Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/5c5138-aee4-482c-913c-3a4dff8e8ded/1/iCfrJUWpTW5KrxL3awbEw5jpNF0.roa
File: iCfrJUWpTW5KrxL3awbEw5jpNF0.roa (raw, json)
Hash identifier: vgx131UJAI58hTAFzgOfUBVeYHUUVEsUQCtn/q2i6xE=
Subject key identifier: 88:27:EB:25:45:A9:4D:6E:4A:AF:12:F7:6B:06:C4:C3:98:E9:34:5D
Certificate issuer: /CN=35730bb8b2623e7f65a6163604d1c85f9106288f
Certificate serial: 0189CFD64D808CB5F9D2DA69525EDC9F0D84
Authority key identifier: 35:73:0B:B8:B2:62:3E:7F:65:A6:16:36:04:D1:C8:5F:91:06:28:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NXMLuLJiPn9lphY2BNHIX5EGKI8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/5c5138-aee4-482c-913c-3a4dff8e8ded/1/iCfrJUWpTW5KrxL3awbEw5jpNF0.roa
Signing time: Mon 07 Aug 2023 11:51:15 +0000
ROA not before: Mon 07 Aug 2023 11:51:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34513
IP address blocks: 85.198.28.0/24 maxlen: 24
85.198.29.0/24 maxlen: 24
85.198.0.0/24 maxlen: 24
85.198.1.0/24 maxlen: 24
85.198.2.0/24 maxlen: 24
85.198.3.0/24 maxlen: 24
85.198.4.0/24 maxlen: 24
85.198.5.0/24 maxlen: 24
85.198.6.0/24 maxlen: 24
85.198.7.0/24 maxlen: 24
85.198.8.0/24 maxlen: 24
85.198.9.0/24 maxlen: 24
85.198.10.0/24 maxlen: 24
85.198.11.0/24 maxlen: 24
85.198.14.0/24 maxlen: 24
85.198.15.0/24 maxlen: 24
85.198.16.0/24 maxlen: 24
78.110.124.0/24 maxlen: 24
85.198.17.0/24 maxlen: 24
78.110.125.0/24 maxlen: 24
85.198.12.0/24 maxlen: 24
85.198.13.0/24 maxlen: 24
85.198.18.0/24 maxlen: 24
78.110.126.0/24 maxlen: 24
85.198.19.0/24 maxlen: 24
78.110.127.0/24 maxlen: 24
85.198.20.0/24 maxlen: 24
85.198.21.0/24 maxlen: 24
85.198.22.0/24 maxlen: 24
85.198.23.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:cf:d6:4d:80:8c:b5:f9:d2:da:69:52:5e:dc:9f:0d:84
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35730bb8b2623e7f65a6163604d1c85f9106288f
Validity
Not Before: Aug 7 11:51:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8827eb2545a94d6e4aaf12f76b06c4c398e9345d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:4f:6c:db:44:96:b0:a8:d1:f1:d9:34:e8:9b:
ac:16:64:22:fe:50:e8:b0:eb:0b:18:b3:6c:ba:53:
a6:cf:15:8b:e8:ea:6b:80:51:fe:3f:ce:df:b4:2e:
20:e2:ad:c0:7e:7c:53:22:76:49:92:13:26:82:d5:
39:95:c8:8f:17:0a:f9:a2:95:2f:20:30:cf:dc:c5:
5a:b5:f8:f4:ba:aa:47:99:e0:29:e4:5d:09:50:93:
93:69:31:8c:a9:0b:23:6b:5b:91:1e:8f:a4:be:95:
4e:9f:b2:6a:9a:0f:c9:fb:2b:ff:0f:bd:9a:df:87:
36:d5:ca:21:3f:14:31:1f:4e:20:66:df:cf:49:b0:
23:e0:d5:78:d1:7f:ab:39:0a:a5:7f:63:fa:bd:63:
2e:98:0b:62:a2:41:97:44:47:fa:f0:14:4b:0e:3e:
4c:cf:cb:12:81:24:72:29:78:3f:b7:08:0e:d6:a6:
c8:17:6b:45:ac:66:93:97:4d:7a:c6:ab:ee:9e:1b:
90:ff:2a:8b:4e:5c:8b:49:b4:ec:e2:b5:34:b2:25:
10:33:19:79:14:bb:9b:f7:4e:cb:5e:54:97:c9:18:
9c:b6:e2:40:ce:00:c0:70:9b:e0:4c:da:75:75:09:
d1:3d:f5:5e:80:66:a6:49:a9:07:40:65:8d:f4:19:
b9:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:27:EB:25:45:A9:4D:6E:4A:AF:12:F7:6B:06:C4:C3:98:E9:34:5D
X509v3 Authority Key Identifier:
