Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/Iv7y9tIBPaVN4tLUYt3m4XFPOAk.roa
File: Iv7y9tIBPaVN4tLUYt3m4XFPOAk.roa (raw, json)
Hash identifier: p3JWiQXtsKoEAA1RHSMLsuDstNqd3F35cviqi4tFTGo=
Subject key identifier: 22:FE:F2:F6:D2:01:3D:A5:4D:E2:D2:D4:62:DD:E6:E1:71:4F:38:09
Certificate issuer: /CN=81c8b73ab7bdeb76ff48b2ca099616edbe71c426
Certificate serial: 018A18E12BDBD85A2C84D957DDA02BA20E29
Authority key identifier: 81:C8:B7:3A:B7:BD:EB:76:FF:48:B2:CA:09:96:16:ED:BE:71:C4:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/Iv7y9tIBPaVN4tLUYt3m4XFPOAk.roa
Signing time: Mon 21 Aug 2023 16:15:24 +0000
ROA not before: Mon 21 Aug 2023 16:15:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212238
IP address blocks: 45.81.148.0/24 maxlen: 24
185.229.243.0/24 maxlen: 24
5.181.166.0/24 maxlen: 24
2a0a:da40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:18:e1:2b:db:d8:5a:2c:84:d9:57:dd:a0:2b:a2:0e:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=81c8b73ab7bdeb76ff48b2ca099616edbe71c426
Validity
Not Before: Aug 21 16:15:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=22fef2f6d2013da54de2d2d462dde6e1714f3809
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:32:e8:07:aa:a2:18:ce:be:26:90:2f:11:1e:
df:3b:b6:07:f9:57:d7:74:7d:ab:bb:cf:fa:cc:0f:
64:e2:84:97:d5:c0:d0:d9:ee:cf:46:2f:52:37:d1:
53:58:c4:ef:5a:59:80:ae:84:e4:b2:41:65:b5:9d:
b2:ee:09:93:67:92:e3:fa:3c:b6:b1:eb:d3:9f:42:
ed:87:96:37:a1:7b:c8:bc:cd:11:81:06:b8:a6:d5:
2f:6a:1b:cb:9c:1c:61:69:87:7e:56:8a:3d:ac:ab:
61:ed:4c:45:ed:20:a6:34:7a:5e:b1:9e:0f:e2:86:
81:58:7e:cb:91:e4:e6:85:00:49:1b:02:b1:d2:86:
09:e9:77:b3:4f:43:3c:ba:08:e5:c8:d2:bb:70:3d:
1b:16:b0:3d:ec:08:cd:12:91:6f:43:3a:d4:4b:04:
d6:90:9c:18:b2:f5:5b:8d:e8:2b:48:fb:04:87:60:
6c:f2:b3:64:7e:e6:82:61:fe:2d:9f:b1:b7:25:26:
a6:82:75:c9:26:f5:86:1f:f7:c9:c7:5e:e3:f8:9d:
11:d0:6d:6c:3c:41:91:0d:bd:55:d0:62:3c:50:c6:
94:f4:a8:98:2b:3b:56:9f:15:74:ae:2b:cf:d5:74:
15:05:1f:9e:2c:62:8b:7a:7a:d2:3c:dc:45:5a:e0:
43:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:FE:F2:F6:D2:01:3D:A5:4D:E2:D2:D4:62:DD:E6:E1:71:4F:38:09
X509v3 Authority Key Identifier:
keyid:81:C8:B7:3A:B7:BD:EB:76:FF:48:B2:CA:09:96:16:ED:BE:71:C4:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/gci3Ore963b_SLLKCZYW7b5xxCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/Iv7y9tIBPaVN4tLUYt3m4XFPOAk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/98/207934-9edc-4a89-820e-d8488b3ab42f/1/gci3Ore963b_SLLKCZYW7b5xxCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.181.166.0/24
45.81.148.0/24
185.229.243.0/24
IPv6:
2a0a:da40::/29
