Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d5/86e32b-f067-450f-b67c-3aa150a92ab7/1/sk_OUhB2kVKhQZCwTYMsy93HTCs.roa
File: sk_OUhB2kVKhQZCwTYMsy93HTCs.roa (raw, json)
Hash identifier: m7bRNZzqLKg5d2xr969oQCBEgOXfLXuHS2Zxob7tXjA=
Subject key identifier: B2:4F:CE:52:10:76:91:52:A1:41:90:B0:4D:83:2C:CB:DD:C7:4C:2B
Certificate issuer: /CN=ae736cafddb6ebb8d7c76943f4a271e038510aa9
Certificate serial: 01856C9CEB9EE73E04B7417F5AB89449A76E
Authority key identifier: AE:73:6C:AF:DD:B6:EB:B8:D7:C7:69:43:F4:A2:71:E0:38:51:0A:A9
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rnNsr92267jXx2lD9KJx4DhRCqk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d5/86e32b-f067-450f-b67c-3aa150a92ab7/1/sk_OUhB2kVKhQZCwTYMsy93HTCs.roa
Signing time: Sun 01 Jan 2023 09:15:01 +0000
ROA not before: Sun 01 Jan 2023 09:15:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200845
IP address blocks: 185.137.103.0/24 maxlen: 24
185.137.102.0/24 maxlen: 24
185.137.102.0/23 maxlen: 23
185.137.100.0/22 maxlen: 22
185.137.101.0/24 maxlen: 24
185.137.100.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:9c:eb:9e:e7:3e:04:b7:41:7f:5a:b8:94:49:a7:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ae736cafddb6ebb8d7c76943f4a271e038510aa9
Validity
Not Before: Jan 1 09:15:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b24fce5210769152a14190b04d832ccbddc74c2b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:bd:ad:cc:6d:cf:0b:4e:0a:ac:85:58:92:d0:
33:92:d0:60:d6:99:b6:02:8f:94:9e:e4:f8:da:a9:
aa:cc:d3:17:ea:b2:d2:77:61:55:ed:2f:1f:fd:dc:
15:ab:44:8a:f2:a5:60:64:19:23:c9:87:e5:df:05:
f6:a7:24:2f:70:12:fe:89:59:c4:24:99:5f:73:43:
77:c6:46:34:a0:14:d7:63:26:f1:e5:2f:c0:6d:57:
70:cd:b6:05:15:8d:82:0f:e4:9d:c2:ba:8b:21:07:
20:32:c9:8b:2f:f4:12:05:d2:9e:0f:aa:c5:c9:d1:
62:e6:0d:17:82:b3:5f:20:6b:a4:7b:22:39:0e:43:
65:b9:d9:b0:b7:6d:d4:b9:dd:2b:43:e1:d2:f9:68:
93:1c:ad:63:d7:46:02:03:f5:b9:dd:5a:01:d7:2d:
fd:ac:2a:b8:6f:60:11:c4:54:c2:1a:7c:7d:11:01:
ec:cf:ba:4c:6a:aa:1a:58:4b:1f:47:68:54:84:df:
c0:72:d4:d2:02:8f:88:17:f1:63:b4:21:c6:d5:82:
b4:49:9b:97:83:64:a6:4a:dc:8a:33:d5:26:22:bc:
c8:ee:9a:d5:81:df:34:9d:5f:29:05:40:aa:94:4f:
2b:e1:8f:4f:28:00:99:72:96:ee:3b:57:da:48:71:
a1:0f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:4F:CE:52:10:76:91:52:A1:41:90:B0:4D:83:2C:CB:DD:C7:4C:2B
X509v3 Authority Key Identifier:
keyid:AE:73:6C:AF:DD:B6:EB:B8:D7:C7:69:43:F4:A2:71:E0:38:51:0A:A9
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rnNsr92267jXx2lD9KJx4DhRCqk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/86e32b-f067-450f-b67c-3aa150a92ab7/1/sk_OUhB2kVKhQZCwTYMsy93HTCs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d5/86e32b-f067-450f-b67c-3aa150a92ab7/1/rnNsr92267jXx2lD9KJx4DhRCqk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.137.100.0/22
