Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/jZTN1WBT1ooptdl4ddVJMYaVvIY.roa
File: jZTN1WBT1ooptdl4ddVJMYaVvIY.roa (raw, json)
Hash identifier: /a9uEwpKQN/yjGpk+PaC0MGuqnfqBJUiAFz948U5s+4=
Subject key identifier: 8D:94:CD:D5:60:53:D6:8A:29:B5:D9:78:75:D5:49:31:86:95:BC:86
Certificate issuer: /CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Certificate serial: 0C961A95
Authority key identifier: D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/jZTN1WBT1ooptdl4ddVJMYaVvIY.roa
Signing time: Mon 21 Mar 2022 10:23:28 +0000
ROA not before: Mon 21 Mar 2022 10:23:28 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 34549
IP address blocks: 195.180.132.0/22 maxlen: 22
195.180.140.0/22 maxlen: 22
212.224.0.0/22 maxlen: 24
195.252.160.0/22 maxlen: 24
194.195.96.0/22 maxlen: 22
195.179.44.0/22 maxlen: 22
194.233.16.0/22 maxlen: 24
194.233.20.0/22 maxlen: 22
194.64.172.0/22 maxlen: 22
194.163.68.0/22 maxlen: 22
194.163.72.0/22 maxlen: 22
194.163.76.0/22 maxlen: 22
194.233.52.0/22 maxlen: 22
195.179.80.0/22 maxlen: 22
194.64.148.0/22 maxlen: 22
195.179.32.0/21 maxlen: 24
194.64.156.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 211163797 (0xc961a95)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d747017564c711bcbd57680a0dfd00f2a5d099db
Validity
Not Before: Mar 21 10:23:28 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=8d94cdd56053d68a29b5d97875d549318695bc86
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:37:b1:3d:a9:06:c8:a7:f0:0f:bc:de:76:8a:
76:a4:27:54:67:04:b2:05:e1:bb:11:ec:dd:36:6a:
ca:e7:a0:62:08:b4:a8:33:cd:f2:5f:92:55:fe:24:
f2:1b:ef:9e:54:06:a3:9f:4f:9c:28:e2:eb:d2:4d:
84:a0:d8:56:10:0d:0a:66:ce:72:93:ac:09:59:12:
a7:41:57:09:c6:5c:c1:59:d7:3a:58:6f:5f:be:03:
57:56:98:42:9a:5f:82:7e:72:82:35:57:13:66:81:
50:60:17:86:67:ca:6f:e9:20:c0:b2:f3:61:c4:22:
03:0f:5c:65:89:70:14:94:a3:c6:6e:1b:3e:40:16:
47:7b:a7:9e:76:3b:1e:3e:88:e1:27:51:a6:f2:f9:
01:d5:c7:6c:f5:04:28:0a:8c:3b:4c:2b:b2:4e:46:
bd:e8:0e:df:ec:a1:9e:b5:37:ed:75:2e:25:83:77:
43:db:69:8f:8e:a5:e7:f2:d6:34:c2:6e:e0:ad:25:
41:8d:7a:c2:f3:f6:a0:0d:6c:00:72:5c:5f:12:50:
c7:ec:60:26:97:8b:b4:18:79:54:64:f5:fa:00:3d:
72:a4:2d:38:54:7c:f0:19:6e:4c:fc:04:06:85:d0:
cc:1e:8a:b8:4d:ac:3c:c1:b6:a9:86:47:46:36:f0:
5c:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:94:CD:D5:60:53:D6:8A:29:B5:D9:78:75:D5:49:31:86:95:BC:86
X509v3 Authority Key Identifier:
keyid:D7:47:01:75:64:C7:11:BC:BD:57:68:0A:0D:FD:00:F2:A5:D0:99:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/10cBdWTHEby9V2gKDf0A8qXQmds.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/jZTN1WBT1ooptdl4ddVJMYaVvIY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/18/ba2362-0cc5-49bd-a522-4f0e8ce11a7d/1/10cBdWTHEby9V2gKDf0A8qXQmds.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
194.64.148.0/22
194.64.156.0/22
194.64.172.0/22
194.163.68.0-194.163.79.255
