Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/W337scRN857BY6FsCxiEzDJO_bE.roa
File: W337scRN857BY6FsCxiEzDJO_bE.roa (raw, json)
Hash identifier: /4MN2DRtz1YVyDBBuLcvKDnoSF8ugwSh3aUivmsm5Yg=
Subject key identifier: 5B:7D:FB:B1:C4:4D:F3:9E:C1:63:A1:6C:0B:18:84:CC:32:4E:FD:B1
Certificate issuer: /CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Certificate serial: 018B94937F1F41E636B2FBBD09CF3C53F5F9
Authority key identifier: 00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/W337scRN857BY6FsCxiEzDJO_bE.roa
Signing time: Fri 03 Nov 2023 09:46:16 +0000
ROA not before: Fri 03 Nov 2023 09:46:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.81.180.0/23 maxlen: 23
93.114.61.0/24 maxlen: 24
93.114.62.0/24 maxlen: 24
89.46.10.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:94:93:7f:1f:41:e6:36:b2:fb:bd:09:cf:3c:53:f5:f9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=00aff6b4effe7c363ef200f6f3e5888b915ba681
Validity
Not Before: Nov 3 09:46:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5b7dfbb1c44df39ec163a16c0b1884cc324efdb1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:5b:2d:b9:36:5a:dc:c5:57:05:9d:17:e2:5c:
a6:55:2b:18:7e:14:8b:71:37:8b:4c:5c:4b:28:da:
26:49:2f:b0:c9:67:a9:07:1f:3a:bb:ab:74:c0:d3:
ae:30:2a:ce:2a:f3:6a:99:00:d1:11:35:eb:41:70:
dd:72:a7:fa:72:ed:c6:33:13:d9:7b:e9:7a:24:f1:
ef:b4:d5:1b:51:28:24:fd:24:07:e8:8d:c1:b4:f2:
1e:4c:98:e1:1b:8b:61:55:6c:56:0e:38:ad:c9:af:
7a:64:f9:ea:0e:77:13:ba:70:2b:b0:fc:0a:6f:0b:
93:31:08:9f:d8:93:cc:1d:60:19:15:c0:c4:61:46:
0b:f5:81:cb:67:fb:f1:22:ed:c5:73:8d:d2:fe:28:
1d:73:8f:7b:ca:87:29:4f:0a:c6:a2:fa:3b:23:e5:
ab:eb:d3:76:2d:19:51:1d:22:6d:40:00:b0:49:c5:
43:82:46:0d:0f:bf:59:74:be:7e:99:40:b5:a2:41:
9b:90:f2:bc:ac:1f:76:1b:9b:8f:b8:fa:d0:38:22:
40:83:56:bd:8a:3e:54:26:2d:f3:e0:69:13:f9:fa:
08:7d:c7:0d:67:04:81:f0:35:34:f7:42:8c:d9:fc:
2b:d7:f1:69:71:50:a3:0c:53:17:a0:b2:c3:13:9f:
0e:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:7D:FB:B1:C4:4D:F3:9E:C1:63:A1:6C:0B:18:84:CC:32:4E:FD:B1
X509v3 Authority Key Identifier:
keyid:00:AF:F6:B4:EF:FE:7C:36:3E:F2:00:F6:F3:E5:88:8B:91:5B:A6:81
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AK_2tO_-fDY-8gD28-WIi5FbpoE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/W337scRN857BY6FsCxiEzDJO_bE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/34/098d13-6d6d-4294-9753-a8773de768f7/1/AK_2tO_-fDY-8gD28-WIi5FbpoE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.10.0/24
93.114.61.0-93.114.62.255
