Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/7WdTy7Xpyremz8lIi-owCRBfgcA.roa
File: 7WdTy7Xpyremz8lIi-owCRBfgcA.roa (raw, json)
Hash identifier: NFtmDRP9Nr4v5eEBIdN+4MT8fRX4QFR7lAqt8K3oXqg=
Subject key identifier: ED:67:53:CB:B5:E9:CA:B7:A6:CF:C9:48:8B:EA:30:09:10:5F:81:C0
Certificate issuer: /CN=ceb86983547113359bade1f3f38104091e3a6439
Certificate serial: 01856C25B3E88BED3763F94D33FD77BB4651
Authority key identifier: CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/7WdTy7Xpyremz8lIi-owCRBfgcA.roa
Signing time: Sun 01 Jan 2023 07:04:48 +0000
ROA not before: Sun 01 Jan 2023 07:04:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48291
IP address blocks: 188.135.200.0/21 maxlen: 21
188.135.208.0/20 maxlen: 20
188.135.228.0/22 maxlen: 22
188.135.236.0/22 maxlen: 22
188.135.240.0/21 maxlen: 21
188.135.152.0/21 maxlen: 21
188.135.160.0/23 maxlen: 23
188.135.166.0/23 maxlen: 23
188.135.175.0/24 maxlen: 24
188.135.176.0/21 maxlen: 21
188.135.192.0/21 maxlen: 21
185.38.138.0/23 maxlen: 23
94.199.10.0/23 maxlen: 23
159.20.128.0/21 maxlen: 21
94.199.9.0/24 maxlen: 24
159.20.136.0/21 maxlen: 21
94.199.14.0/23 maxlen: 23
94.199.12.0/23 maxlen: 23
159.20.152.0/21 maxlen: 21
159.20.224.0/21 maxlen: 21
159.20.240.0/21 maxlen: 21
159.20.248.0/21 maxlen: 21
188.135.128.0/21 maxlen: 21
188.135.136.0/21 maxlen: 21
188.135.144.0/21 maxlen: 21
159.20.160.0/21 maxlen: 21
159.20.168.0/21 maxlen: 21
159.20.176.0/21 maxlen: 21
159.20.184.0/21 maxlen: 21
159.20.192.0/21 maxlen: 21
159.20.200.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:25:b3:e8:8b:ed:37:63:f9:4d:33:fd:77:bb:46:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ceb86983547113359bade1f3f38104091e3a6439
Validity
Not Before: Jan 1 07:04:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ed6753cbb5e9cab7a6cfc9488bea3009105f81c0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:e3:c6:a7:88:71:7e:13:a2:51:12:ad:95:ed:
77:97:6d:b9:5d:e3:5c:fc:e8:a3:db:4d:37:8f:08:
a1:a0:8a:22:eb:fa:33:d4:be:f0:fc:db:b9:69:cd:
8d:2c:f2:9c:c9:ba:eb:9e:a3:f1:f3:9e:79:8b:f9:
5f:5c:69:cf:fa:59:47:61:5c:68:78:b6:aa:6a:d8:
80:06:50:68:78:96:38:18:ff:d6:83:f3:fd:5c:a3:
1b:65:8b:c8:5f:0f:37:43:6c:19:63:37:b1:c8:c6:
7d:5d:e3:79:bc:a6:c6:f8:85:a7:18:02:a2:66:ae:
98:47:5a:b0:1b:8d:f3:ff:b9:6f:5b:ee:c0:d1:12:
c8:10:d8:96:93:2a:0b:0b:f4:13:97:99:c2:43:33:
b3:95:43:78:8a:bf:65:ed:1b:f5:e3:d7:37:81:f8:
94:93:4f:4b:1e:e0:8a:36:4f:d5:3e:d8:1b:29:d4:
df:8a:84:4d:f5:7a:6f:e1:ee:c7:ef:b9:86:1b:b7:
55:b4:ff:c1:7b:fd:90:f8:7a:d8:0a:3b:0e:df:c0:
5b:cc:3b:bb:4a:08:24:02:78:ba:bd:66:64:ca:da:
bf:9a:c5:30:07:f4:d7:7b:74:f4:8e:43:f5:4c:88:
02:37:0a:25:2c:2f:d1:b1:78:8e:af:03:2f:67:cb:
80:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:67:53:CB:B5:E9:CA:B7:A6:CF:C9:48:8B:EA:30:09:10:5F:81:C0
X509v3 Authority Key Identifier:
