Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/29/dbc699-4e72-4dfa-9d02-d83cfed24f48/1/ROOlqpurlXq7ATsdfuWl2sWP1wE.roa
File: ROOlqpurlXq7ATsdfuWl2sWP1wE.roa (raw, json)
Hash identifier: g5tAusWUwI60Tns8PqrxoqKWco3wrg6sqI0b04cBCyM=
Subject key identifier: 44:E3:A5:AA:9B:AB:95:7A:BB:01:3B:1D:7E:E5:A5:DA:C5:8F:D7:01
Certificate issuer: /CN=a12ef01850a8733356b5f7785d56b092703cf562
Certificate serial: 259B58
Authority key identifier: A1:2E:F0:18:50:A8:73:33:56:B5:F7:78:5D:56:B0:92:70:3C:F5:62
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oS7wGFCoczNWtfd4XVawknA89WI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/29/dbc699-4e72-4dfa-9d02-d83cfed24f48/1/ROOlqpurlXq7ATsdfuWl2sWP1wE.roa
Signing time: Sat 19 Feb 2022 10:56:46 +0000
ROA not before: Sat 19 Feb 2022 10:56:46 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 6898
IP address blocks: 31.44.32.0/20 maxlen: 20
185.155.184.0/23 maxlen: 23
193.221.216.0/23 maxlen: 23
31.44.46.0/23 maxlen: 23
46.21.16.0/23 maxlen: 23
46.21.31.0/24 maxlen: 24
46.21.29.0/24 maxlen: 24
193.222.104.0/23 maxlen: 23
2a0f:e880::/29 maxlen: 48
2a00:bd00::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2464600 (0x259b58)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a12ef01850a8733356b5f7785d56b092703cf562
Validity
Not Before: Feb 19 10:56:46 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=44e3a5aa9bab957abb013b1d7ee5a5dac58fd701
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ee:0f:be:cf:be:c9:47:6a:be:34:1a:45:1e:68:
25:9f:e4:ab:63:d5:a3:2d:e0:f1:e5:10:c9:b7:c9:
15:43:e2:62:4f:c3:4a:f3:d9:e6:8b:d9:ff:08:30:
14:42:1b:95:b9:ce:4c:bb:92:da:6f:c9:1e:52:9e:
b9:d7:54:71:6e:76:c2:87:ff:4b:26:33:d2:07:23:
4b:7c:2a:9a:fd:cd:50:c9:a4:c9:f1:57:c5:a7:1f:
e7:05:49:2c:f5:2b:95:50:71:6a:ec:3a:88:b0:5b:
d7:cc:4a:c3:6b:99:44:94:7d:01:6a:91:61:aa:6e:
84:69:06:a3:bc:09:d1:7b:e0:c3:bd:81:94:77:17:
de:2a:fe:b1:22:42:74:ad:a2:a7:16:61:5c:6e:59:
2d:b1:46:89:b3:41:1a:2f:95:c5:ee:85:ca:4f:b6:
00:5d:1f:93:29:e9:96:81:14:24:72:8f:ab:0c:f8:
20:3d:c4:ba:53:fd:84:92:bd:44:f9:b5:6f:d4:ca:
19:d8:5b:cc:b8:32:b6:f3:e1:e0:1b:d1:d3:f3:17:
c9:0a:7f:27:c1:11:7d:04:95:00:b7:cf:6a:c8:af:
38:9d:70:21:66:19:08:f8:b8:e9:e2:80:86:9d:86:
db:39:ce:1f:89:11:57:d4:86:d9:2d:3c:95:a8:ca:
08:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:E3:A5:AA:9B:AB:95:7A:BB:01:3B:1D:7E:E5:A5:DA:C5:8F:D7:01
X509v3 Authority Key Identifier:
keyid:A1:2E:F0:18:50:A8:73:33:56:B5:F7:78:5D:56:B0:92:70:3C:F5:62
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oS7wGFCoczNWtfd4XVawknA89WI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/29/dbc699-4e72-4dfa-9d02-d83cfed24f48/1/ROOlqpurlXq7ATsdfuWl2sWP1wE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/29/dbc699-4e72-4dfa-9d02-d83cfed24f48/1/oS7wGFCoczNWtfd4XVawknA89WI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.44.32.0/20
