Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4d/2162d8-e9de-4981-b1ca-b8477f5073c1/1/rEL8SN0QVh-7KxH3850W7dEjjPI.roa
File: rEL8SN0QVh-7KxH3850W7dEjjPI.roa (raw, json)
Hash identifier: H6lUnd+vjVq3Y8z6V3aHlg2L3XndW3bBKtI8Dgf5YXs=
Subject key identifier: AC:42:FC:48:DD:10:56:1F:BB:2B:11:F7:F3:9D:16:ED:D1:23:8C:F2
Certificate issuer: /CN=f3a1ae0b07cd05ee2484f4eebcd4568473473414
Certificate serial: 11E47A03
Authority key identifier: F3:A1:AE:0B:07:CD:05:EE:24:84:F4:EE:BC:D4:56:84:73:47:34:14
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/86GuCwfNBe4khPTuvNRWhHNHNBQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4d/2162d8-e9de-4981-b1ca-b8477f5073c1/1/rEL8SN0QVh-7KxH3850W7dEjjPI.roa
Signing time: Sat 01 Jan 2022 08:53:25 +0000
ROA not before: Sat 01 Jan 2022 08:53:25 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 58222
IP address blocks: 185.16.172.0/22 maxlen: 24
185.2.200.0/22 maxlen: 24
212.237.208.0/22 maxlen: 24
185.234.16.0/22 maxlen: 24
45.80.16.0/22 maxlen: 24
89.43.116.0/22 maxlen: 24
156.67.8.0/22 maxlen: 24
2a03:da40::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 300186115 (0x11e47a03)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f3a1ae0b07cd05ee2484f4eebcd4568473473414
Validity
Not Before: Jan 1 08:53:25 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ac42fc48dd10561fbb2b11f7f39d16edd1238cf2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:32:b9:fc:c6:de:3f:18:61:8f:00:78:9e:c7:
55:f1:c5:12:4c:32:15:5d:50:1c:d3:f3:b3:7d:2a:
6a:31:1c:b9:75:10:de:5d:1c:70:33:f6:c4:08:32:
13:cd:be:09:48:74:3e:4e:01:10:d3:59:8e:b3:05:
57:2e:fb:63:81:23:b0:97:74:90:da:2b:01:53:e6:
ef:74:00:6f:4b:1f:58:40:b5:3e:4f:26:2e:b4:d0:
a6:d6:e5:e7:6d:a4:4d:56:4d:fb:7b:85:61:a2:1a:
78:ba:99:01:14:00:3b:2e:b0:4b:70:aa:72:3e:df:
7f:e3:81:8a:ff:16:54:ef:e6:1b:94:4c:e5:91:d5:
dd:eb:2e:13:15:77:82:ec:f3:8b:da:67:ef:c8:43:
b3:55:24:38:fc:fe:35:f0:9e:5a:74:bf:27:cd:a6:
37:57:55:09:79:52:c9:a0:b2:6b:a1:f2:fd:6f:34:
41:84:b2:49:cb:f4:62:63:8d:51:8e:eb:27:6c:17:
55:33:bc:4f:3e:67:85:bf:19:ab:40:f8:01:e4:f1:
9a:7a:a1:81:c2:6a:d6:89:4f:76:04:b2:2a:1e:dd:
b9:32:e3:7d:78:d2:35:5f:7e:03:9b:0e:61:1d:c0:
dc:bb:1b:83:2e:83:7e:32:bb:dc:c2:07:8e:70:16:
c4:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:42:FC:48:DD:10:56:1F:BB:2B:11:F7:F3:9D:16:ED:D1:23:8C:F2
X509v3 Authority Key Identifier:
keyid:F3:A1:AE:0B:07:CD:05:EE:24:84:F4:EE:BC:D4:56:84:73:47:34:14
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/86GuCwfNBe4khPTuvNRWhHNHNBQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/2162d8-e9de-4981-b1ca-b8477f5073c1/1/rEL8SN0QVh-7KxH3850W7dEjjPI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4d/2162d8-e9de-4981-b1ca-b8477f5073c1/1/86GuCwfNBe4khPTuvNRWhHNHNBQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.80.16.0/22
