Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/00441d-80e4-4d18-9581-5c5eab8a9e3c/1/OTyFJN73zlIq2HwlQ0uhwsx2VOY.roa
File: OTyFJN73zlIq2HwlQ0uhwsx2VOY.roa (raw, json)
Hash identifier: Aohb30QFmLAmUGf32uCC1Tjdz4lODNmVKyMS6HiKFZc=
Subject key identifier: 39:3C:85:24:DE:F7:CE:52:2A:D8:7C:25:43:4B:A1:C2:CC:76:54:E6
Certificate issuer: /CN=1fe8ee87853406cd8d04ba8e39bf7a51ffb8a3bc
Certificate serial: 0B8EA6D0
Authority key identifier: 1F:E8:EE:87:85:34:06:CD:8D:04:BA:8E:39:BF:7A:51:FF:B8:A3:BC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H-juh4U0Bs2NBLqOOb96Uf-4o7w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/00441d-80e4-4d18-9581-5c5eab8a9e3c/1/OTyFJN73zlIq2HwlQ0uhwsx2VOY.roa
Signing time: Thu 07 Apr 2022 07:01:37 +0000
ROA not before: Thu 07 Apr 2022 07:01:37 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 201895
IP address blocks: 85.117.228.0/24 maxlen: 24
185.60.160.0/24 maxlen: 24
185.60.162.0/24 maxlen: 24
185.60.161.0/24 maxlen: 24
185.60.163.0/24 maxlen: 24
2a02:73a0:50::/48 maxlen: 48
2a02:73a0:60::/48 maxlen: 48
2a02:73a0:70::/48 maxlen: 48
2a02:73a0:90::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 193898192 (0xb8ea6d0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1fe8ee87853406cd8d04ba8e39bf7a51ffb8a3bc
Validity
Not Before: Apr 7 07:01:37 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=393c8524def7ce522ad87c25434ba1c2cc7654e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e7:e0:4b:ac:e0:05:36:ee:1a:26:f0:19:4b:45:
75:05:b7:1b:fc:a7:a2:77:a4:a7:e6:e6:97:17:f4:
29:2f:3d:b8:a5:68:04:5e:f9:0d:83:7a:a4:fb:79:
8a:1e:e2:38:ea:f2:21:17:43:63:ec:b6:2f:5c:40:
d9:ef:e5:6b:74:04:5d:a4:ae:8b:e4:d7:ff:6d:4e:
18:41:58:ea:2c:60:78:b1:b6:1d:3e:ac:89:da:12:
3c:19:74:e6:9c:8f:0c:8c:1c:92:1b:89:cd:a1:0f:
ec:ec:b2:a2:73:72:fa:d0:b5:24:0a:0e:e0:a0:98:
6e:9d:43:65:53:2b:b4:45:27:30:d1:41:75:59:66:
55:d5:c0:22:fd:d6:1f:e6:03:e1:d2:d9:5a:9c:a1:
0d:b9:5a:00:08:06:4a:83:35:3f:73:58:01:90:2f:
cd:22:99:5e:16:b6:56:f8:2f:64:fe:d8:0b:60:3e:
1e:11:52:00:71:c5:11:d7:db:29:64:ea:74:dc:ec:
4b:e4:3a:3b:02:6d:f1:85:ec:18:7f:1c:b1:5a:4d:
3a:f8:48:f9:b5:06:fb:7d:94:cd:4f:c7:a2:e0:54:
37:30:eb:cb:5c:3a:f5:52:e5:b1:31:35:6c:18:73:
c0:44:e0:73:e6:fb:9d:f7:a5:d4:2c:8a:aa:8a:a3:
6d:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:3C:85:24:DE:F7:CE:52:2A:D8:7C:25:43:4B:A1:C2:CC:76:54:E6
X509v3 Authority Key Identifier:
keyid:1F:E8:EE:87:85:34:06:CD:8D:04:BA:8E:39:BF:7A:51:FF:B8:A3:BC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H-juh4U0Bs2NBLqOOb96Uf-4o7w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/00441d-80e4-4d18-9581-5c5eab8a9e3c/1/OTyFJN73zlIq2HwlQ0uhwsx2VOY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/00441d-80e4-4d18-9581-5c5eab8a9e3c/1/H-juh4U0Bs2NBLqOOb96Uf-4o7w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.117.228.0/24
