Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/d-2OFXutEfHLMfmV-i1kgnI4o7g.roa
File: d-2OFXutEfHLMfmV-i1kgnI4o7g.roa (raw, json)
Hash identifier: 4uwwOQyjtK/PqZn4MsMjo0v1Oh6QXgRHT8VM5lbefI4=
Subject key identifier: 77:ED:8E:15:7B:AD:11:F1:CB:31:F9:95:FA:2D:64:82:72:38:A3:B8
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 0188998E2F0CA3BE856D6C07C7645ECDC910
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/d-2OFXutEfHLMfmV-i1kgnI4o7g.roa
Signing time: Thu 08 Jun 2023 05:50:12 +0000
ROA not before: Thu 08 Jun 2023 05:50:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 171.22.146.0/24 maxlen: 24
91.103.120.0/21 maxlen: 24
185.235.71.0/24 maxlen: 24
95.111.128.0/20 maxlen: 24
95.111.144.0/20 maxlen: 24
185.149.12.0/23 maxlen: 24
185.149.12.0/24 maxlen: 24
185.149.13.0/24 maxlen: 24
185.149.14.0/23 maxlen: 24
89.46.96.0/24 maxlen: 24
89.46.96.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:99:8e:2f:0c:a3:be:85:6d:6c:07:c7:64:5e:cd:c9:10
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Jun 8 05:50:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=77ed8e157bad11f1cb31f995fa2d64827238a3b8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:da:aa:de:8c:77:d0:f1:d8:13:e1:78:d0:9f:
c1:59:8c:6d:56:a5:5d:79:50:1d:f4:ab:3a:f0:1b:
1f:9d:cc:96:56:80:c4:3f:c8:b9:53:b9:53:07:c8:
61:e4:88:2c:f2:43:be:57:65:3e:7a:99:98:a1:fc:
1b:b2:4a:cf:a3:22:da:ef:e4:66:05:bd:e1:e0:ba:
25:33:9e:a2:d3:d4:4a:68:99:32:b7:87:fe:31:9e:
09:2d:bd:c4:86:d9:86:16:4e:ce:1e:a4:17:87:9a:
f0:0c:34:33:9a:cf:4f:48:96:36:84:d5:75:62:3a:
80:7e:c5:2b:6c:c2:55:61:86:66:b7:53:81:f0:19:
0a:3a:f2:b8:90:ae:b5:9e:57:51:18:71:82:0e:a9:
0e:75:88:ec:51:b9:58:0e:eb:47:04:d4:d8:2f:c1:
3d:7d:ed:a0:c0:d1:13:9e:68:27:e4:34:a4:73:e1:
59:4e:46:62:d8:91:a1:ea:14:71:6b:42:f4:2f:d7:
f7:89:ee:0b:dc:a6:1b:3e:c5:98:0b:e5:19:5b:29:
2c:ae:a7:49:af:76:c7:b4:88:cc:3f:32:8c:71:f0:
ba:5c:a8:d0:b2:c2:2f:fa:cf:8e:93:1c:03:75:f9:
78:02:59:95:e6:fe:b0:41:05:2e:62:b9:40:f7:10:
29:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
77:ED:8E:15:7B:AD:11:F1:CB:31:F9:95:FA:2D:64:82:72:38:A3:B8
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/d-2OFXutEfHLMfmV-i1kgnI4o7g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.96.0/22
91.103.120.0/21
95.111.128.0/19
171.22.146.0/24
185.149.12.0/22
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
30:eb:06:92:67:db:c6:27:38:01:04:34:8f:50:3d:9a:95:14:
0d:98:23:f1:72:a2:8c:02:87:54:c7:c7:51:b6:7e:7e:bb:c1:
f7:45:e1:30:1a:5b:38:d5:43:8c:8c:f6:8f:1e:89:a1:b5:75:
c4:73:b5:66:f6:57:73:00:ce:6c:4c:1a:07:0c:15:12:66:3a:
0e:14:4c:39:9d:c7:59:bf:14:8b:fa:25:b4:8a:05:a4:94:1e:
98:9c:4e:97:fb:ee:05:58:b8:c7:98:c5:d9:c7:60:f9:ac:fa:
bd:9c:56:12:4f:24:6f:7f:01:da:13:b0:07:c3:c9:5e:a6:42:
3c:b8:aa:20:96:83:ec:47:d6:16:ba:73:7d:ea:c3:db:9e:33:
c1:bd:09:28:08:e8:f9:7e:1f:29:29:d4:fc:d6:0c:18:55:a5:
6e:44:e1:1d:b9:91:29:5e:cc:c6:b7:39:92:45:54:91:19:36:
27:12:ae:fc:6b:c1:b5:c0:11:6f:1b:86:cc:11:81:4d:a5:32:
d0:e2:f4:9b:12:4c:15:52:f7:31:78:24:72:98:9d:fa:be:8d:
0c:a4:eb:7d:c9:67:36:9b:d7:31:37:ac:9f:48:d7:7c:eb:ec:
a7:a6:53:4e:dd:ff:f5:bb:5a:61:52:5c:44:51:1f:c5:84:aa:
ee:43:5f:a3
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYiZji8Mo76FbWwHx2RezckQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwNjA4MDU1MDEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3N2VkOGUxNTdiYWQxMWYxY2IzMWY5OTVmYTJkNjQ4MjcyMzhhM2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttqq3ox30PHYE+F40J/BWYxtVqVd
eVAd9Ks68BsfncyWVoDEP8i5U7lTB8hh5Igs8kO+V2U+epmYofwbskrPoyLa7+Rm
Bb3h4LolM56i09RKaJkyt4f+MZ4JLb3EhtmGFk7OHqQXh5rwDDQzms9PSJY2hNV1
YjqAfsUrbMJVYYZmt1OB8BkKOvK4kK61nldRGHGCDqkOdYjsUblYDutHBNTYL8E9
fe2gwNETnmgn5DSkc+FZTkZi2JGh6hRxa0L0L9f3ie4L3KYbPsWYC+UZWyksrqdJ
r3bHtIjMPzKMcfC6XKjQssIv+s+OkxwDdfl4AlmV5v6wQQUuYrlA9xApbwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFHftjhV7rRHxyzH5lfotZIJyOKO4MB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvZC0yT0ZYdXRFZkhMTWZtVi1pMWtnbkk0bzdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQCWS5gAwQD
W2d4AwQFX2+AAwQAqxaSAwQCuZUMAwQAuetHMA0GCSqGSIb3DQEBCwUAA4IBAQAw
6waSZ9vGJzgBBDSPUD2alRQNmCPxcqKMAodUx8dRtn5+u8H3ReEwGls41UOMjPaP
HomhtXXEc7Vm9ldzAM5sTBoHDBUSZjoOFEw5ncdZvxSL+iW0igWklB6YnE6X++4F
WLjHmMXZx2D5rPq9nFYSTyRvfwHaE7AHw8lepkI8uKogloPsR9YWunN96sPbnjPB
vQkoCOj5fh8pKdT81gwYVaVuROEduZEpXszGtzmSRVSRGTYnEq78a8G1wBFvG4bM
EYFNpTLQ4vSbEkwVUvcxeCRymJ36vo0MpOt9yWc2m9cxN6yfSNd86+ynplNO3f/1
u1phUlxEUR/FhKruQ1+j
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:00:42 2023 by rpki-client on console-ams.rpki-client.org