Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/N6iFENexlGdPgtB5GwDMQWWp-1g.roa
File: N6iFENexlGdPgtB5GwDMQWWp-1g.roa (raw, json)
Hash identifier: BuAuG/wv2M9+/KGa2FHZnVhZ2reBKY4gk0u+lXJUUG8=
Subject key identifier: 37:A8:85:10:D7:B1:94:67:4F:82:D0:79:1B:00:CC:41:65:A9:FB:58
Certificate issuer: /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial: 0D488F7C
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/N6iFENexlGdPgtB5GwDMQWWp-1g.roa
Signing time: Tue 17 May 2022 08:03:33 +0000
ROA not before: Tue 17 May 2022 08:03:33 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 21700
IP address blocks: 151.106.80.0/20 maxlen: 24
194.233.240.0/20 maxlen: 24
195.179.96.0/22 maxlen: 22
195.179.104.0/22 maxlen: 22
195.180.168.0/22 maxlen: 22
195.180.172.0/22 maxlen: 22
194.163.224.0/20 maxlen: 24
194.195.16.0/20 maxlen: 24
62.138.68.0/22 maxlen: 22
62.138.76.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 222859132 (0xd488f7c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Validity
Not Before: May 17 08:03:33 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=37a88510d7b194674f82d0791b00cc4165a9fb58
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:49:79:96:40:90:fe:4e:8b:a6:1b:6b:1b:4e:
45:ba:52:19:ff:64:08:9d:bf:f6:85:b5:be:ec:56:
ee:bf:c4:91:db:f6:a2:f8:92:c3:af:4f:bf:49:a7:
c9:cf:20:eb:b2:8e:8e:41:d7:a3:8c:c8:57:ea:a0:
77:6a:60:2c:71:6f:75:59:aa:7e:98:90:fd:98:c7:
f1:83:df:92:77:ea:c5:2c:d4:f6:f8:6f:76:9c:3f:
f7:47:76:98:dc:f0:99:b3:bc:b2:95:e1:b0:89:5c:
54:ca:6d:2c:ab:78:ec:67:c1:3f:08:59:b3:13:79:
ca:da:b2:98:d3:1b:aa:96:a5:31:62:30:6c:c5:3f:
94:ec:82:ab:ef:5d:5c:02:93:52:cb:11:2f:df:93:
17:14:79:db:b5:4a:3a:2c:92:03:ab:65:cd:5e:cc:
41:ce:d8:b4:94:b1:2f:24:8f:26:7d:73:65:db:96:
b4:6a:fe:c9:b6:1f:dc:ed:9c:84:79:37:a1:40:df:
de:ca:fc:85:58:ee:de:d6:c1:7e:78:53:34:f1:c7:
53:76:05:ac:f3:73:cf:ec:bf:48:a9:d3:26:ce:81:
69:9e:7b:51:4b:b1:6b:6f:6a:7b:78:61:6d:1e:49:
5b:35:f6:98:9b:1a:04:ff:e0:b3:3c:6e:a8:17:84:
1f:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
37:A8:85:10:D7:B1:94:67:4F:82:D0:79:1B:00:CC:41:65:A9:FB:58
X509v3 Authority Key Identifier:
keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/N6iFENexlGdPgtB5GwDMQWWp-1g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.138.68.0/22
62.138.76.0/22
151.106.80.0/20
194.163.224.0/20
194.195.16.0/20
194.233.240.0/20
195.179.96.0/22
195.179.104.0/22
195.180.168.0/21
Signature Algorithm: sha256WithRSAEncryption
03:86:52:73:a5:a0:84:d7:ba:76:17:bb:a6:e8:e0:87:9b:12:
