Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/lmM6az38uE7I7vZxTuQJ19OW-so.roa
File: lmM6az38uE7I7vZxTuQJ19OW-so.roa (raw, json)
Hash identifier: xnNUi5kI53tfM8S5M5oBu0L3njqfN+CMBGuknVcsIY4=
Subject key identifier: 96:63:3A:6B:3D:FC:B8:4E:C8:EE:F6:71:4E:E4:09:D7:D3:96:FA:CA
Certificate issuer: /CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Certificate serial: 0186A736F04DB716746CD267B42E079341C1
Authority key identifier: E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/lmM6az38uE7I7vZxTuQJ19OW-so.roa
Signing time: Fri 03 Mar 2023 11:24:00 +0000
ROA not before: Fri 03 Mar 2023 11:24:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8903
IP address blocks: 213.9.128.0/17 maxlen: 24
84.18.0.0/19 maxlen: 24
92.60.160.0/20 maxlen: 24
213.170.32.0/19 maxlen: 24
212.66.160.0/19 maxlen: 24
213.192.242.0/23 maxlen: 23
212.80.160.0/19 maxlen: 24
212.49.128.0/18 maxlen: 24
213.192.192.0/18 maxlen: 24
212.163.0.0/16 maxlen: 24
185.123.120.0/22 maxlen: 24
185.66.60.0/22 maxlen: 24
2001:ac0::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:a7:36:f0:4d:b7:16:74:6c:d2:67:b4:2e:07:93:41:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Validity
Not Before: Mar 3 11:24:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=96633a6b3dfcb84ec8eef6714ee409d7d396faca
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c5:22:9c:4c:cf:20:e1:94:90:19:6b:0d:71:6b:
ea:22:dd:11:5d:b8:d4:6b:5b:07:58:2d:4c:03:ed:
7c:1f:38:d0:51:f3:20:1e:c5:5b:92:70:00:9e:9f:
87:67:de:7b:6c:26:9d:a4:e8:fe:60:f0:f1:55:30:
1b:21:9f:95:39:66:29:37:0b:3a:89:53:d9:96:f5:
9e:aa:be:fd:ed:6a:a9:3e:9e:e2:ac:3e:e4:35:e9:
67:39:b9:dc:20:50:9d:6a:f0:6a:05:64:48:51:5c:
34:84:4d:2a:e0:a0:2b:47:af:6a:5d:82:26:6e:95:
0a:fe:7b:fe:ef:e9:c3:44:53:61:c8:4e:96:bf:59:
4a:4a:21:6f:aa:4a:81:f5:dc:ef:f8:2e:24:5f:43:
5c:9f:36:de:25:32:69:d4:49:a0:6b:46:51:04:aa:
6b:83:53:17:97:24:f9:d7:50:d1:66:61:c6:ba:d0:
8a:18:43:f5:79:fc:b2:db:09:26:f4:01:d5:d1:da:
3b:c2:14:5e:23:ef:51:5f:06:a7:4a:4a:9e:08:ad:
74:32:3c:ee:ee:67:41:62:0c:d4:82:d1:86:a3:d2:
3b:55:e1:27:c8:d3:27:1f:bd:99:71:0a:8c:03:e7:
ca:5b:12:6e:e3:7d:80:c0:11:fb:89:c3:96:8a:6e:
2a:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
96:63:3A:6B:3D:FC:B8:4E:C8:EE:F6:71:4E:E4:09:D7:D3:96:FA:CA
X509v3 Authority Key Identifier:
keyid:E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/lmM6az38uE7I7vZxTuQJ19OW-so.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/6EA7XkXNWL5fbF0z-lZatJIj49s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.18.0.0/19
92.60.160.0/20
185.66.60.0/22
185.123.120.0/22
212.49.128.0/18
212.66.160.0/19
212.80.160.0/19
212.163.0.0/16
213.9.128.0/17
213.170.32.0/19
213.192.192.0/18
IPv6:
2001:ac0::/29
