Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/sVaRLc5TMrstuQ3deXiM1LzEMT0.roa
File: sVaRLc5TMrstuQ3deXiM1LzEMT0.roa (raw, json)
Hash identifier: OlC1EPyaBjldV12+WiymYmiuvmV0sO3fmM+PkcthyMI=
Subject key identifier: B1:56:91:2D:CE:53:32:BB:2D:B9:0D:DD:79:78:8C:D4:BC:C4:31:3D
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 0B31A0FD
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/sVaRLc5TMrstuQ3deXiM1LzEMT0.roa
Signing time: Sat 21 May 2022 12:13:29 +0000
ROA not before: Sat 21 May 2022 12:13:29 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 171.22.146.0/24 maxlen: 24
95.111.128.0/20 maxlen: 24
177.222.64.0/19 maxlen: 24
95.111.144.0/20 maxlen: 24
185.149.13.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 187801853 (0xb31a0fd)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: May 21 12:13:29 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b156912dce5332bb2db90ddd79788cd4bcc4313d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:29:a9:9f:b0:00:84:0a:8b:1b:34:c5:e4:e4:
0f:50:f6:6d:17:06:23:c9:56:5b:f9:ce:fe:66:fb:
d7:2c:28:31:37:50:b3:c4:cc:c4:82:50:2d:4d:39:
69:1a:45:27:92:82:1e:8b:1a:da:b7:8d:57:0b:51:
5f:36:68:bc:c5:45:b8:2e:6a:d2:90:8c:d1:61:56:
d8:08:af:ab:0a:24:1e:c2:b7:eb:cb:ff:4a:cc:d5:
67:01:80:52:11:d5:c0:a6:68:93:95:5a:00:31:5f:
04:4f:1c:a0:98:4e:09:b1:36:47:a5:20:69:ee:46:
cc:f0:2e:b1:b6:3d:fc:d5:e3:3d:6a:dd:5a:fe:fa:
a2:5d:d4:3b:0d:5c:97:87:59:0a:e1:dc:8f:03:4f:
3a:1e:ff:d9:97:a3:95:63:10:55:f6:d4:17:c4:db:
4f:78:02:0d:7c:09:d0:66:e7:06:c8:2a:bd:31:4f:
52:7c:52:cb:79:62:7e:26:a4:09:e7:b9:60:d2:45:
84:6b:53:47:2a:b4:b3:82:21:4d:22:3d:95:36:5c:
35:c0:eb:81:cb:0e:ff:c1:a0:ff:6e:e9:0a:a0:ab:
25:f6:ef:a3:5e:62:96:9a:49:e9:fa:16:ab:6d:e0:
15:93:41:02:67:bf:0e:76:ed:17:58:83:8e:12:21:
7d:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B1:56:91:2D:CE:53:32:BB:2D:B9:0D:DD:79:78:8C:D4:BC:C4:31:3D
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/sVaRLc5TMrstuQ3deXiM1LzEMT0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
95.111.128.0/19
171.22.146.0/24
177.222.64.0/19
185.149.13.0/24
Signature Algorithm: sha256WithRSAEncryption
05:49:da:0a:54:5d:ce:1d:5c:98:92:98:d0:9e:f1:8d:f2:38:
c6:78:e8:d7:d9:15:1b:7b:99:c4:97:38:28:53:77:64:58:f5:
f0:61:f7:c9:ba:cb:06:ae:5a:2c:e8:05:22:b2:2e:bf:18:a0:
56:29:f8:50:78:40:09:e0:7c:9e:40:48:ee:e1:b6:a5:5d:5c:
8b:35:0a:53:f9:d7:bc:5b:92:de:6c:d4:73:8b:ac:bc:36:ec:
72:31:7f:f4:6c:bd:96:ca:fd:90:2d:87:7f:20:27:7a:9a:77:
91:4b:3e:7e:38:01:d4:1b:78:16:fd:88:3b:b3:ff:64:80:4c:
fe:f8:cc:ad:8e:18:93:e6:41:21:43:1b:58:33:ad:b3:0d:66:
22:25:9f:21:16:5d:5e:fd:fd:23:61:15:10:b2:69:13:83:f7:
10:10:03:56:e2:dc:4a:e3:83:99:7f:32:87:94:06:83:9f:00:
3c:20:d1:ec:7a:be:06:77:a7:32:cd:4c:66:42:e3:e0:24:e8:
e0:25:47:1e:1e:01:60:80:8a:9f:04:92:6f:39:12:20:04:b3:
b3:3c:5b:5a:cd:5b:0d:bd:cc:f0:d6:12:23:63:c2:1c:57:89:
57:50:81:cd:0c:b2:d7:cd:65:5c:3f:09:d6:ec:04:77:c8:2b:
c0:f8:93:d3
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIECzGg/TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDE2NmI3MDQ4NDNkM2Q5NzU0MDk1YzgzYTkxYjQ5MzgyODIwMGEyMB4XDTIyMDUy
MTEyMTMyOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjE1NjkxMmRjZTUz
MzJiYjJkYjkwZGRkNzk3ODhjZDRiY2M0MzEzZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ0pqZ+wAIQKixs0xeTkD1D2bRcGI8lWW/nO/mb71ywoMTdQ
s8TMxIJQLU05aRpFJ5KCHosa2reNVwtRXzZovMVFuC5q0pCM0WFW2AivqwokHsK3
68v/SszVZwGAUhHVwKZok5VaADFfBE8coJhOCbE2R6Ugae5GzPAusbY9/NXjPWrd
Wv76ol3UOw1cl4dZCuHcjwNPOh7/2ZejlWMQVfbUF8TbT3gCDXwJ0GbnBsgqvTFP
UnxSy3lifiakCee5YNJFhGtTRyq0s4IhTSI9lTZcNcDrgcsO/8Gg/27pCqCrJfbv
o15ilppJ6foWq23gFZNBAme/DnbtF1iDjhIhfaMCAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBSxVpEtzlMyuy25Dd15eIzUvMQxPTAfBgNVHSMEGDAWgBSUFmtwSEPT2XVA
lcg6kbSTgoIAojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xCWnJjRWhEMDlsMVFKWElPcEcwazRLQ0FLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvNDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8x
L3NWYVJMYzVUTXJzdHVRM2RlWGlNMUx6RU1UMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
NDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8xL2xCWnJjRWhEMDls
MVFKWElPcEcwazRLQ0FLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEBV9vgAMEAKsWkgMEBbHeQAMEALmV
DTANBgkqhkiG9w0BAQsFAAOCAQEABUnaClRdzh1cmJKY0J7xjfI4xnjo19kVG3uZ
xJc4KFN3ZFj18GH3ybrLBq5aLOgFIrIuvxigVin4UHhACeB8nkBI7uG2pV1cizUK
U/nXvFuS3mzUc4usvDbscjF/9Gy9lsr9kC2HfyAnepp3kUs+fjgB1Bt4Fv2IO7P/
ZIBM/vjMrY4Yk+ZBIUMbWDOtsw1mIiWfIRZdXv39I2EVELJpE4P3EBADVuLcSuOD
mX8yh5QGg58APCDR7Hq+BnenMs1MZkLj4CTo4CVHHh4BYICKnwSSbzkSIASzszxb
Ws1bDb3M8NYSI2PCHFeJV1CBzQyy181lXD8J1uwEd8grwPiT0w==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:00:42 2023 by rpki-client on console-ams.rpki-client.org