Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/e0925e-47bf-4907-bcbc-fd9f36a8ba6e/1/vKxccTmpSr-rNpTx3VX2M37kKiI.roa
File: vKxccTmpSr-rNpTx3VX2M37kKiI.roa (raw, json)
Hash identifier: KTExQu/xI7E85w/+L1eWHfFCtjeUpecpzPO8ei/Hvu8=
Subject key identifier: BC:AC:5C:71:39:A9:4A:BF:AB:36:94:F1:DD:55:F6:33:7E:E4:2A:22
Certificate issuer: /CN=331e7784f60ac8d969b81cf5231cd9dc087ced32
Certificate serial: 01856BAECAC126C7D53CFB2E6CE3B8BFAE41
Authority key identifier: 33:1E:77:84:F6:0A:C8:D9:69:B8:1C:F5:23:1C:D9:DC:08:7C:ED:32
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Mx53hPYKyNlpuBz1IxzZ3Ah87TI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/4f/e0925e-47bf-4907-bcbc-fd9f36a8ba6e/1/vKxccTmpSr-rNpTx3VX2M37kKiI.roa
Signing time: Sun 01 Jan 2023 04:54:55 +0000
ROA not before: Sun 01 Jan 2023 04:54:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39545
IP address blocks: 77.89.128.0/18 maxlen: 18
46.247.0.0/17 maxlen: 17
89.105.96.0/19 maxlen: 19
2a00:f18::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:ae:ca:c1:26:c7:d5:3c:fb:2e:6c:e3:b8:bf:ae:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=331e7784f60ac8d969b81cf5231cd9dc087ced32
Validity
Not Before: Jan 1 04:54:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bcac5c7139a94abfab3694f1dd55f6337ee42a22
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:4d:3e:a4:08:ec:fd:a2:82:f3:d8:90:a3:16:
20:ff:61:f5:cb:4b:28:ed:5c:53:03:34:b4:ed:78:
ea:6f:1c:49:37:22:64:75:fa:7c:d4:e8:bc:ed:88:
4a:ab:f5:04:08:b6:16:04:03:42:74:7e:e7:0e:17:
71:a2:19:36:c3:36:e9:5a:c5:dc:cf:ab:7d:c9:f3:
fb:bc:a3:cf:13:0f:02:58:c7:07:dc:42:f0:33:93:
ca:5f:87:aa:d1:9e:bc:5b:0e:f9:f3:36:c7:af:c5:
2e:32:04:a8:80:a2:28:d7:33:b2:9e:72:07:89:49:
1d:18:35:f3:b6:ad:30:44:cf:0f:ef:94:92:e6:e6:
97:4e:6a:13:ab:48:d7:12:50:62:1f:c2:a0:5e:6d:
16:1d:ba:bd:68:93:d1:2f:cc:ad:45:df:9d:09:09:
4a:83:d0:9c:62:77:73:e4:a2:9a:3a:dd:74:f5:91:
46:1d:9a:23:66:d9:ab:a9:28:3f:c6:ab:0d:41:47:
d8:1d:e5:7c:29:46:88:bb:41:7a:70:7c:a6:0f:cb:
0e:29:7d:6a:1a:1d:3e:8d:dc:c7:6e:33:6d:d5:a3:
a9:6d:ab:c4:c8:b2:f9:c3:49:96:74:cd:96:00:a7:
d3:55:9f:d4:6e:87:81:a1:ba:24:d0:39:17:c7:e8:
46:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:AC:5C:71:39:A9:4A:BF:AB:36:94:F1:DD:55:F6:33:7E:E4:2A:22
X509v3 Authority Key Identifier:
keyid:33:1E:77:84:F6:0A:C8:D9:69:B8:1C:F5:23:1C:D9:DC:08:7C:ED:32
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Mx53hPYKyNlpuBz1IxzZ3Ah87TI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e0925e-47bf-4907-bcbc-fd9f36a8ba6e/1/vKxccTmpSr-rNpTx3VX2M37kKiI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/e0925e-47bf-4907-bcbc-fd9f36a8ba6e/1/Mx53hPYKyNlpuBz1IxzZ3Ah87TI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.247.0.0/17
