Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/3Q67vNeuphwFfQ_QdTXHj3-5Gqg.roa
File: 3Q67vNeuphwFfQ_QdTXHj3-5Gqg.roa (raw, json)
Hash identifier: BLG3Kl8LZ4KhcnVoC8XC9WN1R07NBwLSKXeX1jo8D7E=
Subject key identifier: DD:0E:BB:BC:D7:AE:A6:1C:05:7D:0F:D0:75:35:C7:8F:7F:B9:1A:A8
Certificate issuer: /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial: 0C319DD0
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/3Q67vNeuphwFfQ_QdTXHj3-5Gqg.roa
Signing time: Mon 14 Feb 2022 14:11:17 +0000
ROA not before: Mon 14 Feb 2022 14:11:17 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 34549
IP address blocks: 195.180.132.0/22 maxlen: 22
195.180.140.0/22 maxlen: 22
194.64.88.0/21 maxlen: 24
212.224.0.0/22 maxlen: 24
195.252.160.0/22 maxlen: 24
194.233.16.0/22 maxlen: 24
194.233.20.0/22 maxlen: 22
194.64.172.0/22 maxlen: 22
194.163.68.0/22 maxlen: 22
194.163.72.0/22 maxlen: 22
194.163.76.0/22 maxlen: 22
195.179.80.0/22 maxlen: 22
194.64.148.0/22 maxlen: 22
195.179.32.0/21 maxlen: 24
194.64.156.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 204578256 (0xc319dd0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Validity
Not Before: Feb 14 14:11:17 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=dd0ebbbcd7aea61c057d0fd07535c78f7fb91aa8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:b4:7e:20:e4:f1:e7:4f:21:c9:35:e5:85:13:
76:51:cc:b8:6c:b3:41:05:a6:c7:fc:ce:6e:9c:6d:
db:bb:98:2f:14:a8:b0:75:72:7d:9c:8c:9b:cb:bd:
1a:4d:a9:30:0e:2d:a0:c2:a7:31:90:62:bc:b3:73:
bf:74:01:07:72:9d:35:a8:4e:3b:94:6c:49:18:44:
ce:46:50:1e:e8:40:87:2b:11:5c:3f:41:37:c9:4c:
a9:dd:96:b6:1d:35:36:6d:4c:d6:2a:4c:16:ad:60:
38:9c:cd:9e:13:be:7b:85:5b:5f:1e:9d:26:a8:67:
ed:0f:e1:80:e0:48:20:08:70:88:6c:01:c0:e2:3e:
6a:97:c4:4b:ad:70:17:8e:45:7d:ef:c6:40:1c:f7:
40:38:2d:8c:5f:db:3a:8d:75:8d:ac:93:e4:6f:de:
0a:bc:ad:c7:62:98:7f:cb:77:4d:e8:f4:f1:e5:b1:
15:f9:96:27:be:68:cb:3d:8d:45:bc:5d:c8:da:41:
a6:4c:5a:de:fe:e2:5b:22:33:95:87:d8:e8:c9:6a:
94:b4:0d:8b:50:80:19:45:f3:80:aa:6b:7a:b5:fd:
3b:76:79:9a:f8:05:18:a8:8b:2a:c0:61:28:a0:b4:
c0:56:7d:da:a3:ce:39:f4:59:cd:24:e0:60:29:48:
c8:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:0E:BB:BC:D7:AE:A6:1C:05:7D:0F:D0:75:35:C7:8F:7F:B9:1A:A8
X509v3 Authority Key Identifier:
keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/3Q67vNeuphwFfQ_QdTXHj3-5Gqg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.64.88.0/21
194.64.148.0/22
194.64.156.0/22
194.64.172.0/22
194.163.68.0-194.163.79.255
194.233.16.0/21
195.179.32.0/21
195.179.80.0/22
195.180.132.0/22
195.180.140.0/22
195.252.160.0/22
212.224.0.0/22
Signature Algorithm: sha256WithRSAEncryption
