Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/kXOlDJdFXKDpNVTYRD2LbYRB7C0.roa
File: kXOlDJdFXKDpNVTYRD2LbYRB7C0.roa (raw, json)
Hash identifier: ZFHE23ftAAsdlxwEOQFVfYVxhhQUNHvXyFGNQQrFPx4=
Subject key identifier: 91:73:A5:0C:97:45:5C:A0:E9:35:54:D8:44:3D:8B:6D:84:41:EC:2D
Certificate issuer: /CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Certificate serial: 019034FE11F232B9063D4C80E24CA3EF6DE5
Authority key identifier: 3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/kXOlDJdFXKDpNVTYRD2LbYRB7C0.roa
Signing time: Thu 20 Jun 2024 09:33:04 +0000
ROA not before: Thu 20 Jun 2024 09:33:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 208913
IP address blocks: 46.247.144.0/20 maxlen: 24
89.40.41.0/24 maxlen: 24
89.200.240.0/23 maxlen: 24
91.229.228.0/24 maxlen: 24
91.238.148.0/23 maxlen: 24
93.180.208.0/22 maxlen: 24
193.37.136.0/24 maxlen: 24
193.105.176.0/24 maxlen: 24
193.169.8.0/23 maxlen: 24
193.192.52.0/23 maxlen: 24
193.239.172.0/23 maxlen: 24
193.239.246.0/23 maxlen: 24
194.24.234.0/23 maxlen: 24
194.42.100.0/23 maxlen: 24
194.88.134.0/23 maxlen: 24
194.106.212.0/23 maxlen: 24
194.246.106.0/23 maxlen: 24
195.2.196.0/23 maxlen: 24
195.13.48.0/23 maxlen: 24
195.34.80.0/23 maxlen: 24
195.93.140.0/23 maxlen: 24
195.128.188.0/23 maxlen: 24
195.135.192.0/23 maxlen: 24
195.189.176.0/24 maxlen: 24
195.189.186.0/23 maxlen: 24
195.189.250.0/23 maxlen: 24
195.210.44.0/23 maxlen: 24
195.254.140.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:34:fe:11:f2:32:b9:06:3d:4c:80:e2:4c:a3:ef:6d:e5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Validity
Not Before: Jun 20 09:33:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9173a50c97455ca0e93554d8443d8b6d8441ec2d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:ae:c0:37:d2:b2:74:75:72:7e:c1:97:0c:0d:
9d:c2:aa:86:70:b1:05:ac:60:19:b7:83:13:b9:73:
71:39:39:2d:13:de:8e:f0:aa:e0:1e:44:cb:43:de:
71:fd:ac:f3:28:1b:98:3c:3a:84:3d:48:61:ac:90:
5c:88:39:94:21:2e:9f:15:36:4c:7b:40:66:12:eb:
08:01:8b:87:28:55:4e:32:df:4e:e4:8d:fa:aa:c6:
29:df:f5:98:51:20:d6:05:52:d2:a1:68:5f:dd:e0:
01:fd:2e:3a:d5:9b:e5:9e:f5:65:39:95:41:50:f2:
a4:b7:62:62:86:84:49:bf:dd:f9:aa:1a:19:c2:66:
59:b3:52:0b:35:20:50:69:1c:e3:60:92:3d:8b:76:
2b:d9:ad:05:f1:1d:d3:e6:bf:06:d6:aa:4a:11:cc:
98:53:e5:36:08:5a:3e:62:a4:5d:3b:86:a2:81:64:
6d:59:06:da:bb:6f:ad:60:64:65:3b:90:30:36:1a:
3c:8a:f7:37:57:06:2d:76:c3:8c:98:09:cc:7d:84:
d0:c6:f0:74:b1:67:83:fa:0d:15:a0:c3:19:06:b7:
9c:17:78:56:a6:4c:60:2c:a4:39:8d:5a:f6:9a:4d:
45:c6:23:ef:94:5e:83:cc:42:0f:87:3e:95:6d:5a:
84:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:73:A5:0C:97:45:5C:A0:E9:35:54:D8:44:3D:8B:6D:84:41:EC:2D
X509v3 Authority Key Identifier:
keyid:3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/kXOlDJdFXKDpNVTYRD2LbYRB7C0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.247.144.0/20
89.40.41.0/24
89.200.240.0/23
91.229.228.0/24
91.238.148.0/23
93.180.208.0/22
193.37.136.0/24
193.105.176.0/24
