Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/tFjwpMR0WMS-7ozNFaR2-VweJ8M.roa
File: tFjwpMR0WMS-7ozNFaR2-VweJ8M.roa (raw, json)
Hash identifier: /xKL6Of9wdiFFN1KwqR6yL2+P2bzzAqxat9NeZYWWbs=
Subject key identifier: B4:58:F0:A4:C4:74:58:C4:BE:EE:8C:CD:15:A4:76:F9:5C:1E:27:C3
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 018572B41FE3A3BC8AC205689D6C4160F31C
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/tFjwpMR0WMS-7ozNFaR2-VweJ8M.roa
Signing time: Mon 02 Jan 2023 13:38:05 +0000
ROA not before: Mon 02 Jan 2023 13:38:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 91.103.120.0/21 maxlen: 24
185.235.71.0/24 maxlen: 24
95.111.128.0/20 maxlen: 24
95.111.144.0/20 maxlen: 24
185.149.12.0/22 maxlen: 24
89.46.96.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:b4:1f:e3:a3:bc:8a:c2:05:68:9d:6c:41:60:f3:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Jan 2 13:38:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b458f0a4c47458c4beee8ccd15a476f95c1e27c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:a8:11:94:c4:f6:ff:61:2d:e5:ab:8b:09:88:
35:b2:cc:2f:b8:2b:0c:f6:62:53:4f:b4:c8:87:9b:
8e:f0:5b:4f:99:e7:1c:81:e1:f9:1b:6f:3c:48:fb:
7a:92:e9:af:76:97:a4:06:f2:ec:00:36:7e:50:82:
a3:2a:96:2e:fe:73:5a:64:48:6d:08:1c:bc:80:8a:
1b:2a:16:fe:f6:90:62:19:2e:f6:2e:e9:22:c3:1d:
70:8e:e7:5a:c0:7e:84:6c:db:09:b5:fe:5e:76:7d:
b4:2b:20:0d:00:ef:d8:40:f7:55:98:65:13:15:f1:
2b:88:5c:21:88:46:ee:ef:91:e0:cd:33:67:c0:ee:
64:14:77:a8:7f:b4:9e:1d:a4:db:01:7b:d2:a6:af:
a5:be:ca:9c:5e:92:da:a2:77:9a:a6:0e:5c:e7:82:
8f:cc:25:9a:c7:5d:2f:c8:3f:47:dc:fb:52:3a:77:
4b:98:cc:19:02:08:5c:6a:78:41:1a:bc:f7:6c:58:
87:41:3c:ea:d2:da:2b:d0:8a:5b:9a:ac:0f:a6:65:
ef:16:57:90:43:57:c6:18:e2:2a:ba:b3:6c:0a:90:
4f:d2:fe:c4:39:b5:d6:b8:8a:3e:63:e5:10:74:f0:
3b:69:9a:8e:31:7b:cc:77:c4:ce:33:64:84:09:50:
46:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B4:58:F0:A4:C4:74:58:C4:BE:EE:8C:CD:15:A4:76:F9:5C:1E:27:C3
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/tFjwpMR0WMS-7ozNFaR2-VweJ8M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.96.0/22
91.103.120.0/21
95.111.128.0/19
185.149.12.0/22
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
3a:06:9c:67:cf:a2:20:58:f1:87:c3:e2:03:f0:30:ee:91:67:
e3:6d:42:09:e1:a9:a1:46:78:b7:ff:a0:9f:3a:9d:2f:70:94:
34:63:9e:23:f8:1d:95:d2:fd:7b:82:53:76:0b:f8:5b:b1:62:
34:8b:96:61:13:dd:36:8d:8c:85:dd:8e:48:84:f4:7d:4d:0f:
58:db:f9:cf:5d:c3:95:ae:8d:62:d5:87:27:81:f7:c5:82:63:
d5:e2:86:f1:ae:f8:5c:ab:82:09:46:15:41:fa:22:88:92:05:
8b:64:a8:ce:23:d6:cd:6c:92:82:8c:e5:85:e9:cf:75:d1:67:
30:1f:66:39:ab:fc:cd:be:b9:4e:80:0d:25:79:ba:85:e9:20:
82:6c:65:3e:40:7d:cf:2a:61:2d:c8:2e:af:53:1f:d4:e0:dd:
b3:aa:fd:ba:f9:b4:40:42:63:36:f1:bf:2c:d4:3d:15:3e:ba:
fe:ca:55:3e:76:93:db:d3:06:46:94:4c:47:fb:b9:f6:64:d9:
7a:e6:70:92:80:9b:4f:03:8d:25:12:9f:fa:7b:4d:32:be:41:
a9:4d:72:d5:1e:48:cf:7d:07:ac:7d:55:7c:f0:1a:70:ba:14:
d3:ea:0e:51:58:17:a4:ff:24:5f:5d:6c:42:74:a3:b6:06:80:
a2:9e:ea:43
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYVytB/jo7yKwgVonWxBYPMcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwMTAyMTMzODA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNDU4ZjBhNGM0NzQ1OGM0YmVlZThjY2QxNWE0NzZmOTVjMWUyN2MzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoagRlMT2/2Et5auLCYg1sswvuCsM
9mJTT7TIh5uO8FtPmeccgeH5G288SPt6kumvdpekBvLsADZ+UIKjKpYu/nNaZEht
CBy8gIobKhb+9pBiGS72Lukiwx1wjudawH6EbNsJtf5edn20KyANAO/YQPdVmGUT
FfEriFwhiEbu75HgzTNnwO5kFHeof7SeHaTbAXvSpq+lvsqcXpLaoneapg5c54KP
zCWax10vyD9H3PtSOndLmMwZAghcanhBGrz3bFiHQTzq0tor0IpbmqwPpmXvFleQ
Q1fGGOIqurNsCpBP0v7EObXWuIo+Y+UQdPA7aZqOMXvMd8TOM2SECVBGjQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFLRY8KTEdFjEvu6MzRWkdvlcHifDMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvdEZqd3BNUjBXTVMtN296TkZhUjItVndlSjhNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCWS5gAwQD
W2d4AwQFX2+AAwQCuZUMAwQAuetHMA0GCSqGSIb3DQEBCwUAA4IBAQA6Bpxnz6Ig
WPGHw+ID8DDukWfjbUIJ4amhRni3/6CfOp0vcJQ0Y54j+B2V0v17glN2C/hbsWI0
i5ZhE902jYyF3Y5IhPR9TQ9Y2/nPXcOVro1i1YcngffFgmPV4obxrvhcq4IJRhVB
+iKIkgWLZKjOI9bNbJKCjOWF6c910WcwH2Y5q/zNvrlOgA0lebqF6SCCbGU+QH3P
KmEtyC6vUx/U4N2zqv26+bRAQmM28b8s1D0VPrr+ylU+dpPb0wZGlExH+7n2ZNl6
5nCSgJtPA40lEp/6e00yvkGpTXLVHkjPfQesfVV88BpwuhTT6g5RWBek/yRfXWxC
dKO2BoCinupD
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:57:01 2023 by rpki-client on console-fra.rpki-client.org