Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5f/a9e8a6-1cf2-4c87-b49a-5228823fb97b/1/tlXwolEsz-UkNSXDbvAC7DiiE94.roa
File: tlXwolEsz-UkNSXDbvAC7DiiE94.roa (raw, json)
Hash identifier: oJmSnvjYlCDpG2DfMDq9YKZ0KM4/3wLLCYHaSUjMtYk=
Subject key identifier: B6:55:F0:A2:51:2C:CF:E5:24:35:25:C3:6E:F0:02:EC:38:A2:13:DE
Certificate issuer: /CN=839d363b28f1c9084e1c1986876bb409b79a138c
Certificate serial: 08DBC5
Authority key identifier: 83:9D:36:3B:28:F1:C9:08:4E:1C:19:86:87:6B:B4:09:B7:9A:13:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/g502OyjxyQhOHBmGh2u0CbeaE4w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5f/a9e8a6-1cf2-4c87-b49a-5228823fb97b/1/tlXwolEsz-UkNSXDbvAC7DiiE94.roa
Signing time: Sat 29 Jan 2022 21:23:27 +0000
ROA not before: Sat 29 Jan 2022 21:23:27 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 94.45.178.0/23 maxlen: 24
94.45.173.0/24 maxlen: 24
94.45.179.0/24 maxlen: 24
94.45.174.0/24 maxlen: 24
94.45.177.0/24 maxlen: 24
94.45.180.0/24 maxlen: 24
94.45.182.0/24 maxlen: 24
94.45.183.0/24 maxlen: 24
94.45.189.0/24 maxlen: 24
94.45.188.0/24 maxlen: 24
94.45.191.0/24 maxlen: 24
94.45.164.0/24 maxlen: 24
94.45.166.0/24 maxlen: 24
94.45.172.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 580549 (0x8dbc5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=839d363b28f1c9084e1c1986876bb409b79a138c
Validity
Not Before: Jan 29 21:23:27 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b655f0a2512ccfe5243525c36ef002ec38a213de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:52:c6:ce:c1:fa:9a:3f:28:af:fb:fd:1c:4b:
fa:50:76:6d:37:1f:5a:62:1b:36:c2:0f:b7:65:c4:
40:10:26:88:86:f8:7b:49:7c:9f:4f:ba:b6:24:36:
0f:cf:fd:63:e9:88:4c:46:d7:eb:ef:26:a5:d6:dc:
ce:7c:6a:fa:1a:29:1a:c6:05:7b:b0:a3:7f:b9:da:
2d:d8:70:df:d8:9d:f9:d1:70:c8:c7:27:ca:1b:59:
d1:19:28:dd:90:8c:06:b4:ee:42:1f:7c:f8:39:f9:
96:a0:39:6d:1b:84:b9:53:34:3b:00:dc:0b:06:37:
1f:d8:26:48:b8:0e:ee:d0:27:3c:87:01:8f:70:16:
1b:1a:b8:05:29:4a:e4:8e:60:7a:41:5e:b1:28:3a:
1c:89:df:10:3b:b5:30:bf:cb:86:9a:68:fd:f1:2a:
a3:ec:65:a8:73:d3:36:55:6e:da:b4:80:7e:28:bc:
57:02:06:62:2b:d7:2f:70:e6:40:d5:40:7c:cf:b9:
84:e4:6f:66:6b:c1:57:f7:23:b3:d3:4f:33:96:c2:
7b:0b:4f:a9:53:a2:fc:a9:60:65:35:7a:b8:85:df:
45:4f:45:93:fe:b4:da:c5:f6:6b:bf:8e:54:1d:e0:
e4:98:83:52:b9:f5:a0:7e:d2:4e:d2:30:b7:c5:48:
b5:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B6:55:F0:A2:51:2C:CF:E5:24:35:25:C3:6E:F0:02:EC:38:A2:13:DE
X509v3 Authority Key Identifier:
keyid:83:9D:36:3B:28:F1:C9:08:4E:1C:19:86:87:6B:B4:09:B7:9A:13:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/g502OyjxyQhOHBmGh2u0CbeaE4w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/a9e8a6-1cf2-4c87-b49a-5228823fb97b/1/tlXwolEsz-UkNSXDbvAC7DiiE94.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5f/a9e8a6-1cf2-4c87-b49a-5228823fb97b/1/g502OyjxyQhOHBmGh2u0CbeaE4w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.45.164.0/24
