Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ba/514aa5-c51d-48b1-ae06-19808bf44471/1/rT08zymq6bnd-HoDW6L0_AlwjXY.roa
File: rT08zymq6bnd-HoDW6L0_AlwjXY.roa (raw, json)
Hash identifier: T0YcBC3bXDlOvLA790NZBuDyisX9UrfztyuTuu2w/Fc=
Subject key identifier: AD:3D:3C:CF:29:AA:E9:B9:DD:F8:7A:03:5B:A2:F4:FC:09:70:8D:76
Certificate issuer: /CN=cb6f2040d94c995b0461dc5114a4c087351e99f2
Certificate serial: 018CC64B741881E34FF3D1C5053D7489C283
Authority key identifier: CB:6F:20:40:D9:4C:99:5B:04:61:DC:51:14:A4:C0:87:35:1E:99:F2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/y28gQNlMmVsEYdxRFKTAhzUemfI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ba/514aa5-c51d-48b1-ae06-19808bf44471/1/rT08zymq6bnd-HoDW6L0_AlwjXY.roa
Signing time: Mon 01 Jan 2024 18:31:22 +0000
ROA not before: Mon 01 Jan 2024 18:31:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 201237
IP address blocks: 185.81.23.0/24 maxlen: 24
185.81.22.0/24 maxlen: 24
185.81.21.0/24 maxlen: 24
185.81.20.0/24 maxlen: 24
89.147.102.0/24 maxlen: 24
89.147.101.0/24 maxlen: 24
89.147.100.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4b:74:18:81:e3:4f:f3:d1:c5:05:3d:74:89:c2:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cb6f2040d94c995b0461dc5114a4c087351e99f2
Validity
Not Before: Jan 1 18:31:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ad3d3ccf29aae9b9ddf87a035ba2f4fc09708d76
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:05:2f:e2:7c:f5:25:24:1d:79:a8:7c:2a:9f:
9a:eb:27:59:1c:19:75:c5:a5:f4:5d:68:ca:b3:83:
ac:c6:3b:ee:aa:b4:a1:cb:87:0a:e2:e9:d0:23:e4:
86:e2:f0:05:a5:17:13:d9:c8:53:c2:cf:d4:00:b6:
45:5f:28:41:65:5b:17:5c:83:e5:9f:f9:63:55:3c:
6d:01:a8:5d:2d:72:70:eb:05:d5:49:58:9b:03:09:
89:ad:c8:2a:75:25:41:67:31:1d:ea:45:39:69:b6:
cf:73:a6:af:c1:8e:b4:c8:91:c8:46:d0:67:c4:b3:
4d:3b:c2:2b:80:1a:fc:82:4b:6c:c6:d3:01:26:c9:
df:05:ed:0d:2f:66:5c:d1:13:e1:f6:c7:ff:03:b0:
38:3a:e4:ab:90:e8:a1:fb:f6:ad:6c:48:d0:22:f9:
3e:cd:11:3e:0c:fc:af:fa:57:95:39:b9:97:f0:99:
c3:b7:c0:47:cf:f3:f9:1e:a4:8c:27:3b:4b:09:3e:
9f:88:66:1b:81:34:51:62:24:0c:8e:8d:fa:a9:aa:
70:d0:c2:5e:23:ca:2e:e3:30:da:ab:9b:55:2b:38:
af:f5:8b:90:ce:dc:c7:dc:18:9b:32:90:ef:d4:6b:
3a:81:66:d2:aa:41:a2:52:cc:e3:04:4f:25:6a:8a:
13:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:3D:3C:CF:29:AA:E9:B9:DD:F8:7A:03:5B:A2:F4:FC:09:70:8D:76
X509v3 Authority Key Identifier:
keyid:CB:6F:20:40:D9:4C:99:5B:04:61:DC:51:14:A4:C0:87:35:1E:99:F2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/y28gQNlMmVsEYdxRFKTAhzUemfI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/514aa5-c51d-48b1-ae06-19808bf44471/1/rT08zymq6bnd-HoDW6L0_AlwjXY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ba/514aa5-c51d-48b1-ae06-19808bf44471/1/y28gQNlMmVsEYdxRFKTAhzUemfI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.147.100.0/22
