Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/mTnbCTDaLUdrA2QhGuHOLWYPZjc.roa
File: mTnbCTDaLUdrA2QhGuHOLWYPZjc.roa (raw, json)
Hash identifier: UV0sAnz68IMyFR4VGcRDA2nAZkqEIl266NFt7Cefd24=
Subject key identifier: 99:39:DB:09:30:DA:2D:47:6B:03:64:21:1A:E1:CE:2D:66:0F:66:37
Certificate issuer: /CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Certificate serial: 018610086A11F4E87520E664BABFE4DE2B57
Authority key identifier: 0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/mTnbCTDaLUdrA2QhGuHOLWYPZjc.roa
Signing time: Thu 02 Feb 2023 02:50:32 +0000
ROA not before: Thu 02 Feb 2023 02:50:32 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 205516
IP address blocks: 193.106.99.0/24 maxlen: 24
45.8.118.0/23 maxlen: 24
91.198.101.0/24 maxlen: 24
193.43.250.0/24 maxlen: 24
2a0e:6600::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:10:08:6a:11:f4:e8:75:20:e6:64:ba:bf:e4:de:2b:57
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0a7327805df20fb5c1d6f4e89074743caeb24af7
Validity
Not Before: Feb 2 02:50:32 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9939db0930da2d476b0364211ae1ce2d660f6637
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:b9:8d:b8:9d:1b:a1:9c:35:68:5b:d1:28:31:
ed:7f:d7:be:be:8a:2e:c8:34:c2:20:54:c2:79:c2:
60:c1:9e:96:b5:44:20:00:eb:24:3d:52:f9:09:85:
d2:30:83:1d:bc:18:43:08:6a:7e:19:78:00:d7:02:
b8:0c:9e:cc:99:85:42:9f:44:a5:6d:45:bd:23:cc:
e2:af:91:e1:15:9f:c3:cb:d4:63:4f:20:98:41:e0:
85:ab:cb:a0:48:19:1c:0d:8f:b4:d1:ac:74:62:58:
5e:d4:8b:01:30:31:5a:19:6a:f5:f5:b2:c6:9a:51:
16:35:1e:d1:1d:02:1b:88:93:ef:48:48:fa:47:de:
4d:d3:b5:8a:dc:58:a8:79:5c:0b:06:66:05:8d:71:
65:83:6d:ca:44:8d:a9:4b:2b:3a:2d:90:a1:cd:48:
ad:9a:5d:6f:4b:85:23:82:1f:ed:fd:f5:e0:d5:0c:
05:9e:4e:f4:1b:3e:3b:b3:41:a7:62:36:4e:f5:07:
2b:7d:0d:e6:1f:74:b9:1f:8b:96:c5:71:27:ab:3b:
7f:4e:f1:3c:62:15:1e:3a:d7:6c:bf:2c:ae:27:ee:
24:2d:63:df:08:bc:8b:b4:a2:dc:24:1d:a8:4b:9c:
65:50:c9:64:0d:19:8c:c5:c4:24:0b:e5:83:b3:dc:
ec:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:39:DB:09:30:DA:2D:47:6B:03:64:21:1A:E1:CE:2D:66:0F:66:37
X509v3 Authority Key Identifier:
keyid:0A:73:27:80:5D:F2:0F:B5:C1:D6:F4:E8:90:74:74:3C:AE:B2:4A:F7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CnMngF3yD7XB1vTokHR0PK6ySvc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/mTnbCTDaLUdrA2QhGuHOLWYPZjc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4a/8b1fac-5a21-4848-a66a-10bb4579d528/1/CnMngF3yD7XB1vTokHR0PK6ySvc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.8.118.0/23
91.198.101.0/24
193.43.250.0/24
