Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/SwOk-CR7nQ9WEEcCLNA3s77Na0s.roa
File: SwOk-CR7nQ9WEEcCLNA3s77Na0s.roa (raw, json)
Hash identifier: Pga/v4hqgurd9fEzW+56xx6zswUrGY5PU430fAuOCZc=
Subject key identifier: 4B:03:A4:F8:24:7B:9D:0F:56:10:47:02:2C:D0:37:B3:BE:CD:6B:4B
Certificate issuer: /CN=ceb86983547113359bade1f3f38104091e3a6439
Certificate serial: 01856C25B24DDD80C732EB5DBBD187036314
Authority key identifier: CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/SwOk-CR7nQ9WEEcCLNA3s77Na0s.roa
Signing time: Sun 01 Jan 2023 07:04:47 +0000
ROA not before: Sun 01 Jan 2023 07:04:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3269
IP address blocks: 193.207.208.0/20 maxlen: 20
193.207.224.0/21 maxlen: 21
193.207.232.0/21 maxlen: 21
193.207.240.0/22 maxlen: 22
193.207.244.0/22 maxlen: 22
188.135.143.254/32 maxlen: 32
193.207.192.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:25:b2:4d:dd:80:c7:32:eb:5d:bb:d1:87:03:63:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ceb86983547113359bade1f3f38104091e3a6439
Validity
Not Before: Jan 1 07:04:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4b03a4f8247b9d0f561047022cd037b3becd6b4b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:a3:fe:c9:15:5b:27:91:23:2e:2d:72:85:3b:
13:71:23:8d:3a:34:80:03:de:33:3c:cb:0e:15:36:
6d:ca:45:4e:77:07:d2:5a:c6:87:bc:f1:8a:ca:f7:
08:94:df:bb:98:ed:33:7b:fe:c0:1d:22:fd:78:c1:
86:f8:73:dd:c8:a1:14:50:44:43:0d:ae:3c:32:a7:
8b:e0:5a:7f:8c:69:1b:d1:6a:bc:04:dd:bc:f6:82:
21:64:6c:45:e1:a6:ee:80:ca:67:df:d8:14:b4:c6:
fc:08:0f:3d:e8:28:57:86:dc:00:26:af:7a:55:e7:
fa:12:75:d8:50:01:ef:e5:37:4d:fd:cd:f6:80:31:
06:1d:7e:f0:6a:28:74:a5:4a:c3:82:44:45:80:5b:
28:83:05:97:f1:32:c1:28:d9:be:62:18:85:18:22:
b7:3c:25:b7:93:ca:8b:c4:86:51:68:a1:19:60:09:
9c:a5:fd:5f:69:7b:75:c2:aa:23:6b:0b:a3:7a:33:
e4:51:cd:c2:ec:8a:e4:e4:ea:4b:e6:9d:40:a1:2c:
82:e1:ea:4e:f9:44:1f:82:76:40:fa:54:4f:cf:56:
86:27:b8:01:7d:12:d8:c1:5a:b2:bc:6a:b3:5a:e3:
33:bc:48:b8:ad:0a:d2:4a:a9:6b:4a:3d:53:3b:0d:
d5:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:03:A4:F8:24:7B:9D:0F:56:10:47:02:2C:D0:37:B3:BE:CD:6B:4B
X509v3 Authority Key Identifier:
keyid:CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/SwOk-CR7nQ9WEEcCLNA3s77Na0s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
188.135.143.254/32
193.207.192.0-193.207.247.255
Signature Algorithm: sha256WithRSAEncryption
