Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a4/4e816d-d8ec-437c-986a-3c12781e202d/1/mi6jLhQZNMdG3k-ULKqg1ofw-1o.roa
File: mi6jLhQZNMdG3k-ULKqg1ofw-1o.roa (raw, json)
Hash identifier: JHbfiJDc+65J0CltXHYXq51ZAGR0WLS0j4m7GqEfhOw=
Subject key identifier: 9A:2E:A3:2E:14:19:34:C7:46:DE:4F:94:2C:AA:A0:D6:87:F0:FB:5A
Certificate issuer: /CN=91d8c32a703972aaea093a01f8dedf57f9675575
Certificate serial: 0185729ECF733E8896F38599A0BA0CA70C12
Authority key identifier: 91:D8:C3:2A:70:39:72:AA:EA:09:3A:01:F8:DE:DF:57:F9:67:55:75
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/kdjDKnA5cqrqCToB-N7fV_lnVXU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a4/4e816d-d8ec-437c-986a-3c12781e202d/1/mi6jLhQZNMdG3k-ULKqg1ofw-1o.roa
Signing time: Mon 02 Jan 2023 13:14:48 +0000
ROA not before: Mon 02 Jan 2023 13:14:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 24730
IP address blocks: 81.23.224.0/20 maxlen: 20
81.173.4.0/24 maxlen: 24
81.173.124.0/24 maxlen: 24
185.236.176.0/22 maxlen: 22
81.173.34.0/23 maxlen: 23
2001:15b8::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:9e:cf:73:3e:88:96:f3:85:99:a0:ba:0c:a7:0c:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=91d8c32a703972aaea093a01f8dedf57f9675575
Validity
Not Before: Jan 2 13:14:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9a2ea32e141934c746de4f942caaa0d687f0fb5a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:df:1b:5d:21:b6:1f:70:1d:a0:30:a1:d4:22:
0e:ff:0f:4a:8c:4e:67:d2:17:01:77:de:7b:64:30:
95:45:89:27:74:f8:34:7e:94:2f:86:8a:5c:f3:db:
53:60:5e:5e:bb:dc:40:9d:a7:7d:21:81:26:93:8d:
64:2f:eb:43:eb:64:3d:14:62:91:95:29:1d:7c:9d:
65:75:b2:b2:79:cf:ea:b8:85:ea:17:a2:a9:a1:39:
65:43:1b:6c:91:c3:f1:70:d6:ec:af:32:55:25:e8:
68:24:60:69:8b:e3:13:a8:cd:e4:14:40:db:62:af:
ef:ed:c2:91:17:d4:87:4f:f7:e6:ee:20:56:99:3c:
32:9a:11:51:2d:8a:46:0a:93:a4:b5:22:12:c7:26:
60:aa:b7:43:51:dd:40:c7:64:ed:e4:56:70:f3:80:
b9:52:5d:47:66:44:52:5d:2a:d0:84:d0:75:58:88:
2e:6d:1b:57:52:c2:22:01:6b:3e:4a:83:44:a2:4a:
36:62:62:ee:87:66:d9:b4:89:ab:ac:7d:e4:6a:f5:
0a:ab:24:ab:d0:07:9c:bb:cf:c5:db:fa:4b:a7:d2:
31:ac:ef:29:a3:f6:d1:33:c0:3a:97:d9:33:52:55:
67:d5:6c:8f:8f:d3:e2:bc:47:b7:02:9b:1f:d5:ef:
4e:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:2E:A3:2E:14:19:34:C7:46:DE:4F:94:2C:AA:A0:D6:87:F0:FB:5A
X509v3 Authority Key Identifier:
keyid:91:D8:C3:2A:70:39:72:AA:EA:09:3A:01:F8:DE:DF:57:F9:67:55:75
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/kdjDKnA5cqrqCToB-N7fV_lnVXU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/4e816d-d8ec-437c-986a-3c12781e202d/1/mi6jLhQZNMdG3k-ULKqg1ofw-1o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a4/4e816d-d8ec-437c-986a-3c12781e202d/1/kdjDKnA5cqrqCToB-N7fV_lnVXU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.23.224.0/20
