Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/29QJNR9LWunu3ev0cMNju70Cick.roa
File: 29QJNR9LWunu3ev0cMNju70Cick.roa (raw, json)
Hash identifier: xB8Qy2+gx9eNl6g7tKPvTjRxSYRyXhUfH2g0JsyaJgQ=
Subject key identifier: DB:D4:09:35:1F:4B:5A:E9:EE:DD:EB:F4:70:C3:63:BB:BD:02:89:C9
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 0A713026
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/29QJNR9LWunu3ev0cMNju70Cick.roa
Signing time: Sat 12 Mar 2022 13:27:14 +0000
ROA not before: Sat 12 Mar 2022 13:27:14 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 95.111.128.0/20 maxlen: 24
177.222.64.0/19 maxlen: 24
95.111.144.0/20 maxlen: 24
185.149.13.0/24 maxlen: 24
89.46.98.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 175190054 (0xa713026)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Mar 12 13:27:14 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=dbd409351f4b5ae9eeddebf470c363bbbd0289c9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ca:00:4f:76:8a:18:d8:35:05:8a:e7:9f:76:89:
59:7d:02:32:47:c8:50:de:1d:ce:b1:f7:0a:46:23:
1e:d7:89:08:15:df:3b:e2:cc:a6:f6:a7:3a:e2:8e:
9d:d2:fc:16:d1:12:b9:50:77:21:db:e9:9d:5b:a8:
2f:27:92:62:c9:5f:40:cc:27:71:bc:a0:8d:bb:44:
20:86:fd:df:04:c3:0f:c0:99:68:cc:b9:75:23:89:
e0:71:17:92:5a:e1:f7:3c:3b:6a:5c:36:d4:f0:ee:
56:9f:2a:e5:87:2d:e4:ab:2f:76:1b:98:e7:dd:48:
87:a1:68:d2:1d:50:83:b9:26:bc:18:0c:14:35:74:
cb:67:e9:30:b8:98:a5:39:b6:d2:73:c0:29:9a:23:
94:95:ae:0c:9b:56:65:40:e8:6c:ed:2e:43:29:78:
c4:fd:49:25:4d:10:74:c3:34:85:bc:1a:28:2c:20:
45:3e:0d:f9:71:fc:92:be:85:36:ff:ab:25:11:85:
38:35:68:4e:7f:7b:c4:a6:a3:9a:7f:81:76:ab:fa:
ce:f3:33:25:f9:38:a7:e4:6e:ee:83:a6:85:d3:44:
51:70:76:27:46:49:20:df:25:6e:32:78:49:10:b3:
49:8d:c6:c1:22:5c:5c:a0:bc:ab:89:93:a6:44:57:
5a:55
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:D4:09:35:1F:4B:5A:E9:EE:DD:EB:F4:70:C3:63:BB:BD:02:89:C9
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/29QJNR9LWunu3ev0cMNju70Cick.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.98.0/24
95.111.128.0/19
177.222.64.0/19
185.149.13.0/24
Signature Algorithm: sha256WithRSAEncryption
66:c5:f8:89:28:fd:7c:b5:ec:e5:1f:d4:a0:d6:6d:ca:89:16:
fc:33:d3:e4:c9:d5:3c:dc:71:65:46:81:9d:a8:24:27:e3:cd:
74:0e:37:2b:a5:5f:32:f9:95:6e:f2:80:5f:1e:2c:91:1f:f3:
6e:38:a5:b3:8f:e9:8d:80:fe:1f:55:56:be:4f:a4:70:b6:c2:
9b:3c:ab:16:fd:71:2a:a6:9b:d7:2c:f0:90:de:91:76:00:78:
ad:f6:14:77:91:37:59:c0:9b:bc:f0:8e:27:41:0a:4f:fc:a1:
04:8a:d4:c1:e1:d5:62:6d:43:8f:f9:fb:86:fd:fb:d1:1b:c0:
37:c0:63:57:cc:52:a6:f2:88:80:95:11:47:b9:09:66:e9:60:
ae:f0:20:ee:e7:16:bf:f6:cf:dd:95:d9:f4:66:20:63:3e:93:
c1:da:f8:78:82:16:5c:7b:2c:2e:1d:43:c7:c7:61:32:4b:48:
ab:71:ea:46:69:57:ab:97:42:25:63:f9:ac:54:a8:b2:37:18:
82:7d:97:f1:ff:28:b8:54:d0:b4:33:32:0a:c0:98:55:bc:5c:
d6:fd:31:5b:70:a5:2d:ef:be:7e:b6:7b:fe:81:8d:45:af:f9:
8f:64:ed:af:78:26:97:d1:34:cd:88:4b:2c:e8:42:48:63:04:
e4:bc:4f:9e
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIECnEwJjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDE2NmI3MDQ4NDNkM2Q5NzU0MDk1YzgzYTkxYjQ5MzgyODIwMGEyMB4XDTIyMDMx
MjEzMjcxNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGJkNDA5MzUxZjRi
NWFlOWVlZGRlYmY0NzBjMzYzYmJiZDAyODljOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMoAT3aKGNg1BYrnn3aJWX0CMkfIUN4dzrH3CkYjHteJCBXf
O+LMpvanOuKOndL8FtESuVB3IdvpnVuoLyeSYslfQMwncbygjbtEIIb93wTDD8CZ
aMy5dSOJ4HEXklrh9zw7alw21PDuVp8q5Yct5KsvdhuY591Ih6Fo0h1Qg7kmvBgM
FDV0y2fpMLiYpTm20nPAKZojlJWuDJtWZUDobO0uQyl4xP1JJU0QdMM0hbwaKCwg
RT4N+XH8kr6FNv+rJRGFODVoTn97xKajmn+Bdqv6zvMzJfk4p+Ru7oOmhdNEUXB2
J0ZJIN8lbjJ4SRCzSY3GwSJcXKC8q4mTpkRXWlUCAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBTb1Ak1H0ta6e7d6/Rww2O7vQKJyTAfBgNVHSMEGDAWgBSUFmtwSEPT2XVA
lcg6kbSTgoIAojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xCWnJjRWhEMDlsMVFKWElPcEcwazRLQ0FLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvNDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8x
LzI5UUpOUjlMV3VudTNldjBjTU5qdTcwQ2ljay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
NDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8xL2xCWnJjRWhEMDls
MVFKWElPcEcwazRLQ0FLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAFkuYgMEBV9vgAMEBbHeQAMEALmV
DTANBgkqhkiG9w0BAQsFAAOCAQEAZsX4iSj9fLXs5R/UoNZtyokW/DPT5MnVPNxx
ZUaBnagkJ+PNdA43K6VfMvmVbvKAXx4skR/zbjils4/pjYD+H1VWvk+kcLbCmzyr
Fv1xKqab1yzwkN6RdgB4rfYUd5E3WcCbvPCOJ0EKT/yhBIrUweHVYm1Dj/n7hv37
0RvAN8BjV8xSpvKIgJURR7kJZulgrvAg7ucWv/bP3ZXZ9GYgYz6Twdr4eIIWXHss
Lh1Dx8dhMktIq3HqRmlXq5dCJWP5rFSosjcYgn2X8f8ouFTQtDMyCsCYVbxc1v0x
W3ClLe++frZ7/oGNRa/5j2Ttr3gml9E0zYhLLOhCSGME5LxPng==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:00:42 2023 by rpki-client on console-ams.rpki-client.org