Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/j7ErrOqc8zLYaaZhae22awprqUU.roa
File: j7ErrOqc8zLYaaZhae22awprqUU.roa (raw, json)
Hash identifier: QIxrSntxa/p4yQWBStYdLj6dSQQZfosptQNDPNz9lvQ=
Subject key identifier: 8F:B1:2B:AC:EA:9C:F3:32:D8:69:A6:61:69:ED:B6:6B:0A:6B:A9:45
Certificate issuer: /CN=dafb645f134f4fdada45e70bcfcd93b897dbd725
Certificate serial: 01856DB892F0BFA8A92A03377164CF1F7502
Authority key identifier: DA:FB:64:5F:13:4F:4F:DA:DA:45:E7:0B:CF:CD:93:B8:97:DB:D7:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/j7ErrOqc8zLYaaZhae22awprqUU.roa
Signing time: Sun 01 Jan 2023 14:24:50 +0000
ROA not before: Sun 01 Jan 2023 14:24:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51074
IP address blocks: 185.115.148.0/22 maxlen: 24
37.130.204.0/23 maxlen: 23
37.130.200.0/21 maxlen: 24
37.130.202.0/23 maxlen: 23
178.252.128.0/18 maxlen: 24
5.220.0.0/14 maxlen: 24
5.221.0.0/16 maxlen: 16
178.252.178.0/24 maxlen: 24
178.252.179.0/24 maxlen: 24
31.184.128.0/18 maxlen: 24
2a02:2b58::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:b8:92:f0:bf:a8:a9:2a:03:37:71:64:cf:1f:75:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dafb645f134f4fdada45e70bcfcd93b897dbd725
Validity
Not Before: Jan 1 14:24:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8fb12bacea9cf332d869a66169edb66b0a6ba945
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:c7:51:0b:76:70:8b:d5:76:7b:c1:58:cb:36:
f3:0c:06:f4:d9:75:48:f0:64:ad:a1:67:d4:33:41:
ef:80:6c:69:ca:c1:d0:d0:8a:2f:aa:ff:b5:66:bd:
a1:33:1f:01:f8:34:39:62:f0:e8:9d:4d:43:77:88:
fd:a9:f7:ad:95:f0:9b:d1:d8:3b:3a:be:e8:84:9b:
68:8f:80:12:03:f7:77:31:7d:51:6f:c2:ad:a9:8f:
da:77:04:8d:fe:b7:2e:f8:c2:b4:9a:b2:0b:50:c5:
0a:92:fb:b6:70:f7:f6:30:9c:7e:3a:e2:e1:f0:da:
04:c1:a7:f8:b1:f2:32:c8:28:86:f3:72:15:6b:6d:
88:09:39:86:3b:53:b3:ba:74:65:1b:ef:1f:2d:00:
d0:54:69:3c:b3:39:c7:49:b1:5c:25:f8:4f:75:9c:
d9:07:b9:5b:e9:08:65:8e:ca:49:9c:f2:02:75:ae:
10:00:27:9b:ef:54:d3:64:eb:12:82:22:e7:0c:b2:
58:97:83:fb:54:08:6a:c8:ea:a1:6a:22:bc:a7:2e:
58:64:61:1e:d4:da:6e:93:59:75:21:8c:2c:6c:f7:
36:fd:e1:8e:65:8a:5a:4e:2d:f7:23:c0:8c:5d:67:
f6:68:97:ca:3f:eb:80:bc:28:53:b9:30:bb:9b:5e:
84:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:B1:2B:AC:EA:9C:F3:32:D8:69:A6:61:69:ED:B6:6B:0A:6B:A9:45
X509v3 Authority Key Identifier:
keyid:DA:FB:64:5F:13:4F:4F:DA:DA:45:E7:0B:CF:CD:93:B8:97:DB:D7:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2vtkXxNPT9raRecLz82TuJfb1yU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/j7ErrOqc8zLYaaZhae22awprqUU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/52/7a48f5-bd24-4dc4-8cca-6ba0a0ce01ed/1/2vtkXxNPT9raRecLz82TuJfb1yU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.220.0.0/14
