Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c7/6046a6-decb-49a3-a3b4-3087f86a63ab/1/iLKvFDA8kn3bME4a9F-gzsxFJjs.roa
File: iLKvFDA8kn3bME4a9F-gzsxFJjs.roa (raw, json)
Hash identifier: usfhmKhnSPQ+lv6rqVTXzKon1Aw5htqnngUSk/IjH2s=
Subject key identifier: 88:B2:AF:14:30:3C:92:7D:DB:30:4E:1A:F4:5F:A0:CE:CC:45:26:3B
Certificate issuer: /CN=c605871889b9dcafe7ec3136aed1ddfee2dfbc7d
Certificate serial: 01856E820396B5E1ED9E97453194B093B2F8
Authority key identifier: C6:05:87:18:89:B9:DC:AF:E7:EC:31:36:AE:D1:DD:FE:E2:DF:BC:7D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xgWHGIm53K_n7DE2rtHd_uLfvH0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c7/6046a6-decb-49a3-a3b4-3087f86a63ab/1/iLKvFDA8kn3bME4a9F-gzsxFJjs.roa
Signing time: Sun 01 Jan 2023 18:04:52 +0000
ROA not before: Sun 01 Jan 2023 18:04:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31019
IP address blocks: 91.228.151.0/24 maxlen: 24
185.82.184.0/22 maxlen: 22
2a05:9280::/29 maxlen: 29
2001:67c:22dc::/48 maxlen: 48
2a05:9280::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:82:03:96:b5:e1:ed:9e:97:45:31:94:b0:93:b2:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c605871889b9dcafe7ec3136aed1ddfee2dfbc7d
Validity
Not Before: Jan 1 18:04:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=88b2af14303c927ddb304e1af45fa0cecc45263b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:55:8c:de:98:33:cd:57:23:8e:b1:d8:db:32:
5f:69:b4:70:c1:7f:2a:25:31:1f:32:f5:f9:e6:25:
6a:57:09:23:74:62:74:85:39:20:32:44:93:4d:ec:
f3:b7:df:5e:81:fd:de:60:a4:33:b1:ca:54:68:cc:
56:2e:72:0e:fb:8f:2e:ae:02:36:3f:a3:76:cd:9c:
83:ee:c1:f8:b6:93:fa:ae:f1:29:c1:bc:dd:8f:40:
6c:26:6a:8e:8a:c6:36:3d:15:8b:0b:9d:d1:f6:d9:
20:1f:45:67:46:6d:67:0b:3e:6d:00:da:81:e6:29:
9d:a3:16:13:33:11:21:8a:54:df:3c:e4:ee:4c:17:
b0:37:77:af:18:11:31:ea:8b:d4:40:2a:21:f3:d4:
e6:dc:27:da:23:12:f8:cd:ba:3c:65:25:22:fa:66:
a5:f9:4f:65:04:64:1b:f0:19:5d:12:76:8b:35:43:
b8:c8:d6:3a:9a:b3:68:36:b0:44:ea:ee:94:b5:df:
c6:a8:cd:58:83:c9:f9:4d:cc:67:2f:5f:e8:e3:d3:
c1:32:af:8a:f2:32:6a:36:d4:78:7d:93:f9:ab:34:
43:25:55:92:56:cc:7e:bd:09:1f:08:2e:6d:7f:62:
76:0d:ac:80:45:b1:bc:cc:a4:87:10:cb:b9:b0:22:
10:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:B2:AF:14:30:3C:92:7D:DB:30:4E:1A:F4:5F:A0:CE:CC:45:26:3B
X509v3 Authority Key Identifier:
keyid:C6:05:87:18:89:B9:DC:AF:E7:EC:31:36:AE:D1:DD:FE:E2:DF:BC:7D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xgWHGIm53K_n7DE2rtHd_uLfvH0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6046a6-decb-49a3-a3b4-3087f86a63ab/1/iLKvFDA8kn3bME4a9F-gzsxFJjs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c7/6046a6-decb-49a3-a3b4-3087f86a63ab/1/xgWHGIm53K_n7DE2rtHd_uLfvH0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.228.151.0/24
