Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/mrLfah_fPI4sXD6zuqfMabMXN2o.roa
File: mrLfah_fPI4sXD6zuqfMabMXN2o.roa (raw, json)
Hash identifier: JcMPIkMnnFEtEK+fzGCwXT0TNFTTMWtieqyKn+1EY7g=
Subject key identifier: 9A:B2:DF:6A:1F:DF:3C:8E:2C:5C:3E:B3:BA:A7:CC:69:B3:17:37:6A
Certificate issuer: /CN=ceb86983547113359bade1f3f38104091e3a6439
Certificate serial: 0186C573000D0CD7C44BC9819B5FBF98E427
Authority key identifier: CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/mrLfah_fPI4sXD6zuqfMabMXN2o.roa
Signing time: Thu 09 Mar 2023 08:18:13 +0000
ROA not before: Thu 09 Mar 2023 08:18:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48291
IP address blocks: 188.135.200.0/21 maxlen: 21
188.135.208.0/20 maxlen: 20
188.135.228.0/22 maxlen: 22
188.135.236.0/22 maxlen: 22
188.135.240.0/21 maxlen: 21
188.135.152.0/21 maxlen: 21
188.135.160.0/23 maxlen: 23
188.135.166.0/23 maxlen: 23
188.135.175.0/24 maxlen: 24
188.135.176.0/21 maxlen: 21
188.135.192.0/21 maxlen: 21
185.38.138.0/23 maxlen: 23
94.199.10.0/23 maxlen: 23
94.199.9.0/24 maxlen: 24
159.20.136.0/21 maxlen: 21
94.199.14.0/23 maxlen: 23
94.199.12.0/23 maxlen: 23
159.20.152.0/21 maxlen: 21
159.20.224.0/21 maxlen: 21
159.20.240.0/21 maxlen: 21
159.20.248.0/21 maxlen: 21
188.135.136.0/21 maxlen: 21
188.135.144.0/21 maxlen: 21
159.20.160.0/21 maxlen: 21
159.20.168.0/21 maxlen: 21
159.20.176.0/21 maxlen: 21
159.20.184.0/21 maxlen: 21
159.20.192.0/21 maxlen: 21
159.20.200.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:c5:73:00:0d:0c:d7:c4:4b:c9:81:9b:5f:bf:98:e4:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ceb86983547113359bade1f3f38104091e3a6439
Validity
Not Before: Mar 9 08:18:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9ab2df6a1fdf3c8e2c5c3eb3baa7cc69b317376a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:b1:9d:3f:22:e5:48:f8:d9:35:54:c2:12:05:
a1:8f:2c:f6:29:d8:5b:76:ad:a3:a1:f8:54:d8:af:
67:62:4a:f9:f2:83:ab:a7:f9:df:11:b1:01:9a:61:
d0:25:06:42:c8:9c:b1:0a:61:b9:50:6f:aa:75:51:
1f:49:d7:cf:50:63:10:f0:b9:53:bc:99:17:91:b6:
82:42:c5:87:29:fd:85:99:8a:66:71:20:a7:9b:4f:
9c:5c:13:fb:ad:14:fc:81:e2:02:95:17:8f:32:26:
88:3b:ea:25:3e:8c:68:da:50:b4:7b:1d:39:fa:68:
ae:bd:12:c3:fe:ab:29:6c:0c:11:cc:84:11:75:30:
4a:53:fb:d0:a1:b4:2a:42:d8:42:78:26:ca:70:43:
fd:f5:8a:ca:89:94:7b:a2:c1:39:2d:f3:8d:fe:3a:
21:73:fe:68:f6:2a:1d:8c:43:ca:c1:30:f2:fe:38:
23:88:40:2f:76:85:c0:dc:73:20:c9:de:02:48:fd:
30:eb:99:2c:db:27:5c:d2:09:82:3f:e5:6e:f4:b5:
63:b1:42:35:de:2c:a0:fc:23:dd:07:14:0a:a1:28:
76:dc:cf:3c:39:b0:13:4b:9c:d6:65:dc:77:91:c7:
05:f3:70:cb:6b:e0:c7:cb:59:0b:08:54:93:ec:2e:
84:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:B2:DF:6A:1F:DF:3C:8E:2C:5C:3E:B3:BA:A7:CC:69:B3:17:37:6A
X509v3 Authority Key Identifier:
keyid:CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/mrLfah_fPI4sXD6zuqfMabMXN2o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.199.9.0-94.199.15.255
