Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/f1Oj4n_dbUHhXsNqGd-fdSEipeQ.roa
File: f1Oj4n_dbUHhXsNqGd-fdSEipeQ.roa (raw, json)
Hash identifier: 0YgmDcShFm6aqq1VyzGWWcTTutu5I74J1s11jlk1IhM=
Subject key identifier: 7F:53:A3:E2:7F:DD:6D:41:E1:5E:C3:6A:19:DF:9F:75:21:22:A5:E4
Certificate issuer: /CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
Certificate serial: 018612763BFB65AAAB822897AD89AE993DF8
Authority key identifier: 6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/f1Oj4n_dbUHhXsNqGd-fdSEipeQ.roa
Signing time: Thu 02 Feb 2023 14:09:43 +0000
ROA not before: Thu 02 Feb 2023 14:09:43 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203061
IP address blocks: 78.142.252.0/22 maxlen: 32
5.252.120.0/22 maxlen: 32
5.181.88.0/22 maxlen: 32
95.214.188.0/22 maxlen: 32
92.119.152.0/22 maxlen: 32
85.208.40.0/22 maxlen: 32
171.22.228.0/22 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:12:76:3b:fb:65:aa:ab:82:28:97:ad:89:ae:99:3d:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6c03a2caf298019fbd668621516c8c6e1d10e83c
Validity
Not Before: Feb 2 14:09:43 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7f53a3e27fdd6d41e15ec36a19df9f752122a5e4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:49:df:bb:28:5a:38:d7:7a:df:9b:89:46:ca:
32:50:ca:cf:40:b3:f2:c2:3f:ea:ea:cb:2d:ac:69:
14:c4:e4:ae:ff:66:c5:9b:b4:2e:22:e5:90:fd:3b:
52:fd:1b:3d:80:2e:be:d6:85:22:32:30:b4:ff:56:
6e:fb:ca:a8:40:a5:e1:dc:15:aa:6f:01:27:25:a1:
94:49:ed:58:d4:f5:04:df:27:0c:28:64:72:e4:dd:
2d:dc:ff:8a:c6:e6:da:21:b8:e0:af:a8:14:57:83:
d4:ac:0a:69:0c:36:2f:b1:ed:37:20:a7:2b:7e:d1:
e5:8f:95:e0:0e:81:71:3a:49:3a:ad:b8:86:d3:69:
1a:8c:b4:6e:21:bf:c5:5b:6a:4a:c5:87:3c:4d:50:
5d:e0:ef:7b:1a:28:da:6d:02:c3:02:f2:a1:38:d4:
5b:5d:07:21:2f:18:b4:38:37:88:36:3c:8c:9e:9e:
da:ee:8e:4d:a3:66:8a:bc:af:bc:41:ad:94:a6:c6:
4c:5b:f2:fd:59:6d:eb:1a:98:47:84:49:e1:7f:a3:
8b:5f:6a:6d:90:5d:c2:32:03:a5:1d:50:a1:79:6c:
b7:d5:d5:ce:ab:f8:cb:8e:ce:f3:49:42:4c:11:70:
5a:f4:7a:53:45:41:0e:d6:2c:4e:c1:99:e2:a6:3e:
a5:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7F:53:A3:E2:7F:DD:6D:41:E1:5E:C3:6A:19:DF:9F:75:21:22:A5:E4
X509v3 Authority Key Identifier:
keyid:6C:03:A2:CA:F2:98:01:9F:BD:66:86:21:51:6C:8C:6E:1D:10:E8:3C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/f1Oj4n_dbUHhXsNqGd-fdSEipeQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/97/16b8e4-1253-4d9e-bd49-fc37fb0cd43b/1/bAOiyvKYAZ-9ZoYhUWyMbh0Q6Dw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.181.88.0/22
5.252.120.0/22
78.142.252.0/22
85.208.40.0/22