46.21.16.0/23
46.21.29.0/24
46.21.31.0/24
185.155.184.0/23
193.221.216.0/23
193.222.104.0/23
IPv6:
2a00:bd00::/32
2a0f:e880::/29
Signature Algorithm: sha256WithRSAEncryption
11:06:a8:27:7e:29:9c:86:5c:b8:91:dd:b4:31:b4:83:24:05:
81:69:b3:60:ed:6e:3c:ff:ed:07:8c:93:47:e8:f8:1f:8c:6d:
0b:2b:a3:03:bd:33:ea:04:a1:f9:d4:ed:fd:c1:b7:4c:7a:ab:
92:d4:85:4c:4f:db:d8:26:14:e0:6b:d1:ad:b5:fe:79:92:88:
f8:f7:da:ea:f3:9c:9e:55:12:73:8b:1f:2c:8b:12:b3:8d:8e:
91:ab:48:14:d5:76:5f:ed:e8:84:23:19:9e:2b:27:0a:0c:51:
7a:d8:83:05:07:7c:dc:67:41:47:76:78:bf:69:1d:1b:7f:c5:
65:35:e1:02:38:76:dd:cf:d6:2d:c8:97:18:31:ba:b4:15:81:
89:f5:47:67:54:58:67:8f:6b:d5:a1:3f:67:8a:06:7f:ad:b7:
eb:76:a6:02:c7:10:29:b1:42:bf:70:37:67:56:12:e3:22:dd:
60:c1:90:32:3f:ce:34:59:72:c1:28:86:da:70:97:5e:6a:09:
36:f1:ab:03:55:06:6e:6d:ce:86:42:b9:05:3f:3f:62:29:38:
d4:96:5c:fb:07:a7:be:6d:bf:6a:5f:28:4e:93:9c:7c:77:da:
c6:a9:b2:b0:52:13:b6:ed:03:38:53:d4:b0:f1:31:99:ec:38:
f3:bf:11:00
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIDJZtYMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKGEx
MmVmMDE4NTBhODczMzM1NmI1Zjc3ODVkNTZiMDkyNzAzY2Y1NjIwHhcNMjIwMjE5
MTA1NjQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg0NGUzYTVhYTliYWI5
NTdhYmIwMTNiMWQ3ZWU1YTVkYWM1OGZkNzAxMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA7g++z77JR2q+NBpFHmgln+SrY9WjLeDx5RDJt8kVQ+JiT8NK
89nmi9n/CDAUQhuVuc5Mu5Lab8keUp6511RxbnbCh/9LJjPSByNLfCqa/c1QyaTJ
8VfFpx/nBUks9SuVUHFq7DqIsFvXzErDa5lElH0BapFhqm6EaQajvAnRe+DDvYGU
dxfeKv6xIkJ0raKnFmFcblktsUaJs0EaL5XF7oXKT7YAXR+TKemWgRQkco+rDPgg
PcS6U/2Ekr1E+bVv1MoZ2FvMuDK28+HgG9HT8xfJCn8nwRF9BJUAt89qyK84nXAh
ZhkI+Ljp4oCGnYbbOc4fiRFX1IbZLTyVqMoIFQIDAQABo4ICQzCCAj8wHQYDVR0O
BBYEFETjpaqbq5V6uwE7HX7lpdrFj9cBMB8GA1UdIwQYMBaAFKEu8BhQqHMzVrX3
eF1WsJJwPPViMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
b1M3d0dGQ29jek5XdGZkNFhWYXdrbkE4OVdJLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC8yOS9kYmM2OTktNGU3Mi00ZGZhLTlkMDItZDgzY2ZlZDI0ZjQ4LzEv
Uk9PbHFwdXJsWHE3QVRzZGZ1V2wyc1dQMXdFLnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOS9k
YmM2OTktNGU3Mi00ZGZhLTlkMDItZDgzY2ZlZDI0ZjQ4LzEvb1M3d0dGQ29jek5X
dGZkNFhWYXdrbkE4OVdJLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFkG
CCsGAQUFBwEHAQH/BEowSDAwBAIAATAqAwQEHywgAwQBLhUQAwQALhUdAwQALhUf
AwQBuZu4AwQBwd3YAwQBwd5oMBQEAgACMA4DBQAqAL0AAwUDKg/ogDANBgkqhkiG
9w0BAQsFAAOCAQEAEQaoJ34pnIZcuJHdtDG0gyQFgWmzYO1uPP/tB4yTR+j4H4xt
CyujA70z6gSh+dTt/cG3THqrktSFTE/b2CYU4GvRrbX+eZKI+Pfa6vOcnlUSc4sf
LIsSs42OkatIFNV2X+3ohCMZnisnCgxRetiDBQd83GdBR3Z4v2kdG3/FZTXhAjh2
3c/WLciXGDG6tBWBifVHZ1RYZ49r1aE/Z4oGf62363amAscQKbFCv3A3Z1YS4yLd
YMGQMj/ONFlywSiG2nCXXmoJNvGrA1UGbm3OhkK5BT8/Yik41JZc+wenvm2/al8o
TpOcfHfaxqmysFITtu0DOFPUsPExmew4878RAA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:40 2023 by rpki-client on console-fra.rpki-client.org