22:c4:b9:5f:1b:ce:b2:07:d6:88:8f:0a:77:6d:84:d8:d2:46:
fd:02:4d:ba:f8:e8:35:29:aa:f3:94:4d:55:5c:bd:f9:93:b8:
ef:b1:17:6c:40:da:5e:31:3e:76:f9:63:cc:ba:1b:ba:5a:da:
ef:5c:d0:e4:df:ce:a8:24:6f:30:ab:58:21:a7:18:ce:b4:48:
66:87:b6:07:b5:fd:1c:44:3a:f7:7c:46:54:98:d2:89:c8:b0:
71:e4:6c:95:fe:70:0c:20:c9:73:b4:86:4c:f4:49:1a:a8:a3:
a8:ac:98:84:99:7b:e1:ef:a2:c5:34:d5:f3:db:80:da:37:70:
94:77:c7:ec:b0:b3:9e:74:72:bf:f9:81:e4:a4:f2:cc:78:13:
45:4f:74:04:bf:ff:22:f2:69:06:57:c0:01:1d:51:fb:0a:ae:
8e:89:df:fa:09:d1:3f:b4:9f:12:52:09:42:e0:36:d0:34:9b:
76:31:1e:69:ba:9e:b4:7d:d5:7a:c3:6e:f5:98:13:74:7c:c5:
9d:8e:03:a4:6e:e8:89:5e:c2:25:82:f0:1d:86:8b:7a:b8:6a:
cb:96:b9:56:cc:bc:bf:53:b0:c5:8f:52:4c:96:d9:fc:b7:06:
03:5a:0a:38
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIEDUiPfDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NzQ3MDE3NTY0YzcxMWJjYmQ1NzY4MGEwZGZkMDBmMmE1ZDA5OWRiMB4XDTIyMDUx
NzA4MDMzM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzdhODg1MTBkN2Ix
OTQ2NzRmODJkMDc5MWIwMGNjNDE2NWE5ZmI1ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKBJeZZAkP5Oi6YbaxtORbpSGf9kCJ2/9oW1vuxW7r/Ekdv2
oviSw69Pv0mnyc8g67KOjkHXo4zIV+qgd2pgLHFvdVmqfpiQ/ZjH8YPfknfqxSzU
9vhvdpw/90d2mNzwmbO8spXhsIlcVMptLKt47GfBPwhZsxN5ytqymNMbqpalMWIw
bMU/lOyCq+9dXAKTUssRL9+TFxR527VKOiySA6tlzV7MQc7YtJSxLySPJn1zZduW
tGr+ybYf3O2chHk3oUDf3sr8hVju3tbBfnhTNPHHU3YFrPNzz+y/SKnTJs6BaZ57
UUuxa29qe3hhbR5JWzX2mJsaBP/gszxuqBeEHwsCAwEAAaOCAjkwggI1MB0GA1Ud
DgQWBBQ3qIUQ17GUZ0+C0HkbAMxBZan7WDAfBgNVHSMEGDAWgBTXRwF1ZMcRvL1X
aAoN/QDypdCZ2zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEwY0JkV1RIRWJ5OVYyZ0tEZjBBOHFYUW1kcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTgvYmEyMzYyLTBjYzUtNDliZC1hNTIyLTRmMGU4Y2UxMWE3ZC8x
L042aUZFTmV4bEdkUGd0QjVHd0RNUVdXcC0xZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTgv
YmEyMzYyLTBjYzUtNDliZC1hNTIyLTRmMGU4Y2UxMWE3ZC8xLzEwY0JkV1RIRWJ5
OVYyZ0tEZjBBOHFYUW1kcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBP
BggrBgEFBQcBBwEB/wRAMD4wPAQCAAEwNgMEAj6KRAMEAj6KTAMEBJdqUAMEBMKj
4AMEBMLDEAMEBMLp8AMEAsOzYAMEAsOzaAMEA8O0qDANBgkqhkiG9w0BAQsFAAOC
AQEAA4ZSc6WghNe6dhe7pujgh5sSIsS5XxvOsgfWiI8Kd22E2NJG/QJNuvjoNSmq
85RNVVy9+ZO477EXbEDaXjE+dvljzLobulra71zQ5N/OqCRvMKtYIacYzrRIZoe2
B7X9HEQ693xGVJjSiciwceRslf5wDCDJc7SGTPRJGqijqKyYhJl74e+ixTTV89uA
2jdwlHfH7LCznnRyv/mB5KTyzHgTRU90BL//IvJpBlfAAR1R+wqujonf+gnRP7Sf
ElIJQuA20DSbdjEeabqetH3VesNu9ZgTdHzFnY4DpG7oiV7CJYLwHYaLerhqy5a5
Vsy8v1OwxY9STJbZ/LcGA1oKOA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:48:29 2023 by rpki-client on console-ams.rpki-client.org