Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/4Ky_RbPgA_o5QaceJV_TfhxyXOI.roa
File: 4Ky_RbPgA_o5QaceJV_TfhxyXOI.roa (raw, json)
Hash identifier: HOVVd+IBdhp/QwDb9alDIgd+vld71KWbKO4HIpOofc0=
Subject key identifier: E0:AC:BF:45:B3:E0:03:FA:39:41:A7:1E:25:5F:D3:7E:1C:72:5C:E2
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 0186072409E2C50273DD03639CC770B52AE6
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/4Ky_RbPgA_o5QaceJV_TfhxyXOI.roa
Signing time: Tue 31 Jan 2023 09:24:07 +0000
ROA not before: Tue 31 Jan 2023 09:24:07 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 91.103.120.0/21 maxlen: 24
185.235.71.0/24 maxlen: 24
95.111.128.0/20 maxlen: 24
95.111.144.0/20 maxlen: 24
185.149.12.0/22 maxlen: 24
89.46.96.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:07:24:09:e2:c5:02:73:dd:03:63:9c:c7:70:b5:2a:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Jan 31 09:24:07 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e0acbf45b3e003fa3941a71e255fd37e1c725ce2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:81:9d:e3:bc:f3:12:cd:7b:23:df:8d:44:ad:
da:c2:d5:6a:c9:1e:4b:20:72:80:65:7b:0b:4e:b4:
49:40:40:7e:f0:5f:1e:c2:ca:ba:90:8f:fa:8e:8f:
48:b7:6f:81:36:c5:78:9f:0a:45:28:a8:6e:00:74:
3e:53:d0:79:87:11:9b:dd:0e:d4:f3:64:3d:9e:4b:
cd:e6:7a:3f:ef:1d:3d:97:09:b5:53:3e:51:26:9a:
43:da:78:f4:17:c2:10:88:bd:47:a4:41:57:df:7e:
cd:bc:de:f2:68:c4:da:db:42:04:e0:8e:2c:db:36:
86:17:80:b6:11:e1:fc:4d:92:3a:ba:53:c1:89:1e:
c2:09:60:9d:d5:bd:e2:f5:a7:a9:29:87:d7:9d:32:
2b:6f:8f:ca:55:15:5e:32:7d:1c:cf:15:60:ec:64:
2f:d2:4b:c3:55:89:e7:94:12:57:ab:77:b4:f1:c7:
bf:37:35:6c:4c:fc:93:c3:82:38:54:b0:82:ff:a3:
f6:9b:ee:ad:47:a7:2a:d2:7f:bd:2b:7a:b0:9a:e6:
87:bb:3f:dd:bc:24:44:36:50:89:fb:e5:ea:4a:9b:
e7:96:dc:93:64:a1:4b:95:06:08:41:1b:ea:7f:46:
bb:3e:2e:0d:dc:e5:c0:be:bd:31:ce:fb:1a:f3:73:
6f:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:AC:BF:45:B3:E0:03:FA:39:41:A7:1E:25:5F:D3:7E:1C:72:5C:E2
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/4Ky_RbPgA_o5QaceJV_TfhxyXOI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.96.0/22
91.103.120.0/21
95.111.128.0/19
185.149.12.0/22
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
7f:bd:76:15:30:c5:cc:8b:91:b0:a7:ce:1c:83:b5:27:d6:1e:
94:7d:66:a2:4e:bd:ae:c3:13:a3:66:65:22:e6:9a:d0:bf:ab:
96:fd:14:82:3c:d8:3d:17:ac:f9:d1:35:10:de:4c:ff:25:98:
89:ad:b0:03:26:3b:18:b7:f5:61:1c:80:ce:0f:8e:a2:89:df:
dd:db:43:da:7e:c9:9e:db:74:cd:6f:70:f1:37:b6:17:19:3f:
3d:c6:8d:57:35:bc:cb:93:18:3d:a2:6f:ac:28:62:5f:87:79:
d5:ac:53:83:2e:61:50:f9:a1:13:26:7c:00:ed:b2:c0:0a:d7:
f1:e2:59:29:41:6f:dc:1c:3f:ef:e1:1e:e5:c7:37:81:b7:8a:
bf:16:a6:3c:bc:b8:b6:6c:a7:e1:32:fe:23:1d:e8:31:04:56:
f7:2b:e1:63:f1:5b:d1:50:76:8e:1a:4a:b3:18:51:a8:a3:e7:
a9:94:fc:d7:90:b0:3d:3b:2a:91:7c:96:9e:35:1c:35:f2:62:
66:e3:a1:ad:61:03:be:9c:a7:46:de:23:62:2a:2c:91:65:81:
24:56:ae:ef:28:d2:db:31:f1:ae:e2:25:a2:27:85:a4:a4:42:
00:0d:a5:ff:aa:e0:7b:3f:28:a6:e8:db:d0:c0:4a:80:7b:61:
41:8c:b9:08
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYYHJAnixQJz3QNjnMdwtSrmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwMTMxMDkyNDA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGFjYmY0NWIzZTAwM2ZhMzk0MWE3MWUyNTVmZDM3ZTFjNzI1Y2UyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr4Gd47zzEs17I9+NRK3awtVqyR5L
IHKAZXsLTrRJQEB+8F8ewsq6kI/6jo9It2+BNsV4nwpFKKhuAHQ+U9B5hxGb3Q7U
82Q9nkvN5no/7x09lwm1Uz5RJppD2nj0F8IQiL1HpEFX337NvN7yaMTa20IE4I4s
2zaGF4C2EeH8TZI6ulPBiR7CCWCd1b3i9aepKYfXnTIrb4/KVRVeMn0czxVg7GQv
0kvDVYnnlBJXq3e08ce/NzVsTPyTw4I4VLCC/6P2m+6tR6cq0n+9K3qwmuaHuz/d
vCRENlCJ++XqSpvnltyTZKFLlQYIQRvqf0a7Pi4N3OXAvr0xzvsa83NvTQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFOCsv0Wz4AP6OUGnHiVf034cclziMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvNEt5X1JiUGdBX281UWFjZUpWX1RmaHh5WE9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCWS5gAwQD
W2d4AwQFX2+AAwQCuZUMAwQAuetHMA0GCSqGSIb3DQEBCwUAA4IBAQB/vXYVMMXM
i5Gwp84cg7Un1h6UfWaiTr2uwxOjZmUi5prQv6uW/RSCPNg9F6z50TUQ3kz/JZiJ
rbADJjsYt/VhHIDOD46iid/d20Pafsme23TNb3DxN7YXGT89xo1XNbzLkxg9om+s
KGJfh3nVrFODLmFQ+aETJnwA7bLACtfx4lkpQW/cHD/v4R7lxzeBt4q/FqY8vLi2
bKfhMv4jHegxBFb3K+Fj8VvRUHaOGkqzGFGoo+eplPzXkLA9OyqRfJaeNRw18mJm
46GtYQO+nKdG3iNiKiyRZYEkVq7vKNLbMfGu4iWiJ4WkpEIADaX/quB7Pyim6NvQ
wEqAe2FBjLkI
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:01 2023 by rpki-client on console-fra.rpki-client.org