Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/1-E_1e-6MxKcMmtBAJxa3gitg0xE.roa
File: 1-E_1e-6MxKcMmtBAJxa3gitg0xE.roa (raw, json)
Hash identifier: J84lT/F14X+rFwjg2pVm2rK0BCB5+Xf3o5KoEHWpRzw=
Subject key identifier: F8:4F:F5:7B:EE:8C:C4:A7:0C:9A:D0:40:27:16:B7:82:2B:60:D3:11
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 0189FE5B9F610032177720B257568FE31CB8
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/1-E_1e-6MxKcMmtBAJxa3gitg0xE.roa
Signing time: Wed 16 Aug 2023 12:39:24 +0000
ROA not before: Wed 16 Aug 2023 12:39:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.235.71.0/24 maxlen: 24
95.111.128.0/20 maxlen: 20
95.111.144.0/20 maxlen: 20
185.149.12.0/23 maxlen: 24
185.149.12.0/24 maxlen: 24
185.149.13.0/24 maxlen: 24
185.149.14.0/23 maxlen: 24
185.149.14.0/24 maxlen: 24
171.22.144.0/24 maxlen: 24
171.22.146.0/24 maxlen: 24
171.22.147.0/24 maxlen: 24
91.103.120.0/21 maxlen: 24
31.43.174.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:fe:5b:9f:61:00:32:17:77:20:b2:57:56:8f:e3:1c:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Aug 16 12:39:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f84ff57bee8cc4a70c9ad0402716b7822b60d311
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:61:e8:f8:74:16:ec:d7:8a:6f:15:ef:4d:0e:
fd:74:e0:3a:5b:ca:fb:bd:89:f7:5d:f0:aa:9e:af:
a0:6a:83:22:7d:8f:fc:44:b5:4c:31:ff:55:a8:7f:
ca:13:91:e6:c4:a5:1f:25:cd:2f:dd:c6:95:60:80:
44:83:ce:b5:7e:98:95:9b:85:22:a3:db:64:32:59:
ff:e6:41:d8:84:24:ed:e3:cd:56:c8:a8:71:f0:4a:
a5:76:bd:1c:58:3c:a8:27:cb:91:64:b8:27:6f:c3:
6a:7b:e8:0f:9a:82:97:bc:af:7b:93:f3:44:23:fd:
49:3d:dd:eb:97:bb:35:19:fd:1a:0b:a5:1e:7f:fc:
a3:f9:3a:c0:0a:76:8c:c1:2e:62:37:5e:80:51:dc:
90:ad:c7:34:83:92:01:ab:d6:9a:19:9f:74:0a:40:
0d:d1:7d:c5:9c:5e:e9:dd:b6:a1:e2:76:3c:0a:1a:
c5:61:34:04:0a:95:be:f7:5e:ed:f0:3e:58:3e:5a:
6e:e3:57:96:b9:2a:0b:84:7d:34:ff:53:b3:a5:c0:
6a:6d:d0:1b:c2:a1:6e:c0:df:b5:1f:48:be:47:15:
f2:aa:e4:b6:fa:33:8f:d7:1f:08:6d:89:99:57:fb:
39:da:f0:9f:b4:4b:9d:1d:87:f9:39:08:d5:b0:80:
8a:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F8:4F:F5:7B:EE:8C:C4:A7:0C:9A:D0:40:27:16:B7:82:2B:60:D3:11
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/1-E_1e-6MxKcMmtBAJxa3gitg0xE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.43.174.0/24
91.103.120.0/21
95.111.128.0/19
171.22.144.0/24
171.22.146.0/23
185.149.12.0/22
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
