Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/Xewp-wJ2Y68P40S0Yjx7C5SxxT4.roa
File: Xewp-wJ2Y68P40S0Yjx7C5SxxT4.roa (raw, json)
Hash identifier: kr1xfl7xMep0um7Fg/IA10fa5FVpVjHui5Ermnzl+x8=
Subject key identifier: 5D:EC:29:FB:02:76:63:AF:0F:E3:44:B4:62:3C:7B:0B:94:B1:C5:3E
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 01879817FDF5391370ED32789486BAD790D9
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/Xewp-wJ2Y68P40S0Yjx7C5SxxT4.roa
Signing time: Wed 19 Apr 2023 05:58:41 +0000
ROA not before: Wed 19 Apr 2023 05:58:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3320
IP address blocks: 171.22.147.0/24 maxlen: 24
171.22.146.0/24 maxlen: 24
185.235.71.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:98:17:fd:f5:39:13:70:ed:32:78:94:86:ba:d7:90:d9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Apr 19 05:58:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5dec29fb027663af0fe344b4623c7b0b94b1c53e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:17:35:17:e6:b5:c1:17:d7:ef:4d:ca:cb:1f:
d0:c5:d5:5a:23:59:03:0c:eb:6a:fa:75:96:15:ae:
85:8c:07:7f:4b:f6:39:aa:39:6a:49:c7:34:ea:38:
ee:04:53:99:75:97:09:7d:c1:cc:4e:4a:51:36:f3:
38:89:3c:b3:fb:a7:a6:01:fc:0e:e9:5b:c0:d8:ea:
c2:34:3b:ff:62:bd:36:40:96:87:d4:d2:9a:a1:c6:
8b:3d:3b:ab:55:63:6d:68:b0:2b:e2:be:07:43:43:
e7:a0:a2:fb:38:ad:75:fd:ac:98:05:30:10:7f:ba:
a9:78:88:87:fa:fc:a8:e5:27:da:6d:4f:73:79:7b:
1a:c7:d4:a1:cd:06:5e:1d:f9:77:26:22:7a:c5:bc:
b2:63:a6:ba:cf:1a:ad:0f:b6:91:e9:2d:76:61:f6:
1a:3f:94:27:d4:ef:d6:9c:65:7b:3d:43:ce:2d:6f:
05:25:a9:26:b4:10:2d:82:e3:a2:14:cd:e4:60:6b:
b4:0f:bf:2f:02:c0:1d:18:ec:57:42:17:83:fb:f1:
f8:10:1f:cf:1e:b1:b8:fb:d9:d0:ec:1a:10:9a:00:
63:7d:51:a3:94:f8:04:f5:08:aa:14:08:d9:64:b5:
78:78:db:5c:0a:b3:28:df:ca:2a:73:e8:17:d1:f2:
8a:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:EC:29:FB:02:76:63:AF:0F:E3:44:B4:62:3C:7B:0B:94:B1:C5:3E
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/Xewp-wJ2Y68P40S0Yjx7C5SxxT4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
171.22.146.0/23
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
44:b9:1d:94:dd:2a:61:af:a3:28:d2:e8:e4:42:fd:c7:69:a2:
6d:a3:71:8e:35:db:23:92:9a:d7:64:48:12:86:b6:f5:10:38:
01:c9:fe:e0:65:99:63:dc:80:70:37:c9:7e:9c:33:e5:2d:e8:
79:06:f2:e5:fa:23:f1:c1:92:60:ea:b3:fd:a5:b8:c1:97:43:
da:bd:88:ac:a1:4f:ea:79:16:cd:c3:fd:83:0e:9a:61:d2:b6:
86:c0:67:eb:dd:51:bd:41:b9:2e:96:c0:93:51:d9:4e:05:af:
18:9d:f4:bb:70:e4:b9:c3:5c:20:fd:f2:23:49:1f:db:ba:df:
ec:9d:9c:ed:a1:06:cb:77:2a:67:54:f9:7b:d9:c7:3a:34:b3:
22:af:ed:9b:5e:e5:a8:3b:fc:74:e6:02:a2:ef:62:3c:6c:e5:
23:f0:66:6a:4d:63:3c:20:13:5f:07:a7:05:2d:8a:05:0e:15:
96:34:f1:e6:a4:0b:7c:96:71:98:3f:af:9b:4c:86:dd:74:b8:
16:40:42:de:f8:8a:6d:3e:89:56:65:f9:09:c5:2d:18:fe:93:
19:5c:c6:e3:32:e9:e6:d5:47:24:83:bd:83:d8:b8:cd:29:3a:
f0:d1:80:b2:37:9e:ae:53:05:ac:ba:53:f5:85:f6:08:20:e8:
f2:50:49:ec
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYeYF/31ORNw7TJ4lIa615DZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwNDE5MDU1ODQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGVjMjlmYjAyNzY2M2FmMGZlMzQ0YjQ2MjNjN2IwYjk0YjFjNTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqRc1F+a1wRfX703Kyx/QxdVaI1kD
DOtq+nWWFa6FjAd/S/Y5qjlqScc06jjuBFOZdZcJfcHMTkpRNvM4iTyz+6emAfwO
6VvA2OrCNDv/Yr02QJaH1NKaocaLPTurVWNtaLAr4r4HQ0PnoKL7OK11/ayYBTAQ
f7qpeIiH+vyo5SfabU9zeXsax9ShzQZeHfl3JiJ6xbyyY6a6zxqtD7aR6S12YfYa
P5Qn1O/WnGV7PUPOLW8FJakmtBAtguOiFM3kYGu0D78vAsAdGOxXQheD+/H4EB/P
HrG4+9nQ7BoQmgBjfVGjlPgE9QiqFAjZZLV4eNtcCrMo38oqc+gX0fKKPwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF3sKfsCdmOvD+NEtGI8ewuUscU+MB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvWGV3cC13SjJZNjhQNDBTMFlqeDdDNVN4eFQ0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQBqxaSAwQA
uetHMA0GCSqGSIb3DQEBCwUAA4IBAQBEuR2U3Sphr6Mo0ujkQv3HaaJto3GONdsj
kprXZEgShrb1EDgByf7gZZlj3IBwN8l+nDPlLeh5BvLl+iPxwZJg6rP9pbjBl0Pa
vYisoU/qeRbNw/2DDpph0raGwGfr3VG9QbkulsCTUdlOBa8YnfS7cOS5w1wg/fIj
SR/but/snZztoQbLdypnVPl72cc6NLMir+2bXuWoO/x05gKi72I8bOUj8GZqTWM8
IBNfB6cFLYoFDhWWNPHmpAt8lnGYP6+bTIbddLgWQELe+IptPolWZfkJxS0Y/pMZ
XMbjMunm1Uckg72D2LjNKTrw0YCyN56uUwWsulP1hfYIIOjyUEns
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:31 2024 by rpki-client on console-fra.rpki-client.org