Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/G2IEOqlgIhLSOT9avBemMaoEhHU.roa
File: G2IEOqlgIhLSOT9avBemMaoEhHU.roa (raw, json)
Hash identifier: 8bU9MpjVDwo5B+ryn/ZiTxNEQgTWHtCX6IUz1kJrM4A=
Subject key identifier: 1B:62:04:3A:A9:60:22:12:D2:39:3F:5A:BC:17:A6:31:AA:04:84:75
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 018969A19FB44CB1AF8CBF183F8ED681BD7F
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/G2IEOqlgIhLSOT9avBemMaoEhHU.roa
Signing time: Tue 18 Jul 2023 15:32:27 +0000
ROA not before: Tue 18 Jul 2023 15:32:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206005
IP address blocks: 185.15.137.0/24 maxlen: 24
89.40.35.0/24 maxlen: 24
185.243.140.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:69:a1:9f:b4:4c:b1:af:8c:bf:18:3f:8e:d6:81:bd:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Jul 18 15:32:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1b62043aa9602212d2393f5abc17a631aa048475
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:45:d2:35:ed:b3:e3:4e:9e:ad:a9:13:22:62:
16:f1:38:61:d7:e2:a7:96:03:a8:47:7c:eb:ea:ba:
55:3f:9a:00:ba:f9:30:42:23:19:82:b3:12:9d:a8:
09:0c:b6:bc:0c:30:9d:9c:f9:aa:a8:d2:59:e7:88:
e6:37:62:00:b1:e7:a5:b1:e7:16:ec:de:64:7b:0b:
0f:bc:c4:14:e5:be:7e:c9:8f:ed:2f:ca:aa:49:02:
e0:d1:8a:c3:1f:fd:58:42:e2:5a:14:60:85:6b:17:
25:99:1b:a0:e1:57:b0:4b:30:0f:69:59:f5:52:0e:
f5:db:67:11:c7:48:c0:4e:df:c1:79:8c:79:2d:b8:
3e:08:b8:9c:9c:f6:25:af:3e:e1:a4:98:90:55:35:
5c:e4:47:3c:b7:4e:2e:f2:7f:dc:d7:3e:3d:7a:d6:
4f:b3:8b:bc:2e:2d:b3:67:29:03:36:3e:53:b6:90:
f2:5d:25:1e:1a:bc:6f:11:6a:fa:62:57:29:5b:54:
7f:88:f8:2d:bc:5a:fe:d5:cf:f8:33:46:7f:eb:d6:
af:01:3b:5e:ba:d7:99:10:de:fe:65:29:28:2c:21:
9f:1d:43:27:97:71:21:4c:25:f5:26:59:80:09:45:
49:e9:ee:68:4b:f6:86:ca:65:e4:16:a2:33:08:8f:
e3:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:62:04:3A:A9:60:22:12:D2:39:3F:5A:BC:17:A6:31:AA:04:84:75
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/G2IEOqlgIhLSOT9avBemMaoEhHU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.40.35.0/24
185.15.137.0/24
185.243.140.0/22
Signature Algorithm: sha256WithRSAEncryption
94:54:64:a3:b7:03:16:8c:24:e7:44:40:b2:73:7a:a9:51:f4:
05:29:24:22:da:f8:f0:61:fa:08:7e:f9:71:dd:e0:74:de:ee:
77:18:3a:62:d7:47:fd:4a:71:37:fb:ed:b8:27:c0:21:8e:cb:
c3:00:fe:c8:73:cb:96:8a:b1:7b:3a:29:be:43:41:17:1a:85:
df:9e:71:95:fe:c3:c5:95:b3:87:53:66:96:b0:e7:00:07:11:
d9:c2:28:fe:dc:ab:dc:b2:34:10:25:74:db:ec:fb:b1:6b:73:
33:9b:24:13:f2:5f:23:0d:f2:71:e4:f1:37:81:d2:7b:b5:f6:
32:69:71:77:81:19:3a:ae:05:f7:16:36:db:31:14:e2:68:a2:
7a:bd:90:d2:10:b0:b0:17:e0:8d:41:cf:c3:b6:e0:35:6a:e2:
33:44:19:dc:57:b5:69:d7:86:26:f4:a7:ef:45:a4:8d:87:cd:
09:3e:a6:8d:fb:bd:9d:59:a9:46:be:3c:dc:25:7a:0d:3a:61:
64:8d:9a:94:2e:7f:bf:76:63:07:73:a9:7b:54:2f:d8:69:68:
ab:b4:87:c2:5b:99:cf:93:f7:fb:1c:79:fb:04:1f:65:53:a0:
1e:b6:5e:0b:78:e1:70:5b:5b:9c:19:81:ac:11:4f:39:dc:be:
55:51:b3:72
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYlpoZ+0TLGvjL8YP47Wgb1/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwNzE4MTUzMjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYjYyMDQzYWE5NjAyMjEyZDIzOTNmNWFiYzE3YTYzMWFhMDQ4NDc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoUXSNe2z406erakTImIW8Thh1+Kn
lgOoR3zr6rpVP5oAuvkwQiMZgrMSnagJDLa8DDCdnPmqqNJZ54jmN2IAseelsecW
7N5kewsPvMQU5b5+yY/tL8qqSQLg0YrDH/1YQuJaFGCFaxclmRug4VewSzAPaVn1
Ug7122cRx0jATt/BeYx5Lbg+CLicnPYlrz7hpJiQVTVc5Ec8t04u8n/c1z49etZP
s4u8Li2zZykDNj5TtpDyXSUeGrxvEWr6YlcpW1R/iPgtvFr+1c/4M0Z/69avATte
uteZEN7+ZSkoLCGfHUMnl3EhTCX1JlmACUVJ6e5oS/aGymXkFqIzCI/j+wIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFBtiBDqpYCIS0jk/WrwXpjGqBIR1MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvRzJJRU9xbGdJaExTT1Q5YXZCZW1NYW9FaEhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAWSgjAwQA
uQ+JAwQCufOMMA0GCSqGSIb3DQEBCwUAA4IBAQCUVGSjtwMWjCTnRECyc3qpUfQF
KSQi2vjwYfoIfvlx3eB03u53GDpi10f9SnE3++24J8AhjsvDAP7Ic8uWirF7Oim+
Q0EXGoXfnnGV/sPFlbOHU2aWsOcABxHZwij+3KvcsjQQJXTb7Puxa3MzmyQT8l8j
DfJx5PE3gdJ7tfYyaXF3gRk6rgX3FjbbMRTiaKJ6vZDSELCwF+CNQc/DtuA1auIz
RBncV7Vp14Ym9KfvRaSNh80JPqaN+72dWalGvjzcJXoNOmFkjZqULn+/dmMHc6l7
VC/YaWirtIfCW5nPk/f7HHn7BB9lU6Aetl4LeOFwW1ucGYGsEU853L5VUbNy
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:26 2024 by rpki-client on console-ams.rpki-client.org