Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/xOjGvl1z5QMLlW0F2EJv52nL8TA.roa
File: xOjGvl1z5QMLlW0F2EJv52nL8TA.roa (raw, json)
Hash identifier: DESjwDLoD3SQE41+8iiMGaEb9g8wkLtHkzCJkWbSvkQ=
Subject key identifier: C4:E8:C6:BE:5D:73:E5:03:0B:95:6D:05:D8:42:6F:E7:69:CB:F1:30
Certificate issuer: /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial: 01856CCAE1694FD4A50B6B789DE151B17777
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/xOjGvl1z5QMLlW0F2EJv52nL8TA.roa
Signing time: Sun 01 Jan 2023 10:05:13 +0000
ROA not before: Sun 01 Jan 2023 10:05:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 36351
IP address blocks: 109.199.96.0/19 maxlen: 24
37.60.224.0/19 maxlen: 24
185.225.236.0/22 maxlen: 24
185.56.84.0/22 maxlen: 24
77.104.128.0/18 maxlen: 24
146.66.64.0/18 maxlen: 24
93.187.136.0/21 maxlen: 24
109.73.224.0/20 maxlen: 24
185.62.236.0/22 maxlen: 24
2a04:f280::/40 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:ca:e1:69:4f:d4:a5:0b:6b:78:9d:e1:51:b1:77:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
Validity
Not Before: Jan 1 10:05:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c4e8c6be5d73e5030b956d05d8426fe769cbf130
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:2d:37:16:2f:19:24:0e:23:b7:f6:a3:29:cd:
45:bc:15:39:46:e2:e7:96:b1:3a:c6:57:b8:7e:23:
99:c6:33:df:d1:96:4e:39:62:de:0e:66:c8:95:f9:
b8:6a:0b:20:c5:9f:8c:07:8b:2d:bd:ed:69:ed:72:
e2:6c:e6:34:e1:85:f7:a7:0c:e3:4f:c9:46:6f:5b:
08:ec:08:04:cb:d3:0d:19:b5:41:22:17:87:7b:df:
52:2d:60:ca:67:61:21:df:b1:f4:7b:19:8e:76:73:
0a:26:cf:4c:f9:d0:1f:d8:42:6b:e6:c8:7d:a5:dc:
54:87:d2:ce:f2:ca:c5:79:41:a8:75:a1:d6:9d:ba:
dc:66:51:af:cf:ae:2c:f6:d8:c7:11:3a:b0:2c:60:
f8:7a:a0:2c:6e:38:3b:18:b9:b3:1f:bb:57:ce:ff:
98:c3:2e:fe:27:7a:f9:e1:f3:6e:9e:4e:75:fb:8e:
86:11:e7:67:73:51:5c:f1:a3:ea:a5:a7:04:2f:74:
8d:fa:db:3a:4d:f0:b0:b4:e8:a3:73:ef:34:a1:3d:
50:c1:bd:98:15:ea:cc:65:97:51:ab:af:25:87:c4:
34:3f:f8:1a:b5:24:78:ed:4c:91:14:86:a4:a2:be:
c2:c0:70:1e:6c:dd:8b:73:a0:9f:27:a0:91:62:bc:
a6:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:E8:C6:BE:5D:73:E5:03:0B:95:6D:05:D8:42:6F:E7:69:CB:F1:30
X509v3 Authority Key Identifier:
keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/xOjGvl1z5QMLlW0F2EJv52nL8TA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.60.224.0/19
77.104.128.0/18
93.187.136.0/21
109.73.224.0/20
109.199.96.0/19
