Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f1/d08bbd-08b0-4a22-8b57-7e0171150cfb/1/J5exE8Ha_tkT7cPdOO5e2vOHqTc.roa
File: J5exE8Ha_tkT7cPdOO5e2vOHqTc.roa (raw, json)
Hash identifier: jgxNDtK0aY3v04IRhd67Z+8JMn+pv/GZJbnCELis3xg=
Subject key identifier: 27:97:B1:13:C1:DA:FE:D9:13:ED:C3:DD:38:EE:5E:DA:F3:87:A9:37
Certificate issuer: /CN=9280aa6150904e20f884a463c9b66ae6d4161b9b
Certificate serial: 018570CC05CAD752C7044ED8357C5F2842BA
Authority key identifier: 92:80:AA:61:50:90:4E:20:F8:84:A4:63:C9:B6:6A:E6:D4:16:1B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/koCqYVCQTiD4hKRjybZq5tQWG5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f1/d08bbd-08b0-4a22-8b57-7e0171150cfb/1/J5exE8Ha_tkT7cPdOO5e2vOHqTc.roa
Signing time: Mon 02 Jan 2023 04:44:57 +0000
ROA not before: Mon 02 Jan 2023 04:44:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 201520
IP address blocks: 185.95.0.0/24 maxlen: 24
185.95.3.0/24 maxlen: 24
185.95.2.0/24 maxlen: 24
185.95.1.0/24 maxlen: 24
185.15.198.0/24 maxlen: 24
185.15.197.0/24 maxlen: 24
185.15.196.0/24 maxlen: 24
185.15.199.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:cc:05:ca:d7:52:c7:04:4e:d8:35:7c:5f:28:42:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9280aa6150904e20f884a463c9b66ae6d4161b9b
Validity
Not Before: Jan 2 04:44:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2797b113c1dafed913edc3dd38ee5edaf387a937
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:41:28:67:6c:db:e3:54:71:81:8f:f8:df:25:
92:2e:d3:ff:60:81:9d:e1:d5:7b:66:0f:09:17:40:
09:9a:b4:a9:b9:c4:1f:e0:22:84:66:aa:b8:b9:58:
65:63:c9:f1:5d:9e:b5:84:e8:3a:d9:79:54:87:c1:
fa:d0:32:d9:a6:95:83:d3:21:43:54:f3:e4:a6:25:
4f:c9:bb:df:9a:e2:25:16:c2:29:90:4b:db:ba:24:
44:ad:94:e2:dd:af:cd:a2:81:e9:0b:b0:1c:af:83:
a0:21:10:7d:f4:f1:bf:ba:44:0a:f4:14:dc:f1:75:
4f:9b:b4:e7:df:8e:81:9a:9c:7f:15:37:94:34:98:
3b:75:c1:ee:a1:a5:7c:44:b8:e2:a2:74:15:90:65:
c0:81:09:48:c2:e2:92:3c:dd:64:29:01:b9:04:16:
93:43:88:a0:89:4e:10:1f:dd:74:0e:50:0d:88:c2:
e4:28:82:46:b2:59:80:91:3a:ed:4f:a2:10:a2:27:
19:1f:b5:df:02:96:81:8b:5e:52:10:0f:e6:47:7c:
32:50:12:4a:b5:b3:f6:98:4c:ce:e2:3b:9e:eb:5c:
36:89:3d:73:3c:87:ca:64:b2:7e:64:3b:78:ed:36:
77:17:80:84:9d:34:64:be:d2:10:69:80:47:56:78:
f4:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:97:B1:13:C1:DA:FE:D9:13:ED:C3:DD:38:EE:5E:DA:F3:87:A9:37
X509v3 Authority Key Identifier:
keyid:92:80:AA:61:50:90:4E:20:F8:84:A4:63:C9:B6:6A:E6:D4:16:1B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/koCqYVCQTiD4hKRjybZq5tQWG5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/d08bbd-08b0-4a22-8b57-7e0171150cfb/1/J5exE8Ha_tkT7cPdOO5e2vOHqTc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f1/d08bbd-08b0-4a22-8b57-7e0171150cfb/1/koCqYVCQTiD4hKRjybZq5tQWG5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.15.196.0/22