keyid:35:73:0B:B8:B2:62:3E:7F:65:A6:16:36:04:D1:C8:5F:91:06:28:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NXMLuLJiPn9lphY2BNHIX5EGKI8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/5c5138-aee4-482c-913c-3a4dff8e8ded/1/iCfrJUWpTW5KrxL3awbEw5jpNF0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/5c5138-aee4-482c-913c-3a4dff8e8ded/1/NXMLuLJiPn9lphY2BNHIX5EGKI8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.110.124.0/22
85.198.0.0-85.198.23.255
85.198.28.0/23
Signature Algorithm: sha256WithRSAEncryption
6d:4a:15:c0:ac:35:33:32:c0:3a:c1:2a:7f:51:5b:e3:b0:4f:
93:71:43:cb:2f:30:e9:d9:05:40:28:55:8c:5e:7b:d9:1f:63:
b8:2c:82:bb:fd:05:2f:ad:1b:f6:ae:e9:4e:e3:10:b4:a0:97:
77:2b:16:62:49:a9:78:56:b9:24:76:c8:b4:11:e3:78:62:0e:
a1:2f:eb:c0:42:f1:92:8a:8a:5f:c1:f3:81:82:00:e5:52:86:
d0:18:59:94:c8:4b:8c:a7:a1:06:ce:27:94:ac:ff:bb:c6:59:
24:0f:54:74:b7:09:de:d3:0c:d0:85:03:62:88:03:b2:93:ab:
30:5b:60:1c:19:4e:e6:d3:e0:56:62:2d:53:9d:94:46:0f:a1:
aa:40:59:c4:10:a1:b9:08:e7:34:d9:0d:63:d6:30:ab:99:af:
ef:d1:7c:f0:aa:ba:73:03:58:cc:cc:5f:79:ad:31:2d:fb:45:
71:f5:17:4b:37:83:3f:9b:e4:cf:bd:99:fe:08:58:b8:87:3e:
7c:44:af:0b:20:ee:33:58:84:e4:53:01:f1:7a:b5:1f:00:29:
59:79:76:dd:c5:5f:05:8c:77:8b:fc:64:f4:86:13:b3:e2:82:
6e:cc:47:2e:59:f5:3e:7f:ad:4c:a2:b9:00:85:74:0b:2f:07:
de:a5:06:ef
-----BEGIN CERTIFICATE-----
MIIFEDCCA/igAwIBAgISAYnP1k2AjLX50tppUl7cnw2EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NzMwYmI4YjI2MjNlN2Y2NWE2MTYzNjA0ZDFjODVmOTEw
NjI4OGYwHhcNMjMwODA3MTE1MTE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODI3ZWIyNTQ1YTk0ZDZlNGFhZjEyZjc2YjA2YzRjMzk4ZTkzNDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhk9s20SWsKjR8dk06JusFmQi/lDo
sOsLGLNsulOmzxWL6OprgFH+P87ftC4g4q3AfnxTInZJkhMmgtU5lciPFwr5opUv
IDDP3MVatfj0uqpHmeAp5F0JUJOTaTGMqQsja1uRHo+kvpVOn7Jqmg/J+yv/D72a
34c21cohPxQxH04gZt/PSbAj4NV40X+rOQqlf2P6vWMumAtiokGXREf68BRLDj5M
z8sSgSRyKXg/twgO1qbIF2tFrGaTl016xqvunhuQ/yqLTlyLSbTs4rU0siUQMxl5
FLub907LXlSXyRictuJAzgDAcJvgTNp1dQnRPfVegGamSakHQGWN9Bm5dwIDAQAB
o4ICHDCCAhgwHQYDVR0OBBYEFIgn6yVFqU1uSq8S92sGxMOY6TRdMB8GA1UdIwQY
MBaAFDVzC7iyYj5/ZaYWNgTRyF+RBiiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlhNTHVMSmlQbjlscGhZMkJOSElYNUVHS0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC81YzUxMzgtYWVlNC00ODJjLTkxM2Mt
M2E0ZGZmOGU4ZGVkLzEvaUNmckpVV3BUVzVLcnhMM2F3YkV3NWpwTkYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC81YzUxMzgtYWVlNC00ODJjLTkxM2MtM2E0ZGZmOGU4ZGVk
LzEvTlhNTHVMSmlQbjlscGhZMkJOSElYNUVHS0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDIGCCsGAQUFBwEHAQH/BCMwITAfBAIAATAZAwQCTm58MAsD
AwFVxgMEA1XGEAMEAVXGHDANBgkqhkiG9w0BAQsFAAOCAQEAbUoVwKw1MzLAOsEq
f1Fb47BPk3FDyy8w6dkFQChVjF572R9juCyCu/0FL60b9q7pTuMQtKCXdysWYkmp
eFa5JHbItBHjeGIOoS/rwELxkoqKX8HzgYIA5VKG0BhZlMhLjKehBs4nlKz/u8ZZ
JA9UdLcJ3tMM0IUDYogDspOrMFtgHBlO5tPgVmItU52URg+hqkBZxBChuQjnNNkN
Y9Ywq5mv79F88Kq6cwNYzMxfea0xLftFcfUXSzeDP5vkz72Z/ghYuIc+fESvCyDu
M1iE5FMB8Xq1HwApWXl23cVfBYx3i/xk9IYTs+KCbsxHLln1Pn+tTKK5AIV0Cy8H
3qUG7w==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:08 2024 by rpki-client on console-ams.rpki-client.org