Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/cT9U1G-YP5d_cBNkR07_CpKtwwo.roa
File: cT9U1G-YP5d_cBNkR07_CpKtwwo.roa (raw, json)
Hash identifier: MlJrRmLiTyHwmS7bc6qAS63uJnABdKCn6rOjNoy3RCo=
Subject key identifier: 71:3F:54:D4:6F:98:3F:97:7F:70:13:64:47:4E:FF:0A:92:AD:C3:0A
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 0186DF041C61AA7B2E581074B1E60A99296E
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/cT9U1G-YP5d_cBNkR07_CpKtwwo.roa
Signing time: Tue 14 Mar 2023 07:27:13 +0000
ROA not before: Tue 14 Mar 2023 07:27:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 91.103.120.0/21 maxlen: 24
185.235.71.0/24 maxlen: 24
95.111.128.0/20 maxlen: 24
185.149.12.0/22 maxlen: 24
89.46.96.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:df:04:1c:61:aa:7b:2e:58:10:74:b1:e6:0a:99:29:6e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Mar 14 07:27:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=713f54d46f983f977f701364474eff0a92adc30a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:30:1e:01:d0:30:19:79:18:4e:57:2c:8a:e0:
c3:a1:97:01:05:99:62:15:06:5a:32:05:6f:58:60:
8e:dd:ff:f8:47:29:93:be:f8:bf:e6:fb:9e:a8:8e:
24:2f:3c:25:a9:2c:e1:54:a2:6f:ec:e0:9e:b6:42:
f9:10:84:1f:c3:1d:64:3e:3e:19:af:e1:d8:09:23:
bb:89:b0:f0:1c:07:9c:6d:4c:10:1b:5d:de:d6:6a:
43:bb:94:7a:5f:1b:42:a5:89:8f:72:a9:6a:2a:1b:
28:c1:f1:b4:d5:4a:af:9a:cc:5f:a4:58:a6:40:74:
4c:62:8b:72:d9:29:63:44:a2:99:6e:84:d9:dd:62:
cc:38:d9:fa:4f:a8:8f:72:0a:a2:96:85:99:da:43:
76:37:07:78:f9:8d:1f:4d:09:94:a6:a9:48:c8:a5:
4c:a0:1f:38:a1:15:13:85:b6:bf:ce:d1:0a:98:66:
99:c5:35:1c:61:4c:63:c3:b3:0d:07:47:83:5a:a9:
83:44:60:0b:c9:1c:08:f4:3c:97:6a:23:24:14:bd:
61:6a:bb:ef:75:01:70:a9:cb:ff:0e:88:4a:84:ec:
31:36:c4:90:1c:2d:48:62:8a:41:7a:32:16:97:08:
ce:3e:af:96:40:8d:fd:ce:0d:6c:05:65:e7:5f:65:
07:59
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:3F:54:D4:6F:98:3F:97:7F:70:13:64:47:4E:FF:0A:92:AD:C3:0A
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/cT9U1G-YP5d_cBNkR07_CpKtwwo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.96.0/22
91.103.120.0/21
95.111.128.0/20
185.149.12.0/22
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
69:df:92:ac:a6:95:f5:82:d7:54:bf:03:0a:5f:e4:a8:ef:86:
5a:42:f1:85:7e:43:18:c3:74:15:bf:ad:82:3b:3e:16:a8:04:
98:dd:81:cd:8f:23:a4:72:47:93:2e:07:45:b9:f8:19:6a:f9:
ce:37:61:cf:5a:d3:4e:d2:b0:d1:10:3e:20:d6:89:e2:a4:10:
69:31:8d:87:f2:5b:37:55:2a:b7:9a:03:98:e9:d4:78:85:4c:
70:2f:0c:e8:dc:2f:41:17:f0:ee:45:12:32:f1:4e:ee:e2:b2:
43:39:6a:12:a3:ee:7c:00:e6:03:c0:9c:03:f5:34:c7:b2:a6:
55:6f:4d:c3:6f:35:ff:29:29:ff:b5:95:59:65:07:d1:44:78:
85:37:54:bf:73:e0:20:92:90:f3:9a:81:0e:a4:c7:d4:76:82:
6c:19:09:3d:ab:ed:13:7c:73:e3:54:47:2a:ba:a9:13:d3:75:
f0:d4:1b:35:6d:0b:25:82:b4:c1:de:7c:4f:6b:61:d3:9b:3b:
54:24:f9:10:ca:90:4b:b7:8c:92:5c:ab:c2:88:33:c6:de:8c:
e5:c5:19:a9:a8:1d:60:6b:3a:2f:c1:97:03:6e:24:63:55:75:
fb:e3:de:af:04:c5:ba:b1:1c:8b:09:d6:b4:6b:e8:96:44:87:
ab:51:0b:5c
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYbfBBxhqnsuWBB0seYKmSluMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwMzE0MDcyNzEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTNmNTRkNDZmOTgzZjk3N2Y3MDEzNjQ0NzRlZmYwYTkyYWRjMzBhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTAeAdAwGXkYTlcsiuDDoZcBBZli
FQZaMgVvWGCO3f/4RymTvvi/5vueqI4kLzwlqSzhVKJv7OCetkL5EIQfwx1kPj4Z
r+HYCSO7ibDwHAecbUwQG13e1mpDu5R6XxtCpYmPcqlqKhsowfG01UqvmsxfpFim
QHRMYoty2SljRKKZboTZ3WLMONn6T6iPcgqiloWZ2kN2Nwd4+Y0fTQmUpqlIyKVM
oB84oRUThba/ztEKmGaZxTUcYUxjw7MNB0eDWqmDRGALyRwI9DyXaiMkFL1harvv
dQFwqcv/DohKhOwxNsSQHC1IYopBejIWlwjOPq+WQI39zg1sBWXnX2UHWQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFHE/VNRvmD+Xf3ATZEdO/wqSrcMKMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvY1Q5VTFHLVlQNWRfY0JOa1IwN19DcEt0d3dvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCWS5gAwQD
W2d4AwQEX2+AAwQCuZUMAwQAuetHMA0GCSqGSIb3DQEBCwUAA4IBAQBp35KsppX1
gtdUvwMKX+So74ZaQvGFfkMYw3QVv62COz4WqASY3YHNjyOkckeTLgdFufgZavnO
N2HPWtNO0rDRED4g1onipBBpMY2H8ls3VSq3mgOY6dR4hUxwLwzo3C9BF/DuRRIy
8U7u4rJDOWoSo+58AOYDwJwD9TTHsqZVb03DbzX/KSn/tZVZZQfRRHiFN1S/c+Ag
kpDzmoEOpMfUdoJsGQk9q+0TfHPjVEcquqkT03Xw1Bs1bQslgrTB3nxPa2HTmztU
JPkQypBLt4ySXKvCiDPG3ozlxRmpqB1gazovwZcDbiRjVXX7496vBMW6sRyLCda0
a+iWRIerUQtc
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:01 2023 by rpki-client on console-fra.rpki-client.org