Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/01/7637a6-5237-4b16-93cf-be17b8aad554/1/G_rhYroaVXRms9QeWHJcYZUQz-8.roa
File: G_rhYroaVXRms9QeWHJcYZUQz-8.roa (raw, json)
Hash identifier: IoFcpCuC+mxa/URzDWEgI+SBPlUjJw3RJAAJX50VOSM=
Subject key identifier: 1B:FA:E1:62:BA:1A:55:74:66:B3:D4:1E:58:72:5C:61:95:10:CF:EF
Certificate issuer: /CN=1f31139f89e825962a7e3380ade75b56ab5baad5
Certificate serial: 0185711526DCFF8B7F1D857CC4F42E76D422
Authority key identifier: 1F:31:13:9F:89:E8:25:96:2A:7E:33:80:AD:E7:5B:56:AB:5B:AA:D5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HzETn4noJZYqfjOAredbVqtbqtU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/01/7637a6-5237-4b16-93cf-be17b8aad554/1/G_rhYroaVXRms9QeWHJcYZUQz-8.roa
Signing time: Mon 02 Jan 2023 06:04:49 +0000
ROA not before: Mon 02 Jan 2023 06:04:49 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50522
IP address blocks: 81.173.0.0/22 maxlen: 22
81.23.244.0/22 maxlen: 22
81.173.7.0/24 maxlen: 24
81.173.125.0/24 maxlen: 24
81.173.126.0/23 maxlen: 23
109.235.32.0/21 maxlen: 21
185.61.68.0/22 maxlen: 22
81.173.96.0/22 maxlen: 22
213.159.24.0/23 maxlen: 23
81.173.32.0/23 maxlen: 23
81.173.48.0/20 maxlen: 20
81.173.64.0/20 maxlen: 20
2a03:be00::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:15:26:dc:ff:8b:7f:1d:85:7c:c4:f4:2e:76:d4:22
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f31139f89e825962a7e3380ade75b56ab5baad5
Validity
Not Before: Jan 2 06:04:49 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1bfae162ba1a557466b3d41e58725c619510cfef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:c8:47:77:0a:c6:b4:d6:b6:d7:de:cd:60:2a:
69:66:50:c7:68:da:68:94:3b:14:75:f9:84:ce:23:
fc:f5:56:03:41:9e:19:cd:a2:09:4c:50:d5:74:39:
e2:cf:f7:ef:81:62:cc:23:76:f9:ac:e0:c3:c4:69:
4b:e8:fb:ea:67:74:12:c0:86:ec:73:2b:02:1d:63:
43:ba:f5:9b:75:70:ff:9a:51:f2:bd:ad:6a:4b:4b:
d7:7d:24:30:15:92:14:c1:95:08:6e:db:a1:11:fd:
a3:10:e0:5d:2e:a7:81:11:8e:2b:64:d4:e9:e6:00:
04:a8:80:ef:69:18:36:ec:7d:8a:37:6c:58:9c:96:
9e:7e:df:aa:05:f6:a0:b1:51:b9:d7:d7:35:20:38:
64:47:5a:2a:af:b0:a6:46:9a:bc:4f:ce:4f:24:f8:
fc:a6:b4:8d:0c:5a:e7:b5:f4:1b:c3:cd:ed:e6:02:
e4:13:39:1d:05:2d:1a:de:81:c5:2e:39:82:90:12:
a9:2c:a5:12:ad:67:d8:17:07:b5:a4:d5:93:21:20:
c6:fb:8a:39:d0:36:2b:7f:a0:86:fb:a5:53:97:e3:
62:84:73:4a:22:8d:a5:44:b2:9e:99:f1:6b:c1:a1:
19:d1:05:99:b5:b8:11:df:76:a7:01:2b:c9:be:c9:
bf:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:FA:E1:62:BA:1A:55:74:66:B3:D4:1E:58:72:5C:61:95:10:CF:EF
X509v3 Authority Key Identifier:
keyid:1F:31:13:9F:89:E8:25:96:2A:7E:33:80:AD:E7:5B:56:AB:5B:AA:D5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HzETn4noJZYqfjOAredbVqtbqtU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/01/7637a6-5237-4b16-93cf-be17b8aad554/1/G_rhYroaVXRms9QeWHJcYZUQz-8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/01/7637a6-5237-4b16-93cf-be17b8aad554/1/HzETn4noJZYqfjOAredbVqtbqtU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.23.244.0/22
