Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/opGwIOorzT47XvxGS3KUYxgz2eo.roa
File: opGwIOorzT47XvxGS3KUYxgz2eo.roa (raw, json)
Hash identifier: sDNm5uJ9+YVZ9vDujKCyhu5rlTuPhXX5rfWQY5xFWSw=
Subject key identifier: A2:91:B0:20:EA:2B:CD:3E:3B:5E:FC:46:4B:72:94:63:18:33:D9:EA
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 018B60F2BC586594E612CEE3F038CDC5F8A1
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/opGwIOorzT47XvxGS3KUYxgz2eo.roa
Signing time: Tue 24 Oct 2023 09:10:02 +0000
ROA not before: Tue 24 Oct 2023 09:10:02 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 171.22.144.0/24 maxlen: 24
171.22.146.0/24 maxlen: 24
31.43.174.0/24 maxlen: 24
91.103.120.0/21 maxlen: 24
185.235.71.0/24 maxlen: 24
95.111.128.0/20 maxlen: 20
95.111.144.0/20 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:60:f2:bc:58:65:94:e6:12:ce:e3:f0:38:cd:c5:f8:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Oct 24 09:10:02 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a291b020ea2bcd3e3b5efc464b7294631833d9ea
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:2a:bd:22:46:1e:fc:4b:c3:38:2f:74:77:fc:
87:3f:97:e0:1d:1e:c7:cb:c5:0c:14:9d:4d:0c:82:
9a:00:bc:02:66:1a:7f:28:cb:b1:e6:a4:8c:87:8d:
81:10:16:5b:46:0f:0a:fc:45:94:b1:25:28:12:9c:
cf:a0:f0:62:5c:ee:17:24:9c:61:97:b8:fd:f3:a2:
99:18:d5:b4:19:ea:cd:bb:e2:92:30:e3:de:20:43:
07:b5:8a:55:3f:9e:4d:4d:12:c5:c8:cd:ca:b1:6e:
d9:61:70:87:81:a4:be:b8:77:a0:a3:d3:96:8b:40:
54:99:55:8d:ef:a0:cc:49:e1:fb:5c:07:c6:fc:d4:
09:65:bf:e3:9f:a3:9f:3a:a9:83:50:10:49:22:19:
32:a2:75:a6:89:8a:af:46:8f:17:90:0e:83:74:ef:
ec:18:49:ac:78:17:43:e3:98:0e:5f:b4:c6:18:bb:
8a:0e:5d:36:4b:4d:23:27:5a:f7:88:04:fe:4a:13:
df:46:f2:45:0d:b9:ec:74:7f:ef:68:73:d6:16:e1:
79:a5:6a:32:88:2d:55:7a:71:07:77:6e:d1:67:9d:
3f:7d:e1:66:5b:7b:1b:21:e6:ae:d4:ab:02:94:d1:
fb:c6:26:93:4f:ab:89:13:ec:ca:88:6d:f8:92:06:
fa:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:91:B0:20:EA:2B:CD:3E:3B:5E:FC:46:4B:72:94:63:18:33:D9:EA
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/opGwIOorzT47XvxGS3KUYxgz2eo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.43.174.0/24
91.103.120.0/21
95.111.128.0/19
171.22.144.0/24
171.22.146.0/24
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
1d:43:5f:f8:75:28:43:ab:36:a8:6b:d8:39:dc:67:0d:c7:b7:
81:e0:66:99:4e:91:ad:c2:84:f6:94:1e:4a:60:65:8d:e6:b7:
f0:09:20:e7:96:3e:10:b4:70:27:bc:c0:b3:0f:da:25:d6:a6:
9e:52:41:b2:d0:fc:de:e8:68:63:9d:f1:a4:96:3d:c2:ec:04:
f3:94:24:44:41:64:90:f3:ab:64:7e:f1:8f:f7:da:de:ee:66:
83:6b:35:b0:72:86:d6:9a:70:3b:b2:f8:a8:e4:d4:e1:c1:90:
b6:05:7e:3b:2c:a7:f3:65:20:fa:b9:4f:11:93:bd:ce:80:71:
17:19:e6:bb:0b:c7:92:98:53:9a:14:54:cd:c3:b3:77:d4:47:
37:75:56:28:db:18:63:e6:84:e8:4d:3b:84:12:3e:16:af:9d:
c0:d1:03:18:c9:0e:1e:40:15:2b:96:87:82:e1:51:d0:f7:4b:
6f:fd:ef:c3:51:17:0a:3c:a9:89:69:9a:e1:c3:84:14:7d:79:
a2:a4:bf:e4:00:2a:46:b3:57:f7:31:31:8e:13:3d:fd:07:af:
f0:05:f5:90:e3:70:85:0d:20:6d:49:ef:69:73:1f:74:df:8c:
74:fc:09:ea:bf:30:1a:fd:e9:4b:91:09:aa:77:02:d0:b1:50:
fe:55:73:96
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYtg8rxYZZTmEs7j8DjNxfihMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMxMDI0MDkxMDAyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjkxYjAyMGVhMmJjZDNlM2I1ZWZjNDY0YjcyOTQ2MzE4MzNkOWVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoCq9IkYe/EvDOC90d/yHP5fgHR7H
y8UMFJ1NDIKaALwCZhp/KMux5qSMh42BEBZbRg8K/EWUsSUoEpzPoPBiXO4XJJxh
l7j986KZGNW0GerNu+KSMOPeIEMHtYpVP55NTRLFyM3KsW7ZYXCHgaS+uHego9OW
i0BUmVWN76DMSeH7XAfG/NQJZb/jn6OfOqmDUBBJIhkyonWmiYqvRo8XkA6DdO/s
GEmseBdD45gOX7TGGLuKDl02S00jJ1r3iAT+ShPfRvJFDbnsdH/vaHPWFuF5pWoy
iC1VenEHd27RZ50/feFmW3sbIeau1KsClNH7xiaTT6uJE+zKiG34kgb6ZQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFKKRsCDqK80+O178RktylGMYM9nqMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvb3BHd0lPb3J6VDQ3WHZ4R1MzS1VZeGd6MmVvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAHyuuAwQD
W2d4AwQFX2+AAwQAqxaQAwQAqxaSAwQAuetHMA0GCSqGSIb3DQEBCwUAA4IBAQAd
Q1/4dShDqzaoa9g53GcNx7eB4GaZTpGtwoT2lB5KYGWN5rfwCSDnlj4QtHAnvMCz
D9ol1qaeUkGy0Pze6GhjnfGklj3C7ATzlCREQWSQ86tkfvGP99re7maDazWwcobW
mnA7svio5NThwZC2BX47LKfzZSD6uU8Rk73OgHEXGea7C8eSmFOaFFTNw7N31Ec3
dVYo2xhj5oToTTuEEj4Wr53A0QMYyQ4eQBUrloeC4VHQ90tv/e/DURcKPKmJaZrh
w4QUfXmipL/kACpGs1f3MTGOEz39B6/wBfWQ43CFDSBtSe9pcx9034x0/AnqvzAa
/elLkQmqdwLQsVD+VXOW
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:31 2024 by rpki-client on console-fra.rpki-client.org