Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/8897fd-1862-4393-aa4b-447617a4a744/1/XXqbIx8syMyApsdd0wXTgngJl3c.roa
File: XXqbIx8syMyApsdd0wXTgngJl3c.roa (raw, json)
Hash identifier: cGg/N2Sc8ztTnd5fjvCC1TsPOBT6QVxuI4mdSvSxE54=
Subject key identifier: 5D:7A:9B:23:1F:2C:C8:CC:80:A6:C7:5D:D3:05:D3:82:78:09:97:77
Certificate issuer: /CN=7d7b4bcabeb29605ea511de973e4675c4b8a29df
Certificate serial: 018B65FBA06381EC0D43EEBCA06BFA8C98E0
Authority key identifier: 7D:7B:4B:CA:BE:B2:96:05:EA:51:1D:E9:73:E4:67:5C:4B:8A:29:DF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/fXtLyr6ylgXqUR3pc-RnXEuKKd8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/8897fd-1862-4393-aa4b-447617a4a744/1/XXqbIx8syMyApsdd0wXTgngJl3c.roa
Signing time: Wed 25 Oct 2023 08:37:51 +0000
ROA not before: Wed 25 Oct 2023 08:37:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 198482
IP address blocks: 151.237.0.0/24 maxlen: 24
151.237.1.0/24 maxlen: 24
151.237.2.0/24 maxlen: 24
151.237.3.0/24 maxlen: 24
151.237.4.0/24 maxlen: 24
151.237.10.0/24 maxlen: 24
151.237.11.0/24 maxlen: 24
151.237.5.0/24 maxlen: 24
151.237.6.0/24 maxlen: 24
85.187.208.0/24 maxlen: 24
85.187.209.0/24 maxlen: 24
85.187.210.0/24 maxlen: 24
85.187.211.0/24 maxlen: 24
85.187.212.0/24 maxlen: 24
85.187.221.0/24 maxlen: 24
85.187.220.0/24 maxlen: 24
151.237.94.0/23 maxlen: 23
151.237.94.0/24 maxlen: 24
151.237.95.0/24 maxlen: 24
151.237.12.0/24 maxlen: 24
151.237.13.0/24 maxlen: 24
151.237.14.0/24 maxlen: 24
151.237.15.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:65:fb:a0:63:81:ec:0d:43:ee:bc:a0:6b:fa:8c:98:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7d7b4bcabeb29605ea511de973e4675c4b8a29df
Validity
Not Before: Oct 25 08:37:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5d7a9b231f2cc8cc80a6c75dd305d38278099777
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:7a:b0:26:7c:a6:55:a2:d5:6a:d2:86:38:6b:
d4:08:f0:be:60:5f:c2:35:63:99:47:5c:f2:56:18:
ff:42:05:1d:82:77:92:34:f1:73:aa:02:bf:dd:5c:
5a:cc:f8:a8:41:01:f0:57:89:a1:40:f2:21:33:6e:
a9:ba:d1:58:a6:0c:21:a2:57:1f:e8:e1:a0:7e:f7:
53:2a:d2:ed:67:ec:51:dd:51:c8:26:c3:aa:9b:b5:
d6:ed:28:41:fe:bc:3c:d7:d2:6d:42:b1:c3:41:98:
e6:f3:df:42:b9:c1:e5:a3:04:91:9c:23:c2:34:92:
6c:60:04:f0:66:89:f1:7d:36:d9:5c:8e:2c:df:42:
db:fd:f3:b3:d2:6d:bf:27:77:67:7e:98:13:6a:f2:
e8:82:97:90:5c:67:91:75:06:c2:82:e6:bd:7a:74:
be:ad:23:90:81:23:5b:fa:c6:04:96:4a:4b:fd:a0:
90:7d:1e:f4:86:ea:e0:a8:f5:f0:1f:e0:26:a1:dd:
1e:ff:7d:b2:2f:7f:51:b6:bc:df:ae:68:d5:68:a4:
db:93:62:6b:5a:c0:9d:4f:21:a2:d3:89:7f:40:dd:
a6:13:52:d8:97:7e:37:73:b6:db:ef:85:0b:a2:53:
9d:3d:ea:e4:a0:a3:f7:85:4a:22:0b:8e:a1:4b:c6:
7a:9b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:7A:9B:23:1F:2C:C8:CC:80:A6:C7:5D:D3:05:D3:82:78:09:97:77
X509v3 Authority Key Identifier:
