Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/81bc95-1444-408a-92f1-392e05a84277/1/o_2cKTWTSvtdyu8uHX4MeLWe1rA.roa
File: o_2cKTWTSvtdyu8uHX4MeLWe1rA.roa (raw, json)
Hash identifier: R4N+25L+4ETbLi6CKzp2sQl3nwQFjA7kodYnBWvSyoY=
Subject key identifier: A3:FD:9C:29:35:93:4A:FB:5D:CA:EF:2E:1D:7E:0C:78:B5:9E:D6:B0
Certificate issuer: /CN=1f739d213a438f678b322a8f8f84e2d8c7814aca
Certificate serial: 07FFA012
Authority key identifier: 1F:73:9D:21:3A:43:8F:67:8B:32:2A:8F:8F:84:E2:D8:C7:81:4A:CA
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H3OdITpDj2eLMiqPj4Ti2MeBSso.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/56/81bc95-1444-408a-92f1-392e05a84277/1/o_2cKTWTSvtdyu8uHX4MeLWe1rA.roa
Signing time: Thu 21 Apr 2022 06:46:32 +0000
ROA not before: Thu 21 Apr 2022 06:46:32 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 12350
IP address blocks: 83.228.128.0/17 maxlen: 17
213.162.0.0/19 maxlen: 19
194.38.64.0/19 maxlen: 19
185.133.28.0/22 maxlen: 22
212.232.128.0/17 maxlen: 17
194.148.0.0/16 maxlen: 16
195.15.0.0/17 maxlen: 17
212.28.128.0/19 maxlen: 19
194.38.160.0/19 maxlen: 19
212.147.79.0/24 maxlen: 24
212.40.0.0/19 maxlen: 19
212.147.0.0/17 maxlen: 17
213.5.152.0/21 maxlen: 21
212.254.0.0/16 maxlen: 16
212.109.64.0/19 maxlen: 19
2a03:a360::/32 maxlen: 32
2001:4c78::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 134193170 (0x7ffa012)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f739d213a438f678b322a8f8f84e2d8c7814aca
Validity
Not Before: Apr 21 06:46:32 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=a3fd9c2935934afb5dcaef2e1d7e0c78b59ed6b0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:cc:36:1c:6a:57:01:91:a7:a0:f7:9a:b2:de:
de:91:9c:52:30:8c:b9:0b:a9:64:5e:0a:3b:3d:43:
a3:95:bf:ed:df:82:b9:eb:b5:e0:10:18:5b:56:bb:
b3:d6:27:c6:0f:6e:85:c6:15:57:40:31:60:3a:b2:
0d:14:c4:c8:2e:e8:17:2e:a6:22:76:59:7b:e2:1c:
67:11:19:db:1f:dc:4b:56:03:d7:7e:16:f9:96:a7:
9f:72:41:53:cd:34:74:c6:8d:ff:05:7f:f3:57:c5:
36:5d:55:cb:52:91:e2:c1:2f:6f:10:78:c8:01:e5:
56:15:60:0f:07:8e:fd:ff:c4:d5:65:75:8b:73:94:
3b:cc:4a:aa:48:30:ba:c4:6a:c2:b7:bc:8d:d4:02:
d1:a5:69:9f:bf:ba:49:0e:b9:bb:ef:72:3e:9d:e2:
3b:94:eb:18:2e:af:83:b0:37:c8:50:a5:e3:8b:5c:
c8:cd:48:f8:d0:a3:63:71:1a:0c:df:15:72:7b:61:
88:fc:0b:04:bb:fd:82:e4:55:a6:49:9a:5c:73:76:
75:14:0c:40:fe:e7:af:27:d1:f6:57:48:84:b0:dc:
23:d5:b2:91:e0:04:32:ea:c5:cd:b9:7e:11:57:83:
6a:8e:a8:6b:0d:81:21:d7:2a:0d:74:ce:d8:b2:9a:
37:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:FD:9C:29:35:93:4A:FB:5D:CA:EF:2E:1D:7E:0C:78:B5:9E:D6:B0
X509v3 Authority Key Identifier:
keyid:1F:73:9D:21:3A:43:8F:67:8B:32:2A:8F:8F:84:E2:D8:C7:81:4A:CA
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H3OdITpDj2eLMiqPj4Ti2MeBSso.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/81bc95-1444-408a-92f1-392e05a84277/1/o_2cKTWTSvtdyu8uHX4MeLWe1rA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/56/81bc95-1444-408a-92f1-392e05a84277/1/H3OdITpDj2eLMiqPj4Ti2MeBSso.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.228.128.0/17