02:02:88:ab:c3:ad:28:8f:84:30:a3:63:d8:bb:40:90:02:44:
c7:6c:c3:06:fc:2c:ad:8b:ec:3e:65:1c:44:fc:02:a2:68:e9:
09:36:1e:8c:93:f0:84:e1:ea:f7:ed:92:bc:07:6e:fe:78:b7:
b8:c1:6c:af:f5:49:32:e4:e0:23:4c:8f:7a:fe:c5:bb:73:64:
fc:32:0c:87:e8:a0:23:52:ab:3c:82:3e:d2:0a:1d:2f:a5:d4:
04:d9:79:14:e6:83:53:0b:f5:23:ac:d9:4c:ea:56:1e:35:18:
66:81:5b:d8:9b:25:1c:d6:28:41:92:85:d0:7c:37:6b:d6:e0:
1c:6b:27:02:b6:e9:a3:5c:7b:d2:ea:cc:a6:71:70:9a:be:cd:
ce:c3:0d:a2:a8:c8:05:a2:c9:bd:40:82:5a:5b:ff:47:dd:76:
49:6d:6c:ad:4b:a5:31:bb:b1:a9:e6:60:c1:ab:34:dd:93:42:
07:9f:0d:08:85:43:30:81:74:a2:3a:eb:24:03:30:ea:69:5e:
b7:ef:91:ba:4d:cf:7a:36:79:70:ff:1a:23:c1:22:fa:4c:07:
40:d0:5b:07:f6:9a:1d:15:05:f5:79:a4:0e:e0:cb:ea:20:3d:
52:24:f7:dc:0f:92:5d:ce:7a:8a:af:a8:45:7d:e2:7e:c3:45:
a2:e6:7e:c2
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAYVsJbJN3YDHMutdu9GHA2MUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYjg2OTgzNTQ3MTEzMzU5YmFkZTFmM2YzODEwNDA5MWUz
YTY0MzkwHhcNMjMwMTAxMDcwNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YjAzYTRmODI0N2I5ZDBmNTYxMDQ3MDIyY2QwMzdiM2JlY2Q2YjRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiqP+yRVbJ5EjLi1yhTsTcSONOjSA
A94zPMsOFTZtykVOdwfSWsaHvPGKyvcIlN+7mO0ze/7AHSL9eMGG+HPdyKEUUERD
Da48MqeL4Fp/jGkb0Wq8BN289oIhZGxF4abugMpn39gUtMb8CA896ChXhtwAJq96
Vef6EnXYUAHv5TdN/c32gDEGHX7waih0pUrDgkRFgFsogwWX8TLBKNm+YhiFGCK3
PCW3k8qLxIZRaKEZYAmcpf1faXt1wqojawujejPkUc3C7Irk5OpL5p1AoSyC4epO
+UQfgnZA+lRPz1aGJ7gBfRLYwVqyvGqzWuMzvEi4rQrSSqlrSj1TOw3VCwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFEsDpPgke50PVhBHAizQN7O+zWtLMB8GA1UdIwQY
MBaAFM64aYNUcRM1m63h8/OBBAkeOmQ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2Qt
ZGVlMmY2NTBkZDg2LzEvU3dPay1DUjduUTlXRUVjQ0xOQTNzNzdOYTBzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2QtZGVlMmY2NTBkZDg2
LzEvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAbBAIAATAVAwUAvIeP/jAM
AwQGwc/AAwQDwc/wMA0GCSqGSIb3DQEBCwUAA4IBAQACAoirw60oj4Qwo2PYu0CQ
AkTHbMMG/Cyti+w+ZRxE/AKiaOkJNh6Mk/CE4er37ZK8B27+eLe4wWyv9Uky5OAj
TI96/sW7c2T8MgyH6KAjUqs8gj7SCh0vpdQE2XkU5oNTC/UjrNlM6lYeNRhmgVvY
myUc1ihBkoXQfDdr1uAcaycCtumjXHvS6symcXCavs3Oww2iqMgFosm9QIJaW/9H
3XZJbWytS6Uxu7Gp5mDBqzTdk0IHnw0IhUMwgXSiOuskAzDqaV6375G6Tc96Nnlw
/xojwSL6TAdA0FsH9podFQX1eaQO4MvqID1SJPfcD5JdznqKr6hFfeJ+w0Wi5n7C
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:09:42 2024 by rpki-client on console-ams.rpki-client.org