Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/RXGXnM_7y9HCqpkEj0vJIJSrJ5k.roa
File: RXGXnM_7y9HCqpkEj0vJIJSrJ5k.roa (raw, json)
Hash identifier: ohIwyBTzy/Ag5zb1Eo0AhRVoAUIOYPY0N3mnXwrGTBw=
Subject key identifier: 45:71:97:9C:CF:FB:CB:D1:C2:AA:99:04:8F:4B:C9:20:94:AB:27:99
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 0187D65FE4BA9B50A612C3D0549810E3075B
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/RXGXnM_7y9HCqpkEj0vJIJSrJ5k.roa
Signing time: Mon 01 May 2023 08:13:41 +0000
ROA not before: Mon 01 May 2023 08:13:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 91.103.120.0/21 maxlen: 24
185.235.71.0/24 maxlen: 24
95.111.128.0/20 maxlen: 24
95.111.144.0/20 maxlen: 24
185.149.12.0/23 maxlen: 24
185.149.12.0/24 maxlen: 24
185.149.13.0/24 maxlen: 24
185.149.14.0/23 maxlen: 24
89.46.96.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:d6:5f:e4:ba:9b:50:a6:12:c3:d0:54:98:10:e3:07:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: May 1 08:13:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4571979ccffbcbd1c2aa99048f4bc92094ab2799
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:24:42:d9:45:c0:ef:a5:c3:8a:24:d3:1e:bf:
c4:5b:da:a8:e7:7e:3b:64:6e:8d:e1:0f:65:75:75:
70:8f:bc:72:75:c0:64:a1:0f:10:69:b8:07:98:32:
c6:ac:31:1c:83:08:58:d2:0a:94:94:90:dc:99:78:
a3:59:f3:cb:1e:d6:e1:ac:2a:3e:a5:33:1b:b2:ba:
b3:19:80:8b:c0:10:e4:d8:96:55:a1:48:76:0c:7b:
2a:ec:92:13:39:fa:2f:61:27:43:b5:92:5b:1a:ad:
45:19:0f:02:40:00:af:37:29:0d:69:20:57:8f:73:
57:5c:4d:ca:34:41:08:1c:71:d2:f2:a1:65:81:78:
ff:62:d9:c1:c6:8c:c0:51:fc:0e:97:fa:98:bc:84:
0a:4e:81:0a:72:d1:40:a8:e7:32:94:d9:5b:51:e1:
89:0c:63:97:47:09:6d:57:b3:28:5a:44:9a:f0:35:
4d:8c:01:72:74:5c:7e:6d:53:2e:9f:97:e4:d6:c6:
c1:2b:9c:14:ab:4a:1f:1d:8c:88:95:4a:17:1d:42:
a4:cc:cf:d7:32:7e:e8:61:a4:56:bc:fb:ef:a0:b1:
8a:b0:e4:76:69:e0:52:0c:7e:67:0c:4b:f2:43:0d:
35:4d:e8:06:c5:0b:00:1d:5f:34:62:f9:ca:9d:19:
80:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
45:71:97:9C:CF:FB:CB:D1:C2:AA:99:04:8F:4B:C9:20:94:AB:27:99
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/RXGXnM_7y9HCqpkEj0vJIJSrJ5k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.96.0/22
91.103.120.0/21
95.111.128.0/19
185.149.12.0/22
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
4e:f4:fd:15:92:09:14:b0:e7:7f:ef:99:26:b1:05:36:a1:02:
3e:f0:de:0a:62:21:0c:a2:60:92:4d:d2:00:b4:c4:ef:45:ea:
5e:25:fe:3e:c2:fc:b9:9d:02:38:a5:f4:1e:3a:d4:6f:d2:a5:
82:96:29:99:75:e6:e1:cd:1e:6d:4c:c7:d1:73:d6:db:02:17:
6a:69:c2:38:be:41:8d:18:f3:3f:0d:20:96:b1:c2:21:12:30:
34:1d:8f:9a:78:f5:fc:f9:cf:72:8d:a9:d1:7e:96:cc:d7:be:
f2:6e:1c:fe:0a:8f:ae:fb:f5:95:28:d7:67:60:64:66:42:af:
26:6e:0d:c3:92:b8:44:38:60:7d:4b:0a:29:8d:f3:6b:70:e2:
49:9e:67:c1:15:d1:6c:d2:64:7f:0f:f9:e5:d4:2c:00:e2:24:
11:6e:66:08:95:9c:4e:a1:14:7d:ad:2e:d3:e5:60:31:c4:c7:
a8:5b:71:60:b5:8e:a2:3f:cb:7e:a7:7d:6a:89:e9:a6:5a:81:
99:e7:dc:da:01:b7:16:21:41:48:85:bb:e3:d3:ea:63:a6:ee:
c5:0b:9c:61:58:e6:b9:f3:7a:9b:73:bd:cc:f1:2d:b9:c3:5d:
10:cc:d8:d3:06:fe:ee:c4:e6:c2:e6:7e:64:33:45:bf:96:e5:
31:51:71:ff
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYfWX+S6m1CmEsPQVJgQ4wdbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwNTAxMDgxMzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NTcxOTc5Y2NmZmJjYmQxYzJhYTk5MDQ4ZjRiYzkyMDk0YWIyNzk5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjyRC2UXA76XDiiTTHr/EW9qo5347
ZG6N4Q9ldXVwj7xydcBkoQ8QabgHmDLGrDEcgwhY0gqUlJDcmXijWfPLHtbhrCo+
pTMbsrqzGYCLwBDk2JZVoUh2DHsq7JITOfovYSdDtZJbGq1FGQ8CQACvNykNaSBX
j3NXXE3KNEEIHHHS8qFlgXj/YtnBxozAUfwOl/qYvIQKToEKctFAqOcylNlbUeGJ
DGOXRwltV7MoWkSa8DVNjAFydFx+bVMun5fk1sbBK5wUq0ofHYyIlUoXHUKkzM/X
Mn7oYaRWvPvvoLGKsOR2aeBSDH5nDEvyQw01TegGxQsAHV80YvnKnRmA+wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFEVxl5zP+8vRwqqZBI9LySCUqyeZMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvUlhHWG5NXzd5OUhDcXBrRWowdkpJSlNySjVrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCWS5gAwQD
W2d4AwQFX2+AAwQCuZUMAwQAuetHMA0GCSqGSIb3DQEBCwUAA4IBAQBO9P0VkgkU
sOd/75kmsQU2oQI+8N4KYiEMomCSTdIAtMTvRepeJf4+wvy5nQI4pfQeOtRv0qWC
limZdebhzR5tTMfRc9bbAhdqacI4vkGNGPM/DSCWscIhEjA0HY+aePX8+c9yjanR
fpbM177ybhz+Co+u+/WVKNdnYGRmQq8mbg3DkrhEOGB9SwopjfNrcOJJnmfBFdFs
0mR/D/nl1CwA4iQRbmYIlZxOoRR9rS7T5WAxxMeoW3FgtY6iP8t+p31qiemmWoGZ
59zaAbcWIUFIhbvj0+pjpu7FC5xhWOa583qbc73M8S25w10QzNjTBv7uxObC5n5k
M0W/luUxUXH/
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:01 2023 by rpki-client on console-fra.rpki-client.org