Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/3_1B7mei_ZDalRgv2JXYTcMjX7k.roa
File: 3_1B7mei_ZDalRgv2JXYTcMjX7k.roa (raw, json)
Hash identifier: okCx7lujWiom3RwQqHEjpvlNAv30bdjlYXcSizuUilw=
Subject key identifier: DF:FD:41:EE:67:A2:FD:90:DA:95:18:2F:D8:95:D8:4D:C3:23:5F:B9
Certificate issuer: /CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Certificate serial: 485AAF0F
Authority key identifier: EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/3_1B7mei_ZDalRgv2JXYTcMjX7k.roa
Signing time: Sat 01 Jan 2022 03:00:21 +0000
ROA not before: Sat 01 Jan 2022 03:00:21 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 35277
IP address blocks: 91.243.40.0/24 maxlen: 24
91.243.43.0/24 maxlen: 24
5.189.216.0/24 maxlen: 24
5.188.179.0/24 maxlen: 24
5.189.253.0/24 maxlen: 24
5.189.255.0/24 maxlen: 24
5.101.44.0/24 maxlen: 24
5.188.202.0/24 maxlen: 24
5.188.201.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1213902607 (0x485aaf0f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=eaaa8a0a5fdfd698e104be36a2aeec813aeca071
Validity
Not Before: Jan 1 03:00:21 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=dffd41ee67a2fd90da95182fd895d84dc3235fb9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:64:58:ac:7b:46:f3:17:25:4b:a6:46:3d:0c:
43:90:73:f0:32:03:39:3d:12:22:82:44:9d:ef:f7:
df:b8:70:81:f3:b0:5d:ce:85:61:18:c8:9b:e3:aa:
2b:69:6b:6e:6e:93:db:cf:62:4b:2c:4d:17:e8:ce:
05:75:48:43:8d:82:11:2b:70:e0:e2:03:80:51:2a:
6b:22:d4:b7:49:70:51:b0:be:58:37:98:b7:44:1f:
bb:66:57:48:38:71:c8:d4:82:f4:65:9f:03:0b:35:
d5:da:93:5c:ee:0d:d8:2b:bd:04:01:cf:b2:35:cd:
4c:56:85:5a:04:33:81:bb:bc:a3:93:3d:a7:40:5e:
06:64:95:d0:e5:1e:6d:5b:b9:95:e8:c2:d4:cc:44:
67:bc:f8:08:cf:1d:52:65:12:d3:fc:7f:85:54:85:
64:3b:b0:d4:7a:70:33:58:69:04:76:f7:a5:7d:9f:
31:63:de:62:16:49:e4:02:e9:7a:b2:55:5b:51:f9:
b6:df:4d:88:40:9e:c0:96:04:b6:fe:16:9f:83:d3:
73:dd:61:96:b9:a9:40:a5:4a:ba:3b:da:aa:b2:32:
2f:24:e1:5e:d5:b0:ff:77:7f:c6:fa:84:7d:97:80:
c0:02:1b:6d:4d:6a:f6:b6:ad:6e:0e:69:ad:83:07:
bc:17
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:FD:41:EE:67:A2:FD:90:DA:95:18:2F:D8:95:D8:4D:C3:23:5F:B9
X509v3 Authority Key Identifier:
keyid:EA:AA:8A:0A:5F:DF:D6:98:E1:04:BE:36:A2:AE:EC:81:3A:EC:A0:71
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6qqKCl_f1pjhBL42oq7sgTrsoHE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/3_1B7mei_ZDalRgv2JXYTcMjX7k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1c/2932df-a4bd-4af5-a4d4-89d09240c43b/1/6qqKCl_f1pjhBL42oq7sgTrsoHE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.101.44.0/24
5.188.179.0/24
5.188.201.0-5.188.202.255
5.189.216.0/24
5.189.253.0/24
5.189.255.0/24
91.243.40.0/24
