Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/LFTU5QXNMnRWQNqzMwR1XzPgUNA.roa
File: LFTU5QXNMnRWQNqzMwR1XzPgUNA.roa (raw, json)
Hash identifier: JR3I8a4V1ILJSMV3HWDkBLWFB4I8Tl2bfqodnNqLGJ8=
Subject key identifier: 2C:54:D4:E5:05:CD:32:74:56:40:DA:B3:33:04:75:5F:33:E0:50:D0
Certificate issuer: /CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Certificate serial: 018DF164248B3753A4DD7514FBCD9EE10141
Authority key identifier: 1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/LFTU5QXNMnRWQNqzMwR1XzPgUNA.roa
Signing time: Wed 28 Feb 2024 20:24:48 +0000
ROA not before: Wed 28 Feb 2024 20:24:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 206509
IP address blocks: 86.54.164.0/24 maxlen: 24
193.108.169.0/24 maxlen: 24
194.164.97.0/24 maxlen: 24
194.164.114.0/24 maxlen: 24
194.164.181.0/24 maxlen: 24
195.200.0.0/19 maxlen: 19
213.254.171.0/24 maxlen: 24
213.254.178.0/24 maxlen: 24
213.254.185.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:f1:64:24:8b:37:53:a4:dd:75:14:fb:cd:9e:e1:01:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1d01f4dffd6fba66cdf8c374c9b0f047552705dd
Validity
Not Before: Feb 28 20:24:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=2c54d4e505cd32745640dab33304755f33e050d0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:d3:b5:65:8e:4a:9d:60:ae:9b:a8:ac:90:6a:
31:13:29:a5:3e:64:dd:c9:3f:e2:e2:74:10:87:37:
11:7c:98:25:08:4e:81:80:90:71:ed:55:50:58:61:
08:43:a2:79:68:b4:52:ad:d9:5b:06:22:0f:29:33:
0c:4a:1c:46:57:59:77:08:b8:e9:80:90:b6:1d:a8:
59:2f:79:4f:4c:32:93:41:f2:c9:1c:79:d5:9f:c1:
28:bd:4d:7d:5f:44:b8:0c:ed:4a:1a:49:64:e7:fb:
a8:00:6f:dc:71:30:5f:d3:0a:a2:f4:84:61:84:76:
16:b3:8f:12:ee:20:34:13:fb:0d:07:92:a4:55:cc:
61:64:d6:b7:2f:6e:bb:eb:5a:5c:3f:38:91:9c:43:
fd:3b:b9:d0:17:9b:12:f7:88:4e:8c:1e:ab:52:08:
af:f1:f7:29:ff:85:f7:27:46:2e:f3:2f:8e:cd:26:
84:4f:bb:c4:74:d4:bc:11:ba:24:71:1d:36:61:16:
12:03:79:51:a7:57:d3:22:3d:60:0b:e7:9c:fc:a0:
5f:07:39:ef:aa:91:cc:b0:9d:da:8d:b2:ee:4f:ab:
d0:07:3d:a6:f4:a6:51:89:b0:60:87:c9:70:fc:3e:
10:be:55:f4:27:2a:19:1d:fa:da:52:ef:af:35:6c:
3b:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2C:54:D4:E5:05:CD:32:74:56:40:DA:B3:33:04:75:5F:33:E0:50:D0
X509v3 Authority Key Identifier:
keyid:1D:01:F4:DF:FD:6F:BA:66:CD:F8:C3:74:C9:B0:F0:47:55:27:05:DD
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HQH03_1vumbN-MN0ybDwR1UnBd0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/LFTU5QXNMnRWQNqzMwR1XzPgUNA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/b80384-f2fe-4456-9cae-fe4a02caef7f/1/HQH03_1vumbN-MN0ybDwR1UnBd0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.54.164.0/24
193.108.169.0/24
