Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/G6ytfh71ptDzx4mBh8ZXjpp6wsw.roa
File: G6ytfh71ptDzx4mBh8ZXjpp6wsw.roa (raw, json)
Hash identifier: /JNHKBStHuCQWzb94o/sOXTFDSvPNYUs2k3B0j4UAOQ=
Subject key identifier: 1B:AC:AD:7E:1E:F5:A6:D0:F3:C7:89:81:87:C6:57:8E:9A:7A:C2:CC
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 0189C0AB4BD17EA163552D50934C6A7B0670
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/G6ytfh71ptDzx4mBh8ZXjpp6wsw.roa
Signing time: Fri 04 Aug 2023 13:09:58 +0000
ROA not before: Fri 04 Aug 2023 13:09:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 171.22.146.0/24 maxlen: 24
171.22.147.0/24 maxlen: 24
91.103.120.0/21 maxlen: 24
185.235.71.0/24 maxlen: 24
95.111.128.0/20 maxlen: 20
95.111.144.0/20 maxlen: 20
185.149.12.0/23 maxlen: 24
185.149.13.0/24 maxlen: 24
185.149.14.0/24 maxlen: 24
185.149.14.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:c0:ab:4b:d1:7e:a1:63:55:2d:50:93:4c:6a:7b:06:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Aug 4 13:09:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1bacad7e1ef5a6d0f3c7898187c6578e9a7ac2cc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:10:10:b3:a3:e0:5b:1f:ed:94:ff:84:10:65:
b3:63:25:48:7f:9e:c5:8d:f1:16:79:ef:bb:33:59:
b9:b3:e7:17:18:8a:4a:c4:60:d2:6b:74:65:bd:43:
82:df:ba:65:ac:fa:a1:97:59:8e:51:15:58:39:ba:
b5:7f:23:7f:19:32:85:38:6d:a9:7c:bd:4a:00:d3:
29:a7:ea:db:44:17:c3:bb:8e:1a:d1:86:b0:14:ca:
95:20:df:12:7d:d1:38:2d:51:b8:c8:89:dd:ad:6f:
f2:ff:e8:88:c0:da:d5:56:31:38:e7:26:68:d2:4b:
5f:93:00:20:b2:63:03:71:c8:10:6b:a1:e5:52:4b:
b6:ff:7c:98:04:b4:97:d3:78:fa:59:6f:cd:9b:ac:
fc:23:a3:9d:29:b6:e1:a5:ef:0b:d3:80:40:5d:0f:
56:25:1b:c9:69:87:10:ad:fb:d8:f1:5a:73:23:80:
6b:6f:31:a4:87:79:ce:e9:45:1a:6a:f9:bf:86:c0:
d9:e4:10:4d:45:6c:75:3d:c8:73:cb:c3:47:c7:68:
1b:37:d2:29:05:f5:1d:2a:81:21:66:f4:fb:50:b8:
99:ed:e2:36:7a:1a:e6:6f:42:1b:10:72:22:0e:1e:
13:90:99:6c:62:c3:4e:0d:7e:d4:1d:69:6e:28:db:
0f:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:AC:AD:7E:1E:F5:A6:D0:F3:C7:89:81:87:C6:57:8E:9A:7A:C2:CC
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/G6ytfh71ptDzx4mBh8ZXjpp6wsw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.103.120.0/21
95.111.128.0/19
171.22.146.0/23
185.149.12.0/22
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
5a:81:ba:54:3c:ea:89:5a:51:7f:4f:21:df:e0:0c:ec:ec:08:
ca:be:24:00:2e:e1:07:22:7a:c2:3c:7e:51:a5:c1:37:a1:9b:
69:15:0b:6e:b9:ab:3a:0c:bb:b4:0d:88:16:09:3c:0e:57:77:
dd:ba:c5:1f:a2:e5:b9:36:8a:03:05:71:54:c2:a1:ce:91:f5:
3f:58:b2:8c:bf:27:26:2e:c6:4b:56:dd:bf:49:0b:60:1c:d5:
9d:c8:65:50:06:f5:88:c8:8c:df:0b:e5:77:1a:38:94:75:c6:
53:67:17:5c:20:f0:8e:bc:ac:05:d0:55:cc:47:7d:85:58:15:
94:bd:b3:4a:1b:b1:cc:11:ec:24:80:65:c6:77:e4:30:6e:c3:
9b:bd:ae:86:28:6e:fe:df:59:c9:f9:3e:86:67:31:bf:9a:3e:
8d:fc:c4:db:da:48:d0:44:a7:c7:d9:88:54:52:11:7b:e5:ea:
1b:8a:5e:66:94:16:fc:e9:77:b1:02:3f:b9:46:9e:34:09:21:
8d:3c:35:73:66:a2:89:d1:f7:e8:1f:68:0f:9b:16:e9:d9:85:
3c:2b:88:b8:be:bc:c1:0e:6f:cc:05:54:be:25:5d:07:8e:3b:
eb:98:5f:e9:b9:76:4a:2f:fb:52:38:85:2c:84:d7:52:2b:af:
1d:90:f8:41
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYnAq0vRfqFjVS1Qk0xqewZwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwODA0MTMwOTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmFjYWQ3ZTFlZjVhNmQwZjNjNzg5ODE4N2M2NTc4ZTlhN2FjMmNjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApxAQs6PgWx/tlP+EEGWzYyVIf57F
jfEWee+7M1m5s+cXGIpKxGDSa3RlvUOC37plrPqhl1mOURVYObq1fyN/GTKFOG2p
fL1KANMpp+rbRBfDu44a0YawFMqVIN8SfdE4LVG4yIndrW/y/+iIwNrVVjE45yZo
0ktfkwAgsmMDccgQa6HlUku2/3yYBLSX03j6WW/Nm6z8I6OdKbbhpe8L04BAXQ9W
JRvJaYcQrfvY8VpzI4BrbzGkh3nO6UUaavm/hsDZ5BBNRWx1Pchzy8NHx2gbN9Ip
BfUdKoEhZvT7ULiZ7eI2ehrmb0IbEHIiDh4TkJlsYsNODX7UHWluKNsPpQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFBusrX4e9abQ88eJgYfGV46aesLMMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvRzZ5dGZoNzFwdER6eDRtQmg4WlhqcHA2d3N3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDW2d4AwQF
X2+AAwQBqxaSAwQCuZUMAwQAuetHMA0GCSqGSIb3DQEBCwUAA4IBAQBagbpUPOqJ
WlF/TyHf4Azs7AjKviQALuEHInrCPH5RpcE3oZtpFQtuuas6DLu0DYgWCTwOV3fd
usUfouW5NooDBXFUwqHOkfU/WLKMvycmLsZLVt2/SQtgHNWdyGVQBvWIyIzfC+V3
GjiUdcZTZxdcIPCOvKwF0FXMR32FWBWUvbNKG7HMEewkgGXGd+QwbsObva6GKG7+
31nJ+T6GZzG/mj6N/MTb2kjQRKfH2YhUUhF75eobil5mlBb86XexAj+5Rp40CSGN
PDVzZqKJ0ffoH2gPmxbp2YU8K4i4vrzBDm/MBVS+JV0HjjvrmF/puXZKL/tSOIUs
hNdSK68dkPhB
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:31 2024 by rpki-client on console-fra.rpki-client.org