77.89.128.0/18
89.105.96.0/19
IPv6:
2a00:f18::/32
Signature Algorithm: sha256WithRSAEncryption
2e:69:1e:64:35:ee:17:b8:8e:bb:61:6f:39:d9:e5:06:8b:0d:
4d:12:82:00:6a:c3:f2:32:2e:71:ea:dd:db:8f:a1:30:13:86:
ff:da:19:f0:73:0e:e6:a3:42:a1:b9:42:10:d8:12:08:51:f8:
2b:90:d8:15:00:28:c4:2f:1d:2b:25:22:3b:c0:95:73:2b:70:
23:a7:82:57:ba:e7:9e:90:12:00:5f:a4:f3:e9:5c:73:18:07:
1c:88:02:b5:3f:1e:b6:30:d6:07:29:be:31:04:74:de:71:66:
4f:4e:86:cc:a2:fb:d4:be:aa:f3:c6:06:87:ec:3d:b1:e1:51:
40:1b:b2:7b:12:6f:84:c7:4c:1d:a9:18:f2:5c:64:13:ea:e4:
b0:6a:b3:3a:6a:de:53:0c:75:d9:e5:75:b5:01:2b:0f:7c:20:
e9:bb:fc:cb:bd:a0:be:c0:a5:f0:01:5f:e6:06:61:9c:09:89:
ff:08:58:3f:08:48:d1:6f:07:b6:82:e8:c4:e5:1c:54:e3:cd:
35:a0:73:4a:9e:ba:30:99:32:54:ef:ab:9f:94:ef:16:0d:db:
b9:08:ed:44:b7:d0:be:bc:0f:ad:68:85:c4:a8:22:eb:88:d0:
05:10:56:65:bd:64:4b:9e:34:83:14:18:fe:4f:4a:37:da:b3:
b2:d1:07:70
-----BEGIN CERTIFICATE-----
MIIFGDCCBACgAwIBAgISAYVrrsrBJsfVPPsubOO4v65BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDMzMWU3Nzg0ZjYwYWM4ZDk2OWI4MWNmNTIzMWNkOWRjMDg3
Y2VkMzIwHhcNMjMwMTAxMDQ1NDU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiY2FjNWM3MTM5YTk0YWJmYWIzNjk0ZjFkZDU1ZjYzMzdlZTQyYTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkE0+pAjs/aKC89iQoxYg/2H1y0so
7VxTAzS07XjqbxxJNyJkdfp81Oi87YhKq/UECLYWBANCdH7nDhdxohk2wzbpWsXc
z6t9yfP7vKPPEw8CWMcH3ELwM5PKX4eq0Z68Ww758zbHr8UuMgSogKIo1zOynnIH
iUkdGDXztq0wRM8P75SS5uaXTmoTq0jXElBiH8KgXm0WHbq9aJPRL8ytRd+dCQlK
g9CcYndz5KKaOt109ZFGHZojZtmrqSg/xqsNQUfYHeV8KUaIu0F6cHymD8sOKX1q
Gh0+jdzHbjNt1aOpbavEyLL5w0mWdM2WAKfTVZ/UboeBobok0DkXx+hG5wIDAQAB
o4ICJDCCAiAwHQYDVR0OBBYEFLysXHE5qUq/qzaU8d1V9jN+5CoiMB8GA1UdIwQY
MBaAFDMed4T2CsjZabgc9SMc2dwIfO0yMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTXg1M2hQWUt5TmxwdUJ6MUl4elozQWg4N1RJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9lMDkyNWUtNDdiZi00OTA3LWJjYmMt
ZmQ5ZjM2YThiYTZlLzEvdkt4Y2NUbXBTci1yTnBUeDNWWDJNMzdrS2lJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9lMDkyNWUtNDdiZi00OTA3LWJjYmMtZmQ5ZjM2YThiYTZl
LzEvTXg1M2hQWUt5TmxwdUJ6MUl4elozQWg4N1RJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDoGCCsGAQUFBwEHAQH/BCswKTAYBAIAATASAwQHLvcAAwQG
TVmAAwQFWWlgMA0EAgACMAcDBQAqAA8YMA0GCSqGSIb3DQEBCwUAA4IBAQAuaR5k
Ne4XuI67YW852eUGiw1NEoIAasPyMi5x6t3bj6EwE4b/2hnwcw7mo0KhuUIQ2BII
UfgrkNgVACjELx0rJSI7wJVzK3Ajp4JXuueekBIAX6Tz6VxzGAcciAK1Px62MNYH
Kb4xBHTecWZPTobMovvUvqrzxgaH7D2x4VFAG7J7Em+Ex0wdqRjyXGQT6uSwarM6
at5TDHXZ5XW1ASsPfCDpu/zLvaC+wKXwAV/mBmGcCYn/CFg/CEjRbwe2gujE5RxU
4801oHNKnrowmTJU76uflO8WDdu5CO1Et9C+vA+taIXEqCLriNAFEFZlvWRLnjSD
FBj+T0o32rOy0Qdw
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:48:04 2023 by rpki-client on console-fra.rpki-client.org