Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/76/1be999-5a59-4c10-92ff-da1b58618841/1/oLZXffIHOpi8CY9N_4Q0l1w7gi0.roa
File: oLZXffIHOpi8CY9N_4Q0l1w7gi0.roa (raw, json)
Hash identifier: ikEXW90f0VnmL/QTdnWla01KT+sN15LypZgWms/P2uk=
Subject key identifier: A0:B6:57:7D:F2:07:3A:98:BC:09:8F:4D:FF:84:34:97:5C:3B:82:2D
Certificate issuer: /CN=eefbe8369a7bbc03a86fbe639b7efaa02b717287
Certificate serial: 018CC5DC0C58E1F49682CD68F1ABCA9E77E5
Authority key identifier: EE:FB:E8:36:9A:7B:BC:03:A8:6F:BE:63:9B:7E:FA:A0:2B:71:72:87
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7vvoNpp7vAOob75jm376oCtxcoc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/76/1be999-5a59-4c10-92ff-da1b58618841/1/oLZXffIHOpi8CY9N_4Q0l1w7gi0.roa
Signing time: Mon 01 Jan 2024 16:29:41 +0000
ROA not before: Mon 01 Jan 2024 16:29:41 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207616
IP address blocks: 185.190.26.0/24 maxlen: 24
91.193.56.0/23 maxlen: 24
194.48.200.0/24 maxlen: 24
2a0f:6280::/30 maxlen: 48
2a0f:6284::/30 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:dc:0c:58:e1:f4:96:82:cd:68:f1:ab:ca:9e:77:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eefbe8369a7bbc03a86fbe639b7efaa02b717287
Validity
Not Before: Jan 1 16:29:41 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a0b6577df2073a98bc098f4dff8434975c3b822d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:e4:a4:9c:1e:a5:2b:55:ea:90:32:f4:d6:b0:
ed:34:98:8c:b5:b9:70:6b:1d:45:a4:f8:d2:81:c4:
8e:04:9c:22:e4:ba:79:9a:81:54:ff:b2:f7:31:b7:
2f:e9:42:6a:ae:9b:2f:8c:18:27:99:2b:15:88:ef:
14:bd:ae:8c:5f:75:4f:95:b3:00:2f:76:b6:12:52:
ea:c3:d9:91:42:7e:17:f9:bf:43:2f:dc:97:e1:66:
1d:d9:83:78:83:d7:d3:a7:ec:ec:3b:aa:66:98:1e:
c3:59:79:24:7c:6c:b5:4b:4a:95:17:8d:9e:69:01:
d5:c8:ab:9b:43:07:81:91:67:f5:0f:1a:25:d0:42:
b1:02:0d:9b:ee:45:ba:d0:e6:7b:ed:c1:e9:2c:49:
9f:77:e5:f0:4c:2e:3e:e3:4b:93:be:c5:de:0e:d0:
c4:97:c6:23:9e:43:fe:d7:51:f2:4f:d3:56:2e:48:
7d:f3:d4:19:a3:c5:e2:a1:9f:ad:06:e6:b9:d3:5b:
88:dc:76:b9:96:e4:ce:d8:d0:0e:f4:d8:cc:5b:57:
f9:6b:2a:23:ac:7f:97:2c:21:40:f2:f4:c1:d0:af:
bb:32:0f:ae:48:64:3f:80:97:d9:71:2d:5b:15:0f:
f9:d1:1b:cb:26:4e:8f:a0:68:06:6a:b3:b6:ad:9d:
19:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:B6:57:7D:F2:07:3A:98:BC:09:8F:4D:FF:84:34:97:5C:3B:82:2D
X509v3 Authority Key Identifier:
keyid:EE:FB:E8:36:9A:7B:BC:03:A8:6F:BE:63:9B:7E:FA:A0:2B:71:72:87
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7vvoNpp7vAOob75jm376oCtxcoc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1be999-5a59-4c10-92ff-da1b58618841/1/oLZXffIHOpi8CY9N_4Q0l1w7gi0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/76/1be999-5a59-4c10-92ff-da1b58618841/1/7vvoNpp7vAOob75jm376oCtxcoc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.193.56.0/23
