Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/8897fd-1862-4393-aa4b-447617a4a744/1/2sMDV9gr7n5HVzQWpnbYvsJazz0.roa
File: 2sMDV9gr7n5HVzQWpnbYvsJazz0.roa (raw, json)
Hash identifier: olKNR9wHqOgTGT0nUGNYW6BXi/qmnCxloLdxs+G8q1A=
Subject key identifier: DA:C3:03:57:D8:2B:EE:7E:47:57:34:16:A6:76:D8:BE:C2:5A:CF:3D
Certificate issuer: /CN=7d7b4bcabeb29605ea511de973e4675c4b8a29df
Certificate serial: 018854D2DA8830070196C3B42617043AF824
Authority key identifier: 7D:7B:4B:CA:BE:B2:96:05:EA:51:1D:E9:73:E4:67:5C:4B:8A:29:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fXtLyr6ylgXqUR3pc-RnXEuKKd8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/8897fd-1862-4393-aa4b-447617a4a744/1/2sMDV9gr7n5HVzQWpnbYvsJazz0.roa
Signing time: Thu 25 May 2023 21:31:24 +0000
ROA not before: Thu 25 May 2023 21:31:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 198482
IP address blocks: 151.237.0.0/24 maxlen: 24
151.237.0.0/20 maxlen: 20
151.237.1.0/24 maxlen: 24
151.237.2.0/24 maxlen: 24
151.237.3.0/24 maxlen: 24
151.237.4.0/24 maxlen: 24
151.237.8.0/24 maxlen: 24
151.237.9.0/24 maxlen: 24
151.237.10.0/24 maxlen: 24
151.237.11.0/24 maxlen: 24
151.237.5.0/24 maxlen: 24
151.237.6.0/24 maxlen: 24
85.187.208.0/24 maxlen: 24
85.187.209.0/24 maxlen: 24
85.187.210.0/24 maxlen: 24
85.187.211.0/24 maxlen: 24
85.187.212.0/24 maxlen: 24
85.187.213.0/24 maxlen: 24
85.187.214.0/24 maxlen: 24
85.187.215.0/24 maxlen: 24
85.187.221.0/24 maxlen: 24
85.187.220.0/24 maxlen: 24
151.237.94.0/23 maxlen: 23
151.237.12.0/24 maxlen: 24
151.237.13.0/24 maxlen: 24
151.237.14.0/24 maxlen: 24
151.237.15.0/24 maxlen: 24
195.234.98.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:54:d2:da:88:30:07:01:96:c3:b4:26:17:04:3a:f8:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d7b4bcabeb29605ea511de973e4675c4b8a29df
Validity
Not Before: May 25 21:31:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dac30357d82bee7e47573416a676d8bec25acf3d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:be:35:86:8d:0f:22:54:97:91:91:de:ea:65:
f4:8e:ac:67:f0:68:aa:36:6a:3d:27:39:84:69:e9:
4a:16:c7:78:72:28:78:de:f4:40:2c:61:f1:40:a3:
96:fd:a3:70:cc:e8:d4:18:bd:1d:38:84:c7:5e:3d:
45:02:cb:a4:5e:d0:ff:35:a9:f8:3f:27:6a:96:7d:
3a:d5:3f:0a:b4:38:f8:27:33:3c:ae:34:a0:63:31:
03:b7:70:66:3f:5c:86:b6:1f:ac:4d:28:ae:55:c4:
d8:9a:4a:68:87:0b:8a:86:2d:c9:cb:97:c5:6d:6b:
18:6a:64:4b:13:61:61:71:b4:8e:dc:30:b1:6c:44:
5a:d3:c2:05:6b:2e:08:2a:4d:27:40:ce:11:66:17:
ac:c0:9a:e6:88:4d:23:6e:b1:4d:a8:24:c4:58:33:
7d:1b:66:b1:4a:7f:7e:88:90:c7:f3:d0:29:0b:4b:
9b:1a:90:aa:49:46:66:35:54:8a:de:aa:eb:d9:1c:
3b:97:c9:cf:09:51:d0:23:a1:8d:42:d8:4f:85:05:
0d:cf:02:b2:97:4d:de:22:cd:ce:6b:e1:61:48:24:
a2:46:30:24:04:1f:0a:5e:50:84:a1:46:02:fd:0a:
a7:0d:83:7e:33:21:4a:ed:e9:70:e9:a5:c7:7a:11:
e8:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:C3:03:57:D8:2B:EE:7E:47:57:34:16:A6:76:D8:BE:C2:5A:CF:3D
X509v3 Authority Key Identifier:
