Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/GAe-1pMay8dP8v5XRv_48elBW4s.roa
File: GAe-1pMay8dP8v5XRv_48elBW4s.roa (raw, json)
Hash identifier: byR0kJ5iEEfM7dzgdajbx1vBLNrLNuhV+DorqLv8KeE=
Subject key identifier: 18:07:BE:D6:93:1A:CB:C7:4F:F2:FE:57:46:FF:F8:F1:E9:41:5B:8B
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 018572B427F592E087A64E2F7D1EB77449CE
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/GAe-1pMay8dP8v5XRv_48elBW4s.roa
Signing time: Mon 02 Jan 2023 13:38:07 +0000
ROA not before: Mon 02 Jan 2023 13:38:07 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 212669
IP address blocks: 91.103.120.0/22 maxlen: 24
89.46.97.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:b4:27:f5:92:e0:87:a6:4e:2f:7d:1e:b7:74:49:ce
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Jan 2 13:38:07 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1807bed6931acbc74ff2fe5746fff8f1e9415b8b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:cb:4c:e4:2f:fe:8d:29:31:32:79:48:98:7c:
3f:30:b1:b6:90:25:a9:06:13:63:91:ad:ba:11:bb:
d3:fe:91:c0:ab:42:21:58:40:8e:6b:89:b8:aa:54:
50:f8:bc:e4:e9:20:4d:45:6e:b6:89:ae:93:b3:5c:
d0:cc:51:42:28:49:47:5e:f4:f3:df:02:88:c2:ae:
e2:8d:a9:03:94:5e:24:6c:68:0b:9a:de:d4:6e:75:
94:18:40:66:37:80:8a:57:cb:83:b1:bf:75:5a:cf:
2d:5d:3a:81:b3:02:3b:11:17:26:dc:95:73:a9:86:
f7:d1:3a:19:f3:73:a4:27:b3:74:be:6c:81:c8:01:
0e:20:fa:b1:b4:86:a6:7c:db:df:54:c6:39:d1:d7:
d0:67:87:b1:48:37:d1:d5:68:b7:39:e4:6d:cc:52:
30:70:75:51:ba:00:79:72:41:ff:85:33:3f:72:e6:
28:de:e8:fb:92:99:2e:53:7b:b0:cd:f1:fb:63:88:
22:53:72:6d:b7:0b:8d:bf:93:6a:c5:f4:b3:37:3b:
ff:91:f5:32:6e:df:8d:a0:75:8e:9e:6d:9a:2e:28:
91:bd:9a:03:30:fe:a3:ca:be:f0:88:a2:e8:b4:e1:
1a:90:fe:23:de:93:db:b3:f1:ec:e7:59:e2:1e:7a:
ad:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:07:BE:D6:93:1A:CB:C7:4F:F2:FE:57:46:FF:F8:F1:E9:41:5B:8B
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/GAe-1pMay8dP8v5XRv_48elBW4s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.97.0/24
91.103.120.0/22
Signature Algorithm: sha256WithRSAEncryption
2a:1d:b6:36:3a:e0:56:8f:16:b5:b9:c4:b5:ea:3d:3c:af:08:
2d:a0:45:8e:fd:02:25:ff:0d:70:17:f1:0a:3a:4f:06:26:ed:
7e:44:80:0b:47:72:65:4d:de:6d:71:59:42:89:d3:ad:51:60:
2f:c7:c2:22:26:09:7b:89:f8:23:3d:af:10:26:ab:67:24:b0:
db:5e:c5:f3:3c:8a:c7:a2:0a:a3:42:37:b1:d2:32:4a:30:0c:
94:53:6a:55:db:b1:87:02:fa:57:cf:70:08:19:11:04:d9:31:
bd:44:a9:6f:2b:17:68:89:14:e4:48:88:02:28:23:07:03:0e:
0c:03:85:22:13:80:c2:fc:ba:f8:d3:e0:30:79:0f:84:f7:de:
95:ff:b4:d3:94:cb:a5:98:0c:ba:d6:10:18:b6:66:7b:c3:f8:
c5:68:55:44:ba:df:e5:36:22:07:75:80:e8:66:03:fc:47:2f:
29:76:f4:91:7f:21:d6:c6:89:fe:ec:77:33:7e:7e:e1:d9:29:
87:77:01:89:99:2f:dc:3c:bf:8d:58:90:1b:72:46:1d:b0:78:
eb:5b:f1:37:5d:93:b9:b9:b4:09:b9:15:1d:16:d6:9d:4b:40:
cf:6b:b9:91:67:a5:fa:1d:64:f8:e7:6c:d5:cd:00:79:8a:9e:
04:64:29:dc
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVytCf1kuCHpk4vfR63dEnOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwMTAyMTMzODA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODA3YmVkNjkzMWFjYmM3NGZmMmZlNTc0NmZmZjhmMWU5NDE1YjhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8tM5C/+jSkxMnlImHw/MLG2kCWp
BhNjka26EbvT/pHAq0IhWECOa4m4qlRQ+Lzk6SBNRW62ia6Ts1zQzFFCKElHXvTz
3wKIwq7ijakDlF4kbGgLmt7UbnWUGEBmN4CKV8uDsb91Ws8tXTqBswI7ERcm3JVz
qYb30ToZ83OkJ7N0vmyByAEOIPqxtIamfNvfVMY50dfQZ4exSDfR1Wi3OeRtzFIw
cHVRugB5ckH/hTM/cuYo3uj7kpkuU3uwzfH7Y4giU3JttwuNv5NqxfSzNzv/kfUy
bt+NoHWOnm2aLiiRvZoDMP6jyr7wiKLotOEakP4j3pPbs/Hs51niHnqt0QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFBgHvtaTGsvHT/L+V0b/+PHpQVuLMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvR0FlLTFwTWF5OGRQOHY1WFJ2XzQ4ZWxCVzRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWS5hAwQC
W2d4MA0GCSqGSIb3DQEBCwUAA4IBAQAqHbY2OuBWjxa1ucS16j08rwgtoEWO/QIl
/w1wF/EKOk8GJu1+RIALR3JlTd5tcVlCidOtUWAvx8IiJgl7ifgjPa8QJqtnJLDb
XsXzPIrHogqjQjex0jJKMAyUU2pV27GHAvpXz3AIGREE2TG9RKlvKxdoiRTkSIgC
KCMHAw4MA4UiE4DC/Lr40+AweQ+E996V/7TTlMulmAy61hAYtmZ7w/jFaFVEut/l
NiIHdYDoZgP8Ry8pdvSRfyHWxon+7Hczfn7h2SmHdwGJmS/cPL+NWJAbckYdsHjr
W/E3XZO5ubQJuRUdFtadS0DPa7mRZ6X6HWT452zVzQB5ip4EZCnc
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:00:42 2023 by rpki-client on console-ams.rpki-client.org