185.81.20.0/22
Signature Algorithm: sha256WithRSAEncryption
21:04:b2:b3:3e:dc:7e:62:f8:d0:60:4a:8b:b5:3d:4c:5e:c2:
16:dd:3c:f4:fa:18:9a:f5:d0:ff:94:6d:05:fe:d0:c8:ea:0d:
d1:de:53:62:6b:1f:eb:ab:7a:e0:12:2f:49:77:ed:c5:b7:f4:
b7:f4:24:6f:82:fd:58:bf:8b:53:81:92:3c:09:3a:e5:aa:f3:
b3:dc:0b:be:c3:20:1b:c4:b0:27:28:20:11:89:73:2c:e5:05:
76:67:d4:f8:11:75:07:cd:70:35:9f:fb:63:19:eb:c5:6d:d5:
10:70:99:bd:25:9c:38:56:4a:c1:e0:ba:69:56:7e:06:a0:1b:
e3:2b:17:14:fd:97:dd:e5:e5:3c:80:c2:fb:eb:12:b1:bf:69:
ca:37:75:3c:1b:ed:e9:6b:7a:bd:b0:8b:53:26:94:6e:79:98:
36:da:22:14:f0:bf:5e:20:27:1d:ec:66:a9:5f:84:ee:81:1d:
e4:c0:68:da:43:be:ed:8c:e3:c7:1b:ea:9d:63:3c:b9:a3:77:
eb:8f:0f:74:08:dc:08:57:96:cd:8a:75:6a:01:23:9a:7b:86:
c7:9d:13:c4:14:a0:7d:45:6b:a1:26:44:4c:4d:a7:2d:ba:ac:
d0:8f:13:c7:27:db:d5:2e:8e:3c:ff:e7:8d:70:af:92:21:eb:
02:58:a4:9f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYzGS3QYgeNP89HFBT10icKDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNiNmYyMDQwZDk0Yzk5NWIwNDYxZGM1MTE0YTRjMDg3MzUx
ZTk5ZjIwHhcNMjQwMTAxMTgzMTIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZDNkM2NjZjI5YWFlOWI5ZGRmODdhMDM1YmEyZjRmYzA5NzA4ZDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiwUv4nz1JSQdeah8Kp+a6ydZHBl1
xaX0XWjKs4OsxjvuqrShy4cK4unQI+SG4vAFpRcT2chTws/UALZFXyhBZVsXXIPl
n/ljVTxtAahdLXJw6wXVSVibAwmJrcgqdSVBZzEd6kU5abbPc6avwY60yJHIRtBn
xLNNO8IrgBr8gktsxtMBJsnfBe0NL2Zc0RPh9sf/A7A4OuSrkOih+/atbEjQIvk+
zRE+DPyv+leVObmX8JnDt8BHz/P5HqSMJztLCT6fiGYbgTRRYiQMjo36qapw0MJe
I8ou4zDaq5tVKziv9YuQztzH3BibMpDv1Gs6gWbSqkGiUszjBE8laooTfQIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFK09PM8pqum53fh6A1ui9PwJcI12MB8GA1UdIwQY
MBaAFMtvIEDZTJlbBGHcURSkwIc1HpnyMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveTI4Z1FObE1tVnNFWWR4UkZLVEFoelVlbWZJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYS81MTRhYTUtYzUxZC00OGIxLWFlMDYt
MTk4MDhiZjQ0NDcxLzEvclQwOHp5bXE2Ym5kLUhvRFc2TDBfQWx3alhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYS81MTRhYTUtYzUxZC00OGIxLWFlMDYtMTk4MDhiZjQ0NDcx
LzEveTI4Z1FObE1tVnNFWWR4UkZLVEFoelVlbWZJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCWZNkAwQC
uVEUMA0GCSqGSIb3DQEBCwUAA4IBAQAhBLKzPtx+YvjQYEqLtT1MXsIW3Tz0+hia
9dD/lG0F/tDI6g3R3lNiax/rq3rgEi9Jd+3Ft/S39CRvgv1Yv4tTgZI8CTrlqvOz
3Au+wyAbxLAnKCARiXMs5QV2Z9T4EXUHzXA1n/tjGevFbdUQcJm9JZw4VkrB4Lpp
Vn4GoBvjKxcU/Zfd5eU8gML76xKxv2nKN3U8G+3pa3q9sItTJpRueZg22iIU8L9e
ICcd7GapX4TugR3kwGjaQ77tjOPHG+qdYzy5o3frjw90CNwIV5bNinVqASOae4bH
nRPEFKB9RWuhJkRMTactuqzQjxPHJ9vVLo48/+eNcK+SIesCWKSf
-----END CERTIFICATE-----
Generated at Mon Mar 4 17:08:12 2024 by rpki-client on console-fra.rpki-client.org