Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/34Ml2qD52wsgBqIuBJwrXgQW1-M.roa
File: 34Ml2qD52wsgBqIuBJwrXgQW1-M.roa (raw, json)
Hash identifier: 7ONUymeXtOfGK/HB8VapUbycrqjIHfKX5k26dl40YNU=
Subject key identifier: DF:83:25:DA:A0:F9:DB:0B:20:06:A2:2E:04:9C:2B:5E:04:16:D7:E3
Certificate issuer: /CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Certificate serial: 0185AC353D8DAEE55620995492F55A83CBBF
Authority key identifier: 7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/34Ml2qD52wsgBqIuBJwrXgQW1-M.roa
Signing time: Fri 13 Jan 2023 17:37:28 +0000
ROA not before: Fri 13 Jan 2023 17:37:28 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 996
IP address blocks: 79.172.224.0/24 maxlen: 24
79.172.228.0/24 maxlen: 24
185.63.17.0/24 maxlen: 24
185.63.18.0/24 maxlen: 24
79.172.250.0/24 maxlen: 24
185.63.19.0/24 maxlen: 24
84.21.4.0/24 maxlen: 24
84.21.12.0/24 maxlen: 24
84.21.13.0/24 maxlen: 24
79.172.192.0/24 maxlen: 24
79.172.207.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:ac:35:3d:8d:ae:e5:56:20:99:54:92:f5:5a:83:cb:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7b5e37f6e3b9bd1cf3684b9c03c03ad1ca642497
Validity
Not Before: Jan 13 17:37:28 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=df8325daa0f9db0b2006a22e049c2b5e0416d7e3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:96:d8:54:77:ed:ad:d9:e9:21:56:b6:ab:33:
fd:5b:60:4f:6c:40:27:fa:55:bf:e7:b0:67:06:25:
94:6c:23:ca:8e:fc:a0:f1:d7:a3:d6:82:35:9d:7a:
71:37:c4:79:aa:1b:ad:ed:8d:91:4d:7e:91:37:bd:
5b:8c:69:0b:8d:97:64:2d:a0:d5:d7:85:9f:f5:be:
eb:ff:b0:3f:fc:15:69:b1:b1:b2:82:5a:02:a0:bb:
e3:e0:6f:5d:0c:69:f5:af:52:b1:e9:a8:0d:14:55:
87:71:bf:42:47:54:22:1a:3c:9c:00:8a:84:3b:97:
72:3c:d6:09:ed:e5:33:1f:18:02:1a:7b:b2:98:01:
39:56:3d:a9:6b:74:87:ba:8c:96:fb:fc:95:d2:4c:
6d:38:4f:47:92:21:62:e2:72:93:66:5f:76:bd:eb:
5b:45:d0:31:e0:b8:9a:3a:7f:57:f6:cb:1c:80:e6:
86:51:86:fd:57:4e:68:c0:83:60:e5:cc:27:da:8d:
2c:6b:8c:71:a7:95:62:a8:2a:31:42:0d:8c:d9:91:
f0:ae:eb:bc:1a:24:1e:d4:c0:7d:72:a8:d5:84:9d:
e6:0b:f7:87:7c:6e:9e:e6:02:e1:15:c3:df:d4:51:
3a:82:41:cc:06:25:9c:f1:66:1c:c2:6c:fe:f5:3b:
38:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:83:25:DA:A0:F9:DB:0B:20:06:A2:2E:04:9C:2B:5E:04:16:D7:E3
X509v3 Authority Key Identifier:
keyid:7B:5E:37:F6:E3:B9:BD:1C:F3:68:4B:9C:03:C0:3A:D1:CA:64:24:97
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/e1439uO5vRzzaEucA8A60cpkJJc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/34Ml2qD52wsgBqIuBJwrXgQW1-M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/57/26728e-ddc7-4b0f-9d1e-9593a488afcc/1/e1439uO5vRzzaEucA8A60cpkJJc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.172.192.0/24