185.133.28.0/22
194.38.64.0/19
194.38.160.0/19
194.148.0.0/16
195.15.0.0/17
212.28.128.0/19
212.40.0.0/19
212.109.64.0/19
212.147.0.0/17
212.232.128.0/17
212.254.0.0/16
213.5.152.0/21
213.162.0.0/19
IPv6:
2001:4c78::/32
2a03:a360::/32
Signature Algorithm: sha256WithRSAEncryption
a4:ae:ec:28:de:53:79:38:85:a2:1a:88:f4:df:c4:17:a3:f0:
41:5c:7f:1d:95:fc:41:a2:5a:d7:10:a7:1b:e7:26:19:9e:4c:
cc:5d:81:f9:6a:34:a1:b8:cf:68:d3:4d:f2:0b:34:d7:5e:f2:
59:97:01:7f:2f:4c:84:a8:68:b1:79:0d:4b:d3:1c:2b:e4:a8:
94:bc:45:ce:d2:14:6c:56:f4:54:04:fd:a5:c5:84:4f:85:6d:
81:2c:f2:c3:22:cc:f8:34:0f:b6:c5:7d:7c:aa:d7:f2:e6:03:
32:19:7c:64:cc:64:45:a0:82:1c:c1:83:69:fd:6f:4e:16:dd:
bd:d6:b2:66:be:9a:b0:57:e9:04:58:89:77:38:02:54:8f:1d:
66:c5:4c:2a:eb:ab:ed:1d:17:ea:ae:8d:89:7e:da:ed:da:85:
fa:e6:4e:4d:c6:6e:d6:55:71:86:35:32:ec:2f:89:06:f6:99:
52:54:48:bd:ca:aa:86:95:d9:f7:50:03:8b:00:09:24:23:0e:
25:2d:c4:14:4f:10:dc:db:58:29:33:93:0c:a5:33:67:78:47:
3a:37:bb:72:27:d6:81:42:1f:9c:35:1e:79:ba:86:e3:bc:30:
8b:78:e1:7f:c1:ca:1a:02:d6:95:10:93:df:aa:4a:40:56:47:
4c:4d:7d:2c
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgIEB/+gEjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
ZjczOWQyMTNhNDM4ZjY3OGIzMjJhOGY4Zjg0ZTJkOGM3ODE0YWNhMB4XDTIyMDQy
MTA2NDYzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYTNmZDljMjkzNTkz
NGFmYjVkY2FlZjJlMWQ3ZTBjNzhiNTllZDZiMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAL/MNhxqVwGRp6D3mrLe3pGcUjCMuQupZF4KOz1Do5W/7d+C
ueu14BAYW1a7s9Ynxg9uhcYVV0AxYDqyDRTEyC7oFy6mInZZe+IcZxEZ2x/cS1YD
134W+Zann3JBU800dMaN/wV/81fFNl1Vy1KR4sEvbxB4yAHlVhVgDweO/f/E1WV1
i3OUO8xKqkgwusRqwre8jdQC0aVpn7+6SQ65u+9yPp3iO5TrGC6vg7A3yFCl44tc
yM1I+NCjY3EaDN8VcnthiPwLBLv9guRVpkmaXHN2dRQMQP7nryfR9ldIhLDcI9Wy
keAEMurFzbl+EVeDao6oaw2BIdcqDXTO2LKaN+8CAwEAAaOCAmwwggJoMB0GA1Ud
DgQWBBSj/ZwpNZNK+13K7y4dfgx4tZ7WsDAfBgNVHSMEGDAWgBQfc50hOkOPZ4sy
Ko+PhOLYx4FKyjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0gzT2RJVHBEajJlTE1pcVBqNFRpMk1lQlNzby5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNTYvODFiYzk1LTE0NDQtNDA4YS05MmYxLTM5MmUwNWE4NDI3Ny8x
L29fMmNLVFdUU3Z0ZHl1OHVIWDRNZUxXZTFyQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNTYv
ODFiYzk1LTE0NDQtNDA4YS05MmYxLTM5MmUwNWE4NDI3Ny8xL0gzT2RJVHBEajJl
TE1pcVBqNFRpMk1lQlNzby5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
gQYIKwYBBQUHAQcBAf8EcjBwMFgEAgABMFIDBAdT5IADBAK5hRwDBAXCJkADBAXC
JqADAwDClAMEB8MPAAMEBdQcgAMEBdQoAAMEBdRtQAMEB9STAAMEB9TogAMDANT+
AwQD1QWYAwQF1aIAMBQEAgACMA4DBQAgAUx4AwUAKgOjYDANBgkqhkiG9w0BAQsF
AAOCAQEApK7sKN5TeTiFohqI9N/EF6PwQVx/HZX8QaJa1xCnG+cmGZ5MzF2B+Wo0
objPaNNN8gs0117yWZcBfy9MhKhosXkNS9McK+SolLxFztIUbFb0VAT9pcWET4Vt
gSzywyLM+DQPtsV9fKrX8uYDMhl8ZMxkRaCCHMGDaf1vThbdvdayZr6asFfpBFiJ
dzgCVI8dZsVMKuur7R0X6q6NiX7a7dqF+uZOTcZu1lVxhjUy7C+JBvaZUlRIvcqq
hpXZ91ADiwAJJCMOJS3EFE8Q3NtYKTOTDKUzZ3hHOje7cifWgUIfnDUeebqG47ww
i3jhf8HKGgLWlRCT36pKQFZHTE19LA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:48:37 2023 by rpki-client on console-fra.rpki-client.org