81.173.0.0/22
81.173.7.0/24
81.173.32.0/23
81.173.48.0-81.173.79.255
81.173.96.0/22
81.173.125.0-81.173.127.255
109.235.32.0/21
185.61.68.0/22
213.159.24.0/23
IPv6:
2a03:be00::/32
Signature Algorithm: sha256WithRSAEncryption
a0:a6:23:eb:d2:88:38:fc:0b:1c:a7:be:cb:80:3f:14:94:2a:
22:b9:bc:11:37:92:2c:8f:91:b5:8e:cc:73:fd:79:db:d1:19:
ca:52:08:ad:68:9a:68:e6:ea:0f:e4:fe:42:d7:cd:8e:e8:ce:
3e:3d:a5:a6:17:64:b8:b1:a8:9a:95:05:da:08:49:85:91:83:
96:44:4c:b8:1a:95:30:48:85:53:d9:0f:0e:56:30:29:fe:18:
dc:33:81:14:41:00:8d:52:47:f2:b7:18:19:e5:18:62:43:05:
96:98:c3:b0:59:e7:05:32:55:9e:cc:e6:be:fc:a7:16:54:4a:
49:a4:22:af:1a:02:76:e6:a2:da:f4:69:40:f3:5c:00:b1:45:
ec:a2:56:69:00:fd:c6:f0:3c:18:c1:b6:bb:22:ec:9b:39:5e:
bb:19:15:38:ac:4b:55:30:51:cb:a1:34:75:d3:50:66:70:67:
f8:4d:d4:87:99:ea:97:b1:ca:37:34:18:f6:9f:cb:b3:f9:06:
90:b7:b8:3c:cc:31:3f:42:01:7b:70:a0:24:06:68:3d:42:e3:
82:ec:f9:d6:7e:fc:1b:31:6a:5b:3d:5d:cd:5d:f7:b4:36:69:
c7:7e:14:18:0d:7d:34:78:66:5d:25:f9:76:d6:45:30:6a:a1:
38:65:c7:6b
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAYVxFSbc/4t/HYV8xPQudtQiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmMzExMzlmODllODI1OTYyYTdlMzM4MGFkZTc1YjU2YWI1
YmFhZDUwHhcNMjMwMTAyMDYwNDQ5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmZhZTE2MmJhMWE1NTc0NjZiM2Q0MWU1ODcyNWM2MTk1MTBjZmVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqchHdwrGtNa2197NYCppZlDHaNpo
lDsUdfmEziP89VYDQZ4ZzaIJTFDVdDniz/fvgWLMI3b5rODDxGlL6PvqZ3QSwIbs
cysCHWNDuvWbdXD/mlHyva1qS0vXfSQwFZIUwZUIbtuhEf2jEOBdLqeBEY4rZNTp
5gAEqIDvaRg27H2KN2xYnJaeft+qBfagsVG519c1IDhkR1oqr7CmRpq8T85PJPj8
prSNDFrntfQbw83t5gLkEzkdBS0a3oHFLjmCkBKpLKUSrWfYFwe1pNWTISDG+4o5
0DYrf6CG+6VTl+NihHNKIo2lRLKemfFrwaEZ0QWZtbgR33anASvJvsm/EQIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFBv64WK6GlV0ZrPUHlhyXGGVEM/vMB8GA1UdIwQY
MBaAFB8xE5+J6CWWKn4zgK3nW1arW6rVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSHpFVG40bm9KWllxZmpPQXJlZGJWcXRicXRVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMS83NjM3YTYtNTIzNy00YjE2LTkzY2Yt
YmUxN2I4YWFkNTU0LzEvR19yaFlyb2FWWFJtczlRZVdISmNZWlVRei04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMS83NjM3YTYtNTIzNy00YjE2LTkzY2YtYmUxN2I4YWFkNTU0
LzEvSHpFVG40bm9KWllxZmpPQXJlZGJWcXRicXRVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzBSBAIAATBMAwQCURf0AwQC
Ua0AAwQAUa0HAwQBUa0gMAwDBARRrTADBARRrUADBAJRrWAwDAMEAFGtfQMEB1Gt
AAMEA23rIAMEArk9RAMEAdWfGDANBAIAAjAHAwUAKgO+ADANBgkqhkiG9w0BAQsF
AAOCAQEAoKYj69KIOPwLHKe+y4A/FJQqIrm8ETeSLI+RtY7Mc/1529EZylIIrWia
aObqD+T+QtfNjujOPj2lphdkuLGompUF2ghJhZGDlkRMuBqVMEiFU9kPDlYwKf4Y
3DOBFEEAjVJH8rcYGeUYYkMFlpjDsFnnBTJVnszmvvynFlRKSaQirxoCduai2vRp
QPNcALFF7KJWaQD9xvA8GMG2uyLsmzleuxkVOKxLVTBRy6E0ddNQZnBn+E3Uh5nq
l7HKNzQY9p/Ls/kGkLe4PMwxP0IBe3CgJAZoPULjguz51n78GzFqWz1dzV33tDZp
x34UGA19NHhmXSX5dtZFMGqhOGXHaw==
-----END CERTIFICATE-----
Generated at Tue Sep 26 13:29:27 2023 by rpki-client on console-ams.rpki-client.org