Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/9hh0ELNXh6z5Wgg-gHQczqOvF9I.roa
File: 9hh0ELNXh6z5Wgg-gHQczqOvF9I.roa (raw, json)
Hash identifier: mH8oqkTS4R04j4AWvJubOIH08HLrHhMpHmczX/8XvUM=
Subject key identifier: F6:18:74:10:B3:57:87:AC:F9:5A:08:3E:80:74:1C:CE:A3:AF:17:D2
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 0185727A37FFCD02CD2E21EE4EA435F92A30
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/9hh0ELNXh6z5Wgg-gHQczqOvF9I.roa
Signing time: Mon 02 Jan 2023 12:34:50 +0000
ROA not before: Mon 02 Jan 2023 12:34:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 59598
IP address blocks: 185.215.247.0/24 maxlen: 24
91.132.56.0/24 maxlen: 24
185.212.60.0/22 maxlen: 24
31.25.88.0/23 maxlen: 24
185.217.108.0/22 maxlen: 24
212.107.28.0/22 maxlen: 24
185.129.110.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:7a:37:ff:cd:02:cd:2e:21:ee:4e:a4:35:f9:2a:30
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Jan 2 12:34:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f6187410b35787acf95a083e80741ccea3af17d2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:88:ad:0b:0c:79:8e:e7:0a:a3:f8:7e:05:67:
63:72:b4:4e:f7:24:35:4f:7c:61:37:ce:e4:fd:34:
32:0d:32:93:48:c1:c8:44:76:a8:38:d8:7a:9a:63:
f2:f6:f4:68:b8:72:7b:6f:74:02:5d:c0:51:c6:7c:
7b:24:31:6b:90:44:dc:19:e2:19:61:c4:57:53:63:
bb:a1:7a:f8:00:8e:86:86:38:1b:6e:aa:6e:7e:88:
67:cd:65:e1:be:1f:12:9a:94:05:a3:bc:9b:d3:59:
a6:f9:b8:e3:d8:ad:75:4d:28:74:0e:36:da:a3:b3:
9b:34:b0:3b:ed:03:91:23:c5:7f:14:de:31:07:de:
8c:ef:a1:b5:a0:2c:e7:3f:f0:7d:fe:38:87:50:ee:
9d:fb:a7:da:4d:fa:52:d8:de:f2:e7:a7:72:08:11:
e3:c7:16:84:de:db:aa:a5:81:4e:80:9f:3b:cb:cb:
09:d1:bf:14:4f:82:e1:71:61:d8:54:03:77:15:6d:
f6:d0:01:56:d1:b3:4c:1d:d9:3e:92:81:2a:5b:fd:
7c:43:7e:90:a3:44:d1:ac:51:7f:68:4e:45:77:be:
c9:9b:4a:14:e5:77:0c:ae:88:a1:03:00:ba:5a:c5:
df:fd:84:23:94:91:25:14:4c:5e:54:58:f3:ac:7e:
c2:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:18:74:10:B3:57:87:AC:F9:5A:08:3E:80:74:1C:CE:A3:AF:17:D2
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/9hh0ELNXh6z5Wgg-gHQczqOvF9I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.25.88.0/23
91.132.56.0/24
185.129.110.0/24
185.212.60.0/22
185.215.247.0/24
185.217.108.0/22
212.107.28.0/22
Signature Algorithm: sha256WithRSAEncryption
18:8c:2d:9c:5a:eb:4f:3a:f3:32:5d:a8:c3:0a:3e:4c:a8:4f:
ae:28:be:c7:e9:65:d4:b1:09:fb:cf:3b:3e:dc:de:97:0f:ad:
c5:2b:0d:00:6d:99:54:dc:69:48:da:a6:a5:d6:a1:71:ea:2d:
b9:4c:49:e3:9b:0f:fa:bf:f8:29:b2:25:f1:aa:49:bf:a4:ef:
2f:a9:7c:cb:d9:18:16:a7:14:d9:97:2d:7f:1c:1a:2f:39:68:
8e:f2:ba:0d:0b:01:ae:ce:af:7e:40:28:42:6b:5a:a9:02:70:
a0:4d:29:44:be:91:12:6f:b6:a6:f6:0e:da:74:94:9c:c1:47:
c3:b8:14:80:38:a6:65:4d:8e:2e:10:a1:77:21:b3:d5:a0:a1:
4c:8c:ab:f3:b1:c2:92:10:96:71:82:91:03:c7:07:01:1a:97:
0f:3c:93:84:99:39:d3:e6:44:fa:cc:89:c5:24:1a:b6:a9:9c:
45:6c:62:50:86:9f:b5:e4:6e:b7:b1:59:57:94:5d:a7:ee:d3:
2a:da:8d:66:c1:58:f3:4a:b0:b0:81:96:7c:b3:a2:85:1f:12:
9f:f6:d6:3c:28:85:54:96:47:b8:6e:b8:12:32:51:c7:bd:bb:
b6:4f:de:a8:05:95:ec:83:da:24:c8:23:84:65:c8:e5:34:69:
30:58:01:45
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYVyejf/zQLNLiHuTqQ1+SowMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJhYzNkYWExYjE0ODUwZjJlNjFjNTkyYjIxOTE5MTVhNWU2
NWE0NzgwHhcNMjMwMTAyMTIzNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjE4NzQxMGIzNTc4N2FjZjk1YTA4M2U4MDc0MWNjZWEzYWYxN2QyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx4itCwx5jucKo/h+BWdjcrRO9yQ1
T3xhN87k/TQyDTKTSMHIRHaoONh6mmPy9vRouHJ7b3QCXcBRxnx7JDFrkETcGeIZ
YcRXU2O7oXr4AI6GhjgbbqpufohnzWXhvh8SmpQFo7yb01mm+bjj2K11TSh0Djba
o7ObNLA77QORI8V/FN4xB96M76G1oCznP/B9/jiHUO6d+6faTfpS2N7y56dyCBHj
xxaE3tuqpYFOgJ87y8sJ0b8UT4LhcWHYVAN3FW320AFW0bNMHdk+koEqW/18Q36Q
o0TRrFF/aE5Fd77Jm0oU5XcMroihAwC6WsXf/YQjlJElFExeVFjzrH7ClQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFPYYdBCzV4es+VoIPoB0HM6jrxfSMB8GA1UdIwQY
MBaAFCrD2qGxSFDy5hxZKyGRkVpeZaR4MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUt
ZmUwNjU5MTc2YTU2LzEvOWhoMEVMTlhoNno1V2dnLWdIUWN6cU92RjlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MC80MDViYmQtNTkxMy00ZTk1LThlNzUtZmUwNjU5MTc2YTU2
LzEvS3NQYW9iRklVUExtSEZrcklaR1JXbDVscEhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBHxlYAwQA
W4Q4AwQAuYFuAwQCudQ8AwQAudf3AwQCudlsAwQC1GscMA0GCSqGSIb3DQEBCwUA
A4IBAQAYjC2cWutPOvMyXajDCj5MqE+uKL7H6WXUsQn7zzs+3N6XD63FKw0AbZlU
3GlI2qal1qFx6i25TEnjmw/6v/gpsiXxqkm/pO8vqXzL2RgWpxTZly1/HBovOWiO
8roNCwGuzq9+QChCa1qpAnCgTSlEvpESb7am9g7adJScwUfDuBSAOKZlTY4uEKF3
IbPVoKFMjKvzscKSEJZxgpEDxwcBGpcPPJOEmTnT5kT6zInFJBq2qZxFbGJQhp+1
5G63sVlXlF2n7tMq2o1mwVjzSrCwgZZ8s6KFHxKf9tY8KIVUlke4brgSMlHHvbu2
T96oBZXsg9okyCOEZcjlNGkwWAFF
-----END CERTIFICATE-----
Generated at Mon Dec 4 15:44:27 2023 by rpki-client on console-fra.rpki-client.org