Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/514aa5-c51d-48b1-ae06-19808bf44471/1/4aXhsa0GUk_0DrZhTHXW9Mj5ywY.roa
File: 4aXhsa0GUk_0DrZhTHXW9Mj5ywY.roa (raw, json)
Hash identifier: TcNy3XRDKNDMBAvXO4GjYTITu6+VXNltb8bJ47FIaKI=
Subject key identifier: E1:A5:E1:B1:AD:06:52:4F:F4:0E:B6:61:4C:75:D6:F4:C8:F9:CB:06
Certificate issuer: /CN=cb6f2040d94c995b0461dc5114a4c087351e99f2
Certificate serial: 01856DCB0DE9CA8BE2B10039B380826A60E3
Authority key identifier: CB:6F:20:40:D9:4C:99:5B:04:61:DC:51:14:A4:C0:87:35:1E:99:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/y28gQNlMmVsEYdxRFKTAhzUemfI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ba/514aa5-c51d-48b1-ae06-19808bf44471/1/4aXhsa0GUk_0DrZhTHXW9Mj5ywY.roa
Signing time: Sun 01 Jan 2023 14:45:01 +0000
ROA not before: Sun 01 Jan 2023 14:45:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201237
IP address blocks: 185.81.23.0/24 maxlen: 24
185.81.22.0/24 maxlen: 24
185.81.21.0/24 maxlen: 24
185.81.20.0/24 maxlen: 24
89.147.102.0/24 maxlen: 24
89.147.101.0/24 maxlen: 24
89.147.100.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:cb:0d:e9:ca:8b:e2:b1:00:39:b3:80:82:6a:60:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cb6f2040d94c995b0461dc5114a4c087351e99f2
Validity
Not Before: Jan 1 14:45:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e1a5e1b1ad06524ff40eb6614c75d6f4c8f9cb06
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:5e:12:f9:01:7f:5e:f3:30:a8:5c:27:ff:84:
34:8f:42:85:b1:51:51:ad:2e:f6:1b:35:fb:8f:c1:
52:41:e0:3c:d8:c2:35:4d:6e:f8:50:60:06:41:92:
01:47:4c:5f:01:23:80:44:9c:32:42:e6:e8:ce:60:
7f:35:a1:a4:a7:86:05:2b:c6:d4:37:70:4c:ba:21:
59:5c:29:5f:81:ef:7a:76:a4:ad:cd:04:19:f5:19:
55:c6:81:0b:72:77:58:57:a4:50:be:ed:75:68:ee:
e3:d6:73:72:4c:06:29:04:d2:97:50:2c:64:1b:9a:
bb:51:f9:13:ea:a3:15:4f:0b:10:02:5f:4a:53:28:
9e:c1:18:e8:d9:ad:03:5f:29:94:d0:65:68:3a:e6:
b4:f2:3d:9b:4c:d0:dd:bd:34:23:78:3b:f1:fd:2c:
be:52:29:37:45:54:5c:c1:46:74:e1:d3:75:e2:81:
eb:b7:75:a1:a0:86:26:65:6a:a5:39:b5:62:70:f4:
30:0b:63:9d:83:5c:0c:d9:cb:22:9c:79:e2:29:54:
6a:b4:15:68:26:93:5a:ea:46:36:38:cc:a0:fe:19:
21:f1:51:0e:cb:d2:fc:a6:95:8c:76:fa:ef:a8:7c:
80:b5:d7:c5:1e:f3:d3:a9:69:fe:53:94:8b:61:f0:
7e:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:A5:E1:B1:AD:06:52:4F:F4:0E:B6:61:4C:75:D6:F4:C8:F9:CB:06
X509v3 Authority Key Identifier:
keyid:CB:6F:20:40:D9:4C:99:5B:04:61:DC:51:14:A4:C0:87:35:1E:99:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y28gQNlMmVsEYdxRFKTAhzUemfI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/514aa5-c51d-48b1-ae06-19808bf44471/1/4aXhsa0GUk_0DrZhTHXW9Mj5ywY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/514aa5-c51d-48b1-ae06-19808bf44471/1/y28gQNlMmVsEYdxRFKTAhzUemfI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.147.100.0/22
