Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/hReq3An1Dd-O_cZvqfPpbJ_2KJI.roa
File: hReq3An1Dd-O_cZvqfPpbJ_2KJI.roa (raw, json)
Hash identifier: JqZ4/WJQTJU1mGpcz6mxTYLONE/0WQrLYlmBYUpAb14=
Subject key identifier: 85:17:AA:DC:09:F5:0D:DF:8E:FD:C6:6F:A9:F3:E9:6C:9F:F6:28:92
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 0186ECCDD62E7D37DD10303D17D3A6A0DD93
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/hReq3An1Dd-O_cZvqfPpbJ_2KJI.roa
Signing time: Thu 16 Mar 2023 23:42:38 +0000
ROA not before: Thu 16 Mar 2023 23:42:38 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 91.103.120.0/21 maxlen: 24
185.235.71.0/24 maxlen: 24
95.111.128.0/20 maxlen: 24
95.111.144.0/20 maxlen: 24
185.149.12.0/22 maxlen: 24
89.46.96.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:ec:cd:d6:2e:7d:37:dd:10:30:3d:17:d3:a6:a0:dd:93
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Mar 16 23:42:38 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8517aadc09f50ddf8efdc66fa9f3e96c9ff62892
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:69:7d:c5:b5:b9:cc:5a:5b:03:f0:7e:15:93:
df:15:e5:5f:f1:a2:e5:a4:6d:75:a0:40:e3:6e:d5:
0b:d2:c3:9d:2d:27:e9:05:a0:6d:35:68:fe:4f:28:
e2:fe:ee:66:1f:8b:b5:20:6a:e3:45:b8:1d:58:29:
05:f5:6a:a5:23:cd:55:4e:48:ee:4c:1a:3d:02:cf:
68:64:0b:ad:89:65:6a:8e:33:cc:3e:85:76:9e:c8:
6c:c0:d0:61:3e:14:3f:3e:da:0d:ab:02:6e:aa:70:
06:01:af:a0:23:ed:3c:2f:2e:c3:47:e8:75:73:84:
7b:01:8d:ca:c3:46:3a:29:7a:a3:2c:76:36:d0:a2:
a2:c1:9f:a5:ca:b3:ac:5e:7b:92:e5:c7:e2:1b:8b:
8c:a3:17:fc:ce:21:4b:25:f2:6b:23:a0:0c:76:5a:
3a:e6:3d:c8:b6:44:c8:a0:07:ef:a8:29:89:a4:04:
fc:0b:54:3e:09:c4:69:1a:39:47:f9:03:d8:77:88:
b8:27:4f:4c:24:5e:e2:f7:43:8c:71:bd:02:01:e5:
cd:47:d1:9d:cc:b9:29:36:2c:7a:51:26:6f:69:fc:
9f:b5:6b:e3:e3:24:2b:60:3b:2e:98:48:02:38:b5:
5b:ee:b6:3a:56:28:5c:28:b5:34:29:47:a9:d4:f6:
8f:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:17:AA:DC:09:F5:0D:DF:8E:FD:C6:6F:A9:F3:E9:6C:9F:F6:28:92
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/hReq3An1Dd-O_cZvqfPpbJ_2KJI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.96.0/22
91.103.120.0/21
95.111.128.0/19
185.149.12.0/22
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
23:06:72:44:60:b6:5b:09:05:e6:35:36:e7:e7:5d:b7:3d:22:
e3:ec:9e:80:88:a6:05:ad:5e:3b:3e:63:1d:1d:5c:3a:94:ad:
5c:2a:01:ef:6d:ab:17:f6:79:9a:0e:af:70:9f:5e:05:eb:0a:
ed:00:7c:0c:d9:32:0b:79:cc:9e:9e:34:4a:f8:18:7e:aa:1a:
bf:64:6f:ec:95:2e:31:35:a5:03:26:60:f2:e4:ce:cd:4f:89:
b2:23:4a:72:24:62:df:8c:1d:a8:52:25:8e:a2:92:03:af:85:
eb:b6:5c:22:8f:91:7a:06:91:bb:81:8c:35:36:58:6d:13:ff:
fb:57:f4:02:fb:b6:34:06:7b:04:9f:3f:42:cc:0f:7f:ea:5f:
29:e7:19:55:84:75:d6:28:36:6b:f3:02:73:85:4f:2d:a0:d9:
4c:61:2b:65:07:fc:e6:a5:a1:00:bd:3c:03:78:e4:17:81:17:
1b:4e:e3:ae:b9:62:f7:d8:48:37:a7:6c:c8:82:5c:54:7e:1d:
b7:76:ea:57:17:66:95:78:d6:25:e9:1d:6c:24:c0:e8:1b:74:
e4:d3:ee:fa:88:d2:2d:56:77:17:ae:e9:bc:13:ca:25:c6:a5:
6e:71:34:d9:86:42:8b:99:67:c4:30:a7:7c:d0:12:a0:e1:66:
bb:27:8b:61
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYbszdYufTfdEDA9F9OmoN2TMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwMzE2MjM0MjM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NTE3YWFkYzA5ZjUwZGRmOGVmZGM2NmZhOWYzZTk2YzlmZjYyODkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiml9xbW5zFpbA/B+FZPfFeVf8aLl
pG11oEDjbtUL0sOdLSfpBaBtNWj+Tyji/u5mH4u1IGrjRbgdWCkF9WqlI81VTkju
TBo9As9oZAutiWVqjjPMPoV2nshswNBhPhQ/PtoNqwJuqnAGAa+gI+08Ly7DR+h1
c4R7AY3Kw0Y6KXqjLHY20KKiwZ+lyrOsXnuS5cfiG4uMoxf8ziFLJfJrI6AMdlo6
5j3ItkTIoAfvqCmJpAT8C1Q+CcRpGjlH+QPYd4i4J09MJF7i90OMcb0CAeXNR9Gd
zLkpNix6USZvafyftWvj4yQrYDsumEgCOLVb7rY6VihcKLU0KUep1PaPoQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFIUXqtwJ9Q3fjv3Gb6nz6Wyf9iiSMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvaFJlcTNBbjFEZC1PX2NadnFmUHBiSl8yS0pJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCWS5gAwQD
W2d4AwQFX2+AAwQCuZUMAwQAuetHMA0GCSqGSIb3DQEBCwUAA4IBAQAjBnJEYLZb
CQXmNTbn5123PSLj7J6AiKYFrV47PmMdHVw6lK1cKgHvbasX9nmaDq9wn14F6wrt
AHwM2TILecyenjRK+Bh+qhq/ZG/slS4xNaUDJmDy5M7NT4myI0pyJGLfjB2oUiWO
opIDr4Xrtlwij5F6BpG7gYw1NlhtE//7V/QC+7Y0BnsEnz9CzA9/6l8p5xlVhHXW
KDZr8wJzhU8toNlMYStlB/zmpaEAvTwDeOQXgRcbTuOuuWL32Eg3p2zIglxUfh23
dupXF2aVeNYl6R1sJMDoG3Tk0+76iNItVncXrum8E8olxqVucTTZhkKLmWfEMKd8
0BKg4Wa7J4th
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:00:42 2023 by rpki-client on console-ams.rpki-client.org