Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/3VZQYxGvbVCnqHO6IGL_ki7H9Dw.roa
File: 3VZQYxGvbVCnqHO6IGL_ki7H9Dw.roa (raw, json)
Hash identifier: uhcConWZJvXSDRnC+3LfMxkTtehkog0P/PU51RjZGOc=
Subject key identifier: DD:56:50:63:11:AF:6D:50:A7:A8:73:BA:20:62:FF:92:2E:C7:F4:3C
Certificate issuer: /CN=35c96065093998ba42cfba11bf0d17d3ac403d40
Certificate serial: 0188A48AAE54B216202B448AC41E0FF18204
Authority key identifier: 35:C9:60:65:09:39:98:BA:42:CF:BA:11:BF:0D:17:D3:AC:40:3D:40
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NclgZQk5mLpCz7oRvw0X06xAPUA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/3VZQYxGvbVCnqHO6IGL_ki7H9Dw.roa
Signing time: Sat 10 Jun 2023 09:02:11 +0000
ROA not before: Sat 10 Jun 2023 09:02:11 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208308
IP address blocks: 168.220.128.0/19 maxlen: 24
198.14.16.0/20 maxlen: 24
77.223.192.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:a4:8a:ae:54:b2:16:20:2b:44:8a:c4:1e:0f:f1:82:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35c96065093998ba42cfba11bf0d17d3ac403d40
Validity
Not Before: Jun 10 09:02:11 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dd56506311af6d50a7a873ba2062ff922ec7f43c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:6a:33:f1:b7:89:c7:13:33:fb:2e:fd:ee:d2:
b9:20:a9:2c:21:e3:ec:41:c5:62:2c:3a:1a:78:53:
6a:d2:dc:36:6b:c8:77:43:c2:d7:e9:1d:da:12:f8:
c5:73:98:59:01:21:e3:48:d7:84:f1:30:e9:6f:3c:
2c:5c:27:7d:30:77:86:e8:db:9a:04:18:88:34:15:
00:c7:44:b6:c6:b3:2c:0f:03:8d:82:c5:d2:0c:ec:
15:e3:68:f5:cb:1e:f3:be:be:ab:a1:1f:ee:ba:96:
73:3e:af:74:9e:9b:63:b3:5f:6b:34:a8:f2:00:c3:
5b:4b:ed:2e:8a:62:7c:2d:be:c4:16:18:6d:c7:04:
1a:25:1d:f9:38:69:89:80:29:66:f0:ec:93:9f:56:
9a:55:af:f2:6d:cd:e9:60:61:e1:1c:4d:1d:fc:92:
78:44:19:cc:44:9b:f0:6c:a4:85:26:e0:3d:fa:de:
2b:57:58:36:b9:6a:f5:7e:ec:dd:6b:45:35:d6:80:
78:19:80:22:8a:75:45:bd:0f:a0:a7:8a:50:bb:ac:
3c:7f:e6:5f:14:61:4f:62:56:0c:49:69:59:82:93:
02:85:d9:59:8b:80:99:40:f5:0f:c3:5e:4b:db:c1:
7e:3c:c4:c0:5a:9d:ae:b3:6e:cf:3a:ad:1c:49:53:
7e:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:56:50:63:11:AF:6D:50:A7:A8:73:BA:20:62:FF:92:2E:C7:F4:3C
X509v3 Authority Key Identifier:
keyid:35:C9:60:65:09:39:98:BA:42:CF:BA:11:BF:0D:17:D3:AC:40:3D:40
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NclgZQk5mLpCz7oRvw0X06xAPUA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/3VZQYxGvbVCnqHO6IGL_ki7H9Dw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4b/62764b-9aa6-4f12-a71c-6bac34987019/1/NclgZQk5mLpCz7oRvw0X06xAPUA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
77.223.192.0/21
168.220.128.0/19