159.20.136.0/21
159.20.152.0-159.20.207.255
159.20.224.0/21
159.20.240.0/20
185.38.138.0/23
188.135.136.0-188.135.161.255
188.135.166.0/23
188.135.175.0-188.135.183.255
188.135.192.0/19
188.135.228.0/22
188.135.236.0-188.135.247.255
Signature Algorithm: sha256WithRSAEncryption
8e:47:de:7f:c6:2e:7e:dc:5d:12:4b:91:ee:7f:dc:53:96:a9:
a2:41:5c:bd:23:bc:67:84:32:52:ba:29:2b:a1:38:00:c9:e8:
cf:21:4a:b2:c2:92:eb:e0:f7:df:c1:4f:36:02:1d:3a:bf:d2:
e0:3b:4e:01:d0:4f:4a:d2:fe:3c:1b:f0:11:15:a2:e4:cd:0d:
1c:cf:e3:46:a4:22:9c:23:92:64:b7:f5:8b:b2:14:8e:37:fd:
f0:a2:0e:8a:9c:e2:6f:9a:72:f4:80:54:b2:4e:46:4b:29:58:
8e:b9:57:26:3f:28:5c:c2:16:34:89:09:38:d7:56:be:36:39:
e1:a5:55:34:d5:72:13:e1:93:0c:20:31:3b:a4:20:b8:20:3c:
1a:da:ee:1a:ce:74:4d:81:46:9e:39:e1:60:40:07:07:f0:32:
0a:fb:b3:7a:a3:42:75:20:37:a6:f7:d1:85:f4:00:54:a5:5e:
b5:17:87:70:2f:26:3a:c1:a8:ec:81:9e:58:07:a6:06:35:32:
79:0a:a7:2d:66:70:44:33:1f:b3:f3:35:b6:59:6c:2a:92:bb:
f3:28:0b:ee:81:35:ad:de:35:a5:e7:26:ca:7c:1f:c5:64:f7:
f8:9f:9e:94:d9:2e:9c:41:3c:cf:13:18:46:a5:aa:00:98:c5:
ef:65:4a:3f
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgISAYbFcwANDNfES8mBm1+/mOQnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYjg2OTgzNTQ3MTEzMzU5YmFkZTFmM2YzODEwNDA5MWUz
YTY0MzkwHhcNMjMwMzA5MDgxODEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YWIyZGY2YTFmZGYzYzhlMmM1YzNlYjNiYWE3Y2M2OWIzMTczNzZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApbGdPyLlSPjZNVTCEgWhjyz2Kdhb
dq2jofhU2K9nYkr58oOrp/nfEbEBmmHQJQZCyJyxCmG5UG+qdVEfSdfPUGMQ8LlT
vJkXkbaCQsWHKf2FmYpmcSCnm0+cXBP7rRT8geIClRePMiaIO+olPoxo2lC0ex05
+miuvRLD/qspbAwRzIQRdTBKU/vQobQqQthCeCbKcEP99YrKiZR7osE5LfON/joh
c/5o9iodjEPKwTDy/jgjiEAvdoXA3HMgyd4CSP0w65ks2ydc0gmCP+Vu9LVjsUI1
3iyg/CPdBxQKoSh23M88ObATS5zWZdx3kccF83DLa+DHy1kLCFST7C6E6wIDAQAB
o4ICdDCCAnAwHQYDVR0OBBYEFJqy32of3zyOLFw+s7qnzGmzFzdqMB8GA1UdIwQY
MBaAFM64aYNUcRM1m63h8/OBBAkeOmQ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2Qt
ZGVlMmY2NTBkZDg2LzEvbXJMZmFoX2ZQSTRzWEQ2enVxZk1hYk1YTjJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2QtZGVlMmY2NTBkZDg2
LzEvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGJBggrBgEFBQcBBwEB/wR6MHgwdgQCAAEwcDAMAwQAXscJ
AwQEXscAAwQDnxSIMAwDBAOfFJgDBASfFMADBAOfFOADBASfFPADBAG5JoowDAME
A7yHiAMEAbyHoAMEAbyHpjAMAwQAvIevAwQDvIewAwQFvIfAAwQCvIfkMAwDBAK8
h+wDBAO8h/AwDQYJKoZIhvcNAQELBQADggEBAI5H3n/GLn7cXRJLke5/3FOWqaJB
XL0jvGeEMlK6KSuhOADJ6M8hSrLCkuvg99/BTzYCHTq/0uA7TgHQT0rS/jwb8BEV
ouTNDRzP40akIpwjkmS39YuyFI43/fCiDoqc4m+acvSAVLJORkspWI65VyY/KFzC
FjSJCTjXVr42OeGlVTTVchPhkwwgMTukILggPBra7hrOdE2BRp454WBABwfwMgr7
s3qjQnUgN6b30YX0AFSlXrUXh3AvJjrBqOyBnlgHpgY1MnkKpy1mcEQzH7PzNbZZ
bCqSu/MoC+6BNa3eNaXnJsp8H8Vk9/ifnpTZLpxBPM8TGEalqgCYxe9lSj8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:29:45 2024 by rpki-client on console-fra.rpki-client.org