97:0e:ee:af:46:01:76:9a:b5:4d:8c:cf:a7:db:54:71:57:9d:
ef:42:9c:4d:f6:45:e5:3c:cf:2c:c4:8b:79:44:f9:50:77:b5:
e2:d8:cf:d3:dd:48:79:59:91:f6:4f:10:6a:ee:02:04:03:93:
71:6f:90:be:c7:7a:8a:74:1f:dd:d4:c3:a4:5c:a1:45:a3:45:
0c:38:0c:ab:8b:ff:cc:a6:22:1a:cf:4c:b4:cc:37:5f:6c:01:
4a:34:e6:b1:b0:c5:b0:59:d9:a2:bc:87:41:8c:e6:ce:70:d1:
e4:0c:86:0d:91:70:9c:a4:ad:70:27:b8:f8:f3:66:3d:64:5b:
93:18:38:d8:13:54:da:0b:87:64:61:dd:58:c6:79:05:b6:fc:
92:6f:2f:6d:8f:61:32:97:08:32:75:37:a2:98:f0:f4:49:98:
39:37:df:69:51:cc:87:57:74:22:f5:d4:ad:27:7a:80:00:f3:
6d:51:82:3b:6b:fc:23:0c:25:be:a6:dd:e0:c3:01:47:0e:dc:
f2:99:13:4e:5b:81:ff:91:78:fd:4d:62:4c:40:34:bf:f8:65:
34:42:d1:eb:61:8b:80:1f:86:fa:33:7f:41:55:c1:12:38:33:
c3:7e:da:ab:92:c3:29:b9:02:f4:03:d1:4a:e1:8f:08:88:5e:
b6:01:7b:44
-----BEGIN CERTIFICATE-----
MIIFIjCCBAqgAwIBAgISAYn+W59hADIXdyCyV1aP4xy4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwODE2MTIzOTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmODRmZjU3YmVlOGNjNGE3MGM5YWQwNDAyNzE2Yjc4MjJiNjBkMzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl2Ho+HQW7NeKbxXvTQ79dOA6W8r7
vYn3XfCqnq+gaoMifY/8RLVMMf9VqH/KE5HmxKUfJc0v3caVYIBEg861fpiVm4Ui
o9tkMln/5kHYhCTt481WyKhx8Eqldr0cWDyoJ8uRZLgnb8Nqe+gPmoKXvK97k/NE
I/1JPd3rl7s1Gf0aC6Uef/yj+TrACnaMwS5iN16AUdyQrcc0g5IBq9aaGZ90CkAN
0X3FnF7p3bah4nY8ChrFYTQECpW+917t8D5YPlpu41eWuSoLhH00/1OzpcBqbdAb
wqFuwN+1H0i+RxXyquS2+jOP1x8IbYmZV/s52vCftEudHYf5OQjVsICKnQIDAQAB
o4ICLjCCAiowHQYDVR0OBBYEFPhP9XvujMSnDJrQQCcWt4IrYNMRMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvMS1FXzFlLTZNeEtjTW10QkFKeGEzZ2l0ZzB4RS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvNjIvNDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhi
NC8xL2xCWnJjRWhEMDlsMVFKWElPcEcwazRLQ0FLSS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjBDBggrBgEFBQcBBwEB/wQ0MDIwMAQCAAEwKgMEAB8rrgME
A1tneAMEBV9vgAMEAKsWkAMEAasWkgMEArmVDAMEALnrRzANBgkqhkiG9w0BAQsF
AAOCAQEAlw7ur0YBdpq1TYzPp9tUcVed70KcTfZF5TzPLMSLeUT5UHe14tjP091I
eVmR9k8Qau4CBAOTcW+Qvsd6inQf3dTDpFyhRaNFDDgMq4v/zKYiGs9MtMw3X2wB
SjTmsbDFsFnZoryHQYzmznDR5AyGDZFwnKStcCe4+PNmPWRbkxg42BNU2guHZGHd
WMZ5Bbb8km8vbY9hMpcIMnU3opjw9EmYOTffaVHMh1d0IvXUrSd6gADzbVGCO2v8
Iwwlvqbd4MMBRw7c8pkTTluB/5F4/U1iTEA0v/hlNELR62GLgB+G+jN/QVXBEjgz
w37aq5LDKbkC9APRSuGPCIhetgF7RA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:14:25 2024 by rpki-client on console-ams.rpki-client.org