Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/2162d8-e9de-4981-b1ca-b8477f5073c1/1/I8UCMO2myNd1-vghk4vnkAScua8.roa
File: I8UCMO2myNd1-vghk4vnkAScua8.roa (raw, json)
Hash identifier: ZAOyZO3eW4OYhDIYJjmsXT+QhCDzVkZYOIOWiKrwc+M=
Subject key identifier: 23:C5:02:30:ED:A6:C8:D7:75:FA:F8:21:93:8B:E7:90:04:9C:B9:AF
Certificate issuer: /CN=f3a1ae0b07cd05ee2484f4eebcd4568473473414
Certificate serial: 018CC794350C57CF5B733FF11A3F2B515135
Authority key identifier: F3:A1:AE:0B:07:CD:05:EE:24:84:F4:EE:BC:D4:56:84:73:47:34:14
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/86GuCwfNBe4khPTuvNRWhHNHNBQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4d/2162d8-e9de-4981-b1ca-b8477f5073c1/1/I8UCMO2myNd1-vghk4vnkAScua8.roa
Signing time: Tue 02 Jan 2024 00:30:28 +0000
ROA not before: Tue 02 Jan 2024 00:30:28 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 58222
IP address blocks: 185.16.172.0/22 maxlen: 24
185.2.200.0/22 maxlen: 24
212.237.208.0/22 maxlen: 24
185.234.16.0/22 maxlen: 24
45.80.16.0/22 maxlen: 24
89.43.116.0/22 maxlen: 24
156.67.8.0/22 maxlen: 24
2a03:da40::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c7:94:35:0c:57:cf:5b:73:3f:f1:1a:3f:2b:51:51:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f3a1ae0b07cd05ee2484f4eebcd4568473473414
Validity
Not Before: Jan 2 00:30:28 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=23c50230eda6c8d775faf821938be790049cb9af
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:c6:ef:93:1e:cc:b5:9b:ff:f4:5f:bf:78:4f:
4f:6d:21:2d:df:54:a4:21:b4:44:80:11:db:6a:99:
5a:fc:67:46:e5:df:bf:d4:a8:6d:1b:cc:15:17:fe:
06:f0:da:99:c2:cd:00:7b:60:ef:11:30:0a:0b:0a:
aa:6e:ff:d1:6a:4e:08:db:8b:8d:50:2f:a9:e7:41:
9b:9f:e3:2b:7b:2e:08:07:52:e1:33:ff:e3:1e:e8:
9f:a9:8a:07:28:13:5f:91:75:17:27:68:a7:c7:0f:
78:aa:ff:81:e8:8f:b9:51:9b:b1:30:94:ba:53:a5:
8a:60:8b:80:e4:db:2b:a5:be:c1:08:39:c4:23:53:
4b:ed:83:46:1f:3b:15:4b:f3:2b:9b:63:5e:90:9c:
9f:fd:59:cc:cb:e1:99:69:67:91:c8:7b:60:1a:f1:
15:70:79:58:af:8f:78:ae:02:66:62:ce:0c:ea:3c:
1b:9d:24:d7:78:13:b4:81:35:4d:01:e0:cc:ce:8a:
48:2f:6c:85:6d:65:c8:01:65:a4:34:ed:ba:fd:97:
8e:27:da:6e:42:a3:ad:ce:30:77:e0:43:da:7b:4a:
86:10:5b:32:3a:f8:13:0e:00:c4:98:b9:72:15:b2:
0c:6c:38:05:e8:b2:f6:aa:34:df:a3:d2:48:12:e6:
4b:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:C5:02:30:ED:A6:C8:D7:75:FA:F8:21:93:8B:E7:90:04:9C:B9:AF
X509v3 Authority Key Identifier:
keyid:F3:A1:AE:0B:07:CD:05:EE:24:84:F4:EE:BC:D4:56:84:73:47:34:14
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/86GuCwfNBe4khPTuvNRWhHNHNBQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/2162d8-e9de-4981-b1ca-b8477f5073c1/1/I8UCMO2myNd1-vghk4vnkAScua8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/2162d8-e9de-4981-b1ca-b8477f5073c1/1/86GuCwfNBe4khPTuvNRWhHNHNBQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.80.16.0/22
