Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/LbG6uFPq9Ql-lw-MVSfEdmcII8w.roa
File: LbG6uFPq9Ql-lw-MVSfEdmcII8w.roa (raw, json)
Hash identifier: 8j6kDTbVoiip8oPJ+PMeSQIBP46TUr0D7AmSL2h6tHo=
Subject key identifier: 2D:B1:BA:B8:53:EA:F5:09:7E:97:0F:8C:55:27:C4:76:67:08:23:CC
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 018C44EAD6E978517A381367949D69C9B053
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/LbG6uFPq9Ql-lw-MVSfEdmcII8w.roa
Signing time: Thu 07 Dec 2023 15:34:50 +0000
ROA not before: Thu 07 Dec 2023 15:34:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209945
IP address blocks: 5.182.28.0/22 maxlen: 22
185.255.98.0/23 maxlen: 23
2.56.0.0/22 maxlen: 22
195.149.127.0/24 maxlen: 24
5.252.168.0/22 maxlen: 22
92.118.108.0/24 maxlen: 24
91.201.107.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:44:ea:d6:e9:78:51:7a:38:13:67:94:9d:69:c9:b0:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Dec 7 15:34:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2db1bab853eaf5097e970f8c5527c476670823cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ce:f7:ec:65:bd:5d:da:16:4c:26:24:9a:70:4c:
74:92:ed:73:52:0e:c0:21:4d:83:e4:49:ad:00:89:
c8:31:19:ec:08:2b:5d:64:ae:d2:f7:45:e1:c1:23:
df:e7:15:b4:e0:41:0d:96:46:0f:4e:ec:78:1a:98:
8f:a5:a1:00:24:4a:71:71:3b:72:82:42:71:13:c6:
11:94:e0:b4:70:b4:13:7c:02:e9:f6:f5:8a:e8:85:
69:56:05:68:1b:c7:cb:84:5c:78:80:14:34:83:77:
b3:fc:0e:c7:b2:d0:98:43:04:4b:80:77:c0:85:8e:
fa:62:1b:38:ab:58:09:ea:54:79:e7:94:b3:39:6f:
1d:a5:cb:84:98:64:eb:e9:5c:16:b2:86:6c:a2:34:
ee:d4:b3:dd:1e:93:88:a4:34:68:a0:fe:d2:d7:de:
b6:a9:11:91:3b:3e:fe:5c:cc:1a:bc:83:a4:46:f5:
e4:a1:f4:c6:5f:32:45:c3:97:5a:31:24:1a:8a:05:
08:9b:6c:9b:d9:a4:38:da:40:27:20:1f:3e:81:c0:
ba:7b:3c:c0:49:9a:56:8b:ce:e2:ed:38:10:11:8e:
85:b6:54:39:53:2f:66:be:eb:eb:4f:11:97:b6:8c:
36:d5:ef:f2:b7:45:4f:60:ef:3e:13:64:a9:7a:f4:
1d:c7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2D:B1:BA:B8:53:EA:F5:09:7E:97:0F:8C:55:27:C4:76:67:08:23:CC
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/LbG6uFPq9Ql-lw-MVSfEdmcII8w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.0.0/22
5.182.28.0/22
5.252.168.0/22
91.201.107.0/24
92.118.108.0/24
185.255.98.0/23
195.149.127.0/24
Signature Algorithm: sha256WithRSAEncryption
1a:82:e0:76:c4:f6:4c:be:33:41:2c:97:28:b0:97:53:4c:ee:
ca:e2:c4:cd:5d:cc:3f:9d:b9:a3:e0:3e:cc:dc:73:7a:75:58:
3d:9d:1c:e0:cb:22:4a:fc:24:d0:22:bc:12:9d:5a:d5:f9:f4:
40:f8:2d:93:65:d6:dc:b1:4e:6d:38:3e:75:be:00:65:f2:a4:
22:86:55:f3:03:7c:1f:9c:ce:61:2a:d6:34:49:55:64:7d:13:
fb:db:b3:3d:2b:ff:bf:40:00:dc:7d:4d:98:11:37:0d:f9:d5:
cf:7e:8e:03:3a:4a:00:62:f9:22:ba:94:80:9b:cf:22:35:94:
05:5b:10:27:75:bb:0f:32:77:3d:67:6b:d0:0f:56:7e:84:53:
27:95:a9:5b:66:56:a3:34:3b:44:0e:b9:86:f6:c4:f5:b8:10:
28:28:4e:79:4c:8a:19:30:9f:f0:7e:62:44:48:23:01:b2:cf:
2f:3e:1a:01:a6:28:be:70:e2:54:51:cb:1e:7f:1f:6a:92:1b:
ce:28:eb:67:23:48:c2:e9:7e:ad:b5:1b:5c:31:a5:36:82:6f:
26:09:07:56:7d:ee:21:1c:6a:b3:b7:87:36:d1:02:5e:6f:ed:
ee:2f:dd:60:98:a4:4f:fa:85:cd:54:84:71:cf:3f:af:37:00:
a0:49:44:04
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYxE6tbpeFF6OBNnlJ1pybBTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMxMjA3MTUzNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyZGIxYmFiODUzZWFmNTA5N2U5NzBmOGM1NTI3YzQ3NjY3MDgyM2NjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzvfsZb1d2hZMJiSacEx0ku1zUg7A
IU2D5EmtAInIMRnsCCtdZK7S90XhwSPf5xW04EENlkYPTux4GpiPpaEAJEpxcTty
gkJxE8YRlOC0cLQTfALp9vWK6IVpVgVoG8fLhFx4gBQ0g3ez/A7HstCYQwRLgHfA
hY76Yhs4q1gJ6lR555SzOW8dpcuEmGTr6VwWsoZsojTu1LPdHpOIpDRooP7S1962
qRGROz7+XMwavIOkRvXkofTGXzJFw5daMSQaigUIm2yb2aQ42kAnIB8+gcC6ezzA
SZpWi87i7TgQEY6FtlQ5Uy9mvuvrTxGXtow21e/yt0VPYO8+E2SpevQdxwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFC2xurhT6vUJfpcPjFUnxHZnCCPMMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvTGJHNnVGUHE5UWwtbHctTVZTZkVkbWNJSTh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCAjgAAwQC
BbYcAwQCBfyoAwQAW8lrAwQAXHZsAwQBuf9iAwQAw5V/MA0GCSqGSIb3DQEBCwUA
A4IBAQAaguB2xPZMvjNBLJcosJdTTO7K4sTNXcw/nbmj4D7M3HN6dVg9nRzgyyJK
/CTQIrwSnVrV+fRA+C2TZdbcsU5tOD51vgBl8qQihlXzA3wfnM5hKtY0SVVkfRP7
27M9K/+/QADcfU2YETcN+dXPfo4DOkoAYvkiupSAm88iNZQFWxAndbsPMnc9Z2vQ
D1Z+hFMnlalbZlajNDtEDrmG9sT1uBAoKE55TIoZMJ/wfmJESCMBss8vPhoBpii+
cOJUUcsefx9qkhvOKOtnI0jC6X6ttRtcMaU2gm8mCQdWfe4hHGqzt4c20QJeb+3u
L91gmKRP+oXNVIRxzz+vNwCgSUQE
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:26 2024 by rpki-client on console-ams.rpki-client.org