keyid:7D:7B:4B:CA:BE:B2:96:05:EA:51:1D:E9:73:E4:67:5C:4B:8A:29:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fXtLyr6ylgXqUR3pc-RnXEuKKd8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/8897fd-1862-4393-aa4b-447617a4a744/1/2sMDV9gr7n5HVzQWpnbYvsJazz0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/8897fd-1862-4393-aa4b-447617a4a744/1/fXtLyr6ylgXqUR3pc-RnXEuKKd8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.187.208.0/21
85.187.220.0/23
151.237.0.0/20
151.237.94.0/23
195.234.98.0/24
Signature Algorithm: sha256WithRSAEncryption
4b:b5:61:5a:c9:6b:50:04:45:d2:f4:8a:c4:a8:a1:ee:28:a6:
f7:cb:9a:10:76:5c:0d:0e:b9:05:d8:48:02:fe:66:85:ff:5e:
e8:b0:d0:96:62:4e:41:fc:7d:23:b7:71:c4:ff:0a:04:93:f7:
ee:2f:68:43:3a:35:7b:b8:54:fd:ec:dc:ca:b1:87:c2:9f:88:
ff:29:99:21:95:93:38:9d:ec:0c:13:74:33:5f:88:40:4d:76:
05:16:05:b4:b4:6f:c0:42:72:60:1a:e5:6c:95:eb:cf:23:8e:
60:83:50:ca:0f:bf:6c:ef:83:27:cd:83:09:d1:7d:38:be:9d:
55:0f:ba:7b:04:50:bd:d0:19:d2:3d:eb:cd:7a:2d:64:cb:e8:
f8:88:17:1c:f2:8a:c4:55:ae:10:48:7c:ac:9f:7f:91:1a:b6:
08:b2:34:3e:f6:dd:e3:da:1e:20:3c:ae:e5:a8:fd:b1:50:33:
4f:88:18:4f:a0:ee:3b:d5:22:f9:6a:29:ee:f8:ab:e3:80:b2:
7f:ae:cc:84:17:5b:e5:19:d2:73:59:ce:de:58:91:9b:a4:b4:
04:bb:de:22:f6:12:c1:2c:4e:2f:51:ed:29:9f:37:3d:46:e1:
b1:b4:87:28:ce:ff:f3:54:8c:32:9f:1c:fd:7c:82:da:0d:92:
9c:f1:4a:26
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYhU0tqIMAcBlsO0JhcEOvgkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkN2I0YmNhYmViMjk2MDVlYTUxMWRlOTczZTQ2NzVjNGI4
YTI5ZGYwHhcNMjMwNTI1MjEzMTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWMzMDM1N2Q4MmJlZTdlNDc1NzM0MTZhNjc2ZDhiZWMyNWFjZjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvb41ho0PIlSXkZHe6mX0jqxn8Giq
Nmo9JzmEaelKFsd4cih43vRALGHxQKOW/aNwzOjUGL0dOITHXj1FAsukXtD/Nan4
Pydqln061T8KtDj4JzM8rjSgYzEDt3BmP1yGth+sTSiuVcTYmkpohwuKhi3Jy5fF
bWsYamRLE2FhcbSO3DCxbERa08IFay4IKk0nQM4RZheswJrmiE0jbrFNqCTEWDN9
G2axSn9+iJDH89ApC0ubGpCqSUZmNVSK3qrr2Rw7l8nPCVHQI6GNQthPhQUNzwKy
l03eIs3Oa+FhSCSiRjAkBB8KXlCEoUYC/QqnDYN+MyFK7elw6aXHehHoPwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNrDA1fYK+5+R1c0FqZ22L7CWs89MB8GA1UdIwQY
MBaAFH17S8q+spYF6lEd6XPkZ1xLiinfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlh0THlyNnlsZ1hxVVIzcGMtUm5YRXVLS2Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny84ODk3ZmQtMTg2Mi00MzkzLWFhNGIt
NDQ3NjE3YTRhNzQ0LzEvMnNNRFY5Z3I3bjVIVnpRV3BuYll2c0phenowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny84ODk3ZmQtMTg2Mi00MzkzLWFhNGItNDQ3NjE3YTRhNzQ0
LzEvZlh0THlyNnlsZ1hxVVIzcGMtUm5YRXVLS2Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDVbvQAwQB
VbvcAwQEl+0AAwQBl+1eAwQAw+piMA0GCSqGSIb3DQEBCwUAA4IBAQBLtWFayWtQ
BEXS9IrEqKHuKKb3y5oQdlwNDrkF2EgC/maF/17osNCWYk5B/H0jt3HE/woEk/fu
L2hDOjV7uFT97NzKsYfCn4j/KZkhlZM4newME3QzX4hATXYFFgW0tG/AQnJgGuVs
levPI45gg1DKD79s74MnzYMJ0X04vp1VD7p7BFC90BnSPevNei1ky+j4iBcc8orE
Va4QSHysn3+RGrYIsjQ+9t3j2h4gPK7lqP2xUDNPiBhPoO471SL5ainu+KvjgLJ/
rsyEF1vlGdJzWc7eWJGbpLQEu94i9hLBLE4vUe0pnzc9RuGxtIcozv/zVIwynxz9
fILaDZKc8Uom
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:10:42 2024 by rpki-client on console-ams.rpki-client.org