Signature Algorithm: sha256WithRSAEncryption
17:7d:8d:f2:78:f0:85:2f:34:04:37:82:eb:53:f3:fb:e9:8c:
70:6e:b3:9a:cf:47:bf:14:45:7d:3d:36:c7:d3:8f:74:c7:2c:
37:37:83:13:85:b0:d4:b8:a6:66:41:d0:2b:43:a0:b7:40:65:
3e:86:33:91:19:f1:ef:d2:d3:64:39:2d:30:ec:a7:45:96:40:
8a:05:b6:c9:ad:63:87:94:c4:66:f3:c3:79:c7:e6:dd:8d:5b:
df:76:8e:78:f2:00:c9:04:38:b4:5e:4a:8d:ae:f2:73:75:c0:
17:30:f7:c0:d7:90:dc:c1:08:55:2d:68:52:c1:f5:69:9f:8b:
eb:2d:c0:e7:86:e8:8a:09:0f:41:b5:2f:cc:5c:69:79:23:58:
7c:12:6e:52:72:b6:24:7c:d6:77:85:62:a7:6a:29:90:23:22:
cf:80:b0:06:2b:d3:50:2b:df:07:29:07:45:6b:5f:04:39:0e:
8e:b9:21:ae:0d:a9:f1:c0:6e:a3:5e:95:31:d4:19:aa:87:0c:
94:bb:8a:7c:84:f9:b0:af:56:7c:78:7c:e7:c9:59:fb:07:06:
e2:78:94:09:83:7d:4d:41:64:3f:4b:4d:1e:3b:38:c7:8a:f3:
51:dc:b0:18:42:1c:da:94:26:7f:79:88:24:53:80:36:7d:f6:
56:2e:d4:39
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYVsnOue5z4Et0F/WriUSaduMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFlNzM2Y2FmZGRiNmViYjhkN2M3Njk0M2Y0YTI3MWUwMzg1
MTBhYTkwHhcNMjMwMTAxMDkxNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMjRmY2U1MjEwNzY5MTUyYTE0MTkwYjA0ZDgzMmNjYmRkYzc0YzJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs72tzG3PC04KrIVYktAzktBg1pm2
Ao+UnuT42qmqzNMX6rLSd2FV7S8f/dwVq0SK8qVgZBkjyYfl3wX2pyQvcBL+iVnE
JJlfc0N3xkY0oBTXYybx5S/AbVdwzbYFFY2CD+SdwrqLIQcgMsmLL/QSBdKeD6rF
ydFi5g0XgrNfIGukeyI5DkNludmwt23Uud0rQ+HS+WiTHK1j10YCA/W53VoB1y39
rCq4b2ARxFTCGnx9EQHsz7pMaqoaWEsfR2hUhN/ActTSAo+IF/FjtCHG1YK0SZuX
g2SmStyKM9UmIrzI7prVgd80nV8pBUCqlE8r4Y9PKACZcpbuO1faSHGhDwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFLJPzlIQdpFSoUGQsE2DLMvdx0wrMB8GA1UdIwQY
MBaAFK5zbK/dtuu418dpQ/SiceA4UQqpMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcm5Oc3I5MjI2N2pYeDJsRDlLSng0RGhSQ3FrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNS84NmUzMmItZjA2Ny00NTBmLWI2N2Mt
M2FhMTUwYTkyYWI3LzEvc2tfT1VoQjJrVktoUVpDd1RZTXN5OTNIVENzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNS84NmUzMmItZjA2Ny00NTBmLWI2N2MtM2FhMTUwYTkyYWI3
LzEvcm5Oc3I5MjI2N2pYeDJsRDlLSng0RGhSQ3FrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCuYlkMA0G
CSqGSIb3DQEBCwUAA4IBAQAXfY3yePCFLzQEN4LrU/P76YxwbrOaz0e/FEV9PTbH
0490xyw3N4MThbDUuKZmQdArQ6C3QGU+hjORGfHv0tNkOS0w7KdFlkCKBbbJrWOH
lMRm88N5x+bdjVvfdo548gDJBDi0XkqNrvJzdcAXMPfA15DcwQhVLWhSwfVpn4vr
LcDnhuiKCQ9BtS/MXGl5I1h8Em5ScrYkfNZ3hWKnaimQIyLPgLAGK9NQK98HKQdF
a18EOQ6OuSGuDanxwG6jXpUx1BmqhwyUu4p8hPmwr1Z8eHznyVn7BwbieJQJg31N
QWQ/S00eOzjHivNR3LAYQhzalCZ/eYgkU4A2ffZWLtQ5
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:46:29 2024 by rpki-client on console-ams.rpki-client.org