Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/0-SGK3EqiM9-cgi8NN_RYVb8zKc.roa
File: 0-SGK3EqiM9-cgi8NN_RYVb8zKc.roa (raw, json)
Hash identifier: PaYvWF1P05ugVuqpUnlN4QQv0bEjk/FkAhAfKI36zFI=
Subject key identifier: D3:E4:86:2B:71:2A:88:CF:7E:72:08:BC:34:DF:D1:61:56:FC:CC:A7
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 018590BE672FBE19429781DDB7AA9854B03A
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/0-SGK3EqiM9-cgi8NN_RYVb8zKc.roa
Signing time: Sun 08 Jan 2023 09:37:55 +0000
ROA not before: Sun 08 Jan 2023 09:37:55 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3320
IP address blocks: 171.22.146.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:90:be:67:2f:be:19:42:97:81:dd:b7:aa:98:54:b0:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Jan 8 09:37:55 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d3e4862b712a88cf7e7208bc34dfd16156fccca7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:a8:82:8f:86:63:21:f6:63:ba:ec:a2:a7:83:
47:e9:92:e1:ba:74:2e:2e:b2:4f:27:e0:94:48:38:
06:47:6e:73:01:09:60:7e:17:c8:b3:11:0a:20:55:
7e:81:25:76:59:26:d8:c3:a8:cf:49:61:a0:db:c6:
25:88:a3:8d:5b:92:0f:ae:17:36:64:14:4b:42:9f:
17:80:8a:e7:eb:53:84:c7:f1:b5:e9:81:44:9f:04:
66:91:13:33:d8:08:19:fd:38:a8:fc:02:6e:e1:3f:
39:ac:f1:07:9c:5b:1f:69:f8:b7:e6:44:75:21:03:
b7:36:3a:19:0c:4c:04:72:ad:b6:35:77:75:ff:ac:
28:ed:3a:9b:eb:2a:1e:03:98:cf:99:63:ab:00:bc:
a2:ba:e5:3c:dd:f9:9f:6b:6c:14:0b:49:0b:16:87:
63:b6:82:e4:7e:b7:06:4b:47:66:a1:41:60:a5:3f:
f2:b9:ef:f2:e8:77:f6:e2:d9:16:c7:6a:80:fd:f6:
17:8d:6b:9a:4e:d9:cc:63:fd:38:aa:e9:ba:0f:f8:
6a:1e:e3:66:a4:84:3c:1c:ac:af:34:2d:e8:65:d1:
af:9a:b9:53:2f:d9:d0:05:1c:54:92:21:b7:91:d7:
e9:32:8e:12:4e:59:95:11:ad:d7:cd:08:77:84:57:
d7:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:E4:86:2B:71:2A:88:CF:7E:72:08:BC:34:DF:D1:61:56:FC:CC:A7
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/0-SGK3EqiM9-cgi8NN_RYVb8zKc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
171.22.146.0/24
Signature Algorithm: sha256WithRSAEncryption
64:ee:6b:f4:20:3b:79:0e:5e:63:76:8c:2c:53:9f:77:0a:40:
0f:b3:e1:e0:03:bb:57:61:0b:be:d2:b4:92:e4:87:34:e8:84:
50:8d:47:df:8c:33:15:b4:3e:80:e3:6c:ea:d9:c3:6f:6f:d5:
6a:9f:f5:84:bc:68:98:55:01:e4:3b:79:8c:36:8f:87:76:39:
74:5a:6c:13:09:b2:f7:46:cc:b5:5c:07:08:63:f4:5b:c2:2e:
e7:d3:9c:39:dd:45:53:cf:a5:29:ab:9e:15:ca:d3:78:3b:c1:
f9:96:47:9a:a5:59:ae:ff:c3:17:e5:40:66:44:03:87:85:c9:
f9:f4:18:5d:a1:49:ed:f1:58:39:ba:c5:e9:bd:c6:58:50:c1:
d2:64:e2:56:ac:bf:4b:29:e4:7e:47:49:99:04:72:dc:9a:3c:
00:7d:84:0e:ec:2b:cd:6a:58:59:07:2f:2d:59:75:e8:70:44:
6d:a2:65:8e:3b:46:82:8c:1a:6a:13:08:7a:bf:bb:95:96:43:
87:09:78:51:c8:c8:67:fb:b8:bb:7e:bc:2d:40:4d:29:54:6a:
e4:2a:f8:44:49:26:6d:6b:40:1f:1a:a7:ae:f1:08:81:fa:66:
eb:97:47:fe:17:16:1d:bf:e6:ef:c0:ed:cb:1a:d8:a1:bb:55:
e0:a6:34:5b
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYWQvmcvvhlCl4Hdt6qYVLA6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwMTA4MDkzNzU1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2U0ODYyYjcxMmE4OGNmN2U3MjA4YmMzNGRmZDE2MTU2ZmNjY2E3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKiCj4ZjIfZjuuyip4NH6ZLhunQu
LrJPJ+CUSDgGR25zAQlgfhfIsxEKIFV+gSV2WSbYw6jPSWGg28YliKONW5IPrhc2
ZBRLQp8XgIrn61OEx/G16YFEnwRmkRMz2AgZ/Tio/AJu4T85rPEHnFsfafi35kR1
IQO3NjoZDEwEcq22NXd1/6wo7Tqb6yoeA5jPmWOrALyiuuU83fmfa2wUC0kLFodj
toLkfrcGS0dmoUFgpT/yue/y6Hf24tkWx2qA/fYXjWuaTtnMY/04qum6D/hqHuNm
pIQ8HKyvNC3oZdGvmrlTL9nQBRxUkiG3kdfpMo4STlmVEa3XzQh3hFfXwQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFNPkhitxKojPfnIIvDTf0WFW/MynMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvMC1TR0szRXFpTTktY2dpOE5OX1JZVmI4ektjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAqxaSMA0G
CSqGSIb3DQEBCwUAA4IBAQBk7mv0IDt5Dl5jdowsU593CkAPs+HgA7tXYQu+0rSS
5Ic06IRQjUffjDMVtD6A42zq2cNvb9Vqn/WEvGiYVQHkO3mMNo+Hdjl0WmwTCbL3
Rsy1XAcIY/Rbwi7n05w53UVTz6Upq54VytN4O8H5lkeapVmu/8MX5UBmRAOHhcn5
9BhdoUnt8Vg5usXpvcZYUMHSZOJWrL9LKeR+R0mZBHLcmjwAfYQO7CvNalhZBy8t
WXXocERtomWOO0aCjBpqEwh6v7uVlkOHCXhRyMhn+7i7frwtQE0pVGrkKvhESSZt
a0AfGqeu8QiB+mbrl0f+FxYdv+bvwO3LGtihu1XgpjRb
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:25 2024 by rpki-client on console-ams.rpki-client.org