Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/Vl_CWKHk1i65Wf8niNe2U8yQtXw.roa
File: Vl_CWKHk1i65Wf8niNe2U8yQtXw.roa (raw, json)
Hash identifier: ptmxbwv77N5kfiLJFyEWW7ExioAHq7DwMqoKTChyyGE=
Subject key identifier: 56:5F:C2:58:A1:E4:D6:2E:B9:59:FF:27:88:D7:B6:53:CC:90:B5:7C
Certificate issuer: /CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Certificate serial: 01880091B725064637AD763E2A0E1E9EB67E
Authority key identifier: C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/Vl_CWKHk1i65Wf8niNe2U8yQtXw.roa
Signing time: Tue 09 May 2023 12:52:09 +0000
ROA not before: Tue 09 May 2023 12:52:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7155
IP address blocks: 81.88.67.0/24 maxlen: 24
81.88.68.0/23 maxlen: 23
81.88.70.0/24 maxlen: 24
81.88.76.0/24 maxlen: 24
81.88.78.0/24 maxlen: 24
81.88.73.0/24 maxlen: 24
81.88.74.0/23 maxlen: 23
81.88.79.0/24 maxlen: 24
84.247.142.0/24 maxlen: 24
84.247.146.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:00:91:b7:25:06:46:37:ad:76:3e:2a:0e:1e:9e:b6:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Validity
Not Before: May 9 12:52:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=565fc258a1e4d62eb959ff2788d7b653cc90b57c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:3f:96:b5:98:31:e1:f5:26:d5:49:b6:06:9a:
4c:ca:3d:da:15:e5:4e:61:27:25:31:38:07:1b:a2:
91:af:a8:d6:15:27:9a:f3:e2:f9:80:4e:b9:c5:68:
83:e1:ba:ee:8a:ae:a4:0f:3f:53:6c:7b:4b:d1:1b:
c1:4b:04:fc:f9:10:b3:21:16:ac:75:25:03:83:5a:
36:45:3f:03:fd:e5:bd:ca:10:4e:10:1c:2d:78:e8:
68:b0:c2:2a:4e:ff:c5:8e:9f:a1:5a:5b:c2:db:18:
31:d6:99:dc:1a:9e:a4:eb:37:6b:d7:54:69:aa:36:
e5:9b:ec:ac:a5:01:ef:d2:ba:45:8d:c8:be:ba:28:
d0:af:7e:d0:0f:25:5a:86:a8:2f:2e:51:5c:7b:ff:
52:56:eb:5f:28:2e:14:54:8b:31:d9:8d:78:53:d7:
43:6d:fb:36:8e:dc:60:f1:20:ce:66:9f:1d:98:41:
65:42:da:6f:6c:cd:1e:ec:0a:41:16:8d:da:07:60:
1f:46:6d:80:6c:7e:16:c4:a0:d8:b2:67:b0:f8:54:
aa:c4:5f:30:68:00:74:23:ff:7a:ee:9f:3a:2e:5c:
44:91:88:2d:9a:40:8e:d2:55:30:5a:80:99:a6:ae:
9e:00:db:e1:27:45:28:ae:5e:75:98:44:de:cb:4e:
b5:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:5F:C2:58:A1:E4:D6:2E:B9:59:FF:27:88:D7:B6:53:CC:90:B5:7C
X509v3 Authority Key Identifier:
keyid:C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/Vl_CWKHk1i65Wf8niNe2U8yQtXw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/xZJ4bO1s5ZdYVGi7TzazHPas7G4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.88.67.0-81.88.70.255
81.88.73.0-81.88.76.255
81.88.78.0/23