185.60.160.0/22
IPv6:
2a02:73a0:50::/48
2a02:73a0:60::/48
2a02:73a0:70::/48
2a02:73a0:90::/48
Signature Algorithm: sha256WithRSAEncryption
d1:23:93:5c:11:42:3a:98:9d:c8:fb:1a:72:5c:c8:07:24:c3:
2d:83:8c:40:c4:55:9a:0b:9a:fa:46:62:fc:e1:06:9d:43:57:
57:5b:52:71:ab:5f:8b:ae:26:0d:47:2e:f5:d4:04:62:e5:1b:
ea:61:a4:09:18:23:78:c4:06:83:5c:10:0b:e7:a5:d0:f3:ca:
ff:61:71:f8:91:2d:ee:cc:de:4f:2f:dd:d3:b6:29:da:b6:24:
aa:53:73:f2:40:81:6d:6b:f5:bc:a6:b6:69:17:7e:24:9a:7b:
da:b1:4f:d2:86:20:ee:ba:e5:99:89:3c:69:ea:b3:fc:35:99:
8e:46:57:33:8a:ad:63:db:1a:d4:f3:bb:ec:7b:0b:7c:27:cd:
cb:18:18:1a:95:d1:7b:ba:84:1f:a7:f8:4f:7e:7e:fb:58:1d:
97:7b:85:76:7f:f1:fd:7f:c3:fe:3b:a0:40:10:e5:55:8d:ad:
c0:1f:37:32:c8:b3:ca:e9:5d:cf:42:41:b0:65:cc:83:01:cd:
5d:4e:3b:ba:89:97:3e:5a:b0:de:33:43:de:ac:f1:8b:13:01:
52:dc:4d:b4:d0:02:f1:7e:52:dd:17:2c:82:a5:65:5f:e6:ea:
9e:c7:02:e1:a6:ca:6d:ac:5c:f1:68:48:b6:df:63:64:c1:04:
81:e1:c1:a4
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgIEC46m0DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
ZmU4ZWU4Nzg1MzQwNmNkOGQwNGJhOGUzOWJmN2E1MWZmYjhhM2JjMB4XDTIyMDQw
NzA3MDEzN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzkzYzg1MjRkZWY3
Y2U1MjJhZDg3YzI1NDM0YmExYzJjYzc2NTRlNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOfgS6zgBTbuGibwGUtFdQW3G/ynonekp+bmlxf0KS89uKVo
BF75DYN6pPt5ih7iOOryIRdDY+y2L1xA2e/la3QEXaSui+TX/21OGEFY6ixgeLG2
HT6sidoSPBl05pyPDIwckhuJzaEP7OyyonNy+tC1JAoO4KCYbp1DZVMrtEUnMNFB
dVlmVdXAIv3WH+YD4dLZWpyhDblaAAgGSoM1P3NYAZAvzSKZXha2VvgvZP7YC2A+
HhFSAHHFEdfbKWTqdNzsS+Q6OwJt8YXsGH8csVpNOvhI+bUG+32UzU/HouBUNzDr
y1w69VLlsTE1bBhzwETgc+b7nfel1CyKqoqjbf8CAwEAAaOCAjswggI3MB0GA1Ud
DgQWBBQ5PIUk3vfOUirYfCVDS6HCzHZU5jAfBgNVHSMEGDAWgBQf6O6HhTQGzY0E
uo45v3pR/7ijvDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0gtanVoNFUwQnMyTkJMcU9PYjk2VWYtNG83dy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjEvMDA0NDFkLTgwZTQtNGQxOC05NTgxLTVjNWVhYjhhOWUzYy8x
L09UeUZKTjczemxJcTJId2xRMHVod3N4MlZPWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEv
MDA0NDFkLTgwZTQtNGQxOC05NTgxLTVjNWVhYjhhOWUzYy8xL0gtanVoNFUwQnMy
TkJMcU9PYjk2VWYtNG83dy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBR
BggrBgEFBQcBBwEB/wRCMEAwEgQCAAEwDAMEAFV15AMEArk8oDAqBAIAAjAkAwcA
KgJzoABQAwcAKgJzoABgAwcAKgJzoABwAwcAKgJzoACQMA0GCSqGSIb3DQEBCwUA
A4IBAQDRI5NcEUI6mJ3I+xpyXMgHJMMtg4xAxFWaC5r6RmL84QadQ1dXW1Jxq1+L
riYNRy711ARi5RvqYaQJGCN4xAaDXBAL56XQ88r/YXH4kS3uzN5PL93TtinatiSq
U3PyQIFta/W8prZpF34kmnvasU/ShiDuuuWZiTxp6rP8NZmORlcziq1j2xrU87vs
ewt8J83LGBgaldF7uoQfp/hPfn77WB2Xe4V2f/H9f8P+O6BAEOVVja3AHzcyyLPK
6V3PQkGwZcyDAc1dTju6iZc+WrDeM0PerPGLEwFS3E200ALxflLdFyyCpWVf5uqe
xwLhpsptrFzxaEi232NkwQSB4cGk
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:16 2023 by rpki-client on console-ams.rpki-client.org