146.66.64.0/18
185.56.84.0/22
185.62.236.0/22
185.225.236.0/22
IPv6:
2a04:f280::/40
Signature Algorithm: sha256WithRSAEncryption
71:a9:c0:47:0a:c0:a4:6d:54:a4:72:e0:07:71:5d:9d:6c:fd:
6c:cc:5c:0b:49:be:ec:82:27:29:d9:16:3d:40:17:96:5b:c9:
0c:be:25:65:2c:07:04:f8:1d:8b:54:3d:71:25:37:c9:62:dd:
ca:f9:29:06:a0:80:0f:3b:88:3b:32:94:69:1c:45:04:1f:11:
c7:eb:70:82:40:97:52:af:f4:d3:6d:32:9b:e5:e1:bd:8b:af:
6b:4a:ca:da:b0:9d:0c:e8:30:04:81:dd:b0:1d:35:77:b0:0b:
02:b1:87:b0:48:4e:f6:92:63:a4:ba:5e:68:6b:f1:0a:74:b2:
1f:aa:20:44:e2:5d:35:96:39:c0:f6:b7:01:c7:0c:c2:8e:cf:
6c:bd:6e:ec:44:e3:61:62:7f:b6:02:51:ae:ff:a6:5b:38:14:
ac:fc:c8:4b:2f:e1:e7:6c:5b:ac:53:89:86:e1:98:f0:9c:50:
84:86:08:b9:c5:90:a6:76:12:c2:ad:b5:d1:32:3d:ea:26:93:
3e:78:e5:2d:a4:81:46:c6:14:98:c2:b7:8d:4a:f3:c4:0e:c5:
4b:93:ba:95:88:24:5f:f8:2b:69:c9:76:25:48:e6:59:55:a9:
b4:5d:93:63:fc:cc:bb:dc:3d:ec:45:95:47:f4:d4:42:49:fb:
76:cc:75:75
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgISAYVsyuFpT9SlC2t4neFRsXd3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjMwMTAxMTAwNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGU4YzZiZTVkNzNlNTAzMGI5NTZkMDVkODQyNmZlNzY5Y2JmMTMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhi03Fi8ZJA4jt/ajKc1FvBU5RuLn
lrE6xle4fiOZxjPf0ZZOOWLeDmbIlfm4agsgxZ+MB4stve1p7XLibOY04YX3pwzj
T8lGb1sI7AgEy9MNGbVBIheHe99SLWDKZ2Eh37H0exmOdnMKJs9M+dAf2EJr5sh9
pdxUh9LO8srFeUGodaHWnbrcZlGvz64s9tjHETqwLGD4eqAsbjg7GLmzH7tXzv+Y
wy7+J3r54fNunk51+46GEednc1Fc8aPqpacEL3SN+ts6TfCwtOijc+80oT1Qwb2Y
FerMZZdRq68lh8Q0P/gatSR47UyRFIakor7CwHAebN2Lc6CfJ6CRYrymRwIDAQAB
o4ICSTCCAkUwHQYDVR0OBBYEFMToxr5dc+UDC5VtBdhCb+dpy/EwMB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEveE9qR3ZsMXo1UU1MbFcwRjJFSnY1Mm5MOFRBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF8GCCsGAQUFBwEHAQH/BFAwTjA8BAIAATA2AwQFJTzgAwQG
TWiAAwQDXbuIAwQEbUngAwQFbcdgAwQGkkJAAwQCuThUAwQCuT7sAwQCueHsMA4E
AgACMAgDBgAqBPKAADANBgkqhkiG9w0BAQsFAAOCAQEAcanARwrApG1UpHLgB3Fd
nWz9bMxcC0m+7IInKdkWPUAXllvJDL4lZSwHBPgdi1Q9cSU3yWLdyvkpBqCADzuI
OzKUaRxFBB8Rx+twgkCXUq/0020ym+XhvYuva0rK2rCdDOgwBIHdsB01d7ALArGH
sEhO9pJjpLpeaGvxCnSyH6ogROJdNZY5wPa3AccMwo7PbL1u7ETjYWJ/tgJRrv+m
WzgUrPzISy/h52xbrFOJhuGY8JxQhIYIucWQpnYSwq210TI96iaTPnjlLaSBRsYU
mMK3jUrzxA7FS5O6lYgkX/gracl2JUjmWVWptF2TY/zMu9w97EWVR/TUQkn7dsx1
dQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:16:14 2024 by rpki-client on console-ams.rpki-client.org