79.172.207.0/24
79.172.224.0/24
79.172.228.0/24
79.172.250.0/24
84.21.4.0/24
84.21.12.0/23
185.63.17.0-185.63.19.255
Signature Algorithm: sha256WithRSAEncryption
6b:00:ae:f2:86:79:c3:a6:a0:8b:a5:1e:3b:6b:e4:91:97:00:
4e:47:48:79:aa:36:98:d1:7c:80:76:51:ab:33:c0:c6:7f:9a:
93:ba:56:ea:d8:da:ea:3d:8b:80:ce:e7:18:df:66:f3:2d:b1:
a4:b7:89:3e:ef:ac:06:93:5a:9e:fa:5c:fc:b2:0f:d7:c0:27:
46:d0:12:d3:57:c0:9e:4f:25:1d:1a:8f:29:34:82:d4:d1:eb:
b5:0a:2c:13:ac:80:9c:9c:63:01:de:2f:44:2a:99:74:55:18:
31:b7:04:96:30:a3:5a:7a:89:67:34:31:51:ab:b0:65:16:5b:
f3:73:60:c2:10:6d:98:95:97:49:b3:08:c6:7c:35:14:ad:82:
5c:90:21:c2:48:e2:f9:c6:86:fc:fa:9e:f7:5b:cb:83:70:59:
44:1f:d6:83:51:6c:63:17:b6:00:c8:c5:8d:22:2d:89:37:aa:
e6:0a:f7:95:10:f7:0f:26:5c:83:7c:3f:50:80:6c:b3:fc:22:
d3:84:45:d9:ea:2e:f8:83:14:84:c0:93:3e:60:74:e5:ca:66:
f7:07:27:02:62:df:75:83:17:5d:14:16:44:07:1c:ae:0a:30:
4b:09:bf:7d:11:a1:9d:b9:da:3c:3b:f5:f3:5f:4c:aa:fa:90:
d5:61:79:e9
-----BEGIN CERTIFICATE-----
MIIFLzCCBBegAwIBAgISAYWsNT2NruVWIJlUkvVag8u/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdiNWUzN2Y2ZTNiOWJkMWNmMzY4NGI5YzAzYzAzYWQxY2E2
NDI0OTcwHhcNMjMwMTEzMTczNzI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZjgzMjVkYWEwZjlkYjBiMjAwNmEyMmUwNDljMmI1ZTA0MTZkN2UzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtpbYVHftrdnpIVa2qzP9W2BPbEAn
+lW/57BnBiWUbCPKjvyg8dej1oI1nXpxN8R5qhut7Y2RTX6RN71bjGkLjZdkLaDV
14Wf9b7r/7A//BVpsbGygloCoLvj4G9dDGn1r1Kx6agNFFWHcb9CR1QiGjycAIqE
O5dyPNYJ7eUzHxgCGnuymAE5Vj2pa3SHuoyW+/yV0kxtOE9HkiFi4nKTZl92vetb
RdAx4LiaOn9X9sscgOaGUYb9V05owINg5cwn2o0sa4xxp5ViqCoxQg2M2ZHwruu8
GiQe1MB9cqjVhJ3mC/eHfG6e5gLhFcPf1FE6gkHMBiWc8WYcwmz+9Ts4ewIDAQAB
o4ICOzCCAjcwHQYDVR0OBBYEFN+DJdqg+dsLIAaiLgScK14EFtfjMB8GA1UdIwQY
MBaAFHteN/bjub0c82hLnAPAOtHKZCSXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUt
OTU5M2E0ODhhZmNjLzEvMzRNbDJxRDUyd3NnQnFJdUJKd3JYZ1FXMS1NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ny8yNjcyOGUtZGRjNy00YjBmLTlkMWUtOTU5M2E0ODhhZmNj
LzEvZTE0Mzl1TzV2Unp6YUV1Y0E4QTYwY3BrSkpjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFEGCCsGAQUFBwEHAQH/BEIwQDA+BAIAATA4AwQAT6zAAwQA
T6zPAwQAT6zgAwQAT6zkAwQAT6z6AwQAVBUEAwQBVBUMMAwDBAC5PxEDBAK5PxAw
DQYJKoZIhvcNAQELBQADggEBAGsArvKGecOmoIulHjtr5JGXAE5HSHmqNpjRfIB2
UaszwMZ/mpO6VurY2uo9i4DO5xjfZvMtsaS3iT7vrAaTWp76XPyyD9fAJ0bQEtNX
wJ5PJR0ajyk0gtTR67UKLBOsgJycYwHeL0QqmXRVGDG3BJYwo1p6iWc0MVGrsGUW
W/NzYMIQbZiVl0mzCMZ8NRStglyQIcJI4vnGhvz6nvdby4NwWUQf1oNRbGMXtgDI
xY0iLYk3quYK95UQ9w8mXIN8P1CAbLP8ItOERdnqLviDFITAkz5gdOXKZvcHJwJi
33WDF10UFkQHHK4KMEsJv30RoZ252jw79fNfTKr6kNVheek=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:52:21 2023 by rpki-client on console-ams.rpki-client.org