Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aXu6ayxs16hLgNsrlIiy3R8Uap0.roa
File: aXu6ayxs16hLgNsrlIiy3R8Uap0.roa (raw, json)
Hash identifier: SpyaHtA5z7D77MkTdgGYFSXi76u3eHlj768bm+ybNKI=
Subject key identifier: 69:7B:BA:6B:2C:6C:D7:A8:4B:80:DB:2B:94:88:B2:DD:1F:14:6A:9D
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 1CA590AC
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aXu6ayxs16hLgNsrlIiy3R8Uap0.roa
Signing time: Thu 06 Jan 2022 14:28:13 +0000
ROA not before: Thu 06 Jan 2022 14:28:13 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 29030
IP address blocks: 94.156.16.0/22 maxlen: 22
94.156.20.0/22 maxlen: 22
87.121.152.0/21 maxlen: 21
31.13.200.0/21 maxlen: 21
94.156.244.0/24 maxlen: 24
87.121.66.0/23 maxlen: 23
87.121.65.0/24 maxlen: 24
94.156.199.0/24 maxlen: 24
94.156.197.0/24 maxlen: 24
94.156.195.0/24 maxlen: 24
94.156.196.0/24 maxlen: 24
94.156.198.0/24 maxlen: 24
94.156.194.0/24 maxlen: 24
94.156.208.0/21 maxlen: 21
87.121.24.0/21 maxlen: 21
31.13.242.0/23 maxlen: 23
87.121.8.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 480612524 (0x1ca590ac)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 6 14:28:13 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=697bba6b2c6cd7a84b80db2b9488b2dd1f146a9d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:44:f8:84:ef:81:0f:2c:0c:e0:d2:79:eb:d0:
d7:9b:b1:88:f1:ee:73:19:e1:ab:db:6a:23:49:ae:
24:e6:ff:c1:de:cc:86:66:d7:4e:f7:1f:de:58:d6:
bb:e1:c9:42:dd:d9:4c:7b:57:01:39:cb:8f:6e:cc:
80:d3:4c:b0:c3:d7:39:0b:e9:a6:ac:37:df:3d:87:
7e:35:24:6b:02:b3:e2:82:51:9d:a1:15:b6:da:9f:
7d:c9:d3:c8:41:39:0b:c9:1a:4c:73:eb:98:18:b4:
e3:c9:6b:9e:d5:d8:6b:33:f6:5f:24:a2:3e:04:44:
2b:d2:91:b4:53:cc:83:cb:80:38:63:a1:41:ea:eb:
e8:48:27:55:04:65:74:50:f9:d5:7c:52:e6:31:b1:
36:4a:c7:e9:6c:7e:3f:bc:79:3b:f2:d6:0c:80:37:
c3:26:ca:5c:14:1e:45:69:de:c7:49:5e:cb:e5:20:
9c:7d:69:c7:f9:08:53:d8:af:ce:23:0d:62:0a:7b:
d8:11:68:96:09:f6:69:43:c1:cd:c7:eb:54:03:89:
ac:c0:8f:9a:5e:a8:0b:78:f5:33:87:5b:1a:5a:1e:
e4:56:bc:23:6c:2d:99:4a:51:b7:f9:a2:06:3d:33:
3f:9f:26:4c:e2:c4:80:46:42:24:c2:a9:f4:35:72:
39:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
69:7B:BA:6B:2C:6C:D7:A8:4B:80:DB:2B:94:88:B2:DD:1F:14:6A:9D
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aXu6ayxs16hLgNsrlIiy3R8Uap0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.13.200.0/21
31.13.242.0/23
87.121.8.0/21
87.121.24.0/21
