Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/xJ4S74C42t3iFV_FuhGrd0FScwU.roa
File: xJ4S74C42t3iFV_FuhGrd0FScwU.roa (raw, json)
Hash identifier: AU2oIwwJ9VMQPixJSipTihG6tqZcdeMVa9ers9DWZb0=
Subject key identifier: C4:9E:12:EF:80:B8:DA:DD:E2:15:5F:C5:BA:11:AB:77:41:52:73:05
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 10CBF178
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/xJ4S74C42t3iFV_FuhGrd0FScwU.roa
Signing time: Sat 01 Jan 2022 02:51:06 +0000
ROA not before: Sat 01 Jan 2022 02:51:06 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 12708
IP address blocks: 87.242.128.0/17 maxlen: 24
217.8.0.0/19 maxlen: 24
212.67.96.0/19 maxlen: 24
185.175.48.0/22 maxlen: 24
84.43.0.0/17 maxlen: 24
88.144.0.0/15 maxlen: 24
213.78.0.0/16 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 281801080 (0x10cbf178)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Jan 1 02:51:06 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c49e12ef80b8dadde2155fc5ba11ab7741527305
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:67:41:01:53:0b:2d:e3:47:a1:e4:2d:4d:05:
da:22:1f:62:f1:8f:0f:d4:31:1f:f3:1a:ab:b7:74:
1e:ce:05:cb:7a:f3:55:b3:a7:b5:95:03:04:9e:ac:
49:46:bf:ab:2c:82:66:56:db:01:7f:25:51:0c:24:
3f:f5:e1:7e:3a:71:d8:59:69:3f:47:7a:09:e2:65:
9c:1c:54:c1:3b:b8:e2:41:d2:34:aa:31:9d:d2:ea:
24:43:55:60:31:f5:eb:24:7f:a0:d5:23:7c:7c:8d:
68:ac:35:e1:d6:ca:e8:35:6d:e0:c7:e4:50:aa:1a:
8d:a5:da:25:71:c9:bf:95:9c:f2:78:7e:c9:71:24:
37:05:3c:af:ac:a6:50:e7:c8:4c:38:a4:68:a5:7e:
ef:64:61:d1:34:a5:b2:8c:45:36:78:32:7b:3e:bb:
5a:3c:7b:1f:b3:94:6a:b7:83:42:b6:93:ad:b5:38:
45:91:7e:d7:26:12:a5:43:9b:0c:8a:2f:4a:57:79:
61:0b:b7:90:32:47:3e:96:db:d1:aa:7a:25:68:7a:
7d:23:d0:c8:3f:cb:2f:36:c0:7f:3f:64:db:c4:9f:
ac:61:52:4f:34:11:eb:f6:d8:1d:58:46:9f:91:ff:
35:1e:b5:c3:57:ea:9b:c8:2c:d4:ae:72:a1:75:94:
d2:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:9E:12:EF:80:B8:DA:DD:E2:15:5F:C5:BA:11:AB:77:41:52:73:05
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/xJ4S74C42t3iFV_FuhGrd0FScwU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.43.0.0/17
87.242.128.0/17
88.144.0.0/15
185.175.48.0/22
212.67.96.0/19
213.78.0.0/16
217.8.0.0/19
Signature Algorithm: sha256WithRSAEncryption
44:3e:8b:06:58:43:4d:f0:e8:d8:6c:9c:43:c6:c5:48:ed:87:
f4:58:a4:d8:c0:a5:2f:e0:e7:82:01:79:25:39:b0:c8:b6:cf:
41:94:ad:ed:a0:43:df:5b:51:63:0a:2f:c6:f5:7e:72:01:32:
32:65:a2:e1:75:a8:2f:fa:f7:54:c1:1a:34:94:52:51:1d:c4:
87:11:11:49:a8:c7:3c:32:70:d7:26:3f:12:9d:4b:50:d5:a3:
39:0e:aa:98:53:af:91:f1:54:98:95:90:75:98:d1:30:70:51:
83:05:6d:15:19:cc:f1:a3:d8:93:a6:b9:91:17:57:73:2f:f0:
b5:e8:bc:04:f6:65:29:ee:b6:48:58:42:5c:af:e6:a4:c3:c5:
49:04:ed:d0:ab:52:b7:bd:5d:55:87:4e:6b:22:d6:8c:cf:b0:
39:e4:6c:3b:03:77:c9:f9:63:14:54:24:6e:c6:41:57:33:f1:
e6:9c:65:e2:07:6e:d8:c6:fd:1b:1c:db:91:42:49:56:ce:ed:
e6:4b:56:68:57:43:e1:89:c5:03:56:14:cb:dc:d9:00:23:ff:
ef:a6:da:7e:62:bc:10:88:6d:f0:ea:aa:43:d6:6e:b1:67:bb:
98:fd:f5:cb:06:9e:af:c0:b1:bc:d6:27:8d:f7:ff:84:47:df:
b8:cd:cf:e0
-----BEGIN CERTIFICATE-----
MIIFETCCA/mgAwIBAgIEEMvxeDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
OTgwN2Y2ZDUwZDk3ZDk3MWRjZjJlMmU1MDY0ZTliOTA3YWRiM2VjMB4XDTIyMDEw
MTAyNTEwNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzQ5ZTEyZWY4MGI4
ZGFkZGUyMTU1ZmM1YmExMWFiNzc0MTUyNzMwNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKpnQQFTCy3jR6HkLU0F2iIfYvGPD9QxH/Maq7d0Hs4Fy3rz
VbOntZUDBJ6sSUa/qyyCZlbbAX8lUQwkP/Xhfjpx2FlpP0d6CeJlnBxUwTu44kHS
NKoxndLqJENVYDH16yR/oNUjfHyNaKw14dbK6DVt4MfkUKoajaXaJXHJv5Wc8nh+
yXEkNwU8r6ymUOfITDikaKV+72Rh0TSlsoxFNngyez67Wjx7H7OUareDQraTrbU4
RZF+1yYSpUObDIovSld5YQu3kDJHPpbb0ap6JWh6fSPQyD/LLzbAfz9k28SfrGFS
TzQR6/bYHVhGn5H/NR61w1fqm8gs1K5yoXWU0rkCAwEAAaOCAiswggInMB0GA1Ud
DgQWBBTEnhLvgLja3eIVX8W6Eat3QVJzBTAfBgNVHSMEGDAWgBSpgH9tUNl9lx3P
Li5QZOm5B62z7DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3FZQl9iVkRaZlpjZHp5NHVVR1RwdVFldHMtdy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmIvY2E5ZGJlLTAwOTUtNDBmMy1iOTMyLTBkOGY3ZGQ4Y2NlNi8x
L3hKNFM3NEM0MnQzaUZWX0Z1aEdyZDBGU2N3VS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmIv
Y2E5ZGJlLTAwOTUtNDBmMy1iOTMyLTBkOGY3ZGQ4Y2NlNi8xL3FZQl9iVkRaZlpj
ZHp5NHVVR1RwdVFldHMtdy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBB
BggrBgEFBQcBBwEB/wQyMDAwLgQCAAEwKAMEB1QrAAMEB1fygAMDAViQAwQCua8w
AwQF1ENgAwMA1U4DBAXZCAAwDQYJKoZIhvcNAQELBQADggEBAEQ+iwZYQ03w6Nhs
nEPGxUjth/RYpNjApS/g54IBeSU5sMi2z0GUre2gQ99bUWMKL8b1fnIBMjJlouF1
qC/691TBGjSUUlEdxIcREUmoxzwycNcmPxKdS1DVozkOqphTr5HxVJiVkHWY0TBw
UYMFbRUZzPGj2JOmuZEXV3Mv8LXovAT2ZSnutkhYQlyv5qTDxUkE7dCrUre9XVWH
Tmsi1ozPsDnkbDsDd8n5YxRUJG7GQVcz8eacZeIHbtjG/Rsc25FCSVbO7eZLVmhX
Q+GJxQNWFMvc2QAj/++m2n5ivBCIbfDqqkPWbrFnu5j99csGnq/AsbzWJ433/4RH
37jNz+A=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:49:37 2023 by rpki-client on console-ams.rpki-client.org