92.119.152.0/22
95.214.188.0/22
171.22.228.0/22
Signature Algorithm: sha256WithRSAEncryption
a8:96:ca:6a:fe:f2:2c:0c:31:44:69:33:41:aa:f2:30:e2:f2:
32:19:c5:94:7f:8f:4b:74:d1:5a:7b:e9:0e:9e:9c:2b:6d:40:
71:f8:8d:1e:73:8a:5f:6c:89:96:3c:6f:78:b9:23:13:88:5c:
6d:34:2c:2c:ef:3f:f9:52:b2:85:47:42:e9:92:de:c8:f2:73:
f6:eb:a3:a3:59:a3:16:67:5a:9a:e4:80:31:fa:9f:38:33:66:
4f:f0:b1:67:cb:8e:50:e2:86:60:cd:ff:4b:25:ea:2a:56:ad:
9d:db:76:cc:76:73:76:57:fb:56:bf:29:3d:20:35:e4:22:8d:
ed:20:3e:6e:d5:e3:f8:d6:1f:5c:d6:31:cb:cd:bd:4f:ca:1b:
91:0e:07:55:fd:23:87:bf:77:c2:ea:68:51:af:a8:a1:c4:16:
26:09:d1:e0:5f:1c:63:83:65:10:23:dc:1e:15:77:fd:68:16:
dc:40:78:fa:7e:b9:01:60:22:86:ed:ea:72:7f:d3:24:53:27:
b6:d5:e4:34:7e:81:5a:36:02:32:34:15:4a:d5:fc:f4:80:cc:
a9:10:13:ea:31:d5:7d:ec:0d:a7:91:37:ca:87:9b:db:7e:ae:
ac:0b:6a:a5:a8:3a:12:62:20:d7:5d:2f:ee:11:6f:ba:29:fb:
2d:e2:57:9e
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYYSdjv7ZaqrgiiXrYmumT34MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZjMDNhMmNhZjI5ODAxOWZiZDY2ODYyMTUxNmM4YzZlMWQx
MGU4M2MwHhcNMjMwMjAyMTQwOTQzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZjUzYTNlMjdmZGQ2ZDQxZTE1ZWMzNmExOWRmOWY3NTIxMjJhNWU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmEnfuyhaONd635uJRsoyUMrPQLPy
wj/q6sstrGkUxOSu/2bFm7QuIuWQ/TtS/Rs9gC6+1oUiMjC0/1Zu+8qoQKXh3BWq
bwEnJaGUSe1Y1PUE3ycMKGRy5N0t3P+KxubaIbjgr6gUV4PUrAppDDYvse03IKcr
ftHlj5XgDoFxOkk6rbiG02kajLRuIb/FW2pKxYc8TVBd4O97GijabQLDAvKhONRb
XQchLxi0ODeINjyMnp7a7o5No2aKvK+8Qa2UpsZMW/L9WW3rGphHhEnhf6OLX2pt
kF3CMgOlHVCheWy31dXOq/jLjs7zSUJMEXBa9HpTRUEO1ixOwZnipj6lkQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFH9To+J/3W1B4V7Dahnfn3UhIqXkMB8GA1UdIwQY
MBaAFGwDosrymAGfvWaGIVFsjG4dEOg8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDkt
ZmMzN2ZiMGNkNDNiLzEvZjFPajRuX2RiVUhoWHNOcUdkLWZkU0VpcGVRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny8xNmI4ZTQtMTI1My00ZDllLWJkNDktZmMzN2ZiMGNkNDNi
LzEvYkFPaXl2S1lBWi05Wm9ZaFVXeU1iaDBRNkR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCBbVYAwQC
Bfx4AwQCTo78AwQCVdAoAwQCXHeYAwQCX9a8AwQCqxbkMA0GCSqGSIb3DQEBCwUA
A4IBAQColspq/vIsDDFEaTNBqvIw4vIyGcWUf49LdNFae+kOnpwrbUBx+I0ec4pf
bImWPG94uSMTiFxtNCws7z/5UrKFR0Lpkt7I8nP266OjWaMWZ1qa5IAx+p84M2ZP
8LFny45Q4oZgzf9LJeoqVq2d23bMdnN2V/tWvyk9IDXkIo3tID5u1eP41h9c1jHL
zb1PyhuRDgdV/SOHv3fC6mhRr6ihxBYmCdHgXxxjg2UQI9weFXf9aBbcQHj6frkB
YCKG7epyf9MkUye21eQ0foFaNgIyNBVK1fz0gMypEBPqMdV97A2nkTfKh5vbfq6s
C2qlqDoSYiDXXS/uEW+6Kfst4lee
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:39:58 2024 by rpki-client on console-fra.rpki-client.org