185.82.184.0/22
IPv6:
2001:67c:22dc::/48
2a05:9280::/29
Signature Algorithm: sha256WithRSAEncryption
6b:e2:d2:9e:d7:18:92:cd:fd:53:49:58:c7:e0:c7:40:15:26:
69:0b:88:0c:92:f0:0d:26:19:0a:b8:52:48:91:6d:46:37:ee:
c4:81:f2:cc:bc:96:9c:dc:fe:38:b5:ce:a1:21:a0:88:b4:9d:
2f:0e:cf:11:b5:63:7a:14:5e:cf:ff:45:cb:c2:23:31:26:91:
17:e5:f3:7d:40:fe:1c:11:82:fc:f1:32:4a:f9:47:2b:09:38:
51:a6:5e:3b:b2:3a:68:34:10:df:a1:75:dc:72:07:35:6a:22:
d5:d9:d2:02:2e:60:3d:c3:f3:e5:d8:50:62:dc:81:c4:07:41:
da:6d:e3:85:8b:b3:a8:23:e6:2d:89:9e:55:ca:a8:71:8e:53:
a6:00:35:6d:26:e0:2e:50:0f:18:3e:7a:66:75:63:2d:cc:1c:
31:d7:25:61:aa:70:71:89:dd:74:65:c4:ca:a7:df:fd:25:53:
00:c7:34:09:e1:ef:4a:15:80:f6:32:3d:ce:a3:ee:5c:35:d0:
39:8a:dc:c5:4e:96:38:ed:27:31:15:d9:80:5e:a8:95:0e:e9:
63:00:97:a3:6c:33:2f:b1:e1:33:fd:79:48:b2:5b:d9:c1:27:
0f:91:7d:fe:3e:5c:47:42:98:58:fb:54:65:0f:70:71:39:19:
c2:02:53:84
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYVuggOWteHtnpdFMZSwk7L4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2MDU4NzE4ODliOWRjYWZlN2VjMzEzNmFlZDFkZGZlZTJk
ZmJjN2QwHhcNMjMwMTAxMTgwNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGIyYWYxNDMwM2M5MjdkZGIzMDRlMWFmNDVmYTBjZWNjNDUyNjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi1WM3pgzzVcjjrHY2zJfabRwwX8q
JTEfMvX55iVqVwkjdGJ0hTkgMkSTTezzt99egf3eYKQzscpUaMxWLnIO+48urgI2
P6N2zZyD7sH4tpP6rvEpwbzdj0BsJmqOisY2PRWLC53R9tkgH0VnRm1nCz5tANqB
5imdoxYTMxEhilTfPOTuTBewN3evGBEx6ovUQCoh89Tm3CfaIxL4zbo8ZSUi+mal
+U9lBGQb8BldEnaLNUO4yNY6mrNoNrBE6u6Utd/GqM1Yg8n5TcxnL1/o49PBMq+K
8jJqNtR4fZP5qzRDJVWSVsx+vQkfCC5tf2J2DayARbG8zKSHEMu5sCIQtQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFIiyrxQwPJJ92zBOGvRfoM7MRSY7MB8GA1UdIwQY
MBaAFMYFhxiJudyv5+wxNq7R3f7i37x9MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveGdXSEdJbTUzS19uN0RFMnJ0SGRfdUxmdkgwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNy82MDQ2YTYtZGVjYi00OWEzLWEzYjQt
MzA4N2Y4NmE2M2FiLzEvaUxLdkZEQThrbjNiTUU0YTlGLWd6c3hGSmpzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNy82MDQ2YTYtZGVjYi00OWEzLWEzYjQtMzA4N2Y4NmE2M2Fi
LzEveGdXSEdJbTUzS19uN0RFMnJ0SGRfdUxmdkgwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDASBAIAATAMAwQAW+SXAwQC
uVK4MBYEAgACMBADBwAgAQZ8ItwDBQMqBZKAMA0GCSqGSIb3DQEBCwUAA4IBAQBr
4tKe1xiSzf1TSVjH4MdAFSZpC4gMkvANJhkKuFJIkW1GN+7EgfLMvJac3P44tc6h
IaCItJ0vDs8RtWN6FF7P/0XLwiMxJpEX5fN9QP4cEYL88TJK+UcrCThRpl47sjpo
NBDfoXXccgc1aiLV2dICLmA9w/Pl2FBi3IHEB0HabeOFi7OoI+YtiZ5VyqhxjlOm
ADVtJuAuUA8YPnpmdWMtzBwx1yVhqnBxid10ZcTKp9/9JVMAxzQJ4e9KFYD2Mj3O
o+5cNdA5itzFTpY47ScxFdmAXqiVDuljAJejbDMvseEz/XlIslvZwScPkX3+PlxH
QphY+1RlD3BxORnCAlOE
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:21 2024 by rpki-client on console-fra.rpki-client.org