Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/yF3MwQLYqOncaZL4ZFaGfL9xY4g.roa
File: yF3MwQLYqOncaZL4ZFaGfL9xY4g.roa (raw, json)
Hash identifier: QDUgi5YI7HmKiGtRo/GFLWzYJkiJuf9NVuHH7tD7mes=
Subject key identifier: C8:5D:CC:C1:02:D8:A8:E9:DC:69:92:F8:64:56:86:7C:BF:71:63:88
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 018CC2DB3C5661652C2883DE97197C895851
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/yF3MwQLYqOncaZL4ZFaGfL9xY4g.roa
Signing time: Mon 01 Jan 2024 02:29:56 +0000
ROA not before: Mon 01 Jan 2024 02:29:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209945
IP address blocks: 5.182.28.0/22 maxlen: 22
185.255.98.0/23 maxlen: 23
2.56.0.0/22 maxlen: 22
195.149.127.0/24 maxlen: 24
5.252.168.0/22 maxlen: 22
92.118.108.0/24 maxlen: 24
91.201.107.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:db:3c:56:61:65:2c:28:83:de:97:19:7c:89:58:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Jan 1 02:29:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c85dccc102d8a8e9dc6992f86456867cbf716388
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:fa:c5:50:11:9d:08:52:5d:81:3a:82:b0:c7:
21:64:b4:29:eb:c2:6e:ca:c8:b0:04:6c:a7:55:87:
ec:e1:9d:e9:d5:a0:e0:90:c1:59:bb:f9:e4:f4:9c:
c5:98:e2:23:a4:c3:2a:61:46:6c:dd:53:0c:ef:f7:
32:64:de:3a:18:ac:a7:46:fa:72:b3:ca:4d:20:e4:
8a:ec:0c:49:a9:f0:bd:f0:74:bc:48:9c:86:e4:bd:
12:aa:a7:5e:dd:bf:9d:9a:0d:29:ff:28:91:b8:65:
f5:99:dd:2b:5e:d1:59:65:62:de:55:4a:98:b3:e9:
ce:20:87:66:66:9f:04:19:1b:f1:6e:50:fe:27:98:
a5:c8:d9:2c:06:99:c1:f2:40:45:8e:fe:87:56:de:
a7:e6:f4:86:a4:c5:bb:6e:a9:ed:d7:e6:fb:9b:02:
df:28:2d:c9:30:2c:83:86:c9:57:ba:30:63:09:6a:
76:2d:ce:48:8f:de:d5:6b:41:a6:3d:6d:e7:1c:03:
7e:8e:25:fa:7a:7f:a5:0f:cf:8b:1e:08:e4:a4:d0:
3d:d4:2c:e9:6b:0c:d4:a8:c9:57:41:f5:5a:f8:c9:
18:c5:bc:25:35:76:09:62:2a:ab:50:31:79:e0:a2:
74:8f:32:4f:58:b8:f0:cb:13:25:47:0d:7d:db:4b:
86:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:5D:CC:C1:02:D8:A8:E9:DC:69:92:F8:64:56:86:7C:BF:71:63:88
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/yF3MwQLYqOncaZL4ZFaGfL9xY4g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.0.0/22
5.182.28.0/22
5.252.168.0/22
91.201.107.0/24
92.118.108.0/24
185.255.98.0/23
195.149.127.0/24
Signature Algorithm: sha256WithRSAEncryption
71:25:cc:f9:82:fc:03:e9:31:34:f4:fb:3f:8e:10:99:65:70:
4d:4b:23:1f:7e:94:d4:e5:2e:2f:4d:66:d2:c0:bc:61:ae:a4:
b4:e9:cc:36:96:4d:77:fd:90:3c:ef:45:ea:0b:a1:84:a1:f0:
e9:ec:60:6c:6e:35:85:44:2b:31:a2:20:f5:b7:bd:15:75:34:
f8:0c:d0:bb:dd:31:65:10:97:b2:ab:1a:f7:59:92:d0:c4:3b:
b6:e7:b9:1d:0f:0c:78:34:a9:bd:e8:00:34:60:69:be:29:77:
cf:f3:58:68:e5:63:f3:b6:00:42:b8:a1:ce:d2:1b:79:e5:0d:
15:b6:5a:50:b9:53:f7:43:bb:35:89:ce:2b:93:ef:36:4a:9b:
47:de:c9:9e:7a:29:60:58:ae:08:c3:bb:7c:5c:6d:49:fc:c4:
02:00:2b:e7:15:0d:ab:82:df:2e:5b:c2:c1:64:2b:9c:c0:b2:
d1:32:16:96:c0:e5:2f:57:ab:b9:00:34:4d:e9:5e:62:a0:14:
46:a5:eb:74:e4:a3:f9:a3:8a:6d:1b:1e:24:b9:08:ae:93:b3:
80:e5:04:f6:93:72:0d:c5:d2:6a:87:46:5d:94:83:cd:78:3c:
ca:ac:58:95:0f:0a:25:78:0e:04:75:06:14:01:ae:23:bc:57:
72:78:55:42
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYzC2zxWYWUsKIPelxl8iVhRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMTAxMDIyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODVkY2NjMTAyZDhhOGU5ZGM2OTkyZjg2NDU2ODY3Y2JmNzE2Mzg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkPrFUBGdCFJdgTqCsMchZLQp68Ju
ysiwBGynVYfs4Z3p1aDgkMFZu/nk9JzFmOIjpMMqYUZs3VMM7/cyZN46GKynRvpy
s8pNIOSK7AxJqfC98HS8SJyG5L0Sqqde3b+dmg0p/yiRuGX1md0rXtFZZWLeVUqY
s+nOIIdmZp8EGRvxblD+J5ilyNksBpnB8kBFjv6HVt6n5vSGpMW7bqnt1+b7mwLf
KC3JMCyDhslXujBjCWp2Lc5Ij97Va0GmPW3nHAN+jiX6en+lD8+LHgjkpNA91Czp
awzUqMlXQfVa+MkYxbwlNXYJYiqrUDF54KJ0jzJPWLjwyxMlRw1920uGywIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFMhdzMEC2Kjp3GmS+GRWhny/cWOIMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEveUYzTXdRTFlxT25jYVpMNFpGYUdmTDl4WTRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCAjgAAwQC
BbYcAwQCBfyoAwQAW8lrAwQAXHZsAwQBuf9iAwQAw5V/MA0GCSqGSIb3DQEBCwUA
A4IBAQBxJcz5gvwD6TE09Ps/jhCZZXBNSyMffpTU5S4vTWbSwLxhrqS06cw2lk13
/ZA870XqC6GEofDp7GBsbjWFRCsxoiD1t70VdTT4DNC73TFlEJeyqxr3WZLQxDu2
57kdDwx4NKm96AA0YGm+KXfP81ho5WPztgBCuKHO0ht55Q0VtlpQuVP3Q7s1ic4r
k+82SptH3smeeilgWK4Iw7t8XG1J/MQCACvnFQ2rgt8uW8LBZCucwLLRMhaWwOUv
V6u5ADRN6V5ioBRGpet05KP5o4ptGx4kuQiuk7OA5QT2k3INxdJqh0ZdlIPNeDzK
rFiVDwoleA4EdQYUAa4jvFdyeFVC
-----END CERTIFICATE-----
Generated at Mon Mar 18 17:06:38 2024 by rpki-client on console-ams.rpki-client.org