194.164.97.0/24
194.164.114.0/24
194.164.181.0/24
195.200.0.0/19
213.254.171.0/24
213.254.178.0/24
213.254.185.0/24
Signature Algorithm: sha256WithRSAEncryption
87:54:e3:54:6f:72:06:64:da:59:ae:70:de:ae:08:e1:e4:08:
3a:ea:a0:8e:f1:5b:10:2b:b0:24:57:73:63:d5:d8:21:5c:2e:
0a:a7:ab:e9:d1:e9:e3:21:2e:02:8a:b9:ee:d8:b3:ad:66:d3:
80:33:4d:55:3b:0d:fe:39:a3:e5:c6:49:d3:57:22:83:d0:c8:
83:2b:f3:e7:7d:c2:a3:f3:f4:c3:16:cd:73:d7:49:8a:7e:06:
a6:a5:f4:30:cd:62:cf:f5:40:d7:74:78:8f:81:29:ba:cf:4d:
3b:c9:11:2e:05:ea:81:38:a8:57:f9:e5:1c:d4:42:bb:5d:13:
2c:f3:b2:b6:ae:e5:02:27:7b:6d:2b:38:07:14:99:0e:da:dd:
26:a2:c7:a7:e9:5c:c2:53:3e:9c:5e:7e:78:3f:d5:55:27:ad:
7f:af:e5:76:7b:d2:0c:b1:37:db:19:c1:27:82:b9:08:32:a3:
ac:68:98:e5:0f:42:f6:1d:a6:2c:3b:92:2a:63:af:19:a2:9a:
ad:25:3e:1e:e9:55:7a:af:ef:5c:9c:cb:79:d0:35:ac:bc:10:
36:4d:5a:cf:72:9e:72:21:4d:26:3a:d4:bf:2b:c9:9e:9e:3d:
86:6d:46:fa:4b:95:0a:57:6e:43:fa:37:60:96:dd:a8:a6:93:
54:a3:01:67
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAY3xZCSLN1Ok3XUU+82e4QFBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFkMDFmNGRmZmQ2ZmJhNjZjZGY4YzM3NGM5YjBmMDQ3NTUy
NzA1ZGQwHhcNMjQwMjI4MjAyNDQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYzU0ZDRlNTA1Y2QzMjc0NTY0MGRhYjMzMzA0NzU1ZjMzZTA1MGQwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp9O1ZY5KnWCum6iskGoxEymlPmTd
yT/i4nQQhzcRfJglCE6BgJBx7VVQWGEIQ6J5aLRSrdlbBiIPKTMMShxGV1l3CLjp
gJC2HahZL3lPTDKTQfLJHHnVn8EovU19X0S4DO1KGklk5/uoAG/ccTBf0wqi9IRh
hHYWs48S7iA0E/sNB5KkVcxhZNa3L26761pcPziRnEP9O7nQF5sS94hOjB6rUgiv
8fcp/4X3J0Yu8y+OzSaET7vEdNS8EbokcR02YRYSA3lRp1fTIj1gC+ec/KBfBznv
qpHMsJ3ajbLuT6vQBz2m9KZRibBgh8lw/D4QvlX0JyoZHfraUu+vNWw7VQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFCxU1OUFzTJ0VkDaszMEdV8z4FDQMB8GA1UdIwQY
MBaAFB0B9N/9b7pmzfjDdMmw8EdVJwXdMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUt
ZmU0YTAyY2FlZjdmLzEvTEZUVTVRWE5NblJXUU5xek13UjFYelBnVU5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi9iODAzODQtZjJmZS00NDU2LTljYWUtZmU0YTAyY2FlZjdm
LzEvSFFIMDNfMXZ1bWJOLU1OMHliRHdSMVVuQmQwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAVjakAwQA
wWypAwQAwqRhAwQAwqRyAwQAwqS1AwQFw8gAAwQA1f6rAwQA1f6yAwQA1f65MA0G
CSqGSIb3DQEBCwUAA4IBAQCHVONUb3IGZNpZrnDergjh5Ag66qCO8VsQK7AkV3Nj
1dghXC4Kp6vp0enjIS4Cirnu2LOtZtOAM01VOw3+OaPlxknTVyKD0MiDK/PnfcKj
8/TDFs1z10mKfgampfQwzWLP9UDXdHiPgSm6z007yREuBeqBOKhX+eUc1EK7XRMs
87K2ruUCJ3ttKzgHFJkO2t0mosen6VzCUz6cXn54P9VVJ61/r+V2e9IMsTfbGcEn
grkIMqOsaJjlD0L2HaYsO5IqY68ZopqtJT4e6VV6r+9cnMt50DWsvBA2TVrPcp5y
IU0mOtS/K8menj2GbUb6S5UKV25D+jdglt2oppNUowFn
-----END CERTIFICATE-----
Generated at Mon Mar 25 14:46:41 2024 by rpki-client on console-fra.rpki-client.org