Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/ctw30ofQBRLcBUmwl4rn0IbHVZs.roa
File: ctw30ofQBRLcBUmwl4rn0IbHVZs.roa (raw, json)
Hash identifier: jtDoHTEs7svpBgXKJat3yP+BIFlqErQeVwZE0PUKlHs=
Subject key identifier: 72:DC:37:D2:87:D0:05:12:DC:05:49:B0:97:8A:E7:D0:86:C7:55:9B
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 0A80CDC2
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/ctw30ofQBRLcBUmwl4rn0IbHVZs.roa
Signing time: Mon 14 Mar 2022 15:53:30 +0000
ROA not before: Mon 14 Mar 2022 15:53:30 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 171.22.147.0/24 maxlen: 24
31.43.174.0/23 maxlen: 24
185.235.71.0/24 maxlen: 24
185.149.15.0/24 maxlen: 24
89.46.99.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 176213442 (0xa80cdc2)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Mar 14 15:53:30 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=72dc37d287d00512dc0549b0978ae7d086c7559b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:d9:7f:00:8c:99:ab:ba:36:bd:58:b8:28:ad:
f3:ce:73:c2:0f:a0:ee:90:63:df:f1:28:78:88:6c:
c2:68:f8:3b:62:8c:bf:04:85:53:d3:c1:8f:ef:86:
f9:d5:af:41:3f:26:e9:de:be:d0:c5:42:ac:41:96:
17:3e:ea:52:fd:b9:e6:38:55:c8:4d:9f:7c:8b:86:
c3:37:eb:54:80:23:41:e9:07:9c:49:8d:78:32:08:
4b:93:d3:21:96:7a:63:0d:25:3c:08:bb:fa:27:e9:
93:65:fd:0a:92:62:1b:6e:ba:81:63:b0:57:36:c1:
9c:23:fc:b2:5f:bd:78:ec:0b:c1:11:c9:ff:ae:6c:
39:d1:4b:41:4a:a7:ac:89:19:cb:da:f7:b4:64:c4:
12:b8:32:c3:4a:8f:12:66:d4:6d:63:4a:35:a6:ad:
ec:c9:03:aa:33:9e:4d:8b:2f:e3:eb:05:7d:7a:e7:
b8:ec:5a:cd:02:c4:bd:f3:30:91:07:eb:8c:64:6d:
47:9f:8a:ca:eb:8e:19:66:ec:db:43:39:bb:c8:02:
b3:40:25:40:37:65:f9:25:a0:18:9c:e4:c1:2e:a1:
09:78:d4:88:a6:cd:77:46:8e:8e:7b:13:1d:f0:85:
59:b3:b2:68:56:0d:1a:27:52:d5:be:dc:57:31:cb:
18:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:DC:37:D2:87:D0:05:12:DC:05:49:B0:97:8A:E7:D0:86:C7:55:9B
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/ctw30ofQBRLcBUmwl4rn0IbHVZs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.43.174.0/23
89.46.99.0/24
171.22.147.0/24
185.149.15.0/24
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
6d:12:df:c2:03:a0:50:01:1e:8a:c2:6c:2e:83:cf:a5:81:7f:
d5:93:f0:95:4d:4c:eb:3f:44:84:1b:4b:de:73:88:0c:c0:92:
fd:c3:59:19:f7:fd:00:6d:d8:7f:a7:36:37:b0:38:b1:95:cd:
6f:8f:e4:f3:6b:c4:91:76:d9:a7:7a:b2:e9:07:ee:1c:c7:ee:
fd:fe:23:a4:a8:8e:78:4e:6b:aa:29:50:96:9b:f4:d7:5c:33:
13:e6:75:52:8b:9f:44:f8:a6:a8:cd:c1:6d:2d:b4:2f:c4:b3:
a3:12:bd:8a:90:11:48:8e:da:f0:03:99:73:8f:9f:1b:70:a3:
28:09:73:21:10:78:9d:46:80:c8:66:da:1f:69:b5:f6:d9:b5:
fb:c2:31:6e:9a:00:12:f7:30:1f:ac:a0:33:49:01:c4:2a:1c:
59:c4:fc:c9:b3:0c:21:82:e4:87:e1:12:fe:63:0d:d7:90:de:
b2:a9:bb:9e:4d:5c:83:c6:f0:19:73:0c:e1:e9:f6:02:49:72:
9c:98:c7:ff:ba:2d:3d:8b:b9:25:21:be:83:2e:5d:c9:e4:67:
13:57:1f:d2:b4:d0:51:af:77:cf:58:ba:5c:54:9e:d8:0c:81:
92:d7:e0:91:64:82:0c:82:46:1d:0b:fd:8e:8d:79:27:27:80:
5f:03:7b:17
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIECoDNwjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDE2NmI3MDQ4NDNkM2Q5NzU0MDk1YzgzYTkxYjQ5MzgyODIwMGEyMB4XDTIyMDMx
NDE1NTMzMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzJkYzM3ZDI4N2Qw
MDUxMmRjMDU0OWIwOTc4YWU3ZDA4NmM3NTU5YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKTZfwCMmau6Nr1YuCit885zwg+g7pBj3/EoeIhswmj4O2KM
vwSFU9PBj++G+dWvQT8m6d6+0MVCrEGWFz7qUv255jhVyE2ffIuGwzfrVIAjQekH
nEmNeDIIS5PTIZZ6Yw0lPAi7+ifpk2X9CpJiG266gWOwVzbBnCP8sl+9eOwLwRHJ
/65sOdFLQUqnrIkZy9r3tGTEErgyw0qPEmbUbWNKNaat7MkDqjOeTYsv4+sFfXrn
uOxazQLEvfMwkQfrjGRtR5+KyuuOGWbs20M5u8gCs0AlQDdl+SWgGJzkwS6hCXjU
iKbNd0aOjnsTHfCFWbOyaFYNGidS1b7cVzHLGHUCAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBRy3DfSh9AFEtwFSbCXiufQhsdVmzAfBgNVHSMEGDAWgBSUFmtwSEPT2XVA
lcg6kbSTgoIAojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xCWnJjRWhEMDlsMVFKWElPcEcwazRLQ0FLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvNDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8x
L2N0dzMwb2ZRQlJMY0JVbXdsNHJuMEliSFZacy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
NDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8xL2xCWnJjRWhEMDls
MVFKWElPcEcwazRLQ0FLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEAR8rrgMEAFkuYwMEAKsWkwMEALmV
DwMEALnrRzANBgkqhkiG9w0BAQsFAAOCAQEAbRLfwgOgUAEeisJsLoPPpYF/1ZPw
lU1M6z9EhBtL3nOIDMCS/cNZGff9AG3Yf6c2N7A4sZXNb4/k82vEkXbZp3qy6Qfu
HMfu/f4jpKiOeE5rqilQlpv011wzE+Z1UoufRPimqM3BbS20L8SzoxK9ipARSI7a
8AOZc4+fG3CjKAlzIRB4nUaAyGbaH2m19tm1+8IxbpoAEvcwH6ygM0kBxCocWcT8
ybMMIYLkh+ES/mMN15Desqm7nk1cg8bwGXMM4en2AklynJjH/7otPYu5JSG+gy5d
yeRnE1cf0rTQUa93z1i6XFSe2AyBktfgkWSCDIJGHQv9jo15JyeAXwN7Fw==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:00:42 2023 by rpki-client on console-ams.rpki-client.org