Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/yAiSs0GuqkphMe3LoyjMteLMUAA.roa
File: yAiSs0GuqkphMe3LoyjMteLMUAA.roa (raw, json)
Hash identifier: 7bgW9kGUqNUWrNbmx+Ywk0xTOXMWzu+ybDeXg1WOHY4=
Subject key identifier: C8:08:92:B3:41:AE:AA:4A:61:31:ED:CB:A3:28:CC:B5:E2:CC:50:00
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 0183F47B1B3E010609C18D037585F6FBD8CE
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/yAiSs0GuqkphMe3LoyjMteLMUAA.roa
Signing time: Thu 20 Oct 2022 08:20:52 +0000
ROA not before: Thu 20 Oct 2022 08:20:52 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 194.180.238.0/24 maxlen: 24
45.140.32.0/22 maxlen: 22
45.150.180.0/22 maxlen: 22
185.145.80.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:f4:7b:1b:3e:01:06:09:c1:8d:03:75:85:f6:fb:d8:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Oct 20 08:20:52 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c80892b341aeaa4a6131edcba328ccb5e2cc5000
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:51:d7:0a:98:32:f4:69:36:27:ea:29:58:4e:
70:68:49:e1:b6:9b:7e:9b:ca:e1:c5:fb:7a:82:56:
db:96:87:56:44:3b:6c:82:20:f7:ba:54:96:98:59:
46:dd:d2:e3:f1:96:bc:ed:0f:87:e1:da:1f:65:c8:
c2:df:f7:3a:ae:e7:c1:48:75:42:65:2e:d2:99:c0:
2b:c5:85:5a:6d:52:8e:11:b6:b9:27:09:a6:7c:db:
dc:3d:c4:35:5c:a0:2e:a7:57:22:ee:e0:07:b1:a4:
f6:90:04:15:1d:0e:5b:69:cd:5c:61:12:79:af:a4:
06:b2:47:12:b0:17:52:7d:1c:46:2f:5e:82:95:4e:
f2:92:35:4b:42:c8:3d:33:ad:35:03:65:d4:cf:1d:
f4:2e:5e:0a:90:f6:0a:42:c4:46:13:34:ab:10:94:
11:c7:0f:01:35:1a:d8:ac:a8:f1:9d:b5:00:5a:5a:
8b:cb:11:96:e4:4b:a6:2a:a3:96:b8:26:b1:ac:b8:
d2:e6:8d:6d:9b:11:68:ab:54:34:a2:4c:29:e6:50:
b6:0a:ae:08:63:7b:f1:a6:82:c4:99:da:ba:da:87:
ac:a0:0c:6c:e5:9a:26:85:15:49:26:6a:4d:38:58:
de:4c:c3:dc:25:ec:7a:43:b8:72:8f:1c:72:7c:f2:
a0:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:08:92:B3:41:AE:AA:4A:61:31:ED:CB:A3:28:CC:B5:E2:CC:50:00
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/yAiSs0GuqkphMe3LoyjMteLMUAA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.140.32.0/22
45.150.180.0/22
185.145.80.0/22
194.180.238.0/24
Signature Algorithm: sha256WithRSAEncryption
1c:09:09:9b:3b:40:ab:7a:4b:54:ca:c6:c5:71:1c:d2:6f:c5:
1e:a7:59:f2:55:db:42:56:65:3c:b1:2b:44:65:48:a0:71:07:
26:3a:63:7f:42:80:d8:b2:ce:cb:6e:1b:64:39:5d:e5:9b:ab:
db:68:ac:c0:9f:4e:4f:73:ec:57:c8:3e:48:db:44:d2:9a:fe:
5d:cc:43:f5:7b:8c:3c:60:33:a3:ef:77:41:b4:0d:d2:ff:73:
5b:33:a9:63:67:51:ac:82:bf:a5:af:44:e8:d8:f8:0a:41:82:
97:6f:f7:48:f4:ff:0a:cd:b5:d2:3b:77:1d:9a:ef:2a:dd:6c:
d5:73:c1:bc:69:3f:7f:d1:06:bf:06:0d:4f:c9:e4:2f:3b:4e:
7a:94:6e:4b:3d:80:5a:ba:96:f1:3b:de:13:5e:34:6f:3f:43:
8f:b7:ff:b4:c7:60:dc:48:0b:b1:66:03:d0:2c:f4:be:4f:0f:
97:7d:e8:8b:47:f0:24:8e:21:56:14:1d:24:57:61:b5:e6:94:
3f:57:1d:75:0e:d6:6c:af:9a:22:b2:26:89:6f:99:4e:b5:7d:
06:70:36:bc:63:c4:54:7b:7b:1c:3f:1e:79:63:02:4b:81:4d:
90:63:46:52:79:ba:d1:7e:f0:2e:ea:5d:d3:dc:74:69:e8:d0:
09:df:11:07
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYP0exs+AQYJwY0DdYX2+9jOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjIxMDIwMDgyMDUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODA4OTJiMzQxYWVhYTRhNjEzMWVkY2JhMzI4Y2NiNWUyY2M1MDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm1HXCpgy9Gk2J+opWE5waEnhtpt+
m8rhxft6glbblodWRDtsgiD3ulSWmFlG3dLj8Za87Q+H4dofZcjC3/c6rufBSHVC
ZS7SmcArxYVabVKOEba5JwmmfNvcPcQ1XKAup1ci7uAHsaT2kAQVHQ5bac1cYRJ5
r6QGskcSsBdSfRxGL16ClU7ykjVLQsg9M601A2XUzx30Ll4KkPYKQsRGEzSrEJQR
xw8BNRrYrKjxnbUAWlqLyxGW5EumKqOWuCaxrLjS5o1tmxFoq1Q0okwp5lC2Cq4I
Y3vxpoLEmdq62oesoAxs5ZomhRVJJmpNOFjeTMPcJex6Q7hyjxxyfPKgdwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFMgIkrNBrqpKYTHty6MozLXizFAAMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEveUFpU3MwR3Vxa3BoTWUzTG95ak10ZUxNVUFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCLYwgAwQC
LZa0AwQCuZFQAwQAwrTuMA0GCSqGSIb3DQEBCwUAA4IBAQAcCQmbO0CrektUysbF
cRzSb8Uep1nyVdtCVmU8sStEZUigcQcmOmN/QoDYss7LbhtkOV3lm6vbaKzAn05P
c+xXyD5I20TSmv5dzEP1e4w8YDOj73dBtA3S/3NbM6ljZ1Gsgr+lr0To2PgKQYKX
b/dI9P8KzbXSO3cdmu8q3WzVc8G8aT9/0Qa/Bg1PyeQvO056lG5LPYBaupbxO94T
XjRvP0OPt/+0x2DcSAuxZgPQLPS+Tw+XfeiLR/AkjiFWFB0kV2G15pQ/Vx11DtZs
r5oisiaJb5lOtX0GcDa8Y8RUe3scPx55YwJLgU2QY0ZSebrRfvAu6l3T3HRp6NAJ
3xEH
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:42 2024 by rpki-client on console-fra.rpki-client.org