193.169.8.0/23
193.192.52.0/23
193.239.172.0/23
193.239.246.0/23
194.24.234.0/23
194.42.100.0/23
194.88.134.0/23
194.106.212.0/23
194.246.106.0/23
195.2.196.0/23
195.13.48.0/23
195.34.80.0/23
195.93.140.0/23
195.128.188.0/23
195.135.192.0/23
195.189.176.0/24
195.189.186.0/23
195.189.250.0/23
195.210.44.0/23
195.254.140.0/23
Signature Algorithm: sha256WithRSAEncryption
27:35:e0:5c:be:80:6f:2b:cc:05:90:0c:ae:22:9c:1f:61:5a:
5c:b5:19:64:02:1d:e8:ab:ce:68:58:1f:53:e4:da:f2:d5:79:
a2:0a:f5:6c:cb:97:01:58:34:a0:10:33:9d:54:b6:a7:99:72:
da:90:4f:fc:34:c6:cb:f9:e0:76:b5:53:f4:e3:4c:b1:2c:06:
92:b1:39:5d:24:9a:a5:c9:d9:4a:3b:db:eb:34:99:58:71:e9:
60:ca:27:30:f5:03:be:f3:b4:ff:bd:ec:7a:2f:5e:b8:5f:17:
78:a7:5a:ac:95:ea:73:c4:a6:61:4e:bc:43:83:41:0a:65:74:
1e:d6:d7:b9:be:e4:ff:41:9e:fe:ee:20:b2:f3:bb:b2:c2:db:
4a:93:66:82:94:9d:6b:ce:cc:32:59:61:ca:4d:2b:7a:34:e8:
bc:d0:d5:ba:70:19:a9:36:b6:4f:ae:5e:aa:07:bb:4b:5a:d1:
d1:25:38:79:cc:46:01:d1:40:9c:a1:82:69:de:e1:f7:42:5e:
f6:7d:bc:e8:67:b3:74:cb:7f:b0:cd:e4:78:a3:c2:51:83:35:
1d:f9:b4:89:68:08:1c:51:80:8a:9a:d8:b5:88:46:a7:f3:24:
34:75:9a:ae:bd:1e:24:53:a3:74:50:05:90:b6:ac:95:5f:7e:
af:03:ed:77
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgISAZA0/hHyMrkGPUyA4kyj723lMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWYzMmQwY2ZhN2E4NmQzMGU3ZTExYTczZWJiZDBiMjRk
YmY0MWYwHhcNMjQwNjIwMDkzMzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MTczYTUwYzk3NDU1Y2EwZTkzNTU0ZDg0NDNkOGI2ZDg0NDFlYzJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwa7AN9KydHVyfsGXDA2dwqqGcLEF
rGAZt4MTuXNxOTktE96O8KrgHkTLQ95x/azzKBuYPDqEPUhhrJBciDmUIS6fFTZM
e0BmEusIAYuHKFVOMt9O5I36qsYp3/WYUSDWBVLSoWhf3eAB/S461ZvlnvVlOZVB
UPKkt2JihoRJv935qhoZwmZZs1ILNSBQaRzjYJI9i3Yr2a0F8R3T5r8G1qpKEcyY
U+U2CFo+YqRdO4aigWRtWQbau2+tYGRlO5AwNho8ivc3VwYtdsOMmAnMfYTQxvB0
sWeD+g0VoMMZBrecF3hWpkxgLKQ5jVr2mk1FxiPvlF6DzEIPhz6VbVqECQIDAQAB
o4ICsDCCAqwwHQYDVR0OBBYEFJFzpQyXRVyg6TVU2EQ9i22EQewtMB8GA1UdIwQY
MBaAFD4fMtDPp6htMOfhGnPrvQsk2/QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUt
NjA2OGMwNGQxYmUwLzEva1hPbERKZEZYS0RwTlZUWVJEMkxiWVJCN0MwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUtNjA2OGMwNGQxYmUw
LzEvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHFBggrBgEFBQcBBwEB/wSBtTCBsjCBrwQCAAEwgagDBAQu
95ADBABZKCkDBAFZyPADBABb5eQDBAFb7pQDBAJdtNADBADBJYgDBADBabADBAHB
qQgDBAHBwDQDBAHB76wDBAHB7/YDBAHCGOoDBAHCKmQDBAHCWIYDBAHCatQDBAHC
9moDBAHDAsQDBAHDDTADBAHDIlADBAHDXYwDBAHDgLwDBAHDh8ADBADDvbADBAHD
vboDBAHDvfoDBAHD0iwDBAHD/owwDQYJKoZIhvcNAQELBQADggEBACc14Fy+gG8r
zAWQDK4inB9hWly1GWQCHeirzmhYH1Pk2vLVeaIK9WzLlwFYNKAQM51UtqeZctqQ
T/w0xsv54Ha1U/TjTLEsBpKxOV0kmqXJ2Uo72+s0mVhx6WDKJzD1A77ztP+97Hov
XrhfF3inWqyV6nPEpmFOvEODQQpldB7W17m+5P9Bnv7uILLzu7LC20qTZoKUnWvO
zDJZYcpNK3o06LzQ1bpwGak2tk+uXqoHu0ta0dElOHnMRgHRQJyhgmne4fdCXvZ9
vOhns3TLf7DN5HijwlGDNR35tIloCBxRgIqa2LWIRqfzJDR1mq69HiRTo3RQBZC2
rJVffq8D7Xc=
-----END CERTIFICATE-----
Generated at Tue Jul 2 14:42:04 2024 by rpki-client on console-ams.rpki-client.org