Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/g-kVkONCVRBqQInAcnYn8BjOrBE.roa
File: g-kVkONCVRBqQInAcnYn8BjOrBE.roa (raw, json)
Hash identifier: uF5cP7s6t55OVOjIIPZHNPiYca5C9FrBxy41Sfst83I=
Subject key identifier: 83:E9:15:90:E3:42:55:10:6A:40:89:C0:72:76:27:F0:18:CE:AC:11
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 1DB94F51
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/g-kVkONCVRBqQInAcnYn8BjOrBE.roa
Signing time: Mon 04 Apr 2022 13:06:03 +0000
ROA not before: Mon 04 Apr 2022 13:06:03 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 29030
IP address blocks: 94.156.16.0/22 maxlen: 22
94.156.20.0/22 maxlen: 22
87.121.152.0/21 maxlen: 21
31.13.200.0/21 maxlen: 21
94.156.244.0/24 maxlen: 24
87.121.65.0/24 maxlen: 24
94.156.199.0/24 maxlen: 24
94.156.197.0/24 maxlen: 24
94.156.195.0/24 maxlen: 24
94.156.196.0/24 maxlen: 24
94.156.198.0/24 maxlen: 24
94.156.194.0/24 maxlen: 24
94.156.208.0/21 maxlen: 21
87.121.24.0/22 maxlen: 24
31.13.242.0/23 maxlen: 23
87.121.8.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 498683729 (0x1db94f51)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 4 13:06:03 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=83e91590e34255106a4089c0727627f018ceac11
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:90:18:7e:19:29:70:e4:9a:16:f5:8b:05:c7:
63:29:ee:15:02:8c:fb:02:d1:b3:d5:7b:3a:23:cc:
aa:69:da:b2:ff:bd:13:99:46:79:f1:ff:98:9b:a7:
ca:c6:58:7e:cc:be:f9:14:d1:d1:8b:af:15:a3:ec:
0d:00:28:86:90:7d:e1:62:22:45:42:dd:1f:89:9d:
5a:84:93:68:5e:a2:45:98:5e:69:59:5e:fe:25:2c:
2e:52:a9:41:df:12:63:dc:99:2e:32:d3:f1:64:9f:
55:5a:4b:a5:d0:d2:7e:1b:0d:22:9f:19:76:f3:e1:
c0:8f:fc:e8:31:1e:7e:21:f1:3a:b8:ac:d0:1b:73:
f6:38:e3:69:e1:0c:81:d4:a4:13:17:dd:4a:d1:ea:
f9:aa:52:d5:30:fb:95:3f:b8:5e:06:be:7c:8e:27:
16:98:3f:8d:25:cb:29:a1:c5:4a:60:1f:e5:c1:f3:
b9:a2:40:93:59:b6:dd:13:2f:33:34:87:d2:5f:45:
23:9e:1a:4c:28:18:a8:fc:5e:a1:83:fa:d6:97:a7:
c3:70:10:98:61:9d:39:33:0b:8a:51:2e:db:d1:14:
ca:e8:f8:15:11:ad:cf:a7:08:4b:1f:1f:7d:31:bd:
99:06:eb:31:cd:33:95:1e:7c:6e:92:49:b6:62:72:
dc:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:E9:15:90:E3:42:55:10:6A:40:89:C0:72:76:27:F0:18:CE:AC:11
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/g-kVkONCVRBqQInAcnYn8BjOrBE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.13.200.0/21
31.13.242.0/23
87.121.8.0/21
87.121.24.0/22
