Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/XLME4Hirc7lYo7dBMly2d9T0dm0.roa
File: XLME4Hirc7lYo7dBMly2d9T0dm0.roa (raw, json)
Hash identifier: XH/eCYOzdumkSpoCWNl5OYZDPkpk0qo/2xeN3CEuNA8=
Subject key identifier: 5C:B3:04:E0:78:AB:73:B9:58:A3:B7:41:32:5C:B6:77:D4:F4:76:6D
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 018CC2DB29528BB610EB372D73B9A240EE9D
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/XLME4Hirc7lYo7dBMly2d9T0dm0.roa
Signing time: Mon 01 Jan 2024 02:29:51 +0000
ROA not before: Mon 01 Jan 2024 02:29:51 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 42694
IP address blocks: 193.163.74.0/24 maxlen: 24
185.15.136.0/24 maxlen: 24
193.163.101.0/24 maxlen: 24
2a13:5800::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:db:29:52:8b:b6:10:eb:37:2d:73:b9:a2:40:ee:9d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Jan 1 02:29:51 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5cb304e078ab73b958a3b741325cb677d4f4766d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:fe:dc:ad:2e:9f:ce:b0:01:8a:9c:3f:8c:9e:
ae:11:45:2b:3f:86:3a:9e:b1:49:01:1b:4e:eb:6d:
27:d2:84:71:1c:54:5c:0d:82:d0:5a:ac:96:48:fc:
a0:45:d0:c7:65:b6:4d:76:c5:98:69:51:c5:4a:cc:
75:cc:b2:62:3a:c0:e6:5a:e0:40:77:bc:d1:92:62:
44:64:e4:1d:c8:78:7f:f5:fb:59:d9:00:ed:ed:71:
d7:71:95:18:3f:4a:03:e7:1a:91:2a:34:50:d4:6c:
e1:55:1d:e1:56:0b:e2:b5:03:99:56:01:8f:37:fc:
96:ce:4a:a5:74:f0:b9:b3:c7:5e:c1:0f:3a:ea:26:
94:7b:c0:48:dd:a3:78:c8:66:fa:fa:84:32:4f:f2:
dd:a8:9d:5d:bd:32:dd:57:c2:7a:3b:17:23:87:9a:
70:9c:c9:7e:f9:42:2c:d7:fb:05:e2:15:07:82:79:
f9:26:b2:08:ff:78:eb:6b:c6:2b:db:8d:fd:db:04:
91:b3:8c:98:d0:b3:7a:21:e8:28:43:f6:9c:d0:77:
31:0e:69:16:d2:00:1a:73:c8:19:52:49:df:3f:63:
90:41:ea:44:f6:22:2f:7e:53:c4:65:75:4e:6c:10:
2a:70:a9:01:7a:c9:50:96:3b:f6:28:ba:da:42:f5:
df:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:B3:04:E0:78:AB:73:B9:58:A3:B7:41:32:5C:B6:77:D4:F4:76:6D
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/XLME4Hirc7lYo7dBMly2d9T0dm0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.15.136.0/24
193.163.74.0/24
193.163.101.0/24
IPv6:
2a13:5800::/29
Signature Algorithm: sha256WithRSAEncryption
8b:98:2a:54:5b:02:b1:30:16:55:11:4a:d8:49:33:66:6b:67:
2a:46:36:3b:5e:e2:c8:ee:ef:4a:e0:21:7f:29:64:d6:de:ae:
d9:3b:c4:61:d1:ab:f3:59:9b:de:55:8b:9e:f8:b1:0c:45:28:
9c:a6:4d:1d:2d:1a:0a:a4:6e:33:b7:70:e0:f7:f1:30:c6:c8:
0d:ad:8f:80:8c:61:07:ed:83:92:da:e1:11:13:dd:73:54:f8:
64:c9:6d:bf:f2:e8:37:73:ff:6a:36:41:4a:7c:ce:f9:82:53:
4b:1f:79:12:d1:c0:d5:5d:49:f7:61:85:4f:a7:19:cb:6a:ca:
9c:02:1a:44:d5:30:76:4d:04:1e:2c:69:89:73:48:fc:ea:0c:
0f:e1:6c:a3:a3:7e:7e:39:27:bd:32:34:ad:3d:03:2b:c9:84:
57:b4:8c:2c:c4:e5:fa:ff:86:ce:38:d4:a9:a1:ee:8a:31:f8:
37:4c:d1:b8:eb:1f:e1:12:8b:44:d3:61:0e:65:11:c3:e8:25:
66:d9:b4:c2:5b:dd:33:5d:c5:29:be:9e:53:b2:19:ea:de:53:
dc:57:32:ba:4b:0d:8a:d9:57:01:02:61:3e:cb:20:27:dd:ad:
db:8f:e1:eb:e4:c3:6b:f6:5f:0a:a1:c3:ea:37:fa:f0:bc:be:
9d:c6:cd:68
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzC2ylSi7YQ6zctc7miQO6dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2IzMDRlMDc4YWI3M2I5NThhM2I3NDEzMjVjYjY3N2Q0ZjQ3NjZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnP7crS6fzrABipw/jJ6uEUUrP4Y6
nrFJARtO620n0oRxHFRcDYLQWqyWSPygRdDHZbZNdsWYaVHFSsx1zLJiOsDmWuBA
d7zRkmJEZOQdyHh/9ftZ2QDt7XHXcZUYP0oD5xqRKjRQ1GzhVR3hVgvitQOZVgGP
N/yWzkqldPC5s8dewQ866iaUe8BI3aN4yGb6+oQyT/LdqJ1dvTLdV8J6Oxcjh5pw
nMl++UIs1/sF4hUHgnn5JrII/3jra8Yr24392wSRs4yY0LN6IegoQ/ac0HcxDmkW
0gAac8gZUknfP2OQQepE9iIvflPEZXVObBAqcKkBeslQljv2KLraQvXfAwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFFyzBOB4q3O5WKO3QTJctnfU9HZtMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvWExNRTRIaXJjN2xZbzdkQk1seTJkOVQwZG0wLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAuQ+IAwQA
waNKAwQAwaNlMA0EAgACMAcDBQMqE1gAMA0GCSqGSIb3DQEBCwUAA4IBAQCLmCpU
WwKxMBZVEUrYSTNma2cqRjY7XuLI7u9K4CF/KWTW3q7ZO8Rh0avzWZveVYue+LEM
RSicpk0dLRoKpG4zt3Dg9/EwxsgNrY+AjGEH7YOS2uERE91zVPhkyW2/8ug3c/9q
NkFKfM75glNLH3kS0cDVXUn3YYVPpxnLasqcAhpE1TB2TQQeLGmJc0j86gwP4Wyj
o35+OSe9MjStPQMryYRXtIwsxOX6/4bOONSpoe6KMfg3TNG46x/hEotE02EOZRHD
6CVm2bTCW90zXcUpvp5Tshnq3lPcVzK6Sw2K2VcBAmE+yyAn3a3bj+Hr5MNr9l8K
ocPqN/rwvL6dxs1o
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:41 2024 by rpki-client on console-fra.rpki-client.org