Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/UBy-OJekkqz41JDPq_vqRq0ObIk.roa
File: UBy-OJekkqz41JDPq_vqRq0ObIk.roa (raw, json)
Hash identifier: Ni0DP2+SoMuI1V6qc+wXi3KE9eqFbOBrh51a24iHUAc=
Subject key identifier: 50:1C:BE:38:97:A4:92:AC:F8:D4:90:CF:AB:FB:EA:46:AD:0E:6C:89
Certificate issuer: /CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Certificate serial: 018570D55E4F6620AD01E14C2818EF445291
Authority key identifier: CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/UBy-OJekkqz41JDPq_vqRq0ObIk.roa
Signing time: Mon 02 Jan 2023 04:55:09 +0000
ROA not before: Mon 02 Jan 2023 04:55:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 58061
IP address blocks: 194.93.3.0/24 maxlen: 24
91.243.189.0/24 maxlen: 24
194.147.88.0/24 maxlen: 24
77.83.193.0/24 maxlen: 24
213.139.203.0/24 maxlen: 24
194.169.86.0/24 maxlen: 24
212.107.26.0/24 maxlen: 24
78.142.238.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:d5:5e:4f:66:20:ad:01:e1:4c:28:18:ef:44:52:91
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ccd76159bfd9e337523ee930f3df111d6bae7306
Validity
Not Before: Jan 2 04:55:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=501cbe3897a492acf8d490cfabfbea46ad0e6c89
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:e4:11:9a:72:d8:52:22:3a:ce:c9:02:47:41:
4f:bb:dd:5a:a7:e5:0d:df:19:17:33:5c:4c:f4:e8:
45:a8:1f:1a:59:4d:ea:b1:52:3c:8b:63:94:9b:e3:
cf:c0:33:0d:85:81:a6:99:90:48:41:a9:8a:04:9a:
14:c9:3c:2e:4b:bb:60:ee:14:c5:b1:27:31:1d:ee:
05:e3:b2:8a:a8:c8:4f:52:d9:3f:27:ea:34:c1:8d:
5b:9d:2f:03:6c:ec:9c:54:41:b5:6b:87:dd:dc:6c:
c0:da:c2:aa:af:68:55:f2:82:ab:b3:4c:1f:06:90:
b7:14:27:46:30:b3:2a:7e:83:d6:95:92:44:76:9f:
7d:04:b6:79:2c:44:60:01:a9:06:a4:87:e3:a3:c9:
13:29:74:cc:17:32:eb:04:bd:26:69:dc:3d:57:f0:
2d:c6:97:3d:c1:ea:ac:48:3b:d2:dd:c6:62:29:74:
c6:01:a3:35:c0:f0:fc:17:3d:21:34:31:bc:e2:29:
60:f8:11:59:6f:96:45:00:61:22:81:91:9d:3a:7b:
a9:f0:9a:d9:7f:3d:6d:85:53:e2:bf:0a:47:68:68:
34:a8:f3:8b:49:8c:38:af:d8:05:c5:40:ca:2d:d1:
0b:e1:69:9e:be:17:21:f5:a0:70:4c:81:6f:3d:28:
d4:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:1C:BE:38:97:A4:92:AC:F8:D4:90:CF:AB:FB:EA:46:AD:0E:6C:89
X509v3 Authority Key Identifier:
keyid:CC:D7:61:59:BF:D9:E3:37:52:3E:E9:30:F3:DF:11:1D:6B:AE:73:06
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zNdhWb_Z4zdSPukw898RHWuucwY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/UBy-OJekkqz41JDPq_vqRq0ObIk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/50/f6ada1-7e8a-4b3e-b7e8-f8589f682691/1/zNdhWb_Z4zdSPukw898RHWuucwY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.83.193.0/24
78.142.238.0/24