81.173.4.0/24
81.173.34.0/23
81.173.124.0/24
185.236.176.0/22
IPv6:
2001:15b8::/32
Signature Algorithm: sha256WithRSAEncryption
76:de:66:1e:70:6b:c1:95:06:8a:92:a1:51:f6:ab:a0:2f:68:
f1:8d:d3:b3:31:f2:6f:7c:d6:7c:74:d4:26:a9:1b:7c:fc:d1:
17:d9:a3:41:db:75:c4:7d:ed:0c:a8:78:56:d5:88:45:84:e4:
a3:1e:a8:ac:76:e5:54:28:16:2e:fa:51:72:81:04:3d:16:ec:
ae:db:7f:c9:d9:5b:2a:7c:8e:06:07:17:9e:96:89:f9:ab:77:
34:78:78:32:ad:9f:ba:66:03:de:31:b5:c8:7d:e6:f9:b0:c0:
ad:33:b8:95:a3:62:5a:4f:5e:25:15:d8:77:02:2f:f5:49:37:
8a:a6:ce:bd:b7:06:8c:15:6b:01:42:a8:95:48:e8:dd:45:61:
ae:ce:70:06:f0:05:ac:c5:ce:c7:e8:4a:b2:e6:c5:e4:49:ee:
c9:93:87:f0:34:32:19:f0:b8:31:6d:89:62:a4:95:85:87:6e:
fb:0a:1a:d6:41:cf:90:05:3d:2e:4c:e8:59:78:f0:d3:8f:1e:
e5:97:87:f7:81:0c:16:a1:a7:90:3e:84:dd:34:9c:3f:97:e4:
50:90:4a:54:ff:35:f6:cb:f8:f2:06:d9:3c:a6:56:4c:9b:b5:
4c:8d:f9:44:65:0e:aa:7c:b1:02:11:93:49:50:55:e9:6c:93:
9f:c6:ab:60
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYVyns9zPoiW84WZoLoMpwwSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkxZDhjMzJhNzAzOTcyYWFlYTA5M2EwMWY4ZGVkZjU3Zjk2
NzU1NzUwHhcNMjMwMTAyMTMxNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTJlYTMyZTE0MTkzNGM3NDZkZTRmOTQyY2FhYTBkNjg3ZjBmYjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3d8bXSG2H3AdoDCh1CIO/w9KjE5n
0hcBd957ZDCVRYkndPg0fpQvhopc89tTYF5eu9xAnad9IYEmk41kL+tD62Q9FGKR
lSkdfJ1ldbKyec/quIXqF6KpoTllQxtskcPxcNbsrzJVJehoJGBpi+MTqM3kFEDb
Yq/v7cKRF9SHT/fm7iBWmTwymhFRLYpGCpOktSISxyZgqrdDUd1Ax2Tt5FZw84C5
Ul1HZkRSXSrQhNB1WIgubRtXUsIiAWs+SoNEoko2YmLuh2bZtImrrH3kavUKqySr
0Aecu8/F2/pLp9IxrO8po/bRM8A6l9kzUlVn1WyPj9PivEe3Apsf1e9ODQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFJouoy4UGTTHRt5PlCyqoNaH8PtaMB8GA1UdIwQY
MBaAFJHYwypwOXKq6gk6Afje31f5Z1V1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva2RqREtuQTVjcXJxQ1RvQi1ON2ZWX2xuVlhVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNC80ZTgxNmQtZDhlYy00MzdjLTk4NmEt
M2MxMjc4MWUyMDJkLzEvbWk2akxoUVpOTWRHM2stVUxLcWcxb2Z3LTFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNC80ZTgxNmQtZDhlYy00MzdjLTk4NmEtM2MxMjc4MWUyMDJk
LzEva2RqREtuQTVjcXJxQ1RvQi1ON2ZWX2xuVlhVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQEURfgAwQA
Ua0EAwQBUa0iAwQAUa18AwQCueywMA0EAgACMAcDBQAgARW4MA0GCSqGSIb3DQEB
CwUAA4IBAQB23mYecGvBlQaKkqFR9qugL2jxjdOzMfJvfNZ8dNQmqRt8/NEX2aNB
23XEfe0MqHhW1YhFhOSjHqisduVUKBYu+lFygQQ9Fuyu23/J2VsqfI4GBxeelon5
q3c0eHgyrZ+6ZgPeMbXIfeb5sMCtM7iVo2JaT14lFdh3Ai/1STeKps69twaMFWsB
QqiVSOjdRWGuznAG8AWsxc7H6Eqy5sXkSe7Jk4fwNDIZ8LgxbYlipJWFh277ChrW
Qc+QBT0uTOhZePDTjx7ll4f3gQwWoaeQPoTdNJw/l+RQkEpU/zX2y/jyBtk8plZM
m7VMjflEZQ6qfLECEZNJUFXpbJOfxqtg
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:22:18 2025 by rpki-client