87.121.65.0/24
87.121.152.0/21
94.156.16.0/21
94.156.194.0-94.156.199.255
94.156.208.0/21
94.156.244.0/24
Signature Algorithm: sha256WithRSAEncryption
27:35:16:55:7e:20:6b:e0:01:c0:a3:aa:f2:11:f5:22:23:04:
a5:89:5b:78:92:fd:5b:99:d6:35:07:09:a0:e3:3c:01:1d:ab:
ca:1c:64:72:70:7c:99:f7:01:24:b8:0e:fc:9a:28:04:9d:c7:
7d:b6:17:ac:cc:33:2b:af:30:4c:fb:0e:6e:ba:2d:62:e0:60:
72:1f:3a:f8:22:d8:5e:4c:2c:7f:a6:80:0e:f8:c3:74:20:c0:
a2:c1:75:8d:21:de:3d:5e:a9:88:dc:2b:93:48:ce:34:d9:61:
72:ce:48:a4:a9:96:6b:b2:6f:70:89:0f:70:97:c2:78:bd:9b:
6c:fc:07:25:ac:76:90:f6:97:06:8f:41:a4:d2:c9:4a:f8:d8:
4a:b0:e3:aa:27:7c:53:ed:92:8e:d7:91:c4:a8:d3:86:12:3f:
42:97:1c:0b:10:f9:1b:0f:53:13:53:b5:4f:c9:66:99:df:8e:
27:bf:dc:b8:ad:c7:5e:b8:8d:a0:e6:b5:cd:c7:7a:30:80:cf:
3e:64:e9:97:04:93:fb:c5:4d:fa:78:2f:75:a7:49:09:47:79:
f6:41:89:62:14:a0:fc:c6:22:95:e1:b5:80:bd:aa:07:4b:6d:
2c:18:62:0e:3f:01:60:5b:95:8f:8e:bc:41:dc:61:f1:ed:61:
52:86:c5:4e
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgIEHblPUTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDQw
NDEzMDYwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODNlOTE1OTBlMzQy
NTUxMDZhNDA4OWMwNzI3NjI3ZjAxOGNlYWMxMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMaQGH4ZKXDkmhb1iwXHYynuFQKM+wLRs9V7OiPMqmnasv+9
E5lGefH/mJunysZYfsy++RTR0YuvFaPsDQAohpB94WIiRULdH4mdWoSTaF6iRZhe
aVle/iUsLlKpQd8SY9yZLjLT8WSfVVpLpdDSfhsNIp8ZdvPhwI/86DEefiHxOris
0Btz9jjjaeEMgdSkExfdStHq+apS1TD7lT+4Xga+fI4nFpg/jSXLKaHFSmAf5cHz
uaJAk1m23RMvMzSH0l9FI54aTCgYqPxeoYP61penw3AQmGGdOTMLilEu29EUyuj4
FRGtz6cISx8ffTG9mQbrMc0zlR58bpJJtmJy3GUCAwEAAaOCAkcwggJDMB0GA1Ud
DgQWBBSD6RWQ40JVEGpAicBydifwGM6sETAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L2cta1ZrT05DVlJCcVFJbkFjblluOEJqT3JCRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBd
BggrBgEFBQcBBwEB/wROMEwwSgQCAAEwRAMEAx8NyAMEAR8N8gMEA1d5CAMEAld5
GAMEAFd5QQMEA1d5mAMEA16cEDAMAwQBXpzCAwQDXpzAAwQDXpzQAwQAXpz0MA0G
CSqGSIb3DQEBCwUAA4IBAQAnNRZVfiBr4AHAo6ryEfUiIwSliVt4kv1bmdY1Bwmg
4zwBHavKHGRycHyZ9wEkuA78migEncd9theszDMrrzBM+w5uui1i4GByHzr4Ithe
TCx/poAO+MN0IMCiwXWNId49XqmI3CuTSM402WFyzkikqZZrsm9wiQ9wl8J4vZts
/AclrHaQ9pcGj0Gk0slK+NhKsOOqJ3xT7ZKO15HEqNOGEj9ClxwLEPkbD1MTU7VP
yWaZ344nv9y4rcdeuI2g5rXNx3owgM8+ZOmXBJP7xU36eC91p0kJR3n2QYliFKD8
xiKV4bWAvaoHS20sGGIOPwFgW5WPjrxB3GHx7WFShsVO
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:40 2023 by rpki-client on console-ams.rpki-client.org