keyid:7D:7B:4B:CA:BE:B2:96:05:EA:51:1D:E9:73:E4:67:5C:4B:8A:29:DF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/fXtLyr6ylgXqUR3pc-RnXEuKKd8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/8897fd-1862-4393-aa4b-447617a4a744/1/XXqbIx8syMyApsdd0wXTgngJl3c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/8897fd-1862-4393-aa4b-447617a4a744/1/fXtLyr6ylgXqUR3pc-RnXEuKKd8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.187.208.0-85.187.212.255
85.187.220.0/23
151.237.0.0-151.237.6.255
151.237.10.0-151.237.15.255
151.237.94.0/23
Signature Algorithm: sha256WithRSAEncryption
00:67:b8:a7:c1:ba:a9:1b:28:0e:99:00:e7:d1:d8:61:27:e4:
77:1a:4b:1d:61:3d:55:2e:4e:03:85:5a:91:65:bb:4e:76:c6:
83:62:cf:c9:20:bc:d6:8e:d3:a9:de:00:2f:e5:a3:b3:f7:c4:
c1:55:94:3e:07:c2:8e:a2:d2:8e:62:7c:35:51:20:05:8c:b2:
4b:bf:0e:db:46:cc:96:3e:3b:0a:f6:b9:09:83:3c:e8:dc:59:
ab:04:12:ff:ff:4d:8f:91:d2:32:cd:bb:ad:28:91:2f:38:9d:
73:e6:4a:46:d3:61:ad:d6:38:58:26:f7:cd:d3:c3:a2:2c:8d:
d1:2c:e4:38:5c:af:6b:69:c5:ee:49:fe:9e:1c:1a:8a:94:7a:
c5:9d:94:07:7c:fe:35:ec:26:e9:a9:8b:ad:fc:db:ee:f0:a4:
e5:da:81:90:74:5a:c5:37:8a:d3:cf:67:e5:65:2d:0b:69:b6:
ff:69:8e:40:20:04:ab:82:ae:23:bc:10:b8:51:a4:c6:c2:77:
dd:75:25:d5:6a:ca:25:e6:7f:5c:ae:ed:05:61:8f:a7:eb:14:
7a:55:dd:bc:66:30:7c:37:71:67:cc:27:25:36:9b:a0:98:fa:
5a:97:a4:e8:e7:a5:1e:33:47:e9:54:25:2f:40:68:35:66:c7:
cb:05:88:f9
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgISAYtl+6BjgewNQ+68oGv6jJjgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkN2I0YmNhYmViMjk2MDVlYTUxMWRlOTczZTQ2NzVjNGI4
YTI5ZGYwHhcNMjMxMDI1MDgzNzUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZDdhOWIyMzFmMmNjOGNjODBhNmM3NWRkMzA1ZDM4Mjc4MDk5Nzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhXqwJnymVaLVatKGOGvUCPC+YF/C
NWOZR1zyVhj/QgUdgneSNPFzqgK/3VxazPioQQHwV4mhQPIhM26putFYpgwholcf
6OGgfvdTKtLtZ+xR3VHIJsOqm7XW7ShB/rw819JtQrHDQZjm899CucHlowSRnCPC
NJJsYATwZonxfTbZXI4s30Lb/fOz0m2/J3dnfpgTavLogpeQXGeRdQbCgua9enS+
rSOQgSNb+sYElkpL/aCQfR70hurgqPXwH+Amod0e/32yL39RtrzfrmjVaKTbk2Jr
WsCdTyGi04l/QN2mE1LYl343c7bb74ULolOdPerkoKP3hUoiC46hS8Z6mwIDAQAB
o4ICODCCAjQwHQYDVR0OBBYEFF16myMfLMjMgKbHXdMF04J4CZd3MB8GA1UdIwQY
MBaAFH17S8q+spYF6lEd6XPkZ1xLiinfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZlh0THlyNnlsZ1hxVVIzcGMtUm5YRXVLS2Q4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny84ODk3ZmQtMTg2Mi00MzkzLWFhNGIt
NDQ3NjE3YTRhNzQ0LzEvWFhxYkl4OHN5TXlBcHNkZDB3WFRnbmdKbDNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny84ODk3ZmQtMTg2Mi00MzkzLWFhNGItNDQ3NjE3YTRhNzQ0
LzEvZlh0THlyNnlsZ1hxVVIzcGMtUm5YRXVLS2Q4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME4GCCsGAQUFBwEHAQH/BD8wPTA7BAIAATA1MAwDBARVu9AD
BABVu9QDBAFVu9wwCwMDAJftAwQAl+0GMAwDBAGX7QoDBASX7QADBAGX7V4wDQYJ
KoZIhvcNAQELBQADggEBAABnuKfBuqkbKA6ZAOfR2GEn5HcaSx1hPVUuTgOFWpFl
u052xoNiz8kgvNaO06neAC/lo7P3xMFVlD4Hwo6i0o5ifDVRIAWMsku/DttGzJY+
Owr2uQmDPOjcWasEEv//TY+R0jLNu60okS84nXPmSkbTYa3WOFgm983Tw6IsjdEs
5Dhcr2tpxe5J/p4cGoqUesWdlAd8/jXsJumpi6382+7wpOXagZB0WsU3itPPZ+Vl
LQtptv9pjkAgBKuCriO8ELhRpMbCd911JdVqyiXmf1yu7QVhj6frFHpV3bxmMHw3
cWfMJyU2m6CY+lqXpOjnpR4zR+lUJS9AaDVmx8sFiPk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:10:42 2024 by rpki-client on console-ams.rpki-client.org