Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/dCtx-yQiZTzNymtqsku3n8ryRb8.roa
File: dCtx-yQiZTzNymtqsku3n8ryRb8.roa (raw, json)
Hash identifier: wr012RTG1CxnnmF39wSC6lsKExuaF2GRdtjZvBBT4XI=
Subject key identifier: 74:2B:71:FB:24:22:65:3C:CD:CA:6B:6A:B2:4B:B7:9F:CA:F2:45:BF
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 0185BD10A06C89A545B3260C31E0124FD30F
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/dCtx-yQiZTzNymtqsku3n8ryRb8.roa
Signing time: Tue 17 Jan 2023 00:11:01 +0000
ROA not before: Tue 17 Jan 2023 00:11:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 91.103.120.0/21 maxlen: 24
95.111.128.0/20 maxlen: 24
95.111.144.0/20 maxlen: 24
185.149.12.0/22 maxlen: 24
89.46.96.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:bd:10:a0:6c:89:a5:45:b3:26:0c:31:e0:12:4f:d3:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Jan 17 00:11:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=742b71fb2422653ccdca6b6ab24bb79fcaf245bf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:d7:18:1f:bb:74:7b:57:ba:26:ae:88:67:d3:
a3:d7:89:28:f2:6a:ff:65:84:8d:99:20:ab:15:db:
b5:e8:52:2d:98:30:96:4d:91:da:5e:8c:e4:5e:1d:
48:de:f6:d5:c1:03:71:52:8d:4c:6d:83:1c:3b:50:
06:b7:49:5a:d7:73:28:08:57:11:18:87:bd:c8:fd:
21:21:f5:c0:47:e3:14:5a:22:50:26:0f:86:33:5a:
ab:3a:39:4e:2f:d2:03:8c:54:9e:fe:90:18:80:ea:
57:ff:84:e3:c3:46:b8:e2:71:ff:2e:77:1b:91:91:
ca:3e:3f:51:03:19:f3:29:bc:3a:de:fd:ef:a4:60:
78:84:fc:f1:28:50:3f:5d:b0:88:26:40:3b:f7:bd:
b2:f0:95:99:9e:d8:8e:49:a6:a9:65:da:f5:90:46:
87:1e:3e:03:7e:d9:bd:d7:55:e8:c1:da:c8:9d:11:
ee:9a:d2:c7:26:80:ef:f3:b7:51:10:f9:59:b9:3e:
d2:96:94:b3:e0:a1:b0:f9:d2:a4:e3:54:05:bd:06:
f0:f3:cd:13:44:1c:34:10:a8:99:88:18:30:30:a2:
c8:3e:40:84:87:55:b6:26:fd:11:80:e5:de:f2:df:
97:77:61:9f:a7:aa:2d:15:a7:a9:32:35:2b:81:e1:
36:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:2B:71:FB:24:22:65:3C:CD:CA:6B:6A:B2:4B:B7:9F:CA:F2:45:BF
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/dCtx-yQiZTzNymtqsku3n8ryRb8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.96.0/22
91.103.120.0/21
95.111.128.0/19
185.149.12.0/22
Signature Algorithm: sha256WithRSAEncryption
31:6a:1e:9d:c4:f7:ff:61:86:9d:b9:98:a9:6a:05:7b:b4:47:
06:73:3b:72:23:2a:06:6e:47:5a:49:74:77:3e:85:67:74:ff:
a2:84:65:81:53:2f:4f:ba:dc:77:8a:15:39:3a:c5:91:22:9b:
8e:5a:63:3e:cc:82:42:c1:1d:7a:94:f2:0f:52:a2:f2:92:50:
86:71:60:88:4e:a2:ca:86:1e:77:74:fc:7e:96:30:9b:b6:68:
55:42:42:4b:39:80:46:64:a2:da:20:d9:69:5b:d8:b5:99:16:
41:82:16:a0:7b:e4:53:13:d0:40:dd:8e:e4:47:69:4a:64:1f:
df:20:09:e4:bc:87:07:d6:76:1c:f4:78:a3:cc:93:6c:b4:97:
f8:ee:63:57:1e:aa:6d:ff:05:8e:03:94:19:c1:9d:c7:f0:85:
41:5d:75:ce:6f:5c:0c:a7:13:1b:ee:02:1e:e8:c9:00:f0:82:
48:ed:e9:5c:0a:36:b6:b0:4f:ed:ba:73:72:20:b9:d2:32:2e:
6e:0b:54:90:05:a7:b3:3a:59:8b:6c:d1:e5:98:20:70:23:da:
8b:9b:b4:ba:0d:43:85:46:c9:1c:7d:7c:83:9c:b3:26:40:73:
a2:51:2d:2a:87:04:2f:97:7a:7d:27:98:eb:45:f4:e9:80:6c:
3b:92:4c:3d
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYW9EKBsiaVFsyYMMeAST9MPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwMTE3MDAxMTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NDJiNzFmYjI0MjI2NTNjY2RjYTZiNmFiMjRiYjc5ZmNhZjI0NWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAktcYH7t0e1e6Jq6IZ9Oj14ko8mr/
ZYSNmSCrFdu16FItmDCWTZHaXozkXh1I3vbVwQNxUo1MbYMcO1AGt0la13MoCFcR
GIe9yP0hIfXAR+MUWiJQJg+GM1qrOjlOL9IDjFSe/pAYgOpX/4Tjw0a44nH/Lncb
kZHKPj9RAxnzKbw63v3vpGB4hPzxKFA/XbCIJkA7972y8JWZntiOSaapZdr1kEaH
Hj4Dftm911XowdrInRHumtLHJoDv87dREPlZuT7SlpSz4KGw+dKk41QFvQbw880T
RBw0EKiZiBgwMKLIPkCEh1W2Jv0RgOXe8t+Xd2Gfp6otFaepMjUrgeE2gwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFHQrcfskImU8zcprarJLt5/K8kW/MB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvZEN0eC15UWlaVHpOeW10cXNrdTNuOHJ5UmI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCWS5gAwQD
W2d4AwQFX2+AAwQCuZUMMA0GCSqGSIb3DQEBCwUAA4IBAQAxah6dxPf/YYaduZip
agV7tEcGcztyIyoGbkdaSXR3PoVndP+ihGWBUy9Putx3ihU5OsWRIpuOWmM+zIJC
wR16lPIPUqLyklCGcWCITqLKhh53dPx+ljCbtmhVQkJLOYBGZKLaINlpW9i1mRZB
ghage+RTE9BA3Y7kR2lKZB/fIAnkvIcH1nYc9HijzJNstJf47mNXHqpt/wWOA5QZ
wZ3H8IVBXXXOb1wMpxMb7gIe6MkA8IJI7elcCja2sE/tunNyILnSMi5uC1SQBaez
OlmLbNHlmCBwI9qLm7S6DUOFRskcfXyDnLMmQHOiUS0qhwQvl3p9J5jrRfTpgGw7
kkw9
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:01 2023 by rpki-client on console-fra.rpki-client.org