keyid:CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/7WdTy7Xpyremz8lIi-owCRBfgcA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.199.9.0-94.199.15.255
159.20.128.0/20
159.20.152.0-159.20.207.255
159.20.224.0/21
159.20.240.0/20
185.38.138.0/23
188.135.128.0-188.135.161.255
188.135.166.0/23
188.135.175.0-188.135.183.255
188.135.192.0/19
188.135.228.0/22
188.135.236.0-188.135.247.255
Signature Algorithm: sha256WithRSAEncryption
5a:c5:ac:46:5e:c8:fb:03:51:b1:8c:ca:58:3f:e4:d3:bd:18:
58:8a:70:8f:9b:10:bb:71:b9:31:d9:79:cf:45:2e:b2:9b:af:
61:e6:89:6b:29:ce:02:3c:6f:6a:40:9c:03:77:99:fd:f6:26:
e3:f1:e0:e9:9c:b2:cf:38:c2:7c:75:c1:46:66:e8:34:fa:7f:
a6:4c:ae:7d:3d:52:42:c8:71:56:e2:e6:f1:92:f8:1a:67:8c:
45:a7:d5:f8:34:43:33:f6:dc:39:0b:c5:58:1d:52:9f:d7:f8:
3c:02:59:86:eb:00:5e:05:ec:3c:4d:12:dc:24:d0:a1:ab:4d:
c2:47:2b:ca:90:b7:84:58:5a:68:a2:ad:e7:1d:9d:9d:57:93:
d3:05:26:d3:bb:c1:62:2a:6f:c1:c8:3b:05:e8:53:92:10:5b:
cf:c6:12:7f:98:90:f4:d6:c7:7b:71:61:d2:38:d9:4e:66:22:
36:17:f8:01:c0:fc:f0:67:bf:48:7e:7b:af:bd:b4:53:b6:fa:
7a:30:0a:17:07:d7:c6:3e:97:40:74:45:4b:8d:ee:43:b2:b4:
56:b7:a2:3b:2d:37:69:e7:94:25:d3:88:c7:3f:b3:13:50:b3:
81:de:20:62:32:ae:12:33:7e:c2:77:16:1f:75:54:9a:56:f3:
c7:27:45:c2
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgISAYVsJbPoi+03Y/lNM/13u0ZRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYjg2OTgzNTQ3MTEzMzU5YmFkZTFmM2YzODEwNDA5MWUz
YTY0MzkwHhcNMjMwMTAxMDcwNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDY3NTNjYmI1ZTljYWI3YTZjZmM5NDg4YmVhMzAwOTEwNWY4MWMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOPGp4hxfhOiURKtle13l225XeNc
/Oij2003jwihoIoi6/oz1L7w/Nu5ac2NLPKcybrrnqPx8555i/lfXGnP+llHYVxo
eLaqatiABlBoeJY4GP/Wg/P9XKMbZYvIXw83Q2wZYzexyMZ9XeN5vKbG+IWnGAKi
Zq6YR1qwG43z/7lvW+7A0RLIENiWkyoLC/QTl5nCQzOzlUN4ir9l7Rv149c3gfiU
k09LHuCKNk/VPtgbKdTfioRN9Xpv4e7H77mGG7dVtP/Be/2Q+HrYCjsO38BbzDu7
SggkAni6vWZkytq/msUwB/TXe3T0jkP1TIgCNwolLC/RsXiOrwMvZ8uAJwIDAQAB
o4ICdDCCAnAwHQYDVR0OBBYEFO1nU8u16cq3ps/JSIvqMAkQX4HAMB8GA1UdIwQY
MBaAFM64aYNUcRM1m63h8/OBBAkeOmQ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2Qt
ZGVlMmY2NTBkZDg2LzEvN1dkVHk3WHB5cmVtejhsSWktb3dDUkJmZ2NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2QtZGVlMmY2NTBkZDg2
LzEvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGJBggrBgEFBQcBBwEB/wR6MHgwdgQCAAEwcDAMAwQAXscJ
AwQEXscAAwQEnxSAMAwDBAOfFJgDBASfFMADBAOfFOADBASfFPADBAG5JoowDAME
B7yHgAMEAbyHoAMEAbyHpjAMAwQAvIevAwQDvIewAwQFvIfAAwQCvIfkMAwDBAK8
h+wDBAO8h/AwDQYJKoZIhvcNAQELBQADggEBAFrFrEZeyPsDUbGMylg/5NO9GFiK
cI+bELtxuTHZec9FLrKbr2HmiWspzgI8b2pAnAN3mf32JuPx4Omcss84wnx1wUZm
6DT6f6ZMrn09UkLIcVbi5vGS+BpnjEWn1fg0QzP23DkLxVgdUp/X+DwCWYbrAF4F
7DxNEtwk0KGrTcJHK8qQt4RYWmiirecdnZ1Xk9MFJtO7wWIqb8HIOwXoU5IQW8/G
En+YkPTWx3txYdI42U5mIjYX+AHA/PBnv0h+e6+9tFO2+nowChcH18Y+l0B0RUuN
7kOytFa3ojstN2nnlCXTiMc/sxNQs4HeIGIyrhIzfsJ3Fh91VJpW88cnRcI=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:52:07 2023 by rpki-client on console-ams.rpki-client.org