Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/uvnoFI8XOwOEaNbK5kn0RmR-SYM.roa
File: uvnoFI8XOwOEaNbK5kn0RmR-SYM.roa (raw, json)
Hash identifier: IsxYmuTlcOKDVLmM/n2HdyT5d9humotkuxMyXlG0dkY=
Subject key identifier: BA:F9:E8:14:8F:17:3B:03:84:68:D6:CA:E6:49:F4:46:64:7E:49:83
Certificate issuer: /CN=a0e381b6e76cb9520e8d8f56776eca0fe176cc40
Certificate serial: 0B60CB05
Authority key identifier: A0:E3:81:B6:E7:6C:B9:52:0E:8D:8F:56:77:6E:CA:0F:E1:76:CC:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oOOBtudsuVIOjY9Wd27KD-F2zEA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/uvnoFI8XOwOEaNbK5kn0RmR-SYM.roa
Signing time: Sat 01 Jan 2022 13:58:32 +0000
ROA not before: Sat 01 Jan 2022 13:58:32 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 39650
IP address blocks: 185.161.36.0/22 maxlen: 24
185.229.31.0/24 maxlen: 24
185.229.28.0/24 maxlen: 24
185.229.29.0/24 maxlen: 24
185.229.30.0/24 maxlen: 24
185.164.75.0/24 maxlen: 24
185.164.72.0/22 maxlen: 24
185.164.74.0/24 maxlen: 24
185.110.245.0/24 maxlen: 24
185.110.246.0/24 maxlen: 24
185.110.244.0/24 maxlen: 24
88.135.40.0/21 maxlen: 24
2a0d:6600::/29 maxlen: 29
2a0a:d400::/29 maxlen: 29
2a06:5a40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 190892805 (0xb60cb05)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a0e381b6e76cb9520e8d8f56776eca0fe176cc40
Validity
Not Before: Jan 1 13:58:32 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=baf9e8148f173b038468d6cae649f446647e4983
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:6b:6c:f5:eb:bc:06:a8:79:3a:92:96:a8:3b:
7e:f2:a8:46:71:92:9f:03:1c:87:76:6e:6a:32:a6:
11:20:04:bf:38:d8:13:b7:fb:38:fe:10:2a:18:d0:
bb:12:77:c3:0c:0a:5e:75:72:21:aa:00:af:8a:23:
03:9c:91:ff:9f:20:75:0a:d9:0e:a1:e7:b4:7c:a4:
bb:a2:98:a1:1e:cf:d8:67:15:03:25:27:30:e7:e8:
48:7b:ea:3a:4b:f8:ee:6a:39:c9:c3:57:40:ab:85:
79:9a:ba:b4:50:94:21:1a:44:05:a9:a1:fb:79:15:
52:b2:c5:ed:8b:d0:84:5b:29:d6:e0:93:20:a6:9c:
b1:e3:1a:f0:c8:50:5a:57:04:7b:5c:90:8f:9c:72:
58:1e:91:5c:eb:c6:5a:3a:d2:04:d6:61:98:c4:56:
2b:ae:8d:02:3e:19:e0:a6:e5:2a:5f:2e:5f:e8:47:
9b:57:17:c9:0d:a3:4d:b7:dd:4d:00:f8:a1:17:88:
87:35:aa:f7:48:09:1c:86:e8:80:81:bd:ae:ee:2c:
1f:1a:86:cd:da:a9:64:1d:2a:b1:31:80:ca:07:77:
c1:8d:ef:d7:b5:d4:23:46:da:01:56:96:e5:51:d9:
bd:ea:4d:5d:95:34:99:25:11:ac:8c:7b:72:76:83:
03:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:F9:E8:14:8F:17:3B:03:84:68:D6:CA:E6:49:F4:46:64:7E:49:83
X509v3 Authority Key Identifier:
keyid:A0:E3:81:B6:E7:6C:B9:52:0E:8D:8F:56:77:6E:CA:0F:E1:76:CC:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oOOBtudsuVIOjY9Wd27KD-F2zEA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/uvnoFI8XOwOEaNbK5kn0RmR-SYM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/49/8e6f08-30f0-46dd-a7a1-a9c384128d42/1/oOOBtudsuVIOjY9Wd27KD-F2zEA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