31.184.128.0/18
37.130.200.0/21
178.252.128.0/18
185.115.148.0/22
IPv6:
2a02:2b58::/29
Signature Algorithm: sha256WithRSAEncryption
2f:7e:d3:47:d8:07:df:58:c0:44:2e:9a:00:0e:bb:ca:63:bc:
a4:f8:36:61:97:9b:a6:72:d4:d1:5d:c5:49:4c:32:76:58:00:
dd:9a:32:98:6e:55:81:79:37:1a:b7:47:51:d2:b7:6a:72:a9:
15:3a:e7:2b:03:03:e8:e2:1a:33:c0:da:fd:2c:d5:1f:c3:df:
c4:b2:fd:b9:aa:10:a9:07:26:35:91:96:13:58:4a:7a:36:19:
86:8e:37:43:c6:94:73:1e:75:46:c1:73:6b:59:eb:e3:a7:be:
e5:10:1f:bd:41:3f:c0:89:36:f5:ff:ec:47:65:4b:8f:b5:02:
92:7e:b8:fc:46:12:4e:b2:0f:21:be:14:2f:ab:87:9a:5b:1a:
9b:75:ef:d2:5c:7b:e2:84:e7:78:68:dd:a5:88:ad:ed:da:5b:
5b:9c:52:a0:f2:d1:9c:ce:55:c3:da:07:7e:41:f5:71:2f:29:
a9:19:95:24:81:47:b5:c3:59:14:66:d1:f1:ba:4a:f3:2d:66:
8f:e0:63:c4:09:99:79:7c:85:fe:54:8e:f7:6b:a5:90:ba:b2:
11:03:71:63:bd:24:c7:18:f9:06:d2:84:51:3b:4a:e0:a8:9e:
b4:9d:a3:b2:25:31:81:8a:6d:41:7b:f7:ae:15:44:fb:fc:d1:
05:46:13:86
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYVtuJLwv6ipKgM3cWTPH3UCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhZmI2NDVmMTM0ZjRmZGFkYTQ1ZTcwYmNmY2Q5M2I4OTdk
YmQ3MjUwHhcNMjMwMTAxMTQyNDUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmIxMmJhY2VhOWNmMzMyZDg2OWE2NjE2OWVkYjY2YjBhNmJhOTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcdRC3Zwi9V2e8FYyzbzDAb02XVI
8GStoWfUM0HvgGxpysHQ0Iovqv+1Zr2hMx8B+DQ5YvDonU1Dd4j9qfetlfCb0dg7
Or7ohJtoj4ASA/d3MX1Rb8KtqY/adwSN/rcu+MK0mrILUMUKkvu2cPf2MJx+OuLh
8NoEwaf4sfIyyCiG83IVa22ICTmGO1OzunRlG+8fLQDQVGk8sznHSbFcJfhPdZzZ
B7lb6QhljspJnPICda4QACeb71TTZOsSgiLnDLJYl4P7VAhqyOqhaiK8py5YZGEe
1Npuk1l1IYwsbPc2/eGOZYpaTi33I8CMXWf2aJfKP+uAvChTuTC7m16EhQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFI+xK6zqnPMy2GmmYWnttmsKa6lFMB8GA1UdIwQY
MBaAFNr7ZF8TT0/a2kXnC8/Nk7iX29clMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMnZ0a1h4TlBUOXJhUmVjTHo4MlR1SmZiMXlVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Mi83YTQ4ZjUtYmQyNC00ZGM0LThjY2Et
NmJhMGEwY2UwMWVkLzEvajdFcnJPcWM4ekxZYWFaaGFlMjJhd3BycVVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Mi83YTQ4ZjUtYmQyNC00ZGM0LThjY2EtNmJhMGEwY2UwMWVk
LzEvMnZ0a1h4TlBUOXJhUmVjTHo4MlR1SmZiMXlVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAjBAIAATAdAwMCBdwDBAYf
uIADBAMlgsgDBAay/IADBAK5c5QwDQQCAAIwBwMFAyoCK1gwDQYJKoZIhvcNAQEL
BQADggEBAC9+00fYB99YwEQumgAOu8pjvKT4NmGXm6Zy1NFdxUlMMnZYAN2aMphu
VYF5Nxq3R1HSt2pyqRU65ysDA+jiGjPA2v0s1R/D38Sy/bmqEKkHJjWRlhNYSno2
GYaON0PGlHMedUbBc2tZ6+OnvuUQH71BP8CJNvX/7EdlS4+1ApJ+uPxGEk6yDyG+
FC+rh5pbGpt179Jce+KE53ho3aWIre3aW1ucUqDy0ZzOVcPaB35B9XEvKakZlSSB
R7XDWRRm0fG6SvMtZo/gY8QJmXl8hf5UjvdrpZC6shEDcWO9JMcY+QbShFE7SuCo
nrSdo7IlMYGKbUF7964VRPv80QVGE4Y=
-----END CERTIFICATE-----
Generated at Tue Oct 31 15:52:34 2023 by rpki-client on console-ams.rpki-client.org