68:e5:94:bc:f4:cc:cd:dd:6c:f8:df:ba:aa:8f:82:94:56:4e:
ae:c2:fd:c9:9a:b4:4f:ee:8c:cb:e7:82:e3:d5:30:0c:41:49:
03:ae:92:70:74:12:8f:c3:bd:da:1b:2f:51:cf:22:3e:fe:df:
e0:6f:76:d3:c8:d7:a1:33:d3:53:25:e6:30:8c:1f:3a:f0:ce:
04:86:33:d8:70:04:a1:4d:de:69:9d:25:7c:d8:97:ca:f8:83:
4f:6d:8c:99:b0:ed:a2:8f:92:6c:6b:5f:72:92:9d:db:0f:4c:
0c:55:1c:4d:0f:5a:2e:3a:f4:45:2b:1f:4e:ef:ce:67:b5:6f:
f1:ef:78:91:37:a8:a2:31:35:b5:4f:94:13:20:9d:d4:dd:a1:
b1:79:d9:1c:45:be:23:00:00:c7:d8:6c:7a:0b:6d:67:e0:ec:
9d:a6:b1:44:98:69:25:3f:3d:c9:41:12:13:d9:1f:f3:c7:6b:
af:cf:f6:42:5f:c2:a2:17:93:3d:b0:34:b4:94:81:0b:ed:af:
fe:b6:93:21:ca:25:fb:9a:db:45:d9:97:b2:eb:86:10:6f:cf:
11:a8:f0:6c:79:15:c7:4f:76:c9:af:dc:02:d1:3e:9b:ff:86:
9e:f9:ce:ef:8c:42:7c:e5:12:1e:96:40:dc:7d:55:13:85:98:
d9:09:de:b9
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgIEDDGd0DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NzQ3MDE3NTY0YzcxMWJjYmQ1NzY4MGEwZGZkMDBmMmE1ZDA5OWRiMB4XDTIyMDIx
NDE0MTExN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGQwZWJiYmNkN2Fl
YTYxYzA1N2QwZmQwNzUzNWM3OGY3ZmI5MWFhODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKq0fiDk8edPIck15YUTdlHMuGyzQQWmx/zObpxt27uYLxSo
sHVyfZyMm8u9Gk2pMA4toMKnMZBivLNzv3QBB3KdNahOO5RsSRhEzkZQHuhAhysR
XD9BN8lMqd2Wth01Nm1M1ipMFq1gOJzNnhO+e4VbXx6dJqhn7Q/hgOBIIAhwiGwB
wOI+apfES61wF45Ffe/GQBz3QDgtjF/bOo11jayT5G/eCrytx2KYf8t3Tej08eWx
FfmWJ75oyz2NRbxdyNpBpkxa3v7iWyIzlYfY6MlqlLQNi1CAGUXzgKprerX9O3Z5
mvgFGKiLKsBhKKC0wFZ92qPOOfRZzSTgYClIyGMCAwEAAaOCAlMwggJPMB0GA1Ud
DgQWBBTdDru8166mHAV9D9B1NcePf7kaqDAfBgNVHSMEGDAWgBTXRwF1ZMcRvL1X
aAoN/QDypdCZ2zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEwY0JkV1RIRWJ5OVYyZ0tEZjBBOHFYUW1kcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTgvYmEyMzYyLTBjYzUtNDliZC1hNTIyLTRmMGU4Y2UxMWE3ZC8x
LzNRNjd2TmV1cGh3RmZRX1FkVFhIajMtNUdxZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTgv
YmEyMzYyLTBjYzUtNDliZC1hNTIyLTRmMGU4Y2UxMWE3ZC8xLzEwY0JkV1RIRWJ5
OVYyZ0tEZjBBOHFYUW1kcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBp
BggrBgEFBQcBBwEB/wRaMFgwVgQCAAEwUAMEA8JAWAMEAsJAlAMEAsJAnAMEAsJA
rDAMAwQCwqNEAwQEwqNAAwQDwukQAwQDw7MgAwQCw7NQAwQCw7SEAwQCw7SMAwQC
w/ygAwQC1OAAMA0GCSqGSIb3DQEBCwUAA4IBAQBo5ZS89MzN3Wz437qqj4KUVk6u
wv3JmrRP7ozL54Lj1TAMQUkDrpJwdBKPw73aGy9RzyI+/t/gb3bTyNehM9NTJeYw
jB868M4EhjPYcAShTd5pnSV82JfK+INPbYyZsO2ij5Jsa19ykp3bD0wMVRxND1ou
OvRFKx9O785ntW/x73iRN6iiMTW1T5QTIJ3U3aGxedkcRb4jAADH2Gx6C21n4Oyd
prFEmGklPz3JQRIT2R/zx2uvz/ZCX8KiF5M9sDS0lIEL7a/+tpMhyiX7mttF2Zey
64YQb88RqPBseRXHT3bJr9wC0T6b/4ae+c7vjEJ85RIelkDcfVUThZjZCd65
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:48:29 2023 by rpki-client on console-ams.rpki-client.org