89.43.116.0/22
156.67.8.0/22
185.2.200.0/22
185.16.172.0/22
185.234.16.0/22
212.237.208.0/22
IPv6:
2a03:da40::/29
Signature Algorithm: sha256WithRSAEncryption
36:fb:f5:c4:a1:34:a7:2e:76:70:66:04:07:5a:40:0b:e5:50:
30:6d:32:53:c1:8f:35:8c:f6:7a:9d:82:53:5b:a5:7d:f4:d1:
4d:b7:5c:4b:7c:3b:95:f8:35:3a:f7:a0:e3:a6:c9:70:ba:06:
d5:99:96:63:f1:e2:e2:3a:ad:2f:4b:a4:21:07:30:3e:38:32:
d1:65:d7:de:d3:e0:a0:02:8d:ee:1a:58:1c:c1:ee:74:a9:51:
89:29:fd:80:4e:01:da:1f:ac:45:07:85:da:ed:f8:50:5e:3a:
92:c8:07:56:d1:88:01:5f:d9:46:11:e3:35:4b:43:35:f1:84:
c5:f4:f1:ed:b4:4d:6b:ce:f5:40:3f:59:eb:ae:c1:65:d3:0f:
5f:93:72:bc:78:c2:a6:d5:30:b4:da:43:96:08:aa:2a:e2:5e:
a9:02:18:6a:9b:a5:7b:23:38:85:3c:30:90:3a:7b:0a:b8:9c:
c7:80:ba:d8:13:d7:60:7a:c1:de:15:0e:7b:85:4a:9b:ec:bf:
c5:38:00:36:0d:8e:34:46:47:35:33:ec:09:67:46:c5:fc:ea:
7f:0d:68:f2:b0:da:93:10:19:59:b0:9f:a4:9a:28:6d:a9:75:
54:84:fe:fa:32:72:a9:63:a7:3a:22:a4:ab:24:b6:98:23:fc:
f4:46:1d:f3
-----BEGIN CERTIFICATE-----
MIIFMDCCBBigAwIBAgISAYzHlDUMV89bcz/xGj8rUVE1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYzYTFhZTBiMDdjZDA1ZWUyNDg0ZjRlZWJjZDQ1Njg0NzM0
NzM0MTQwHhcNMjQwMTAyMDAzMDI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2M1MDIzMGVkYTZjOGQ3NzVmYWY4MjE5MzhiZTc5MDA0OWNiOWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAisbvkx7MtZv/9F+/eE9PbSEt31Sk
IbREgBHbapla/GdG5d+/1KhtG8wVF/4G8NqZws0Ae2DvETAKCwqqbv/Rak4I24uN
UC+p50Gbn+Mrey4IB1LhM//jHuifqYoHKBNfkXUXJ2inxw94qv+B6I+5UZuxMJS6
U6WKYIuA5Nsrpb7BCDnEI1NL7YNGHzsVS/Mrm2NekJyf/VnMy+GZaWeRyHtgGvEV
cHlYr494rgJmYs4M6jwbnSTXeBO0gTVNAeDMzopIL2yFbWXIAWWkNO26/ZeOJ9pu
QqOtzjB34EPae0qGEFsyOvgTDgDEmLlyFbIMbDgF6LL2qjTfo9JIEuZLswIDAQAB
o4ICPDCCAjgwHQYDVR0OBBYEFCPFAjDtpsjXdfr4IZOL55AEnLmvMB8GA1UdIwQY
MBaAFPOhrgsHzQXuJIT07rzUVoRzRzQUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvODZHdUN3Zk5CZTRraFBUdXZOUldoSE5ITkJRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80ZC8yMTYyZDgtZTlkZS00OTgxLWIxY2Et
Yjg0NzdmNTA3M2MxLzEvSThVQ01PMm15TmQxLXZnaGs0dm5rQVNjdWE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80ZC8yMTYyZDgtZTlkZS00OTgxLWIxY2EtYjg0NzdmNTA3M2Mx
LzEvODZHdUN3Zk5CZTRraFBUdXZOUldoSE5ITkJRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFIGCCsGAQUFBwEHAQH/BEMwQTAwBAIAATAqAwQCLVAQAwQC
WSt0AwQCnEMIAwQCuQLIAwQCuRCsAwQCueoQAwQC1O3QMA0EAgACMAcDBQMqA9pA
MA0GCSqGSIb3DQEBCwUAA4IBAQA2+/XEoTSnLnZwZgQHWkAL5VAwbTJTwY81jPZ6
nYJTW6V99NFNt1xLfDuV+DU696DjpslwugbVmZZj8eLiOq0vS6QhBzA+ODLRZdfe
0+CgAo3uGlgcwe50qVGJKf2ATgHaH6xFB4Xa7fhQXjqSyAdW0YgBX9lGEeM1S0M1
8YTF9PHttE1rzvVAP1nrrsFl0w9fk3K8eMKm1TC02kOWCKoq4l6pAhhqm6V7IziF
PDCQOnsKuJzHgLrYE9dgesHeFQ57hUqb7L/FOAA2DY40Rkc1M+wJZ0bF/Op/DWjy
sNqTEBlZsJ+kmihtqXVUhP76MnKpY6c6IqSrJLaYI/z0Rh3z
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:28:44 2024 by rpki-client on console-fra.rpki-client.org