Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/OrkHrzTd83MQZkR7hxry4UlYG0o.roa
File: OrkHrzTd83MQZkR7hxry4UlYG0o.roa (raw, json)
Hash identifier: Xrhz3WWS2+9hqmRs0m8IBZRL04IP64OXoT/YurORTag=
Subject key identifier: 3A:B9:07:AF:34:DD:F3:73:10:66:44:7B:87:1A:F2:E1:49:58:1B:4A
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 09AD98E5
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/OrkHrzTd83MQZkR7hxry4UlYG0o.roa
Signing time: Sat 01 Jan 2022 09:56:55 +0000
ROA not before: Sat 01 Jan 2022 09:56:55 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 200019
IP address blocks: 89.46.96.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 162371813 (0x9ad98e5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Jan 1 09:56:55 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3ab907af34ddf3731066447b871af2e149581b4a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:5d:7b:4d:7b:7d:aa:fd:34:d9:2b:d8:41:23:
92:1c:1e:f5:6b:99:9f:d7:49:98:ac:be:48:be:c3:
5a:5d:fe:aa:56:28:7e:be:9c:ca:70:af:88:05:93:
09:14:12:d8:b9:af:84:c6:75:99:5f:f7:4e:cf:74:
65:0c:11:83:45:b5:58:86:99:5b:7c:74:65:0c:1e:
8d:40:ce:5f:44:50:1f:a3:d8:e0:da:b1:b9:b5:78:
5c:68:09:8a:a1:62:8f:ea:a8:cd:52:ee:70:05:53:
de:4c:57:ff:27:6e:60:74:27:11:0a:9b:40:ec:c5:
52:b9:ad:c9:e6:ec:ec:96:2f:fc:04:53:a0:5b:7f:
da:79:20:38:0c:cc:b1:2a:30:93:70:b6:f7:23:ea:
98:2d:7c:cd:18:33:63:42:e6:2c:32:96:97:b0:6f:
23:45:f4:73:6c:52:ed:1e:ce:26:28:01:2d:f1:7c:
32:20:ca:51:a1:e2:8d:67:6c:f9:0c:89:e4:2a:1c:
e9:ab:fc:bb:fc:3b:f4:17:6e:08:ce:c0:b0:3f:f6:
aa:a7:79:e3:6f:92:11:43:7b:03:ca:df:c2:fc:7d:
d9:88:19:07:d6:81:67:4e:6d:02:00:6e:fb:7c:fd:
6b:15:de:ae:f9:14:c2:bb:3d:5d:20:fa:f7:d7:05:
f0:95
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:B9:07:AF:34:DD:F3:73:10:66:44:7B:87:1A:F2:E1:49:58:1B:4A
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/OrkHrzTd83MQZkR7hxry4UlYG0o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.96.0/22
Signature Algorithm: sha256WithRSAEncryption
64:c1:27:0e:66:81:b1:1c:7c:a8:42:09:7a:b6:61:52:85:5b:
88:4d:9c:08:0e:a8:75:26:9b:28:bd:e5:47:5c:0f:eb:db:07:
f2:bd:96:b7:98:c4:6f:15:d1:c7:eb:a8:f2:ff:74:d0:9c:28:
9a:7b:f1:0f:50:38:52:6c:34:e8:8c:d9:35:ab:5d:5f:d9:34:
c1:43:22:ff:53:04:7a:fd:6a:bf:ae:29:b2:4c:20:20:b1:cb:
46:1a:b2:5b:86:df:37:23:1e:e1:78:dd:73:2f:01:08:05:79:
8e:9d:89:ea:eb:5c:eb:72:32:b7:15:ef:62:84:c0:c5:38:c7:
01:5e:16:77:6b:b3:bb:df:27:77:40:b7:c4:db:c9:19:ff:59:
56:15:ac:fc:71:fa:99:76:16:21:06:ac:83:9e:2b:f2:a0:87:
66:b0:f6:2b:f2:01:4d:dc:fc:6c:9d:01:79:fe:04:bf:03:10:
b5:78:7d:97:47:b8:a1:4e:c4:e1:cb:14:1b:37:63:a6:cc:1c:
d1:65:4a:0a:20:3f:35:69:b2:7a:11:45:4a:38:79:cd:c7:a6:
eb:ef:6c:8c:54:47:9f:90:73:48:46:61:3e:f1:3f:69:29:89:
e6:ae:77:8f:e4:16:e4:f2:e2:80:62:a2:fb:4e:a4:66:98:58:
41:a5:5c:63
-----BEGIN CERTIFICATE-----
MIIE7zCCA9egAwIBAgIECa2Y5TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDE2NmI3MDQ4NDNkM2Q5NzU0MDk1YzgzYTkxYjQ5MzgyODIwMGEyMB4XDTIyMDEw
MTA5NTY1NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2FiOTA3YWYzNGRk
ZjM3MzEwNjY0NDdiODcxYWYyZTE0OTU4MWI0YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKpde017far9NNkr2EEjkhwe9WuZn9dJmKy+SL7DWl3+qlYo
fr6cynCviAWTCRQS2LmvhMZ1mV/3Ts90ZQwRg0W1WIaZW3x0ZQwejUDOX0RQH6PY
4NqxubV4XGgJiqFij+qozVLucAVT3kxX/yduYHQnEQqbQOzFUrmtyebs7JYv/ART
oFt/2nkgOAzMsSowk3C29yPqmC18zRgzY0LmLDKWl7BvI0X0c2xS7R7OJigBLfF8
MiDKUaHijWds+QyJ5Coc6av8u/w79BduCM7AsD/2qqd542+SEUN7A8rfwvx92YgZ
B9aBZ05tAgBu+3z9axXervkUwrs9XSD699cF8JUCAwEAAaOCAgkwggIFMB0GA1Ud
DgQWBBQ6uQevNN3zcxBmRHuHGvLhSVgbSjAfBgNVHSMEGDAWgBSUFmtwSEPT2XVA
lcg6kbSTgoIAojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xCWnJjRWhEMDlsMVFKWElPcEcwazRLQ0FLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvNDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8x
L09ya0hyelRkODNNUVprUjdoeHJ5NFVsWUcwby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
NDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8xL2xCWnJjRWhEMDls
MVFKWElPcEcwazRLQ0FLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAf
BggrBgEFBQcBBwEB/wQQMA4wDAQCAAEwBgMEAlkuYDANBgkqhkiG9w0BAQsFAAOC
AQEAZMEnDmaBsRx8qEIJerZhUoVbiE2cCA6odSabKL3lR1wP69sH8r2Wt5jEbxXR
x+uo8v900JwomnvxD1A4Umw06IzZNatdX9k0wUMi/1MEev1qv64pskwgILHLRhqy
W4bfNyMe4Xjdcy8BCAV5jp2J6utc63IytxXvYoTAxTjHAV4Wd2uzu98nd0C3xNvJ
Gf9ZVhWs/HH6mXYWIQasg54r8qCHZrD2K/IBTdz8bJ0Bef4EvwMQtXh9l0e4oU7E
4csUGzdjpswc0WVKCiA/NWmyehFFSjh5zcem6+9sjFRHn5BzSEZhPvE/aSmJ5q53
j+QW5PLigGKi+06kZphYQaVcYw==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:00:42 2023 by rpki-client on console-ams.rpki-client.org