89.43.116.0/22
156.67.8.0/22
185.2.200.0/22
185.16.172.0/22
185.234.16.0/22
212.237.208.0/22
IPv6:
2a03:da40::/29
Signature Algorithm: sha256WithRSAEncryption
98:18:6f:22:d1:98:1b:ae:8d:6d:a1:02:3e:fb:93:5d:7f:b8:
4e:ee:c8:e0:9b:09:3e:7d:ae:d6:c5:b6:b8:74:7c:d7:35:e6:
f2:eb:b2:ed:7c:1c:7b:ca:c8:81:16:4e:20:19:77:06:c3:7f:
69:e2:65:54:db:00:c9:af:6f:b3:97:ef:77:ad:bb:5b:74:cc:
de:a4:7a:21:a8:4a:91:72:c1:40:5d:6f:1f:b2:be:ab:33:24:
8c:0c:be:0c:2d:28:77:02:5b:cb:f4:5b:2f:5a:2e:40:fa:44:
bb:fc:bc:0c:6f:24:1e:26:df:2f:e8:ad:64:dd:8d:e0:0f:0c:
e4:06:d8:c8:6c:d8:f4:af:d5:6f:cb:bd:76:19:84:e8:8a:3e:
0e:16:09:d1:97:c6:66:45:db:8c:05:cc:e0:0d:3b:5b:2b:2c:
a5:ac:ad:63:ea:46:3c:f3:94:5d:25:4c:45:b5:a2:a1:1a:2c:
98:93:27:eb:ed:f8:da:16:90:6d:c7:81:79:c6:8c:a6:0d:c5:
40:50:fb:91:31:7e:31:ba:4f:8a:dc:1b:85:ef:06:cf:25:4e:
3d:16:66:22:8e:f4:e6:54:31:5d:e8:a5:23:27:5a:64:7c:0e:
e3:9d:23:49:98:a6:fc:0b:fc:56:75:d3:70:42:8d:9f:bd:fe:
75:f2:2b:3f
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgIEEeR6AzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhm
M2ExYWUwYjA3Y2QwNWVlMjQ4NGY0ZWViY2Q0NTY4NDczNDczNDE0MB4XDTIyMDEw
MTA4NTMyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWM0MmZjNDhkZDEw
NTYxZmJiMmIxMWY3ZjM5ZDE2ZWRkMTIzOGNmMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMoyufzG3j8YYY8AeJ7HVfHFEkwyFV1QHNPzs30qajEcuXUQ
3l0ccDP2xAgyE82+CUh0Pk4BENNZjrMFVy77Y4EjsJd0kNorAVPm73QAb0sfWEC1
Pk8mLrTQptbl522kTVZN+3uFYaIaeLqZARQAOy6wS3Cqcj7ff+OBiv8WVO/mG5RM
5ZHV3esuExV3guzzi9pn78hDs1UkOPz+NfCeWnS/J82mN1dVCXlSyaCya6Hy/W80
QYSyScv0YmONUY7rJ2wXVTO8Tz5nhb8Zq0D4AeTxmnqhgcJq1olPdgSyKh7duTLj
fXjSNV9+A5sOYR3A3Lsbgy6DfjK73MIHjnAWxJUCAwEAAaOCAjwwggI4MB0GA1Ud
DgQWBBSsQvxI3RBWH7srEffznRbt0SOM8jAfBgNVHSMEGDAWgBTzoa4LB80F7iSE
9O681FaEc0c0FDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
Lzg2R3VDd2ZOQmU0a2hQVHV2TlJXaEhOSE5CUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNGQvMjE2MmQ4LWU5ZGUtNDk4MS1iMWNhLWI4NDc3ZjUwNzNjMS8x
L3JFTDhTTjBRVmgtN0t4SDM4NTBXN2RFampQSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNGQv
MjE2MmQ4LWU5ZGUtNDk4MS1iMWNhLWI4NDc3ZjUwNzNjMS8xLzg2R3VDd2ZOQmU0
a2hQVHV2TlJXaEhOSE5CUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBS
BggrBgEFBQcBBwEB/wRDMEEwMAQCAAEwKgMEAi1QEAMEAlkrdAMEApxDCAMEArkC
yAMEArkQrAMEArnqEAMEAtTt0DANBAIAAjAHAwUDKgPaQDANBgkqhkiG9w0BAQsF
AAOCAQEAmBhvItGYG66NbaECPvuTXX+4Tu7I4JsJPn2u1sW2uHR81zXm8uuy7Xwc
e8rIgRZOIBl3BsN/aeJlVNsAya9vs5fvd627W3TM3qR6IahKkXLBQF1vH7K+qzMk
jAy+DC0odwJby/RbL1ouQPpEu/y8DG8kHibfL+itZN2N4A8M5AbYyGzY9K/Vb8u9
dhmE6Io+DhYJ0ZfGZkXbjAXM4A07WysspaytY+pGPPOUXSVMRbWioRosmJMn6+34
2haQbceBecaMpg3FQFD7kTF+MbpPitwbhe8GzyVOPRZmIo705lQxXeilIydaZHwO
450jSZim/Av8VnXTcEKNn73+dfIrPw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:07:59 2024 by rpki-client on console-ams.rpki-client.org