Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/cuVJ1mT-hZdZXylMUjjMggACsRY.roa
File: cuVJ1mT-hZdZXylMUjjMggACsRY.roa (raw, json)
Hash identifier: 19waVQF1ACNdld37bP2e8njKu6ig4evcVZ9IZr0ryr8=
Subject key identifier: 72:E5:49:D6:64:FE:85:97:59:5F:29:4C:52:38:CC:82:00:02:B1:16
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 0188BCCABDD34B4D9842259FFFEA8AF784F2
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/cuVJ1mT-hZdZXylMUjjMggACsRY.roa
Signing time: Thu 15 Jun 2023 02:03:03 +0000
ROA not before: Thu 15 Jun 2023 02:03:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 171.22.146.0/24 maxlen: 24
91.103.120.0/21 maxlen: 24
185.235.71.0/24 maxlen: 24
95.111.128.0/20 maxlen: 20
95.111.144.0/20 maxlen: 20
185.149.12.0/24 maxlen: 24
185.149.12.0/23 maxlen: 24
185.149.13.0/24 maxlen: 24
185.149.14.0/23 maxlen: 24
89.46.96.0/22 maxlen: 24
89.46.96.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:bc:ca:bd:d3:4b:4d:98:42:25:9f:ff:ea:8a:f7:84:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Jun 15 02:03:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=72e549d664fe8597595f294c5238cc820002b116
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:83:60:6b:01:ef:6f:6b:01:f8:9c:22:41:12:
ab:da:81:4c:68:5a:4d:eb:05:ac:6b:f9:f1:08:2d:
ba:e9:bd:90:cf:2e:47:62:f5:e7:cc:62:a1:51:53:
fe:1a:7d:41:90:85:92:3b:a2:16:39:6f:84:3c:f2:
d5:7d:ae:e1:61:d2:dc:93:95:a6:f1:3a:72:75:ec:
35:7d:aa:37:a7:49:9f:f9:3f:35:2d:cd:54:cc:e3:
3a:a9:63:81:22:8e:39:77:f3:e3:2f:56:aa:1b:8b:
7f:c3:8d:23:53:7d:5e:cd:4f:88:d6:c6:cc:d9:3f:
2c:e7:df:7a:43:3d:3f:d4:6b:96:ba:ae:c4:bd:d5:
d2:99:51:0f:17:81:2a:70:48:0c:7b:56:89:a8:2f:
de:85:f6:af:22:7c:ab:cb:1f:1d:28:d7:88:a9:51:
f5:20:d0:9a:fe:dd:44:16:25:c4:37:b1:83:62:b7:
99:98:19:29:bc:55:d2:bd:6f:4b:77:6e:81:d3:12:
22:e0:7d:ec:62:3b:c0:a3:43:f5:57:0e:87:33:44:
b0:f2:8c:63:33:b9:2e:37:7f:81:66:1e:d5:52:7d:
48:05:f0:a8:86:7a:76:0b:c3:fa:ab:08:f5:ae:d8:
39:3b:dc:3e:4b:b4:5a:05:eb:18:ed:97:c1:92:c8:
b5:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:E5:49:D6:64:FE:85:97:59:5F:29:4C:52:38:CC:82:00:02:B1:16
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/cuVJ1mT-hZdZXylMUjjMggACsRY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.96.0/22
91.103.120.0/21
95.111.128.0/19
171.22.146.0/24
185.149.12.0/22
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
6e:3f:28:5e:cb:70:c2:ca:26:80:a2:9c:9b:56:82:b5:f6:9a:
1c:d0:6a:e8:85:b2:98:c0:74:3f:a0:38:d2:18:fe:ca:a3:8b:
f3:24:71:b5:69:8f:69:89:8c:bc:24:0c:18:60:2e:eb:0e:58:
50:20:01:95:ba:d1:73:c6:de:b3:d7:7f:74:48:8e:71:79:a4:
99:aa:d9:88:95:df:c5:49:9a:e0:56:6c:53:9f:56:2c:0a:56:
28:50:26:9d:8d:78:91:ce:1c:9b:35:c4:88:33:00:61:35:95:
d3:72:90:cc:cf:73:2e:87:7f:53:e5:20:3b:69:5e:c9:e8:56:
5f:59:bb:2e:1a:ac:75:15:07:26:0a:ac:f6:73:63:83:2a:30:
ed:6a:2c:cd:69:23:6e:b7:72:95:e7:40:47:13:53:d2:e2:da:
27:81:b5:2e:24:4d:d2:be:ed:ad:06:a1:a2:f3:4c:9f:6f:b5:
76:18:4f:58:9d:09:55:e4:46:9b:55:69:cf:6c:a4:f0:3f:80:
fc:f3:66:75:df:0f:59:a3:20:87:52:b2:27:09:1d:1d:ac:0b:
a0:0b:f3:66:cc:6c:87:3a:00:f2:52:dd:77:4d:44:09:36:15:
a8:f6:e6:5d:af:c3:fc:e9:16:fc:4d:b3:df:2f:45:5c:88:46:
63:32:dc:3c
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYi8yr3TS02YQiWf/+qK94TyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwNjE1MDIwMzAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmU1NDlkNjY0ZmU4NTk3NTk1ZjI5NGM1MjM4Y2M4MjAwMDJiMTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxoNgawHvb2sB+JwiQRKr2oFMaFpN
6wWsa/nxCC266b2Qzy5HYvXnzGKhUVP+Gn1BkIWSO6IWOW+EPPLVfa7hYdLck5Wm
8Tpydew1fao3p0mf+T81Lc1UzOM6qWOBIo45d/PjL1aqG4t/w40jU31ezU+I1sbM
2T8s5996Qz0/1GuWuq7EvdXSmVEPF4EqcEgMe1aJqC/ehfavInyryx8dKNeIqVH1
INCa/t1EFiXEN7GDYreZmBkpvFXSvW9Ld26B0xIi4H3sYjvAo0P1Vw6HM0Sw8oxj
M7kuN3+BZh7VUn1IBfCohnp2C8P6qwj1rtg5O9w+S7RaBesY7ZfBksi1WwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFHLlSdZk/oWXWV8pTFI4zIIAArEWMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvY3VWSjFtVC1oWmRaWHlsTVVqak1nZ0FDc1JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCWS5gAwQD
W2d4AwQFX2+AAwQAqxaSAwQCuZUMAwQAuetHMA0GCSqGSIb3DQEBCwUAA4IBAQBu
Pyhey3DCyiaAopybVoK19poc0GrohbKYwHQ/oDjSGP7Ko4vzJHG1aY9piYy8JAwY
YC7rDlhQIAGVutFzxt6z1390SI5xeaSZqtmIld/FSZrgVmxTn1YsClYoUCadjXiR
zhybNcSIMwBhNZXTcpDMz3Muh39T5SA7aV7J6FZfWbsuGqx1FQcmCqz2c2ODKjDt
aizNaSNut3KV50BHE1PS4tongbUuJE3Svu2tBqGi80yfb7V2GE9YnQlV5EabVWnP
bKTwP4D882Z13w9ZoyCHUrInCR0drAugC/NmzGyHOgDyUt13TUQJNhWo9uZdr8P8
6Rb8TbPfL0VciEZjMtw8
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:00:42 2023 by rpki-client on console-ams.rpki-client.org