91.243.189.0/24
194.93.3.0/24
194.147.88.0/24
194.169.86.0/24
212.107.26.0/24
213.139.203.0/24
Signature Algorithm: sha256WithRSAEncryption
72:15:15:bf:19:4f:0b:13:c6:6b:b0:c4:d8:15:fc:68:32:cb:
9e:8f:45:aa:1a:38:7b:27:95:4e:06:36:d3:bd:a8:15:2b:a8:
0e:6a:a4:db:1e:13:ef:31:f1:51:ce:49:58:8f:7d:7d:0e:14:
db:a5:52:e8:17:b7:bb:e9:79:16:bc:ab:40:de:7d:1a:67:55:
12:4c:0b:f1:b8:ac:60:e9:0a:7f:fa:43:1a:70:5c:7e:e9:97:
6b:61:fa:b9:7d:9b:d3:cc:41:19:e6:e9:a2:5a:35:1b:aa:d2:
30:c5:94:b1:03:70:9a:a5:69:c8:14:67:fe:b9:ae:d9:84:23:
42:ca:0e:e5:8c:65:73:81:f1:6e:3d:4c:f4:0f:0a:16:28:63:
25:a0:02:6f:97:de:74:2d:69:f9:31:f8:05:2a:38:7c:5e:cf:
8b:b6:32:30:a3:6b:7c:c7:a4:a9:55:b7:50:98:ad:59:8c:e9:
6d:39:16:7d:97:77:8e:eb:bf:cc:d0:ed:d7:d5:82:4b:1c:be:
43:d6:99:3d:34:fc:16:b1:b3:a4:7e:27:0a:75:e3:86:0b:9d:
97:f7:1c:5f:da:d8:28:ff:91:b2:1e:d7:1a:65:92:3b:ed:3f:
70:ab:15:ef:55:d9:2a:e7:df:a3:39:4a:e5:f4:ad:b2:a8:cd:
c2:2c:23:aa
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYVw1V5PZiCtAeFMKBjvRFKRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNjZDc2MTU5YmZkOWUzMzc1MjNlZTkzMGYzZGYxMTFkNmJh
ZTczMDYwHhcNMjMwMTAyMDQ1NTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MDFjYmUzODk3YTQ5MmFjZjhkNDkwY2ZhYmZiZWE0NmFkMGU2Yzg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAquQRmnLYUiI6zskCR0FPu91ap+UN
3xkXM1xM9OhFqB8aWU3qsVI8i2OUm+PPwDMNhYGmmZBIQamKBJoUyTwuS7tg7hTF
sScxHe4F47KKqMhPUtk/J+o0wY1bnS8DbOycVEG1a4fd3GzA2sKqr2hV8oKrs0wf
BpC3FCdGMLMqfoPWlZJEdp99BLZ5LERgAakGpIfjo8kTKXTMFzLrBL0madw9V/At
xpc9weqsSDvS3cZiKXTGAaM1wPD8Fz0hNDG84ilg+BFZb5ZFAGEigZGdOnup8JrZ
fz1thVPivwpHaGg0qPOLSYw4r9gFxUDKLdEL4Wmevhch9aBwTIFvPSjUnwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFFAcvjiXpJKs+NSQz6v76katDmyJMB8GA1UdIwQY
MBaAFMzXYVm/2eM3Uj7pMPPfER1rrnMGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgt
Zjg1ODlmNjgyNjkxLzEvVUJ5LU9KZWtrcXo0MUpEUHFfdnFScTBPYklrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MC9mNmFkYTEtN2U4YS00YjNlLWI3ZTgtZjg1ODlmNjgyNjkx
LzEvek5kaFdiX1o0emRTUHVrdzg5OFJIV3V1Y3dZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQATVPBAwQA
To7uAwQAW/O9AwQAwl0DAwQAwpNYAwQAwqlWAwQA1GsaAwQA1YvLMA0GCSqGSIb3
DQEBCwUAA4IBAQByFRW/GU8LE8ZrsMTYFfxoMsuej0WqGjh7J5VOBjbTvagVK6gO
aqTbHhPvMfFRzklYj319DhTbpVLoF7e76XkWvKtA3n0aZ1USTAvxuKxg6Qp/+kMa
cFx+6ZdrYfq5fZvTzEEZ5umiWjUbqtIwxZSxA3CapWnIFGf+ua7ZhCNCyg7ljGVz
gfFuPUz0DwoWKGMloAJvl950LWn5MfgFKjh8Xs+LtjIwo2t8x6SpVbdQmK1ZjOlt
ORZ9l3eO67/M0O3X1YJLHL5D1pk9NPwWsbOkficKdeOGC52X9xxf2tgo/5GyHtca
ZZI77T9wqxXvVdkq59+jOUrl9K2yqM3CLCOq
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:08:46 2024 by rpki-client on console-ams.rpki-client.org