185.190.26.0/24
194.48.200.0/24
IPv6:
2a0f:6280::/29
Signature Algorithm: sha256WithRSAEncryption
a3:c1:8a:8e:9b:c9:79:4c:50:d3:6a:37:69:ac:27:ac:60:f2:
ad:a4:9a:62:03:d2:00:6b:38:7f:b2:94:4b:87:46:e2:f7:82:
2e:7b:17:8a:98:22:fa:60:f2:bd:8c:6f:8f:a4:0b:67:d5:d5:
da:f7:2c:3c:e1:61:26:54:4a:bd:7e:fa:dd:ec:fc:8c:79:e6:
79:4f:13:b4:bb:73:72:f5:f8:f1:e1:b1:74:62:2b:5a:03:6f:
45:60:2c:da:26:67:03:0f:8f:e1:e9:0d:fa:e5:ed:1a:ff:ea:
2f:a9:0c:cf:09:9d:ca:78:68:83:8e:81:16:2f:ea:06:00:1f:
d8:0f:be:ff:d2:b1:dc:80:4c:e0:1e:67:98:53:f0:12:25:f4:
9c:6c:40:c8:b1:c7:e3:67:a0:85:67:e0:95:c8:84:49:db:ac:
0f:3f:e2:44:03:32:fe:11:cb:37:44:c0:9e:84:83:44:79:38:
6a:05:8e:3f:39:a6:ca:25:e0:a2:16:e1:cd:9f:54:f6:dc:ff:
75:11:1f:e4:f3:61:b3:97:e8:29:0b:09:40:2a:c9:a1:9b:37:
a9:6a:b7:e2:3b:b6:6d:3e:18:66:17:95:2c:94:e1:74:25:d2:
e8:7b:3c:3b:1c:e7:30:35:1b:20:26:bc:f8:15:db:9a:b1:6e:
60:ef:31:34
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYzF3AxY4fSWgs1o8avKnnflMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVlZmJlODM2OWE3YmJjMDNhODZmYmU2MzliN2VmYWEwMmI3
MTcyODcwHhcNMjQwMTAxMTYyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMGI2NTc3ZGYyMDczYTk4YmMwOThmNGRmZjg0MzQ5NzVjM2I4MjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAheSknB6lK1XqkDL01rDtNJiMtblw
ax1FpPjSgcSOBJwi5Lp5moFU/7L3Mbcv6UJqrpsvjBgnmSsViO8Uva6MX3VPlbMA
L3a2ElLqw9mRQn4X+b9DL9yX4WYd2YN4g9fTp+zsO6pmmB7DWXkkfGy1S0qVF42e
aQHVyKubQweBkWf1Dxol0EKxAg2b7kW60OZ77cHpLEmfd+XwTC4+40uTvsXeDtDE
l8YjnkP+11HyT9NWLkh989QZo8XioZ+tBua501uI3Ha5luTO2NAO9NjMW1f5ayoj
rH+XLCFA8vTB0K+7Mg+uSGQ/gJfZcS1bFQ/50RvLJk6PoGgGarO2rZ0ZRQIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFKC2V33yBzqYvAmPTf+ENJdcO4ItMB8GA1UdIwQY
MBaAFO776Daae7wDqG++Y5t++qArcXKHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN3Z2b05wcDd2QU9vYjc1am0zNzZvQ3R4Y29jLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Ni8xYmU5OTktNWE1OS00YzEwLTkyZmYt
ZGExYjU4NjE4ODQxLzEvb0xaWGZmSUhPcGk4Q1k5Tl80UTBsMXc3Z2kwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Ni8xYmU5OTktNWE1OS00YzEwLTkyZmYtZGExYjU4NjE4ODQx
LzEvN3Z2b05wcDd2QU9vYjc1am0zNzZvQ3R4Y29jLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQBW8E4AwQA
ub4aAwQAwjDIMA0EAgACMAcDBQMqD2KAMA0GCSqGSIb3DQEBCwUAA4IBAQCjwYqO
m8l5TFDTajdprCesYPKtpJpiA9IAazh/spRLh0bi94IuexeKmCL6YPK9jG+PpAtn
1dXa9yw84WEmVEq9fvrd7PyMeeZ5TxO0u3Ny9fjx4bF0YitaA29FYCzaJmcDD4/h
6Q365e0a/+ovqQzPCZ3KeGiDjoEWL+oGAB/YD77/0rHcgEzgHmeYU/ASJfScbEDI
scfjZ6CFZ+CVyIRJ26wPP+JEAzL+Ecs3RMCehINEeThqBY4/OabKJeCiFuHNn1T2
3P91ER/k82Gzl+gpCwlAKsmhmzeparfiO7ZtPhhmF5UslOF0JdLoezw7HOcwNRsg
Jrz4FduasW5g7zE0
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:23 2024 by rpki-client on console-ams.rpki-client.org