Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/MFdsx0m8EQKKwHEtXTRMpcsrcV0.roa
File: MFdsx0m8EQKKwHEtXTRMpcsrcV0.roa (raw, json)
Hash identifier: UyXfNXuyT5c8ETpVvDA912PbT2iEsIgZ3u+dBgNjkAc=
Subject key identifier: 30:57:6C:C7:49:BC:11:02:8A:C0:71:2D:5D:34:4C:A5:CB:2B:71:5D
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 01894A8D277E2F08498F7764E63AF85829F3
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/MFdsx0m8EQKKwHEtXTRMpcsrcV0.roa
Signing time: Wed 12 Jul 2023 14:41:51 +0000
ROA not before: Wed 12 Jul 2023 14:41:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 171.22.146.0/24 maxlen: 24
91.103.120.0/21 maxlen: 24
185.235.71.0/24 maxlen: 24
95.111.128.0/20 maxlen: 20
95.111.144.0/20 maxlen: 20
185.149.12.0/23 maxlen: 24
185.149.13.0/24 maxlen: 24
185.149.14.0/23 maxlen: 24
89.46.97.0/24 maxlen: 24
89.46.98.0/24 maxlen: 24
89.46.96.0/24 maxlen: 24
89.46.99.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:4a:8d:27:7e:2f:08:49:8f:77:64:e6:3a:f8:58:29:f3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Jul 12 14:41:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=30576cc749bc11028ac0712d5d344ca5cb2b715d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:0c:10:90:57:db:6f:40:6d:e7:1a:1d:2a:c4:
ca:e9:19:14:ed:92:86:cb:e8:53:8a:65:5f:7a:5d:
e0:32:20:c3:da:2c:c1:06:fe:c1:c2:ca:ef:56:87:
0f:d2:5a:bd:61:98:a4:09:00:f0:51:74:8d:af:67:
4f:d6:7f:76:4c:8b:1b:5d:6f:bd:6e:89:cc:ea:36:
1e:3a:4c:a9:2f:39:71:f5:7e:58:19:00:93:fd:4a:
f7:a2:00:d7:d6:a6:0d:e1:5f:1e:d6:e9:45:c5:ae:
82:5d:fc:79:bb:25:cf:e5:7d:74:9c:32:79:86:ab:
54:e2:b6:6c:d6:91:c4:01:0b:22:5e:57:d2:a6:59:
9a:3d:e4:ee:23:46:dd:e7:7e:5d:0b:42:b0:ea:0b:
e5:96:22:6b:6a:fe:84:08:d3:90:c3:b8:71:1f:00:
1a:bc:c7:a8:fb:93:c5:1a:61:f3:a4:38:d1:48:40:
6b:1b:e8:57:41:d5:6e:53:4e:97:01:8b:93:82:b8:
70:6d:f1:fb:c2:41:96:15:91:9d:46:0e:ca:9f:78:
29:0d:87:8c:cb:d7:bd:aa:12:e6:f7:c3:19:d9:e5:
56:68:53:a7:13:df:73:95:9a:36:5b:cd:d1:f9:a5:
85:3a:93:15:a4:f1:14:8e:85:7e:c2:45:be:fa:5d:
7b:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:57:6C:C7:49:BC:11:02:8A:C0:71:2D:5D:34:4C:A5:CB:2B:71:5D
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/MFdsx0m8EQKKwHEtXTRMpcsrcV0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.96.0/22
91.103.120.0/21
95.111.128.0/19
171.22.146.0/24
185.149.12.0/22
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
8f:94:2b:4c:97:5f:11:bd:29:52:6c:2a:40:dc:09:2c:24:77:
37:1b:a4:07:0a:d8:4e:73:ab:93:6e:95:13:c0:9f:84:5e:e9:
59:fe:14:00:00:5e:15:8d:0c:38:35:c7:62:ae:da:20:2c:5e:
43:33:c1:d9:53:56:9d:f9:ea:e5:d9:a8:f4:21:28:7d:44:9e:
ea:57:8c:04:8e:bf:a8:f5:ff:f9:e1:02:a1:8c:e3:51:ae:35:
8c:f4:a0:fb:82:0c:3d:7e:05:2a:59:95:a8:4a:bc:07:d8:c8:
ad:c8:79:df:d2:f6:90:3a:35:fb:a9:d5:dc:87:17:af:ff:6e:
4e:92:92:56:f8:f5:8e:ca:a1:ad:23:a2:dc:4b:84:84:f3:89:
7b:82:bc:21:1b:b0:ca:56:c7:df:d3:33:e4:77:d3:2f:dd:55:
11:7a:9b:9b:20:ae:54:3c:e3:78:5c:89:d6:5a:90:21:31:97:
09:f4:53:c3:10:c3:20:1f:04:c4:e5:ae:08:50:4d:c1:9e:fc:
fc:76:33:8a:6c:d4:66:ef:a7:d6:9e:c0:1b:0e:e6:a8:54:a9:
03:73:d0:bc:21:eb:49:0e:e6:ee:00:ef:83:34:68:2d:91:db:
52:1d:91:32:7a:2b:00:0d:02:ab:8b:8a:45:79:a6:97:95:2c:
ed:a7:cb:4b
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYlKjSd+LwhJj3dk5jr4WCnzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwNzEyMTQ0MTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDU3NmNjNzQ5YmMxMTAyOGFjMDcxMmQ1ZDM0NGNhNWNiMmI3MTVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAswwQkFfbb0Bt5xodKsTK6RkU7ZKG
y+hTimVfel3gMiDD2izBBv7BwsrvVocP0lq9YZikCQDwUXSNr2dP1n92TIsbXW+9
bonM6jYeOkypLzlx9X5YGQCT/Ur3ogDX1qYN4V8e1ulFxa6CXfx5uyXP5X10nDJ5
hqtU4rZs1pHEAQsiXlfSplmaPeTuI0bd535dC0Kw6gvlliJrav6ECNOQw7hxHwAa
vMeo+5PFGmHzpDjRSEBrG+hXQdVuU06XAYuTgrhwbfH7wkGWFZGdRg7Kn3gpDYeM
y9e9qhLm98MZ2eVWaFOnE99zlZo2W83R+aWFOpMVpPEUjoV+wkW++l17JwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFDBXbMdJvBECisBxLV00TKXLK3FdMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvTUZkc3gwbThFUUtLd0hFdFhUUk1wY3NyY1YwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCWS5gAwQD
W2d4AwQFX2+AAwQAqxaSAwQCuZUMAwQAuetHMA0GCSqGSIb3DQEBCwUAA4IBAQCP
lCtMl18RvSlSbCpA3AksJHc3G6QHCthOc6uTbpUTwJ+EXulZ/hQAAF4VjQw4Ncdi
rtogLF5DM8HZU1ad+erl2aj0ISh9RJ7qV4wEjr+o9f/54QKhjONRrjWM9KD7ggw9
fgUqWZWoSrwH2MityHnf0vaQOjX7qdXchxev/25OkpJW+PWOyqGtI6LcS4SE84l7
grwhG7DKVsff0zPkd9Mv3VURepubIK5UPON4XInWWpAhMZcJ9FPDEMMgHwTE5a4I
UE3Bnvz8djOKbNRm76fWnsAbDuaoVKkDc9C8IetJDubuAO+DNGgtkdtSHZEyeisA
DQKri4pFeaaXlSztp8tL
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:01 2023 by rpki-client on console-fra.rpki-client.org