Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/39/ac770e-41da-4d36-97e2-1618d5eeaae8/1/4L5889dKmCZmH_z60S4BW1uthno.roa
File: 4L5889dKmCZmH_z60S4BW1uthno.roa (raw, json)
Hash identifier: YDwOeZVukuaenMQku9xLzSBkBex3PfTf1teIwBraKsI=
Subject key identifier: E0:BE:7C:F3:D7:4A:98:26:66:1F:FC:FA:D1:2E:01:5B:5B:AD:86:7A
Certificate issuer: /CN=8e7fb5f52847f2170e67fcc25adf0b5d686ffafc
Certificate serial: 018C96490A0EF346D2CBBF3B63975A33F58C
Authority key identifier: 8E:7F:B5:F5:28:47:F2:17:0E:67:FC:C2:5A:DF:0B:5D:68:6F:FA:FC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jn-19ShH8hcOZ_zCWt8LXWhv-vw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/39/ac770e-41da-4d36-97e2-1618d5eeaae8/1/4L5889dKmCZmH_z60S4BW1uthno.roa
Signing time: Sat 23 Dec 2023 10:46:58 +0000
ROA not before: Sat 23 Dec 2023 10:46:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49055
IP address blocks: 95.215.208.0/22 maxlen: 22
95.215.208.0/23 maxlen: 23
95.215.210.0/23 maxlen: 23
31.128.32.0/24 maxlen: 24
31.128.32.0/22 maxlen: 22
31.128.32.0/23 maxlen: 23
31.128.36.0/22 maxlen: 22
31.128.36.0/23 maxlen: 23
31.128.34.0/23 maxlen: 23
31.128.44.0/23 maxlen: 23
31.128.44.0/22 maxlen: 22
31.128.44.0/24 maxlen: 24
31.128.40.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:96:49:0a:0e:f3:46:d2:cb:bf:3b:63:97:5a:33:f5:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8e7fb5f52847f2170e67fcc25adf0b5d686ffafc
Validity
Not Before: Dec 23 10:46:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e0be7cf3d74a9826661ffcfad12e015b5bad867a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:33:a8:ec:a4:64:cd:cd:92:bd:da:03:61:3b:
25:97:12:75:f4:23:e0:37:d8:33:7c:74:c7:f5:cf:
65:6e:89:d8:a3:1f:2d:9b:e4:66:cd:c9:8c:14:2f:
c3:c3:b7:9d:6c:a4:e2:4f:fc:b5:af:c4:c8:ff:a8:
b3:b0:50:4f:42:19:c4:66:99:a2:31:dd:1b:ee:c9:
f1:c2:74:7d:f4:7a:2c:00:bb:59:07:6c:31:ec:99:
c7:f0:7e:23:0c:3c:0d:ee:29:16:8b:20:21:48:db:
74:30:27:b0:cc:09:8c:71:6e:42:54:98:55:3f:aa:
d9:90:d7:7a:10:3d:1a:33:09:d3:46:88:d8:6f:52:
46:a4:30:59:a3:de:22:14:5d:65:54:fc:79:f4:de:
e3:10:ce:21:7f:6e:48:94:82:65:b0:27:45:75:0d:
2f:84:73:c0:e0:2d:8f:e8:68:c1:d2:7e:cf:ba:d8:
96:76:3a:ea:f4:0a:45:68:ab:ba:27:4b:01:0a:7f:
c8:3a:2d:ce:ea:30:b3:27:b5:53:61:ae:db:f0:34:
bf:7f:13:5a:f1:8e:7b:25:7b:51:4e:8b:8e:77:02:
9e:cf:34:91:5c:61:31:b0:36:c6:9b:4c:b6:92:bc:
5c:57:7c:9e:98:f9:90:86:1b:41:01:02:a7:e1:33:
dc:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:BE:7C:F3:D7:4A:98:26:66:1F:FC:FA:D1:2E:01:5B:5B:AD:86:7A
X509v3 Authority Key Identifier:
keyid:8E:7F:B5:F5:28:47:F2:17:0E:67:FC:C2:5A:DF:0B:5D:68:6F:FA:FC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jn-19ShH8hcOZ_zCWt8LXWhv-vw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/39/ac770e-41da-4d36-97e2-1618d5eeaae8/1/4L5889dKmCZmH_z60S4BW1uthno.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/39/ac770e-41da-4d36-97e2-1618d5eeaae8/1/jn-19ShH8hcOZ_zCWt8LXWhv-vw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.128.32.0/20