185.81.20.0/22
Signature Algorithm: sha256WithRSAEncryption
4f:18:39:06:54:1e:19:61:45:39:d7:28:46:dc:bf:31:ee:73:
13:a3:c1:5c:61:22:8e:b4:63:46:b3:07:1c:21:be:81:16:09:
ac:71:84:74:97:c7:0b:b2:99:5e:82:e7:20:d8:0e:09:e4:26:
b3:af:91:b1:36:ca:7d:c5:bc:8d:b8:a6:2d:de:11:bb:2d:95:
f8:62:92:9e:4a:f9:14:1c:0f:6a:1b:04:7e:52:f2:2f:a1:7b:
32:c9:0c:60:5e:b2:ee:2d:a9:28:b4:f8:6e:79:2b:42:01:c2:
1a:0a:35:6e:7c:33:59:03:e4:4e:12:bb:7b:af:e3:ca:da:83:
d8:73:01:d7:19:3b:fd:a7:3c:3e:14:fe:60:62:b9:a6:fe:41:
28:a4:6c:70:b1:e9:96:b0:7e:c4:53:29:51:e5:03:64:cd:c4:
8e:a6:48:97:da:33:ce:0b:35:58:08:83:d2:47:34:e7:17:ec:
cb:cb:50:65:4b:2c:71:72:0f:37:01:d6:ac:7f:1f:8d:c1:80:
66:1b:ea:d0:29:39:f6:23:a2:5e:39:52:a7:3b:36:7c:01:4b:
a3:37:62:6f:7a:b6:e2:e9:45:17:bd:35:be:27:57:93:1c:2e:
08:f4:9d:94:77:80:f9:46:4a:b0:25:2b:5f:ed:23:b4:f8:7f:
ec:eb:5e:0b
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVtyw3pyovisQA5s4CCamDjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNmYyMDQwZDk0Yzk5NWIwNDYxZGM1MTE0YTRjMDg3MzUx
ZTk5ZjIwHhcNMjMwMTAxMTQ0NTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMWE1ZTFiMWFkMDY1MjRmZjQwZWI2NjE0Yzc1ZDZmNGM4ZjljYjA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxF4S+QF/XvMwqFwn/4Q0j0KFsVFR
rS72GzX7j8FSQeA82MI1TW74UGAGQZIBR0xfASOARJwyQubozmB/NaGkp4YFK8bU
N3BMuiFZXClfge96dqStzQQZ9RlVxoELcndYV6RQvu11aO7j1nNyTAYpBNKXUCxk
G5q7UfkT6qMVTwsQAl9KUyiewRjo2a0DXymU0GVoOua08j2bTNDdvTQjeDvx/Sy+
Uik3RVRcwUZ04dN14oHrt3WhoIYmZWqlObVicPQwC2Odg1wM2csinHniKVRqtBVo
JpNa6kY2OMyg/hkh8VEOy9L8ppWMdvrvqHyAtdfFHvPTqWn+U5SLYfB+5wIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOGl4bGtBlJP9A62YUx11vTI+csGMB8GA1UdIwQY
MBaAFMtvIEDZTJlbBGHcURSkwIc1HpnyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTI4Z1FObE1tVnNFWWR4UkZLVEFoelVlbWZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS81MTRhYTUtYzUxZC00OGIxLWFlMDYt
MTk4MDhiZjQ0NDcxLzEvNGFYaHNhMEdVa18wRHJaaFRIWFc5TWo1eXdZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS81MTRhYTUtYzUxZC00OGIxLWFlMDYtMTk4MDhiZjQ0NDcx
LzEveTI4Z1FObE1tVnNFWWR4UkZLVEFoelVlbWZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCWZNkAwQC
uVEUMA0GCSqGSIb3DQEBCwUAA4IBAQBPGDkGVB4ZYUU51yhG3L8x7nMTo8FcYSKO
tGNGswccIb6BFgmscYR0l8cLsplegucg2A4J5Cazr5GxNsp9xbyNuKYt3hG7LZX4
YpKeSvkUHA9qGwR+UvIvoXsyyQxgXrLuLakotPhueStCAcIaCjVufDNZA+ROErt7
r+PK2oPYcwHXGTv9pzw+FP5gYrmm/kEopGxwsemWsH7EUylR5QNkzcSOpkiX2jPO
CzVYCIPSRzTnF+zLy1BlSyxxcg83Adasfx+NwYBmG+rQKTn2I6JeOVKnOzZ8AUuj
N2Jverbi6UUXvTW+J1eTHC4I9J2Ud4D5RkqwJStf7SO0+H/s614L
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:28 2024 by rpki-client on console-fra.rpki-client.org