198.14.16.0/20
Signature Algorithm: sha256WithRSAEncryption
14:08:c0:8f:bd:c4:8a:e6:2a:c6:88:d8:35:6a:3f:26:3f:57:
40:6a:2e:3e:cc:98:84:2b:64:8f:a6:65:4a:98:7e:f5:b2:9e:
46:d3:d6:f9:cc:24:9f:82:58:ef:6d:e0:35:a9:fa:6e:fa:22:
f9:8d:41:0e:ed:4c:c7:79:39:10:f3:01:45:1f:dc:d3:80:6d:
a2:16:f9:8f:75:eb:ab:7d:ea:4c:80:79:15:3e:b2:e0:8d:e0:
12:f5:09:ad:69:ef:08:e9:e7:c5:0a:c8:4c:26:5d:ae:1f:bf:
06:a4:5f:bd:17:d5:8d:96:23:bb:9e:81:bc:a8:1b:6a:c0:cf:
38:40:73:de:ab:eb:16:ee:e1:4b:a0:5a:63:85:72:80:9f:98:
87:db:43:ea:fd:fe:59:42:da:b3:58:c7:1c:b6:a5:9b:8c:93:
48:06:74:9a:6b:e3:13:5a:f2:30:2f:a7:55:a3:8d:ed:6b:f9:
1d:c8:59:e5:07:00:0d:b1:34:27:56:72:12:a5:24:05:a9:6d:
78:0d:b5:f9:ea:dd:d1:04:90:a4:3b:53:44:96:d4:a7:a8:b8:
93:35:a3:5d:8d:1a:65:d4:d1:7a:f1:e0:56:11:92:4b:90:f0:
aa:0f:e5:ff:75:0d:b8:36:c1:74:bf:50:da:d6:2e:c0:db:19:
e9:32:16:c1
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYikiq5UshYgK0SKxB4P8YIEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1Yzk2MDY1MDkzOTk4YmE0MmNmYmExMWJmMGQxN2QzYWM0
MDNkNDAwHhcNMjMwNjEwMDkwMjExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDU2NTA2MzExYWY2ZDUwYTdhODczYmEyMDYyZmY5MjJlYzdmNDNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwmoz8beJxxMz+y797tK5IKksIePs
QcViLDoaeFNq0tw2a8h3Q8LX6R3aEvjFc5hZASHjSNeE8TDpbzwsXCd9MHeG6Nua
BBiINBUAx0S2xrMsDwONgsXSDOwV42j1yx7zvr6roR/uupZzPq90nptjs19rNKjy
AMNbS+0uimJ8Lb7EFhhtxwQaJR35OGmJgClm8OyTn1aaVa/ybc3pYGHhHE0d/JJ4
RBnMRJvwbKSFJuA9+t4rV1g2uWr1fuzda0U11oB4GYAiinVFvQ+gp4pQu6w8f+Zf
FGFPYlYMSWlZgpMChdlZi4CZQPUPw15L28F+PMTAWp2us27POq0cSVN+NQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFN1WUGMRr21Qp6hzuiBi/5Iux/Q8MB8GA1UdIwQY
MBaAFDXJYGUJOZi6Qs+6Eb8NF9OsQD1AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTmNsZ1pRazVtTHBDejdvUnZ3MFgwNnhBUFVBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Yi82Mjc2NGItOWFhNi00ZjEyLWE3MWMt
NmJhYzM0OTg3MDE5LzEvM1ZaUVl4R3ZiVkNucUhPNklHTF9raTdIOUR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Yi82Mjc2NGItOWFhNi00ZjEyLWE3MWMtNmJhYzM0OTg3MDE5
LzEvTmNsZ1pRazVtTHBDejdvUnZ3MFgwNnhBUFVBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQDTd/AAwQF
qNyAAwQExg4QMA0GCSqGSIb3DQEBCwUAA4IBAQAUCMCPvcSK5irGiNg1aj8mP1dA
ai4+zJiEK2SPpmVKmH71sp5G09b5zCSfgljvbeA1qfpu+iL5jUEO7UzHeTkQ8wFF
H9zTgG2iFvmPdeurfepMgHkVPrLgjeAS9Qmtae8I6efFCshMJl2uH78GpF+9F9WN
liO7noG8qBtqwM84QHPeq+sW7uFLoFpjhXKAn5iH20Pq/f5ZQtqzWMcctqWbjJNI
BnSaa+MTWvIwL6dVo43ta/kdyFnlBwANsTQnVnISpSQFqW14DbX56t3RBJCkO1NE
ltSnqLiTNaNdjRpl1NF68eBWEZJLkPCqD+X/dQ24NsF0v1Da1i7A2xnpMhbB
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:51:22 2023 by rpki-client on console-ams.rpki-client.org