Signature Algorithm: sha256WithRSAEncryption
7d:ec:f4:66:a4:36:af:ce:da:0f:08:6c:1e:fa:59:be:c2:8b:
b1:9d:bf:dd:9f:f9:b0:16:9c:e4:2c:2b:ab:e7:d7:3c:e2:36:
c6:b4:0d:a8:59:9a:01:76:46:37:c3:01:7b:2d:12:fc:09:a9:
7e:dd:da:f5:36:c1:e8:b0:3e:5a:c7:81:4f:b3:fe:f8:b5:13:
ad:ca:37:5b:1a:24:f5:05:68:1c:5f:0b:4e:1c:f9:5b:db:9b:
99:0f:22:ca:8d:85:4e:1d:fd:98:4f:2d:c6:25:a9:1d:95:df:
23:b3:bc:1a:47:51:26:40:18:23:db:3b:73:8d:1e:f8:d8:5f:
d6:b7:4c:b8:76:1a:15:9c:24:4a:d4:32:50:b0:2c:c0:8b:cd:
c9:50:25:58:83:fe:ae:b5:f8:d8:ca:c4:de:ee:8e:f9:74:d7:
8e:a6:5f:26:d3:4b:4f:77:6f:e1:09:7f:15:24:9c:d3:d2:bd:
3b:24:c4:84:e4:58:ca:03:cf:52:1d:fe:57:7a:74:1c:8c:ee:
06:25:bd:f2:fe:60:aa:f1:3c:9e:f2:7f:8c:e2:a3:df:43:66:
e3:3d:b6:58:47:91:4c:54:04:d4:9d:5d:0f:2b:ed:6f:01:cd:
85:c6:84:e3:18:2d:60:d6:12:54:00:65:12:4e:26:10:e0:2a:
96:4e:3f:ba
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYoY4Svb2FoshNlX3aArog4pMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxYzhiNzNhYjdiZGViNzZmZjQ4YjJjYTA5OTYxNmVkYmU3
MWM0MjYwHhcNMjMwODIxMTYxNTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMmZlZjJmNmQyMDEzZGE1NGRlMmQyZDQ2MmRkZTZlMTcxNGYzODA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsDLoB6qiGM6+JpAvER7fO7YH+VfX
dH2ru8/6zA9k4oSX1cDQ2e7PRi9SN9FTWMTvWlmAroTkskFltZ2y7gmTZ5Lj+jy2
sevTn0Lth5Y3oXvIvM0RgQa4ptUvahvLnBxhaYd+Voo9rKth7UxF7SCmNHpesZ4P
4oaBWH7LkeTmhQBJGwKx0oYJ6XezT0M8ugjlyNK7cD0bFrA97AjNEpFvQzrUSwTW
kJwYsvVbjegrSPsEh2Bs8rNkfuaCYf4tn7G3JSamgnXJJvWGH/fJx17j+J0R0G1s
PEGRDb1V0GI8UMaU9KiYKztWnxV0rivP1XQVBR+eLGKLenrSPNxFWuBDgwIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFCL+8vbSAT2lTeLS1GLd5uFxTzgJMB8GA1UdIwQY
MBaAFIHItzq3vet2/0iyygmWFu2+ccQmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2NpM09yZTk2M2JfU0xMS0NaWVc3YjV4eENZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85OC8yMDc5MzQtOWVkYy00YTg5LTgyMGUt
ZDg0ODhiM2FiNDJmLzEvSXY3eTl0SUJQYVZONHRMVVl0M200WEZQT0FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85OC8yMDc5MzQtOWVkYy00YTg5LTgyMGUtZDg0ODhiM2FiNDJm
LzEvZ2NpM09yZTk2M2JfU0xMS0NaWVc3YjV4eENZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQABbWmAwQA
LVGUAwQAueXzMA0EAgACMAcDBQMqCtpAMA0GCSqGSIb3DQEBCwUAA4IBAQB97PRm
pDavztoPCGwe+lm+wouxnb/dn/mwFpzkLCur59c84jbGtA2oWZoBdkY3wwF7LRL8
Cal+3dr1NsHosD5ax4FPs/74tROtyjdbGiT1BWgcXwtOHPlb25uZDyLKjYVOHf2Y
Ty3GJakdld8js7waR1EmQBgj2ztzjR742F/Wt0y4dhoVnCRK1DJQsCzAi83JUCVY
g/6utfjYysTe7o75dNeOpl8m00tPd2/hCX8VJJzT0r07JMSE5FjKA89SHf5XenQc
jO4GJb3y/mCq8Tye8n+M4qPfQ2bjPbZYR5FMVATUnV0PK+1vAc2FxoTjGC1g1hJU
AGUSTiYQ4CqWTj+6
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:25:02 2024 by rpki-client on console-ams.rpki-client.org