91.243.43.0/24
Signature Algorithm: sha256WithRSAEncryption
b0:8f:2f:18:66:e7:c7:f1:ab:70:13:d1:3b:ac:2d:e3:da:aa:
94:85:94:a6:26:ec:fe:33:58:38:48:09:a1:98:a5:8b:3b:f1:
7c:cd:ba:02:ea:8f:2c:d1:07:5b:e3:87:0b:cc:cc:e7:88:96:
06:94:a8:ac:8c:1a:8d:2a:88:65:37:40:ee:82:cf:c7:a0:17:
97:84:ce:de:f7:de:12:8b:ed:05:d8:72:4b:d8:52:61:52:1c:
4f:48:d8:d7:85:df:b6:93:b6:3a:60:15:c1:81:64:00:59:72:
b6:da:06:a3:db:33:c2:29:a3:4c:10:65:ea:3a:bc:62:79:38:
85:2e:90:13:2e:f7:60:07:e5:0b:ff:6a:6f:d6:de:a6:4b:51:
7f:06:3a:0d:25:f6:91:cc:41:12:af:24:ac:05:c1:f2:3a:a7:
7d:a7:c6:a8:ce:42:63:34:5d:95:8a:bb:00:12:34:97:01:3b:
ed:95:35:58:1b:79:2f:d1:fe:6a:5c:bc:21:45:42:f1:22:d7:
9e:9c:4b:26:23:c1:82:e4:16:06:dc:50:c7:ac:27:98:1f:67:
3b:f7:be:c7:b6:d0:12:a0:45:72:b4:da:50:47:1a:8d:51:58:
23:3b:bf:5d:e5:84:71:1b:7b:e1:00:e8:18:03:f7:bc:42:2c:
3f:ab:98:d7
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgIESFqvDzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
YWFhOGEwYTVmZGZkNjk4ZTEwNGJlMzZhMmFlZWM4MTNhZWNhMDcxMB4XDTIyMDEw
MTAzMDAyMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGZmZDQxZWU2N2Ey
ZmQ5MGRhOTUxODJmZDg5NWQ4NGRjMzIzNWZiOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJdkWKx7RvMXJUumRj0MQ5Bz8DIDOT0SIoJEne/337hwgfOw
Xc6FYRjIm+OqK2lrbm6T289iSyxNF+jOBXVIQ42CEStw4OIDgFEqayLUt0lwUbC+
WDeYt0Qfu2ZXSDhxyNSC9GWfAws11dqTXO4N2Cu9BAHPsjXNTFaFWgQzgbu8o5M9
p0BeBmSV0OUebVu5lejC1MxEZ7z4CM8dUmUS0/x/hVSFZDuw1HpwM1hpBHb3pX2f
MWPeYhZJ5ALperJVW1H5tt9NiECewJYEtv4Wn4PTc91hlrmpQKVKujvaqrIyLyTh
XtWw/3d/xvqEfZeAwAIbbU1q9ratbg5prYMHvBcCAwEAAaOCAjswggI3MB0GA1Ud
DgQWBBTf/UHuZ6L9kNqVGC/YldhNwyNfuTAfBgNVHSMEGDAWgBTqqooKX9/WmOEE
vjairuyBOuygcTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzZxcUtDbF9mMXBqaEJMNDJvcTdzZ1Ryc29IRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMWMvMjkzMmRmLWE0YmQtNGFmNS1hNGQ0LTg5ZDA5MjQwYzQzYi8x
LzNfMUI3bWVpX1pEYWxSZ3YySlhZVGNNalg3ay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMWMv
MjkzMmRmLWE0YmQtNGFmNS1hNGQ0LTg5ZDA5MjQwYzQzYi8xLzZxcUtDbF9mMXBq
aEJMNDJvcTdzZ1Ryc29IRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBR
BggrBgEFBQcBBwEB/wRCMEAwPgQCAAEwOAMEAAVlLAMEAAW8szAMAwQABbzJAwQA
BbzKAwQABb3YAwQABb39AwQABb3/AwQAW/MoAwQAW/MrMA0GCSqGSIb3DQEBCwUA
A4IBAQCwjy8YZufH8atwE9E7rC3j2qqUhZSmJuz+M1g4SAmhmKWLO/F8zboC6o8s
0Qdb44cLzMzniJYGlKisjBqNKohlN0Dugs/HoBeXhM7e994Si+0F2HJL2FJhUhxP
SNjXhd+2k7Y6YBXBgWQAWXK22gaj2zPCKaNMEGXqOrxieTiFLpATLvdgB+UL/2pv
1t6mS1F/BjoNJfaRzEESrySsBcHyOqd9p8aozkJjNF2VirsAEjSXATvtlTVYG3kv
0f5qXLwhRULxIteenEsmI8GC5BYG3FDHrCeYH2c7977HttASoEVytNpQRxqNUVgj
O79d5YRxG3vhAOgYA/e8Qiw/q5jX
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:48:43 2023 by rpki-client on console-ams.rpki-client.org