185.81.180.0/23
Signature Algorithm: sha256WithRSAEncryption
3b:2e:a9:da:11:74:dd:6f:57:f7:74:d2:75:28:c2:2d:d1:2c:
16:47:6c:fb:1e:51:ac:bb:ff:8e:34:b3:ad:bf:00:65:8a:e7:
7e:82:09:49:8e:bc:94:61:53:2c:ba:11:9a:0b:ff:dd:22:29:
60:8b:4b:88:91:58:f1:ce:c4:a7:a3:a8:4b:63:2a:ca:71:48:
70:56:cf:5d:30:67:89:2c:bb:48:5d:e8:85:61:9a:32:62:9f:
94:a9:f9:37:c3:45:28:a1:76:f8:94:05:fd:25:b2:d3:78:e5:
30:2f:09:8c:55:3e:15:5b:b6:c5:67:a1:e1:7d:99:55:f4:ff:
51:37:70:31:23:43:b8:0a:8e:e7:69:4e:3b:ad:9b:29:1e:4f:
1b:98:d2:61:01:cd:93:b6:e9:72:df:44:dc:fb:0c:5a:cd:17:
24:ee:78:f7:9c:c7:dd:9a:eb:4e:31:82:16:a0:ef:1d:1c:82:
a3:0e:75:fb:84:b5:09:77:d3:e8:08:d1:37:e7:b5:a9:50:e3:
3e:46:af:d4:e4:12:eb:e6:d6:f9:89:4c:7a:3f:bb:f5:55:78:
b6:86:5b:d6:6a:d6:e9:0b:fe:e7:b0:69:6d:98:1e:84:26:30:
28:87:96:e4:7d:3f:69:e0:cf:65:25:e4:88:dd:f4:7a:d5:6e:
4a:b9:a8:53
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgISAYuUk38fQeY2svu9Cc88U/X5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwYWZmNmI0ZWZmZTdjMzYzZWYyMDBmNmYzZTU4ODhiOTE1
YmE2ODEwHhcNMjMxMTAzMDk0NjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjdkZmJiMWM0NGRmMzllYzE2M2ExNmMwYjE4ODRjYzMyNGVmZGIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiVstuTZa3MVXBZ0X4lymVSsYfhSL
cTeLTFxLKNomSS+wyWepBx86u6t0wNOuMCrOKvNqmQDRETXrQXDdcqf6cu3GMxPZ
e+l6JPHvtNUbUSgk/SQH6I3BtPIeTJjhG4thVWxWDjitya96ZPnqDncTunArsPwK
bwuTMQif2JPMHWAZFcDEYUYL9YHLZ/vxIu3Fc43S/igdc497yocpTwrGovo7I+Wr
69N2LRlRHSJtQACwScVDgkYND79ZdL5+mUC1okGbkPK8rB92G5uPuPrQOCJAg1a9
ij5UJi3z4GkT+foIfccNZwSB8DU090KM2fwr1/FpcVCjDFMXoLLDE58OgQIDAQAB
o4ICHTCCAhkwHQYDVR0OBBYEFFt9+7HETfOewWOhbAsYhMwyTv2xMB8GA1UdIwQY
MBaAFACv9rTv/nw2PvIA9vPliIuRW6aBMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMt
YTg3NzNkZTc2OGY3LzEvVzMzN3NjUk44NTdCWTZGc0N4aUV6REpPX2JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNC8wOThkMTMtNmQ2ZC00Mjk0LTk3NTMtYTg3NzNkZTc2OGY3
LzEvQUtfMnRPXy1mRFktOGdEMjgtV0lpNUZicG9FLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDMGCCsGAQUFBwEHAQH/BCQwIjAgBAIAATAaAwQAWS4KMAwD
BABdcj0DBABdcj4DBAG5UbQwDQYJKoZIhvcNAQELBQADggEBADsuqdoRdN1vV/d0
0nUowi3RLBZHbPseUay7/440s62/AGWK536CCUmOvJRhUyy6EZoL/90iKWCLS4iR
WPHOxKejqEtjKspxSHBWz10wZ4ksu0hd6IVhmjJin5Sp+TfDRSihdviUBf0lstN4
5TAvCYxVPhVbtsVnoeF9mVX0/1E3cDEjQ7gKjudpTjutmykeTxuY0mEBzZO26XLf
RNz7DFrNFyTuePecx92a604xghag7x0cgqMOdfuEtQl30+gI0TfntalQ4z5Gr9Tk
Euvm1vmJTHo/u/VVeLaGW9Zq1ukL/uewaW2YHoQmMCiHluR9P2ngz2Ul5Ijd9HrV
bkq5qFM=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:18:16 2025 by rpki-client