95.215.208.0/22
Signature Algorithm: sha256WithRSAEncryption
62:8f:41:ac:99:bd:86:f1:91:12:a5:3f:c3:b0:1f:b9:3c:f9:
9d:19:f4:12:73:7e:a6:88:99:9d:7f:af:1f:a6:e1:bf:39:0f:
39:76:81:5d:90:14:5e:75:e9:31:c9:a9:7f:6f:db:d5:9d:81:
c9:28:a4:b3:55:8b:0e:f6:90:3f:3e:d5:63:6f:dc:f5:ec:35:
ae:90:e3:8a:84:2e:7e:a0:03:c7:bf:fc:20:c8:8d:51:2d:d7:
46:f4:7d:04:c7:3e:16:3e:a3:76:b7:dd:79:4a:bb:cb:da:db:
78:58:c1:42:b7:9f:03:09:df:65:67:07:7a:27:f5:f4:8e:53:
7f:ed:af:da:1a:ad:4b:67:cc:6c:b5:e8:3d:ef:c8:20:f8:cb:
da:c8:ee:26:6c:6b:1c:d7:9e:28:db:27:ae:94:93:1b:97:85:
86:26:79:78:a1:84:89:96:02:6a:66:e2:20:a3:f7:c4:e8:ef:
2a:47:5e:f2:5f:70:4a:64:bd:d7:99:78:f1:33:51:62:ca:20:
b4:f0:35:76:51:fb:c6:70:09:68:26:e8:2f:13:67:3a:b8:f2:
a3:5f:9c:33:ea:15:d0:e2:c8:9b:82:f3:ae:15:2f:16:f6:8b:
fc:73:0a:43:1d:5d:be:3d:3e:ca:6a:bf:0c:56:cb:81:fb:0e:
3a:0d:b5:e7
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYyWSQoO80bSy787Y5daM/WMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhlN2ZiNWY1Mjg0N2YyMTcwZTY3ZmNjMjVhZGYwYjVkNjg2
ZmZhZmMwHhcNMjMxMjIzMTA0NjU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGJlN2NmM2Q3NGE5ODI2NjYxZmZjZmFkMTJlMDE1YjViYWQ4NjdhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArTOo7KRkzc2SvdoDYTsllxJ19CPg
N9gzfHTH9c9lbonYox8tm+RmzcmMFC/Dw7edbKTiT/y1r8TI/6izsFBPQhnEZpmi
Md0b7snxwnR99HosALtZB2wx7JnH8H4jDDwN7ikWiyAhSNt0MCewzAmMcW5CVJhV
P6rZkNd6ED0aMwnTRojYb1JGpDBZo94iFF1lVPx59N7jEM4hf25IlIJlsCdFdQ0v
hHPA4C2P6GjB0n7PutiWdjrq9ApFaKu6J0sBCn/IOi3O6jCzJ7VTYa7b8DS/fxNa
8Y57JXtRTouOdwKezzSRXGExsDbGm0y2krxcV3yemPmQhhtBAQKn4TPcuwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFOC+fPPXSpgmZh/8+tEuAVtbrYZ6MB8GA1UdIwQY
MBaAFI5/tfUoR/IXDmf8wlrfC11ob/r8MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvam4tMTlTaEg4aGNPWl96Q1d0OExYV2h2LXZ3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zOS9hYzc3MGUtNDFkYS00ZDM2LTk3ZTIt
MTYxOGQ1ZWVhYWU4LzEvNEw1ODg5ZEttQ1ptSF96NjBTNEJXMXV0aG5vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zOS9hYzc3MGUtNDFkYS00ZDM2LTk3ZTItMTYxOGQ1ZWVhYWU4
LzEvam4tMTlTaEg4aGNPWl96Q1d0OExYV2h2LXZ3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQEH4AgAwQC
X9fQMA0GCSqGSIb3DQEBCwUAA4IBAQBij0Gsmb2G8ZESpT/DsB+5PPmdGfQSc36m
iJmdf68fpuG/OQ85doFdkBRedekxyal/b9vVnYHJKKSzVYsO9pA/PtVjb9z17DWu
kOOKhC5+oAPHv/wgyI1RLddG9H0Exz4WPqN2t915SrvL2tt4WMFCt58DCd9lZwd6
J/X0jlN/7a/aGq1LZ8xsteg978gg+MvayO4mbGsc154o2yeulJMbl4WGJnl4oYSJ
lgJqZuIgo/fE6O8qR17yX3BKZL3XmXjxM1FiyiC08DV2UfvGcAloJugvE2c6uPKj
X5wz6hXQ4sibgvOuFS8W9ov8cwpDHV2+PT7Kar8MVsuB+w46DbXn
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:25:47 2024 by rpki-client on console-fra.rpki-client.org