185.95.0.0/22
Signature Algorithm: sha256WithRSAEncryption
50:05:f3:45:9f:67:d5:4c:6f:c9:14:3b:63:4f:4b:dc:8e:02:
a0:6f:f7:c5:c3:2c:69:86:a9:e1:07:63:86:d0:cd:c9:5d:2b:
8d:59:8b:63:34:a2:8b:82:0f:ab:ec:e6:ff:86:83:e7:d1:c5:
18:e0:60:77:ee:93:a8:26:69:0d:0d:83:d2:13:0c:b5:ee:c2:
43:5a:f3:a6:c7:09:90:bc:ad:b0:49:24:53:7a:da:45:d3:10:
d5:39:81:bc:39:73:62:2f:7b:9f:88:7c:70:46:3b:3a:fb:a3:
26:83:81:bf:e0:52:a9:11:d8:fb:56:50:4a:78:0a:57:40:7a:
be:66:66:ed:02:0c:e3:05:30:46:ff:38:04:7e:74:87:9c:ee:
95:09:0b:cd:8a:86:91:8d:64:d2:55:62:f6:55:62:85:ed:a9:
af:d6:ca:41:44:40:1e:28:4e:69:32:2b:12:cd:6a:7b:63:19:
04:3d:b8:07:bf:9d:32:14:1e:1f:f1:1a:ed:c6:d8:f3:97:df:
67:dc:51:2c:90:77:e5:94:ec:52:36:14:5e:d0:6b:f6:77:1e:
be:3b:26:0a:9b:38:a4:27:ea:c2:91:57:3d:e9:3b:98:6c:eb:
49:ad:c5:5e:4e:7a:1f:44:72:c5:9d:a6:d0:5a:c1:3f:7f:31:
05:bd:69:62
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVwzAXK11LHBE7YNXxfKEK6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDkyODBhYTYxNTA5MDRlMjBmODg0YTQ2M2M5YjY2YWU2ZDQx
NjFiOWIwHhcNMjMwMTAyMDQ0NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzk3YjExM2MxZGFmZWQ5MTNlZGMzZGQzOGVlNWVkYWYzODdhOTM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0EoZ2zb41RxgY/43yWSLtP/YIGd
4dV7Zg8JF0AJmrSpucQf4CKEZqq4uVhlY8nxXZ61hOg62XlUh8H60DLZppWD0yFD
VPPkpiVPybvfmuIlFsIpkEvbuiRErZTi3a/NooHpC7Acr4OgIRB99PG/ukQK9BTc
8XVPm7Tn346Bmpx/FTeUNJg7dcHuoaV8RLjionQVkGXAgQlIwuKSPN1kKQG5BBaT
Q4igiU4QH910DlANiMLkKIJGslmAkTrtT6IQoicZH7XfApaBi15SEA/mR3wyUBJK
tbP2mEzO4jue61w2iT1zPIfKZLJ+ZDt47TZ3F4CEnTRkvtIQaYBHVnj0zwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFCeXsRPB2v7ZE+3D3TjuXtrzh6k3MB8GA1UdIwQY
MBaAFJKAqmFQkE4g+ISkY8m2aubUFhubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQva29DcVlWQ1FUaUQ0aEtSanliWnE1dFFXRzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mMS9kMDhiYmQtMDhiMC00YTIyLThiNTct
N2UwMTcxMTUwY2ZiLzEvSjVleEU4SGFfdGtUN2NQZE9PNWUydk9IcVRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mMS9kMDhiYmQtMDhiMC00YTIyLThiNTctN2UwMTcxMTUwY2Zi
LzEva29DcVlWQ1FUaUQ0aEtSanliWnE1dFFXRzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCuQ/EAwQC
uV8AMA0GCSqGSIb3DQEBCwUAA4IBAQBQBfNFn2fVTG/JFDtjT0vcjgKgb/fFwyxp
hqnhB2OG0M3JXSuNWYtjNKKLgg+r7Ob/hoPn0cUY4GB37pOoJmkNDYPSEwy17sJD
WvOmxwmQvK2wSSRTetpF0xDVOYG8OXNiL3ufiHxwRjs6+6Mmg4G/4FKpEdj7VlBK
eApXQHq+ZmbtAgzjBTBG/zgEfnSHnO6VCQvNioaRjWTSVWL2VWKF7amv1spBREAe
KE5pMisSzWp7YxkEPbgHv50yFB4f8Rrtxtjzl99n3FEskHfllOxSNhRe0Gv2dx6+
OyYKmzikJ+rCkVc96TuYbOtJrcVeTnofRHLFnabQWsE/fzEFvWli
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:10 2024 by rpki-client on console-ams.rpki-client.org