Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/sqAynvq0M7FDuOYlPhoLAWc_1og.roa
File: sqAynvq0M7FDuOYlPhoLAWc_1og.roa (raw, json)
Hash identifier: 2poBrqbxn6I2LjSg84p0hmtylUgjOMcKxEHuD1ACV+M=
Subject key identifier: B2:A0:32:9E:FA:B4:33:B1:43:B8:E6:25:3E:1A:0B:01:67:3F:D6:88
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 018572B42377665D65C04F19BFD63FB7D933
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/sqAynvq0M7FDuOYlPhoLAWc_1og.roa
Signing time: Mon 02 Jan 2023 13:38:06 +0000
ROA not before: Mon 02 Jan 2023 13:38:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 31.43.174.0/23 maxlen: 24
185.235.71.0/24 maxlen: 24
185.149.15.0/24 maxlen: 24
89.46.99.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:b4:23:77:66:5d:65:c0:4f:19:bf:d6:3f:b7:d9:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Jan 2 13:38:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b2a0329efab433b143b8e6253e1a0b01673fd688
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:05:09:7a:1e:e1:4e:8e:82:bc:ea:ef:6e:5e:
eb:db:48:6b:8e:6f:20:9e:15:7a:07:e2:af:95:19:
95:84:3b:aa:b8:e1:ad:b1:0c:02:15:d2:ed:72:dc:
23:24:20:a2:63:9e:6d:00:90:db:ae:e3:b6:d4:10:
38:b8:2e:bb:0d:0b:88:0e:b6:14:45:a6:99:29:3e:
fa:26:6f:66:16:90:e2:82:e6:00:f1:ff:12:63:94:
4b:bb:53:84:26:b4:27:57:62:82:8a:b3:9d:90:53:
ca:b2:e7:5d:c4:25:cc:3f:af:4b:99:cf:8a:c2:d0:
44:b1:43:d5:a1:b8:2f:fe:36:e5:77:9f:66:e1:d4:
d9:25:05:55:ba:9f:d4:88:b9:4d:75:eb:ac:b9:33:
a9:eb:30:65:59:ca:97:88:d6:f2:17:1f:18:6d:73:
5d:d9:95:6c:02:11:0c:4c:db:32:e2:77:70:e2:40:
8c:7b:fb:7f:3b:8d:f5:c2:f1:26:d7:22:ba:26:d9:
86:86:29:6b:8c:d0:74:6d:da:ca:cc:5f:7d:7e:29:
e1:9b:cf:45:95:ac:65:0e:51:05:4f:cb:70:0b:14:
74:b0:52:76:57:32:f0:52:5b:bb:6b:58:e4:0c:25:
70:d4:21:e9:76:c0:62:ff:04:c1:52:26:bb:59:61:
59:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:A0:32:9E:FA:B4:33:B1:43:B8:E6:25:3E:1A:0B:01:67:3F:D6:88
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/sqAynvq0M7FDuOYlPhoLAWc_1og.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.43.174.0/23
89.46.99.0/24
185.149.15.0/24
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
90:53:ba:54:8c:77:b2:b8:b3:3a:72:42:13:c9:ea:07:0b:6a:
69:81:79:e8:dd:96:74:0c:7b:d3:09:21:76:7b:85:ea:d8:ed:
ea:25:9a:0f:e5:54:c2:d1:af:e7:2d:67:ab:37:ed:fc:a8:e7:
c3:5c:d6:02:1b:86:69:46:e2:3f:82:b0:a9:67:bd:20:72:5e:
b1:3c:91:e1:9e:40:64:a2:9f:7b:ee:57:f8:cf:6e:3e:4d:ed:
b5:c8:bf:98:86:22:58:58:71:4c:9e:03:86:06:26:1d:d4:06:
96:32:96:14:47:92:1a:8f:bb:0b:39:f9:2d:0e:2e:58:d4:61:
4a:36:1c:76:6b:b6:4d:1c:b9:19:38:0e:08:1e:ec:16:26:fb:
f3:3e:0c:de:3e:07:34:47:77:36:b4:cc:63:fa:5d:6c:1f:29:
ba:f2:fd:67:a6:c9:77:88:cf:21:43:5f:37:5f:51:b5:af:2e:
19:36:e2:c8:4b:b7:52:91:69:f9:f5:6b:2f:a3:de:5a:66:2a:
77:d6:82:7c:c2:ea:26:bd:56:8b:c1:a2:dd:a3:3f:42:7f:84:
98:54:0f:18:7f:d2:6a:de:01:e8:f5:2d:b7:7b:6c:a8:ab:49:
3e:8e:31:f1:ae:96:58:11:d8:60:da:c3:46:f0:b0:4a:ad:6c:
d4:bc:8f:aa
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYVytCN3Zl1lwE8Zv9Y/t9kzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwMTAyMTMzODA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMmEwMzI5ZWZhYjQzM2IxNDNiOGU2MjUzZTFhMGIwMTY3M2ZkNjg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAngUJeh7hTo6CvOrvbl7r20hrjm8g
nhV6B+KvlRmVhDuquOGtsQwCFdLtctwjJCCiY55tAJDbruO21BA4uC67DQuIDrYU
RaaZKT76Jm9mFpDiguYA8f8SY5RLu1OEJrQnV2KCirOdkFPKsuddxCXMP69Lmc+K
wtBEsUPVobgv/jbld59m4dTZJQVVup/UiLlNdeusuTOp6zBlWcqXiNbyFx8YbXNd
2ZVsAhEMTNsy4ndw4kCMe/t/O431wvEm1yK6JtmGhilrjNB0bdrKzF99finhm89F
laxlDlEFT8twCxR0sFJ2VzLwUlu7a1jkDCVw1CHpdsBi/wTBUia7WWFZTwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFLKgMp76tDOxQ7jmJT4aCwFnP9aIMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvc3FBeW52cTBNN0ZEdU9ZbFBob0xBV2NfMW9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBHyuuAwQA
WS5jAwQAuZUPAwQAuetHMA0GCSqGSIb3DQEBCwUAA4IBAQCQU7pUjHeyuLM6ckIT
yeoHC2ppgXno3ZZ0DHvTCSF2e4Xq2O3qJZoP5VTC0a/nLWerN+38qOfDXNYCG4Zp
RuI/grCpZ70gcl6xPJHhnkBkop977lf4z24+Te21yL+YhiJYWHFMngOGBiYd1AaW
MpYUR5Iaj7sLOfktDi5Y1GFKNhx2a7ZNHLkZOA4IHuwWJvvzPgzePgc0R3c2tMxj
+l1sHym68v1npsl3iM8hQ183X1G1ry4ZNuLIS7dSkWn59Wsvo95aZip31oJ8wuom
vVaLwaLdoz9Cf4SYVA8Yf9Jq3gHo9S23e2yoq0k+jjHxrpZYEdhg2sNG8LBKrWzU
vI+q
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:32:31 2024 by rpki-client on console-fra.rpki-client.org