193.106.99.0/24
IPv6:
2a0e:6600::/29
Signature Algorithm: sha256WithRSAEncryption
56:1f:33:23:59:72:a4:09:c2:86:c8:08:31:2f:c1:97:ea:33:
9b:33:78:02:f3:6c:30:a5:e3:5f:b0:ff:99:87:a0:d4:c4:1f:
32:e6:94:e9:81:8e:72:e5:21:10:ea:a6:86:e1:45:08:93:a6:
13:eb:5a:5c:9b:f3:3d:e4:5d:f1:ca:22:70:a1:6b:0b:82:8c:
cc:0f:c8:e3:3f:24:e3:94:5a:a5:83:aa:61:c3:64:27:61:94:
81:3b:01:23:c8:6e:6b:0c:f6:2f:19:26:7d:3b:a2:e2:59:8a:
d2:07:5d:cf:80:a9:2b:2d:20:fb:ce:2e:bc:c4:cc:25:22:46:
8f:07:6e:f6:05:32:11:b4:c1:12:73:e9:9c:95:99:4a:4c:7d:
b4:24:41:e2:63:07:5d:b4:33:a1:15:76:ce:e1:25:38:4b:8c:
23:40:7f:ca:2b:62:83:63:89:a2:f4:50:d4:26:0d:ce:1d:16:
27:6b:de:b5:d7:e2:83:4e:a3:7c:99:81:54:ca:9c:53:3f:c7:
2b:5d:7b:b0:89:f1:28:74:30:b5:c8:58:da:c9:36:d9:4c:cf:
ec:af:34:1c:1c:f6:ec:fa:96:8d:41:8f:c6:06:cc:18:ee:f9:
14:d7:7a:cb:25:19:69:77:b7:3c:58:14:e8:ad:32:70:89:04:
ae:08:88:f5
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYYQCGoR9Oh1IOZkur/k3itXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDBhNzMyNzgwNWRmMjBmYjVjMWQ2ZjRlODkwNzQ3NDNjYWVi
MjRhZjcwHhcNMjMwMjAyMDI1MDMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OTM5ZGIwOTMwZGEyZDQ3NmIwMzY0MjExYWUxY2UyZDY2MGY2NjM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAobmNuJ0boZw1aFvRKDHtf9e+voou
yDTCIFTCecJgwZ6WtUQgAOskPVL5CYXSMIMdvBhDCGp+GXgA1wK4DJ7MmYVCn0Sl
bUW9I8zir5HhFZ/Dy9RjTyCYQeCFq8ugSBkcDY+00ax0Ylhe1IsBMDFaGWr19bLG
mlEWNR7RHQIbiJPvSEj6R95N07WK3FioeVwLBmYFjXFlg23KRI2pSys6LZChzUit
ml1vS4Ujgh/t/fXg1QwFnk70Gz47s0GnYjZO9QcrfQ3mH3S5H4uWxXEnqzt/TvE8
YhUeOtdsvyyuJ+4kLWPfCLyLtKLcJB2oS5xlUMlkDRmMxcQkC+WDs9zsDwIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFJk52wkw2i1HawNkIRrhzi1mD2Y3MB8GA1UdIwQY
MBaAFApzJ4Bd8g+1wdb06JB0dDyuskr3MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEt
MTBiYjQ1NzlkNTI4LzEvbVRuYkNURGFMVWRyQTJRaEd1SE9MV1lQWmpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80YS84YjFmYWMtNWEyMS00ODQ4LWE2NmEtMTBiYjQ1NzlkNTI4
LzEvQ25NbmdGM3lEN1hCMXZUb2tIUjBQSzZ5U3ZjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQBLQh2AwQA
W8ZlAwQAwSv6AwQAwWpjMA0EAgACMAcDBQMqDmYAMA0GCSqGSIb3DQEBCwUAA4IB
AQBWHzMjWXKkCcKGyAgxL8GX6jObM3gC82wwpeNfsP+Zh6DUxB8y5pTpgY5y5SEQ
6qaG4UUIk6YT61pcm/M95F3xyiJwoWsLgozMD8jjPyTjlFqlg6phw2QnYZSBOwEj
yG5rDPYvGSZ9O6LiWYrSB13PgKkrLSD7zi68xMwlIkaPB272BTIRtMESc+mclZlK
TH20JEHiYwddtDOhFXbO4SU4S4wjQH/KK2KDY4mi9FDUJg3OHRYna9611+KDTqN8
mYFUypxTP8crXXuwifEodDC1yFjayTbZTM/srzQcHPbs+paNQY/GBswY7vkU13rL
JRlpd7c8WBTorTJwiQSuCIj1
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:15 2024 by rpki-client on console-fra.rpki-client.org