a:83:a6:6f:85:ad:67:df:20:2e:28:21:37:f7:06:
4b:37:5e:7d:f6:40:94:7f:8b:18:cd:01:4b:00:51:
05:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:4F:DD:12:E2:C5:3F:C4:5E:D0:B7:64:08:F5:B1:8B:CA:09:6D:EE
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/D0_dEuLFP8Re0LdkCPWxi8oJbe4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.0.0/22
5.182.28.0/22
5.252.168.0/22
91.201.107.0/24
92.118.108.0/24
185.255.98.0/23
195.149.127.0/24
Signature Algorithm: sha256WithRSAEncryption
a1:47:2d:9f:c7:3f:04:7d:36:f7:b6:32:b5:55:a1:7f:04:37:
08:29:a0:8a:78:e7:53:24:c6:7a:cb:6c:e6:2a:83:01:bd:d3:
59:21:f4:38:dc:cc:ff:cc:1b:60:69:17:b9:17:74:1a:63:b9:
71:89:d3:d3:f3:ef:e3:b6:f3:87:2c:09:cb:0d:6a:ac:02:32:
ba:66:8d:35:f1:52:6e:a0:41:29:03:42:2a:12:75:63:78:01:
8e:e8:39:42:ef:34:ab:5f:cf:66:50:8f:1c:28:04:30:1b:7d:
5f:72:49:c8:19:f6:a5:cb:ce:02:9b:aa:6e:c9:7c:c6:85:75:
7a:7d:43:5c:ac:34:34:8a:e1:9d:b7:4c:2f:9f:9c:d0:ed:94:
29:c4:26:42:4e:8e:82:f6:c1:b3:df:3f:08:48:d7:f2:48:45:
83:74:7b:8a:e1:b1:44:51:c5:06:95:ec:74:e2:50:64:66:fd:
a5:9a:54:2b:bf:16:96:9f:ab:38:c2:49:de:07:a8:90:22:4a:
0f:dc:03:2d:c6:e6:4b:f6:5a:bf:5b:9c:fb:6b:8c:be:22:eb:
a1:d7:6d:75:45:a5:3e:ee:df:03:66:a5:b5:4f:8e:ae:50:1e:
f7:73:01:47:85:99:18:19:7d:05:53:1d:fa:d7:86:e5:ab:23:
62:f7:73:8b
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYXy03V9kKq/v+knblluWpfkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwMTI3MTA0MzQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjRmZGQxMmUyYzUzZmM0NWVkMGI3NjQwOGY1YjE4YmNhMDk2ZGVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAokg9aqIzNJmDqpi3z6VsS5Cm6YHD
4Gk2F6H3UNZcgAifFinIVBV325TotuiWmbtTIkC2Hro9GEMW4Ei+yZk1Hl1Izx2G
UwCgKvrB3/P94ioWShAlbvbqKTxtE9S0Nb2zYBK/bG0Uk/CKuz5I4TYBNUVDCrev
Fa0CDdoNXtjJHZOcK9gfn4DqsSE2gzCf285Sqrr7LzJf+88eYAgSxNHIW74A9XlU
6RKGAOGQ28jrtzWuY/1Uxu+bFstkX9dYeO/8aNk+1aVGV6DkcqCBW5LZSoP2oGP1
3pJSkW5A61dQd3Yag6Zvha1n3yAuKCE39wZLN1599kCUf4sYzQFLAFEFQQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFA9P3RLixT/EXtC3ZAj1sYvKCW3uMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvRDBfZEV1TEZQOFJlMExka0NQV3hpOG9KYmU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCAjgAAwQC
BbYcAwQCBfyoAwQAW8lrAwQAXHZsAwQBuf9iAwQAw5V/MA0GCSqGSIb3DQEBCwUA
A4IBAQChRy2fxz8EfTb3tjK1VaF/BDcIKaCKeOdTJMZ6y2zmKoMBvdNZIfQ43Mz/
zBtgaRe5F3QaY7lxidPT8+/jtvOHLAnLDWqsAjK6Zo018VJuoEEpA0IqEnVjeAGO
6DlC7zSrX89mUI8cKAQwG31fcknIGfaly84Cm6puyXzGhXV6fUNcrDQ0iuGdt0wv
n5zQ7ZQpxCZCTo6C9sGz3z8ISNfySEWDdHuK4bFEUcUGlex04lBkZv2lmlQrvxaW
n6s4wkneB6iQIkoP3AMtxuZL9lq/W5z7a4y+Iuuh1211RaU+7t8DZqW1T46uUB73
cwFHhZkYGX0FUx3614blqyNi93OL
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org