Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/aLmQam6zQhjYqx2JKbLHPohIUvY.roa
File: aLmQam6zQhjYqx2JKbLHPohIUvY.roa (raw, json)
Hash identifier: 5xzOujNeByImtn9I6GwG3PvjabJCXBpacWf55R4qbNo=
Subject key identifier: 68:B9:90:6A:6E:B3:42:18:D8:AB:1D:89:29:B2:C7:3E:88:48:52:F6
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 018CD587FD275F8D119EF34895C9315766E7
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/aLmQam6zQhjYqx2JKbLHPohIUvY.roa
Signing time: Thu 04 Jan 2024 17:31:48 +0000
ROA not before: Thu 04 Jan 2024 17:31:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 42694
IP address blocks: 193.163.74.0/24 maxlen: 24
193.221.211.0/24 maxlen: 24
185.15.136.0/24 maxlen: 24
193.163.101.0/24 maxlen: 24
2a13:5800::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:d5:87:fd:27:5f:8d:11:9e:f3:48:95:c9:31:57:66:e7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Jan 4 17:31:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=68b9906a6eb34218d8ab1d8929b2c73e884852f6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:24:54:79:1a:39:a7:48:98:e0:d0:c9:40:63:
bb:93:4b:ae:ce:c3:a6:64:63:18:7b:52:aa:e5:46:
08:bc:3f:70:30:4a:18:f4:96:e4:e1:14:1d:20:f0:
1a:b1:c3:56:83:86:1d:8a:97:51:d0:89:5b:d8:28:
ab:05:97:2e:ee:9c:e4:2d:c6:b4:f8:25:69:76:1f:
1e:74:4d:96:0a:4d:8a:36:f0:45:fa:54:4d:18:28:
69:cb:f8:31:d2:3f:4d:ee:32:71:98:ed:67:74:91:
04:f3:cb:9a:38:93:d4:20:db:16:5d:b4:74:cf:99:
1e:10:fd:80:e1:c8:05:1a:3e:03:0c:9e:36:3b:11:
22:cb:2b:3d:7d:aa:56:6e:f0:11:5b:27:fd:c4:ef:
cf:2a:11:0a:7c:40:64:2d:95:06:2a:a7:1c:cd:ae:
42:70:8a:2f:84:fb:d7:04:b7:74:7a:91:d1:36:fb:
db:03:be:b6:cd:0e:57:67:e3:68:e2:79:17:a1:d0:
5e:47:73:2b:af:94:18:9e:56:8d:86:cb:ad:00:86:
1a:58:37:57:f4:fa:fc:50:2a:d9:df:4c:ef:16:a7:
96:68:48:ac:4e:62:68:ee:84:98:4f:49:c9:d3:99:
0f:e2:dd:0e:bc:5c:26:9b:d7:9a:de:6b:78:c0:41:
b7:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:B9:90:6A:6E:B3:42:18:D8:AB:1D:89:29:B2:C7:3E:88:48:52:F6
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/aLmQam6zQhjYqx2JKbLHPohIUvY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.15.136.0/24
193.163.74.0/24
193.163.101.0/24
193.221.211.0/24
IPv6:
2a13:5800::/29
Signature Algorithm: sha256WithRSAEncryption
37:4a:23:97:f4:d2:11:eb:6b:9e:a1:91:b2:fa:8b:d2:17:ae:
90:1c:5a:fb:e6:59:41:d8:ba:8e:e5:12:1f:fc:ad:88:46:79:
6e:9d:a9:c6:51:dc:eb:e5:c7:5d:12:93:25:1f:15:2f:e3:1c:
f6:5f:09:08:ed:05:cc:28:8e:b3:4f:39:ce:c1:3b:ec:0c:a8:
aa:48:87:73:81:e3:51:e3:11:7d:52:08:7d:14:ff:e7:62:5c:
24:b0:40:8e:63:c5:39:cd:96:b8:19:bd:e0:38:4e:df:7e:7f:
16:e1:76:c7:d3:3e:ca:6c:e2:12:d5:8d:91:d1:00:98:1e:11:
5f:ed:4e:02:69:6f:3b:5e:53:7a:6e:9f:87:c0:94:d9:ca:ac:
21:80:2a:00:05:dc:4a:8e:66:11:cc:87:c1:6a:8f:98:fa:b6:
0a:49:b6:4e:09:3a:04:81:91:e0:b4:61:54:5e:27:3e:85:9d:
dd:33:52:09:3a:5a:b2:33:7b:d0:06:e5:2d:0f:a0:f5:30:64:
55:2a:57:2c:10:3c:c8:e5:1b:4a:5c:10:3c:c5:4d:fd:b4:0c:
3f:0e:65:48:9e:1e:dc:c2:ff:f5:d7:51:2c:0d:54:5c:a6:da:
b8:4d:5b:a8:17:02:1b:49:5e:00:66:e9:59:bb:a4:38:47:f4:
b3:8d:ce:b6
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYzVh/0nX40RnvNIlckxV2bnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTA0MTczMTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2OGI5OTA2YTZlYjM0MjE4ZDhhYjFkODkyOWIyYzczZTg4NDg1MmY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1CRUeRo5p0iY4NDJQGO7k0uuzsOm
ZGMYe1Kq5UYIvD9wMEoY9Jbk4RQdIPAascNWg4YdipdR0Ilb2CirBZcu7pzkLca0
+CVpdh8edE2WCk2KNvBF+lRNGChpy/gx0j9N7jJxmO1ndJEE88uaOJPUINsWXbR0
z5keEP2A4cgFGj4DDJ42OxEiyys9fapWbvARWyf9xO/PKhEKfEBkLZUGKqccza5C
cIovhPvXBLd0epHRNvvbA762zQ5XZ+No4nkXodBeR3Mrr5QYnlaNhsutAIYaWDdX
9Pr8UCrZ30zvFqeWaEisTmJo7oSYT0nJ05kP4t0OvFwmm9ea3mt4wEG3WQIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFGi5kGpus0IY2KsdiSmyxz6ISFL2MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvYUxtUWFtNnpRaGpZcXgySktiTEhQb2hJVXZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQAuQ+IAwQA
waNKAwQAwaNlAwQAwd3TMA0EAgACMAcDBQMqE1gAMA0GCSqGSIb3DQEBCwUAA4IB
AQA3SiOX9NIR62ueoZGy+ovSF66QHFr75llB2LqO5RIf/K2IRnlunanGUdzr5cdd
EpMlHxUv4xz2XwkI7QXMKI6zTznOwTvsDKiqSIdzgeNR4xF9Ugh9FP/nYlwksECO
Y8U5zZa4Gb3gOE7ffn8W4XbH0z7KbOIS1Y2R0QCYHhFf7U4CaW87XlN6bp+HwJTZ
yqwhgCoABdxKjmYRzIfBao+Y+rYKSbZOCToEgZHgtGFUXic+hZ3dM1IJOlqyM3vQ
BuUtD6D1MGRVKlcsEDzI5RtKXBA8xU39tAw/DmVInh7cwv/111EsDVRcptq4TVuo
FwIbSV4AZulZu6Q4R/Szjc62
-----END CERTIFICATE-----
Generated at Tue Apr 2 17:38:54 2024 by rpki-client on console-ams.rpki-client.org