194.195.96.0/22
194.233.16.0/21
194.233.52.0/22
195.179.32.0/21
195.179.44.0/22
195.179.80.0/22
195.180.132.0/22
195.180.140.0/22
195.252.160.0/22
212.224.0.0/22
Signature Algorithm: sha256WithRSAEncryption
83:e9:59:a9:56:f1:0f:46:56:b6:53:05:b9:5d:a7:8f:69:fe:
b1:39:2f:59:c4:40:d1:d5:cc:5a:81:fb:0e:09:7e:b2:70:dc:
b6:ba:65:43:e6:93:c7:20:0f:8d:98:de:06:bf:a8:4a:5e:df:
6a:4e:de:94:ea:31:77:83:58:67:31:10:3f:7c:1c:49:22:e1:
19:20:5b:dd:56:ff:58:15:6a:33:ee:da:d6:cc:8f:f7:ed:f6:
5f:0c:70:6d:19:78:2f:e4:a8:7b:b3:f2:fa:f7:ec:d3:20:94:
fb:bd:d7:f1:f7:87:3d:19:78:f2:c5:08:6a:60:50:14:0a:05:
e0:79:51:b3:8e:7d:65:19:d8:c9:fc:d6:78:cb:93:73:44:53:
ab:66:a7:bc:23:78:be:c6:bb:d2:fb:54:cb:43:7c:a5:5d:0d:
27:e6:e7:80:e3:7a:4f:e9:bc:cc:82:c6:6b:6a:75:e9:54:9a:
48:76:bc:4d:5e:73:b0:82:be:dd:b5:11:56:92:c1:c4:76:54:
b7:ae:a5:d0:87:4a:4f:79:3e:83:ac:6d:8f:ee:b0:3f:33:40:
e9:fb:55:7e:46:7d:ea:9c:58:ff:a1:9d:02:01:57:c7:be:f1:
b8:d6:25:ea:27:c7:79:30:e5:03:52:e9:b7:46:02:e7:83:86:
e8:5d:5f:d6
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgIEDJYalTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
NzQ3MDE3NTY0YzcxMWJjYmQ1NzY4MGEwZGZkMDBmMmE1ZDA5OWRiMB4XDTIyMDMy
MTEwMjMyOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGQ5NGNkZDU2MDUz
ZDY4YTI5YjVkOTc4NzVkNTQ5MzE4Njk1YmM4NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIs3sT2pBsin8A+83naKdqQnVGcEsgXhuxHs3TZqyuegYgi0
qDPN8l+SVf4k8hvvnlQGo59PnCji69JNhKDYVhANCmbOcpOsCVkSp0FXCcZcwVnX
OlhvX74DV1aYQppfgn5ygjVXE2aBUGAXhmfKb+kgwLLzYcQiAw9cZYlwFJSjxm4b
PkAWR3unnnY7Hj6I4SdRpvL5AdXHbPUEKAqMO0wrsk5GvegO3+yhnrU37XUuJYN3
Q9tpj46l5/LWNMJu4K0lQY16wvP2oA1sAHJcXxJQx+xgJpeLtBh5VGT1+gA9cqQt
OFR88BluTPwEBoXQzB6KuE2sPMG2qYZHRjbwXBUCAwEAAaOCAl8wggJbMB0GA1Ud
DgQWBBSNlM3VYFPWiim12Xh11UkxhpW8hjAfBgNVHSMEGDAWgBTXRwF1ZMcRvL1X
aAoN/QDypdCZ2zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzEwY0JkV1RIRWJ5OVYyZ0tEZjBBOHFYUW1kcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMTgvYmEyMzYyLTBjYzUtNDliZC1hNTIyLTRmMGU4Y2UxMWE3ZC8x
L2paVE4xV0JUMW9vcHRkbDRkZFZKTVlhVnZJWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMTgv
YmEyMzYyLTBjYzUtNDliZC1hNTIyLTRmMGU4Y2UxMWE3ZC8xLzEwY0JkV1RIRWJ5
OVYyZ0tEZjBBOHFYUW1kcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjB1
BggrBgEFBQcBBwEB/wRmMGQwYgQCAAEwXAMEAsJAlAMEAsJAnAMEAsJArDAMAwQC
wqNEAwQEwqNAAwQCwsNgAwQDwukQAwQCwuk0AwQDw7MgAwQCw7MsAwQCw7NQAwQC
w7SEAwQCw7SMAwQCw/ygAwQC1OAAMA0GCSqGSIb3DQEBCwUAA4IBAQCD6VmpVvEP
Rla2UwW5XaePaf6xOS9ZxEDR1cxagfsOCX6ycNy2umVD5pPHIA+NmN4Gv6hKXt9q
Tt6U6jF3g1hnMRA/fBxJIuEZIFvdVv9YFWoz7trWzI/37fZfDHBtGXgv5Kh7s/L6
9+zTIJT7vdfx94c9GXjyxQhqYFAUCgXgeVGzjn1lGdjJ/NZ4y5NzRFOrZqe8I3i+
xrvS+1TLQ3ylXQ0n5ueA43pP6bzMgsZranXpVJpIdrxNXnOwgr7dtRFWksHEdlS3
rqXQh0pPeT6DrG2P7rA/M0Dp+1V+Rn3qnFj/oZ0CAVfHvvG41iXqJ8d5MOUDUum3
RgLng4boXV/W
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:48:30 2023 by rpki-client on console-ams.rpki-client.org