Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/XjR7d_14vSJ-AJw7stW0baULCjY.roa
File: XjR7d_14vSJ-AJw7stW0baULCjY.roa (raw, json)
Hash identifier: GlLX2pobD+bZd2PdBndozXMP1wgyMB8A34lHvmzvAXE=
Subject key identifier: 5E:34:7B:77:FD:78:BD:22:7E:00:9C:3B:B2:D5:B4:6D:A5:0B:0A:36
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 01849A1106E34558F798339EFBF1A150BE2A
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/XjR7d_14vSJ-AJw7stW0baULCjY.roa
Signing time: Mon 21 Nov 2022 12:01:57 +0000
ROA not before: Mon 21 Nov 2022 12:01:57 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 212669
IP address blocks: 91.103.120.0/22 maxlen: 24
89.46.97.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:9a:11:06:e3:45:58:f7:98:33:9e:fb:f1:a1:50:be:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Nov 21 12:01:57 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5e347b77fd78bd227e009c3bb2d5b46da50b0a36
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:0e:56:28:15:9c:67:5b:7a:9a:c0:21:01:4c:
66:7f:73:b9:03:82:dc:a8:56:2f:21:7c:25:20:ad:
8e:c2:3e:ff:31:df:80:9b:72:04:08:a2:87:8d:f9:
93:bf:ae:de:70:06:17:ff:82:0b:78:fe:4d:ef:bd:
dc:cd:b2:2a:08:b8:dd:e0:c3:e2:15:22:f5:4d:31:
79:19:11:45:fa:a3:7f:de:d3:c3:e3:82:59:b0:fb:
7f:88:2d:22:0a:95:a1:7b:a0:59:c5:b7:f3:cf:95:
ac:d1:18:99:06:d2:df:d3:67:27:b3:14:f7:e3:bd:
34:ca:50:56:6f:eb:1b:c8:01:87:1e:da:3f:18:05:
e7:e5:ca:a6:89:25:3f:1f:e9:fa:4c:b4:8e:cd:b2:
79:f6:6a:41:6e:f3:6c:56:46:f2:49:a5:e1:8f:19:
c2:3d:c3:12:d8:35:d8:0a:b4:c7:9e:97:97:2a:f2:
6b:db:b0:8c:31:bc:bb:94:07:cb:24:90:6a:fc:44:
b1:42:e1:f0:50:8d:63:40:ea:e1:c8:83:ce:40:44:
ff:7f:8d:27:c8:2e:c0:2b:d9:56:d9:1b:fb:de:f6:
be:4f:82:a3:1b:af:08:f1:e8:d0:c1:2b:eb:7e:aa:
87:93:40:8d:f6:ad:51:3e:a2:c0:28:9f:71:54:7d:
d5:77
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:34:7B:77:FD:78:BD:22:7E:00:9C:3B:B2:D5:B4:6D:A5:0B:0A:36
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/XjR7d_14vSJ-AJw7stW0baULCjY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.97.0/24
91.103.120.0/22
Signature Algorithm: sha256WithRSAEncryption
3a:79:d3:2b:5c:12:8c:57:5c:9e:4b:24:90:ff:1c:f8:73:6b:
01:2e:e7:14:1b:3a:ea:f2:ec:4c:68:11:ca:a1:19:19:8e:ce:
a3:15:ca:7d:b0:c7:bd:5e:45:c5:9e:fb:b6:6e:89:fc:c7:a8:
db:16:48:a8:c4:99:eb:46:48:ca:24:71:28:30:7b:5b:f9:88:
4a:f0:58:09:1c:92:3a:73:cf:21:76:b7:1e:93:de:c0:8f:ac:
1a:95:45:d6:1b:db:ef:88:bc:08:a1:43:09:bc:84:01:1c:91:
60:dd:4e:fd:d2:88:9d:08:73:12:a5:4d:31:0d:f5:34:9f:33:
a2:7d:92:05:fe:40:c8:c2:c8:7f:37:b9:e8:11:e4:dd:b2:9f:
8e:0a:13:60:e3:83:0d:d7:f6:aa:b4:e4:ed:47:f7:01:91:ed:
55:f8:18:a3:62:7e:c3:46:8d:c2:1c:f2:fd:0c:e9:36:16:15:
c7:c3:1b:ee:db:5f:1b:a0:41:c3:bd:77:15:d8:90:bb:11:26:
2f:87:28:52:81:98:99:0c:55:78:ae:90:12:e4:eb:07:e5:a2:
88:24:7d:04:ec:07:de:54:be:43:12:f8:ab:ff:e5:ba:30:ea:
12:e3:a1:6d:1a:a6:05:c9:b9:3e:72:60:8f:39:21:2d:34:f1:
e0:c5:60:9a
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYSaEQbjRVj3mDOe+/GhUL4qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjIxMTIxMTIwMTU3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTM0N2I3N2ZkNzhiZDIyN2UwMDljM2JiMmQ1YjQ2ZGE1MGIwYTM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAog5WKBWcZ1t6msAhAUxmf3O5A4Lc
qFYvIXwlIK2Owj7/Md+Am3IECKKHjfmTv67ecAYX/4ILeP5N773czbIqCLjd4MPi
FSL1TTF5GRFF+qN/3tPD44JZsPt/iC0iCpWhe6BZxbfzz5Ws0RiZBtLf02cnsxT3
4700ylBWb+sbyAGHHto/GAXn5cqmiSU/H+n6TLSOzbJ59mpBbvNsVkbySaXhjxnC
PcMS2DXYCrTHnpeXKvJr27CMMby7lAfLJJBq/ESxQuHwUI1jQOrhyIPOQET/f40n
yC7AK9lW2Rv73va+T4KjG68I8ejQwSvrfqqHk0CN9q1RPqLAKJ9xVH3VdwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFF40e3f9eL0ifgCcO7LVtG2lCwo2MB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvWGpSN2RfMTR2U0otQUp3N3N0VzBiYVVMQ2pZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQAWS5hAwQC
W2d4MA0GCSqGSIb3DQEBCwUAA4IBAQA6edMrXBKMV1yeSySQ/xz4c2sBLucUGzrq
8uxMaBHKoRkZjs6jFcp9sMe9XkXFnvu2bon8x6jbFkioxJnrRkjKJHEoMHtb+YhK
8FgJHJI6c88hdrcek97Aj6walUXWG9vviLwIoUMJvIQBHJFg3U790oidCHMSpU0x
DfU0nzOifZIF/kDIwsh/N7noEeTdsp+OChNg44MN1/aqtOTtR/cBke1V+BijYn7D
Ro3CHPL9DOk2FhXHwxvu218boEHDvXcV2JC7ESYvhyhSgZiZDFV4rpAS5OsH5aKI
JH0E7AfeVL5DEvir/+W6MOoS46FtGqYFybk+cmCPOSEtNPHgxWCa
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:00:42 2023 by rpki-client on console-ams.rpki-client.org