87.121.65.0-87.121.67.255
87.121.152.0/21
94.156.16.0/21
94.156.194.0-94.156.199.255
94.156.208.0/21
94.156.244.0/24
Signature Algorithm: sha256WithRSAEncryption
22:d2:5e:28:38:a1:ad:0c:b6:44:f7:d8:65:00:15:8b:00:a2:
1e:d0:94:6a:e8:0d:e0:7b:e9:1f:ec:fd:96:14:09:7d:95:ee:
4c:73:48:9b:2f:f2:dd:62:97:42:ce:5d:d8:0c:33:66:be:3a:
ea:f4:52:9b:13:2e:3e:b0:ec:6c:4e:10:dd:c6:d4:2d:8a:c6:
e2:5b:df:5c:5a:97:5f:eb:b5:cd:ff:08:8d:34:58:b2:c0:b0:
5e:68:2b:96:01:b2:bd:23:d2:8a:72:1b:32:fc:cd:07:b5:84:
21:f1:60:ff:30:b3:3b:0c:dd:70:52:32:4d:dc:2e:aa:7e:e9:
e3:bb:b8:9a:7b:c1:5d:c6:b3:9d:5f:b5:54:e8:3b:39:b9:d8:
be:78:05:dd:21:16:cf:91:b1:59:1e:1c:df:44:30:86:8f:c6:
1b:40:0d:4e:f3:d6:6d:30:2b:a6:c5:31:1a:15:56:54:8c:bf:
68:b3:1d:b0:c8:3b:17:b4:e3:ec:a6:9f:39:b8:29:68:8f:d0:
1e:bb:e3:2c:66:ca:0d:ea:7f:78:c0:00:3c:21:cb:b5:3f:e8:
65:cf:05:64:fe:a4:5e:e0:7d:46:63:8d:54:a0:f5:31:a2:51:
60:7b:88:bc:e7:61:3a:d3:0e:26:11:41:95:44:dc:80:ac:01:
a2:20:83:03
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIEHKWQrDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDEw
NjE0MjgxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNjk3YmJhNmIyYzZj
ZDdhODRiODBkYjJiOTQ4OGIyZGQxZjE0NmE5ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALxE+ITvgQ8sDODSeevQ15uxiPHucxnhq9tqI0muJOb/wd7M
hmbXTvcf3ljWu+HJQt3ZTHtXATnLj27MgNNMsMPXOQvppqw33z2HfjUkawKz4oJR
naEVttqffcnTyEE5C8kaTHPrmBi048lrntXYazP2XySiPgREK9KRtFPMg8uAOGOh
Qerr6EgnVQRldFD51XxS5jGxNkrH6Wx+P7x5O/LWDIA3wybKXBQeRWnex0ley+Ug
nH1px/kIU9ivziMNYgp72BFolgn2aUPBzcfrVAOJrMCPml6oC3j1M4dbGloe5Fa8
I2wtmUpRt/miBj0zP58mTOLEgEZCJMKp9DVyOeMCAwEAAaOCAk8wggJLMB0GA1Ud
DgQWBBRpe7prLGzXqEuA2yuUiLLdHxRqnTAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L2FYdTZheXhzMTZoTGdOc3JsSWl5M1I4VWFwMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBl
BggrBgEFBQcBBwEB/wRWMFQwUgQCAAEwTAMEAx8NyAMEAR8N8gMEA1d5CAMEA1d5
GDAMAwQAV3lBAwQCV3lAAwQDV3mYAwQDXpwQMAwDBAFenMIDBANenMADBANenNAD
BABenPQwDQYJKoZIhvcNAQELBQADggEBACLSXig4oa0MtkT32GUAFYsAoh7QlGro
DeB76R/s/ZYUCX2V7kxzSJsv8t1il0LOXdgMM2a+Our0UpsTLj6w7GxOEN3G1C2K
xuJb31xal1/rtc3/CI00WLLAsF5oK5YBsr0j0opyGzL8zQe1hCHxYP8wszsM3XBS
Mk3cLqp+6eO7uJp7wV3Gs51ftVToOzm52L54Bd0hFs+RsVkeHN9EMIaPxhtADU7z
1m0wK6bFMRoVVlSMv2izHbDIOxe04+ymnzm4KWiP0B674yxmyg3qf3jAADwhy7U/
6GXPBWT+pF7gfUZjjVSg9TGiUWB7iLznYTrTDiYRQZVE3ICsAaIggwM=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:39 2023 by rpki-client on console-ams.rpki-client.org