Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/lshRkPcBtjvZWMI0ioS34nSCV3o.roa
File: lshRkPcBtjvZWMI0ioS34nSCV3o.roa (raw, json)
Hash identifier: SY5XhIacDfz+4rvPxL1RZ5rbNSOdx4rpiyxxFwLIG1o=
Subject key identifier: 96:C8:51:90:F7:01:B6:3B:D9:58:C2:34:8A:84:B7:E2:74:82:57:7A
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 018C44F13E1DB6553453F3261665116BBD0C
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/lshRkPcBtjvZWMI0ioS34nSCV3o.roa
Signing time: Thu 07 Dec 2023 15:41:49 +0000
ROA not before: Thu 07 Dec 2023 15:41:49 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 42694
IP address blocks: 193.163.74.0/24 maxlen: 24
185.15.136.0/24 maxlen: 24
193.163.101.0/24 maxlen: 24
2a13:5800::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:44:f1:3e:1d:b6:55:34:53:f3:26:16:65:11:6b:bd:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Dec 7 15:41:49 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=96c85190f701b63bd958c2348a84b7e27482577a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:60:6a:3b:48:c2:d6:46:78:83:81:a8:79:85:
65:a0:37:ff:27:eb:19:2b:68:cc:b2:10:69:d8:9c:
08:fe:5b:61:a5:1b:cf:87:3e:dc:2c:a4:ed:87:dd:
c4:74:96:82:76:87:30:70:d9:e5:53:e6:c3:1d:5a:
91:e6:4c:08:47:22:84:d3:b2:e8:32:87:fa:79:f6:
7f:bb:f6:25:cc:35:11:27:4a:83:87:95:c0:07:a2:
05:e0:ba:e3:af:e0:0c:14:c9:dd:61:2f:3b:24:a0:
b3:4b:ea:16:17:62:ae:52:24:e0:01:d4:fd:ff:60:
a6:35:4f:37:3b:aa:1c:f7:b3:4b:73:ed:76:a9:50:
ae:e9:a2:16:47:52:1d:2f:ad:20:44:63:4b:db:cb:
8a:71:a8:30:66:cf:53:8c:87:91:47:7b:95:87:32:
fc:5d:e5:9d:10:74:ff:9a:f2:d0:5f:4f:e3:c0:31:
f5:7f:2e:65:98:90:a4:46:40:c0:c3:22:a5:83:26:
fc:78:74:ad:8f:89:79:60:26:43:a0:c8:ae:24:25:
22:dd:e0:64:f0:99:56:77:85:a2:6d:3b:ed:c6:e3:
64:1d:a5:54:22:0a:40:15:fe:4f:2a:ff:85:57:ad:
04:3a:c8:de:16:9e:75:ad:b4:e3:e7:b2:fa:a6:cb:
b5:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:C8:51:90:F7:01:B6:3B:D9:58:C2:34:8A:84:B7:E2:74:82:57:7A
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/lshRkPcBtjvZWMI0ioS34nSCV3o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.15.136.0/24
193.163.74.0/24
193.163.101.0/24
IPv6:
2a13:5800::/29
Signature Algorithm: sha256WithRSAEncryption
94:7a:04:2e:b8:7f:ca:c3:5d:a6:ef:7e:11:72:a2:a5:d5:94:
5c:5f:3c:c1:48:50:ba:08:9e:fc:08:4f:e8:15:5a:c4:a0:b8:
b3:10:9a:2f:8d:43:74:d8:32:4e:44:3d:39:a5:0f:5b:00:ae:
f3:a9:8d:11:a2:ef:70:b6:e7:42:55:7b:89:89:de:1a:46:d7:
c2:3b:69:4d:6e:79:c8:51:79:ee:4e:e9:4c:33:01:23:3f:6e:
8f:ce:bc:20:1d:44:c7:f3:6f:cc:55:ce:68:4a:28:b7:d2:cf:
4e:ec:1c:3b:9c:db:da:52:e6:88:b1:5e:86:10:a0:c4:b4:bd:
72:f6:00:59:28:76:08:1f:34:33:17:86:9b:b7:fe:ac:c0:18:
84:f8:28:7d:31:dd:24:1a:6f:fa:cb:9e:44:d7:98:6e:f5:7b:
0a:1e:3c:b5:2e:40:0c:fc:da:cc:96:68:e6:13:14:c8:6b:4b:
a4:1b:cf:56:57:ef:af:98:50:67:64:ef:e7:02:73:6d:39:1e:
fc:6b:05:b1:bc:81:d2:ac:0a:84:14:7a:68:69:73:bf:34:dc:
cd:03:e1:fc:30:7b:17:ba:78:07:3c:c9:c9:3a:3e:f4:07:c5:
cb:43:43:09:97:b8:8b:e1:c9:43:e5:c4:6e:58:67:23:70:bd:
f6:28:4f:90
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYxE8T4dtlU0U/MmFmURa70MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMxMjA3MTU0MTQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NmM4NTE5MGY3MDFiNjNiZDk1OGMyMzQ4YTg0YjdlMjc0ODI1NzdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvmBqO0jC1kZ4g4GoeYVloDf/J+sZ
K2jMshBp2JwI/lthpRvPhz7cLKTth93EdJaCdocwcNnlU+bDHVqR5kwIRyKE07Lo
Mof6efZ/u/YlzDURJ0qDh5XAB6IF4Lrjr+AMFMndYS87JKCzS+oWF2KuUiTgAdT9
/2CmNU83O6oc97NLc+12qVCu6aIWR1IdL60gRGNL28uKcagwZs9TjIeRR3uVhzL8
XeWdEHT/mvLQX0/jwDH1fy5lmJCkRkDAwyKlgyb8eHStj4l5YCZDoMiuJCUi3eBk
8JlWd4WibTvtxuNkHaVUIgpAFf5PKv+FV60EOsjeFp51rbTj57L6psu1vQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFJbIUZD3AbY72VjCNIqEt+J0gld6MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvbHNoUmtQY0J0anZaV01JMGlvUzM0blNDVjNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQAuQ+IAwQA
waNKAwQAwaNlMA0EAgACMAcDBQMqE1gAMA0GCSqGSIb3DQEBCwUAA4IBAQCUegQu
uH/Kw12m734RcqKl1ZRcXzzBSFC6CJ78CE/oFVrEoLizEJovjUN02DJORD05pQ9b
AK7zqY0Rou9wtudCVXuJid4aRtfCO2lNbnnIUXnuTulMMwEjP26PzrwgHUTH82/M
Vc5oSii30s9O7Bw7nNvaUuaIsV6GEKDEtL1y9gBZKHYIHzQzF4abt/6swBiE+Ch9
Md0kGm/6y55E15hu9XsKHjy1LkAM/NrMlmjmExTIa0ukG89WV++vmFBnZO/nAnNt
OR78awWxvIHSrAqEFHpoaXO/NNzNA+H8MHsXungHPMnJOj70B8XLQ0MJl7iL4clD
5cRuWGcjcL32KE+Q
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:42 2024 by rpki-client on console-fra.rpki-client.org