84.247.142.0/24
84.247.146.0/24
Signature Algorithm: sha256WithRSAEncryption
b7:f9:a3:bd:2c:f8:99:36:db:10:10:3a:86:2d:0e:64:83:76:
f2:c5:1a:4c:46:ce:89:e7:f8:dc:0c:65:b2:34:77:a9:96:c9:
f5:97:05:15:09:72:24:7d:64:d1:a0:85:7b:f8:c3:d8:2d:16:
18:66:ea:f2:e8:2d:ec:8e:c3:3a:e1:2d:e2:f0:2c:06:78:79:
3b:12:06:06:f1:05:af:1f:e0:2c:b5:3c:92:ff:5d:f7:c1:f5:
0d:54:4f:d5:a3:f9:80:c8:2d:ec:73:73:98:1e:1b:7c:0d:aa:
f1:28:35:13:aa:99:6d:a3:ea:c5:bd:fa:55:4c:95:3b:c9:ec:
34:5e:1a:d1:b6:1e:8a:48:73:23:61:ca:80:52:0a:1e:f8:2a:
d5:f4:f2:a6:05:01:7d:23:50:72:ef:1a:c6:94:09:f9:78:e0:
05:a5:d1:39:02:1f:b7:67:89:48:0c:20:10:39:e2:ab:07:b1:
fc:7f:6d:88:f9:ce:83:64:15:3c:c7:0e:e7:1f:72:2d:74:b3:
c9:88:3b:14:50:f4:60:78:b5:6c:29:22:c4:e6:8b:51:b9:86:
9e:a1:b0:fa:5f:e1:f8:97:d5:ad:d8:9a:59:b7:27:74:19:de:
1e:e0:e0:f8:11:ea:a2:ac:9f:1c:f3:70:12:11:c6:74:17:be:
38:63:9f:bb
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAYgAkbclBkY3rXY+Kg4enrZ+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1OTI3ODZjZWQ2Y2U1OTc1ODU0NjhiYjRmMzZiMzFjZjZh
Y2VjNmUwHhcNMjMwNTA5MTI1MjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjVmYzI1OGExZTRkNjJlYjk1OWZmMjc4OGQ3YjY1M2NjOTBiNTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuj+WtZgx4fUm1Um2BppMyj3aFeVO
YSclMTgHG6KRr6jWFSea8+L5gE65xWiD4bruiq6kDz9TbHtL0RvBSwT8+RCzIRas
dSUDg1o2RT8D/eW9yhBOEBwteOhosMIqTv/Fjp+hWlvC2xgx1pncGp6k6zdr11Rp
qjblm+yspQHv0rpFjci+uijQr37QDyVahqgvLlFce/9SVutfKC4UVIsx2Y14U9dD
bfs2jtxg8SDOZp8dmEFlQtpvbM0e7ApBFo3aB2AfRm2AbH4WxKDYsmew+FSqxF8w
aAB0I/967p86LlxEkYgtmkCO0lUwWoCZpq6eANvhJ0Uorl51mETey061GQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFFZfwlih5NYuuVn/J4jXtlPMkLV8MB8GA1UdIwQY
MBaAFMWSeGztbOWXWFRou082sxz2rOxuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQt
YmEzNzUxMTQwNGMyLzEvVmxfQ1dLSGsxaTY1V2Y4bmlOZTJVOHlRdFh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQtYmEzNzUxMTQwNGMy
LzEveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBABRWEMD
BABRWEYwDAMEAFFYSQMEAFFYTAMEAVFYTgMEAFT3jgMEAFT3kjANBgkqhkiG9w0B
AQsFAAOCAQEAt/mjvSz4mTbbEBA6hi0OZIN28sUaTEbOief43AxlsjR3qZbJ9ZcF
FQlyJH1k0aCFe/jD2C0WGGbq8ugt7I7DOuEt4vAsBnh5OxIGBvEFrx/gLLU8kv9d
98H1DVRP1aP5gMgt7HNzmB4bfA2q8Sg1E6qZbaPqxb36VUyVO8nsNF4a0bYeikhz
I2HKgFIKHvgq1fTypgUBfSNQcu8axpQJ+XjgBaXROQIft2eJSAwgEDniqwex/H9t
iPnOg2QVPMcO5x9yLXSzyYg7FFD0YHi1bCkixOaLUbmGnqGw+l/h+JfVrdiaWbcn
dBneHuDg+BHqoqyfHPNwEhHGdBe+OGOfuw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:46 2024 by rpki-client on console-fra.rpki-client.org