88.135.40.0/21
185.110.244.0-185.110.246.255
185.161.36.0/22
185.164.72.0/22
185.229.28.0/22
IPv6:
2a06:5a40::/29
2a0a:d400::/29
2a0d:6600::/29
Signature Algorithm: sha256WithRSAEncryption
b6:78:a5:cb:70:20:08:39:d9:49:d4:38:94:cf:ba:b4:93:90:
79:4e:1b:53:6c:38:03:b0:5f:ca:3f:91:3d:7a:51:6f:36:7e:
0f:73:11:33:2a:26:99:ba:c5:87:2a:16:29:62:0f:34:be:82:
d3:6e:68:ea:25:c1:df:ae:69:f2:7b:2d:ec:32:a8:ab:a0:7f:
79:c8:3b:74:f4:84:0a:91:82:51:fc:68:ba:8f:6b:d2:3b:2b:
d5:55:e8:5e:dd:8e:af:53:17:ce:1c:6d:1d:90:fe:dd:1b:b2:
aa:ae:5a:de:00:8d:29:fb:ea:bf:42:81:ef:6b:8b:b9:26:1e:
87:b4:d8:22:de:9f:eb:d1:74:d3:a0:bb:a0:fc:54:98:da:b7:
80:ff:19:5a:c3:36:2e:3b:c9:3e:1a:5b:33:95:12:a6:a3:c2:
0e:d1:25:c3:3c:2a:52:57:e9:31:47:2f:9c:1c:1f:c3:c3:de:
fd:ca:55:35:eb:67:43:77:bc:ad:10:b6:13:43:8f:5b:68:30:
94:27:92:5e:8b:e3:c4:f2:60:50:58:42:3b:f6:59:2d:62:d6:
4a:8b:19:0c:69:cc:47:d4:ad:6e:d9:13:a4:92:b4:de:f4:39:
8d:d5:ae:c7:77:a3:96:d9:fc:62:50:d4:22:04:c0:06:79:45:
5f:c0:10:0a
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgIEC2DLBTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
MGUzODFiNmU3NmNiOTUyMGU4ZDhmNTY3NzZlY2EwZmUxNzZjYzQwMB4XDTIyMDEw
MTEzNTgzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmFmOWU4MTQ4ZjE3
M2IwMzg0NjhkNmNhZTY0OWY0NDY2NDdlNDk4MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMZrbPXrvAaoeTqSlqg7fvKoRnGSnwMch3ZuajKmESAEvzjY
E7f7OP4QKhjQuxJ3wwwKXnVyIaoAr4ojA5yR/58gdQrZDqHntHyku6KYoR7P2GcV
AyUnMOfoSHvqOkv47mo5ycNXQKuFeZq6tFCUIRpEBamh+3kVUrLF7YvQhFsp1uCT
IKacseMa8MhQWlcEe1yQj5xyWB6RXOvGWjrSBNZhmMRWK66NAj4Z4KblKl8uX+hH
m1cXyQ2jTbfdTQD4oReIhzWq90gJHIbogIG9ru4sHxqGzdqpZB0qsTGAygd3wY3v
17XUI0baAVaW5VHZvepNXZU0mSURrIx7cnaDA/ECAwEAAaOCAkYwggJCMB0GA1Ud
DgQWBBS6+egUjxc7A4Ro1srmSfRGZH5JgzAfBgNVHSMEGDAWgBSg44G252y5Ug6N
j1Z3bsoP4XbMQDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L29PT0J0dWRzdVZJT2pZOVdkMjdLRC1GMnpFQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNDkvOGU2ZjA4LTMwZjAtNDZkZC1hN2ExLWE5YzM4NDEyOGQ0Mi8x
L3V2bm9GSThYT3dPRWFOYks1a24wUm1SLVNZTS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNDkv
OGU2ZjA4LTMwZjAtNDZkZC1hN2ExLWE5YzM4NDEyOGQ0Mi8xL29PT0J0dWRzdVZJ
T2pZOVdkMjdLRC1GMnpFQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBc
BggrBgEFBQcBBwEB/wRNMEswLAQCAAEwJgMEA1iHKDAMAwQCuW70AwQAuW72AwQC
uaEkAwQCuaRIAwQCueUcMBsEAgACMBUDBQMqBlpAAwUDKgrUAAMFAyoNZgAwDQYJ
KoZIhvcNAQELBQADggEBALZ4pctwIAg52UnUOJTPurSTkHlOG1NsOAOwX8o/kT16
UW82fg9zETMqJpm6xYcqFiliDzS+gtNuaOolwd+uafJ7LewyqKugf3nIO3T0hAqR
glH8aLqPa9I7K9VV6F7djq9TF84cbR2Q/t0bsqquWt4AjSn76r9Cge9ri7kmHoe0
2CLen+vRdNOgu6D8VJjat4D/GVrDNi47yT4aWzOVEqajwg7RJcM8KlJX6TFHL5wc
H8PD3v3KVTXrZ0N3vK0QthNDj1toMJQnkl6L48TyYFBYQjv2WS1i1kqLGQxpzEfU
rW7ZE6SStN70OY3Vrsd3o5bZ/GJQ1CIEwAZ5RV/AEAo=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:51:14 2023 by rpki-client on console-ams.rpki-client.org