Signature Algorithm: sha256WithRSAEncryption
0d:95:d4:a3:92:88:6d:2a:3e:85:7d:1e:2a:58:c2:fd:39:b7:
35:c0:a4:78:64:ff:88:f1:15:5f:66:b5:b8:c9:84:50:a7:1d:
2d:f2:26:8a:d2:0c:11:b9:07:69:9a:0d:35:37:cd:f9:3e:3e:
0a:5c:4f:2b:b2:02:cc:45:68:6b:2e:54:5d:09:eb:a0:c4:20:
bd:56:c1:e8:ac:bc:29:b3:54:b5:03:7b:b4:64:8c:e1:a5:1e:
22:91:4a:95:a6:5f:78:bf:08:e2:e1:f3:63:43:43:8d:54:c9:
bd:86:4c:26:16:af:86:11:86:ea:6d:14:ef:50:35:a5:85:16:
91:6e:8c:1e:85:b7:fb:50:67:7c:da:9a:ac:bc:b7:ed:e1:aa:
f3:09:da:79:ef:c7:4b:44:71:9a:02:f2:d3:e4:7a:53:17:39:
20:1c:9a:8e:72:66:c5:dc:fa:ae:95:bf:da:e5:81:72:07:bc:
15:3d:ab:7c:cd:ca:25:2e:a1:e3:10:01:89:ea:c4:71:ab:8e:
aa:75:c6:77:06:70:08:1a:10:60:35:7f:ba:b4:c9:8d:0f:cb:
72:b3:e1:82:2a:67:25:06:b5:57:93:0d:ea:f2:ea:b8:11:c3:
e5:f5:f4:23:ff:7b:45:d7:8e:89:80:7b:c4:cc:cb:fa:0a:51:
d1:30:88:7b
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAYanNvBNtxZ0bNJntC4Hk0HBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4NDAzYjVlNDVjZDU4YmU1ZjZjNWQzM2ZhNTY1YWI0OTIy
M2UzZGIwHhcNMjMwMzAzMTEyNDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NjYzM2E2YjNkZmNiODRlYzhlZWY2NzE0ZWU0MDlkN2QzOTZmYWNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxSKcTM8g4ZSQGWsNcWvqIt0RXbjU
a1sHWC1MA+18HzjQUfMgHsVbknAAnp+HZ957bCadpOj+YPDxVTAbIZ+VOWYpNws6
iVPZlvWeqr797WqpPp7irD7kNelnObncIFCdavBqBWRIUVw0hE0q4KArR69qXYIm
bpUK/nv+7+nDRFNhyE6Wv1lKSiFvqkqB9dzv+C4kX0NcnzbeJTJp1Emga0ZRBKpr
g1MXlyT511DRZmHGutCKGEP1efyy2wkm9AHV0do7whReI+9RXwanSkqeCK10Mjzu
7mdBYgzUgtGGo9I7VeEnyNMnH72ZcQqMA+fKWxJu432AwBH7icOWim4qzQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFJZjOms9/LhOyO72cU7kCdfTlvrKMB8GA1UdIwQY
MBaAFOhAO15FzVi+X2xdM/pWWrSSI+PbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNkVBN1hrWE5XTDVmYkYwei1sWmF0SklqNDlzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy84OTc2ZWQtZGEwYS00OWE1LWE3NTEt
YTg3MWVjYzIxMmE2LzEvbG1NNmF6Mzh1RTdJN3ZaeFR1UUoxOU9XLXNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy84OTc2ZWQtZGEwYS00OWE1LWE3NTEtYTg3MWVjYzIxMmE2
LzEvNkVBN1hrWE5XTDVmYkYwei1sWmF0SklqNDlzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBHBAIAATBBAwQFVBIAAwQE
XDygAwQCuUI8AwQCuXt4AwQG1DGAAwQF1EKgAwQF1FCgAwMA1KMDBAfVCYADBAXV
qiADBAbVwMAwDQQCAAIwBwMFAyABCsAwDQYJKoZIhvcNAQELBQADggEBAA2V1KOS
iG0qPoV9HipYwv05tzXApHhk/4jxFV9mtbjJhFCnHS3yJorSDBG5B2maDTU3zfk+
PgpcTyuyAsxFaGsuVF0J66DEIL1WweisvCmzVLUDe7RkjOGlHiKRSpWmX3i/COLh
82NDQ41Uyb2GTCYWr4YRhuptFO9QNaWFFpFujB6Ft/tQZ3zamqy8t+3hqvMJ2nnv
x0tEcZoC8tPkelMXOSAcmo5yZsXc+q6Vv9rlgXIHvBU9q3zNyiUuoeMQAYnqxHGr
jqp1xncGcAgaEGA1f7q0yY0Py3Kz4YIqZyUGtVeTDery6rgRw+X19CP/e0XXjomA
e8TMy/oKUdEwiHs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:57:51 2024 by rpki-client on console-fra.rpki-client.org