94.45.166.0/24
94.45.172.0-94.45.174.255
94.45.177.0-94.45.180.255
94.45.182.0/23
94.45.188.0/23
94.45.191.0/24
Signature Algorithm: sha256WithRSAEncryption
28:b6:db:33:f8:9c:49:00:4f:ac:9e:fc:64:01:31:ea:53:26:
7d:b7:c5:53:25:a0:18:4f:a3:bc:62:a5:f4:72:af:41:6d:ec:
90:f9:c8:66:00:36:af:c7:bc:62:ff:ce:7b:73:e5:05:26:a0:
da:01:ad:10:46:13:93:c3:4b:78:c9:c7:4e:7f:d0:a2:34:7a:
70:a6:47:82:9c:a3:12:ef:7f:aa:30:92:5d:3d:ed:53:65:6a:
99:33:c0:07:83:fb:b1:c3:41:77:ca:a9:6b:83:c0:bd:13:bc:
94:44:2e:bb:13:a3:b9:97:a8:ac:d6:c0:2d:e4:79:7c:54:7c:
19:16:58:92:c5:85:3f:b5:ca:7c:90:64:81:f2:c9:6c:59:78:
df:ae:bb:91:a8:f0:fd:cf:07:30:1d:c5:02:e8:60:ed:79:cf:
33:56:ca:6e:60:db:7c:6e:58:0b:f4:5a:91:a6:8a:85:93:16:
a0:5b:b9:c0:a4:2f:1a:fb:e5:af:10:66:d1:94:9d:64:30:d4:
30:98:ba:a8:f5:a9:7e:7a:89:a5:b8:ce:0d:13:b0:95:7a:ae:
78:00:d1:28:2b:0a:ea:d4:07:d1:0a:ee:4e:df:0a:d8:23:1a:
a9:42:08:f8:df:bb:19:2c:83:9b:38:79:e0:59:22:40:44:a2:
f2:b5:f0:a2
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgIDCNvFMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDgz
OWQzNjNiMjhmMWM5MDg0ZTFjMTk4Njg3NmJiNDA5Yjc5YTEzOGMwHhcNMjIwMTI5
MjEyMzI3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyhiNjU1ZjBhMjUxMmNj
ZmU1MjQzNTI1YzM2ZWYwMDJlYzM4YTIxM2RlMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAvVLGzsH6mj8or/v9HEv6UHZtNx9aYhs2wg+3ZcRAECaIhvh7
SXyfT7q2JDYPz/1j6YhMRtfr7yal1tzOfGr6GikaxgV7sKN/udot2HDf2J350XDI
xyfKG1nRGSjdkIwGtO5CH3z4OfmWoDltG4S5UzQ7ANwLBjcf2CZIuA7u0Cc8hwGP
cBYbGrgFKUrkjmB6QV6xKDocid8QO7Uwv8uGmmj98Sqj7GWoc9M2VW7atIB+KLxX
AgZiK9cvcOZA1UB8z7mE5G9ma8FX9yOz008zlsJ7C0+pU6L8qWBlNXq4hd9FT0WT
/rTaxfZrv45UHeDkmINSufWgftJO0jC3xUi1zwIDAQABo4ICPTCCAjkwHQYDVR0O
BBYEFLZV8KJRLM/lJDUlw27wAuw4ohPeMB8GA1UdIwQYMBaAFIOdNjso8ckIThwZ
hodrtAm3mhOMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
ZzUwMk95anh5UWhPSEJtR2gydTBDYmVhRTR3LmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC81Zi9hOWU4YTYtMWNmMi00Yzg3LWI0OWEtNTIyODgyM2ZiOTdiLzEv
dGxYd29sRXN6LVVrTlNYRGJ2QUM3RGlpRTk0LnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Zi9h
OWU4YTYtMWNmMi00Yzg3LWI0OWEtNTIyODgyM2ZiOTdiLzEvZzUwMk95anh5UWhP
SEJtR2gydTBDYmVhRTR3LmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMFMG
CCsGAQUFBwEHAQH/BEQwQjBABAIAATA6AwQAXi2kAwQAXi2mMAwDBAJeLawDBABe
La4wDAMEAF4tsQMEAF4ttAMEAV4ttgMEAV4tvAMEAF4tvzANBgkqhkiG9w0BAQsF
AAOCAQEAKLbbM/icSQBPrJ78ZAEx6lMmfbfFUyWgGE+jvGKl9HKvQW3skPnIZgA2
r8e8Yv/Oe3PlBSag2gGtEEYTk8NLeMnHTn/QojR6cKZHgpyjEu9/qjCSXT3tU2Vq
mTPAB4P7scNBd8qpa4PAvRO8lEQuuxOjuZeorNbALeR5fFR8GRZYksWFP7XKfJBk
gfLJbFl43667kajw/c8HMB3FAuhg7XnPM1bKbmDbfG5YC/RakaaKhZMWoFu5wKQv
GvvlrxBm0ZSdZDDUMJi6qPWpfnqJpbjODROwlXqueADRKCsK6tQH0QruTt8K2CMa
qUII+N+7GSyDmzh54FkiQESi8rXwog==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:00:35 2023 by rpki-client on console-ams.rpki-client.org