Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/vEnSxo9jdzswpd5ybF7ih86uI0o.roa
File: vEnSxo9jdzswpd5ybF7ih86uI0o.roa (raw, json)
Hash identifier: Hw4VrUBIbY/NH3TysGj+iFEDHaOZVMOtzo77jqZaNMg=
Subject key identifier: BC:49:D2:C6:8F:63:77:3B:30:A5:DE:72:6C:5E:E2:87:CE:AE:23:4A
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 0A118431
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/vEnSxo9jdzswpd5ybF7ih86uI0o.roa
Signing time: Mon 14 Feb 2022 09:18:32 +0000
ROA not before: Mon 14 Feb 2022 09:18:32 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 834
IP address blocks: 171.22.146.0/24 maxlen: 24
91.103.120.0/21 maxlen: 24
185.235.71.0/24 maxlen: 24
185.149.12.0/22 maxlen: 24
89.46.96.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 168920113 (0xa118431)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Feb 14 09:18:32 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=bc49d2c68f63773b30a5de726c5ee287ceae234a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:94:62:c4:03:67:13:10:06:18:92:bf:e8:8f:
d2:bd:42:ed:6f:cb:7c:b7:11:69:11:97:dc:f1:c3:
88:1b:8a:6b:3c:3d:4c:2d:30:0e:94:e5:4b:92:56:
8c:23:de:25:2f:21:40:e7:2b:6d:13:3c:4b:ef:92:
4d:cd:47:ac:b3:2b:5a:0f:8d:b1:04:fd:a9:03:57:
d1:d1:42:50:02:d3:d7:2c:c5:34:b2:66:95:58:5f:
b6:ba:1f:bd:41:4e:00:dc:ad:d6:e8:8b:6c:a3:6d:
3e:65:f2:07:fe:6d:da:1d:0b:8d:5d:8a:d2:37:95:
58:4f:bb:4f:95:d3:32:5c:6e:83:00:29:a4:e7:63:
21:72:bf:fb:b8:e3:e9:6b:3b:a1:20:fd:da:53:11:
fe:e5:32:ef:59:77:25:88:b2:04:22:ce:ed:bc:2b:
02:fe:4c:25:2c:8f:ef:41:cc:db:df:95:e5:da:8a:
a9:f2:22:9e:a5:ef:64:1b:2d:a2:86:e2:75:e3:db:
96:98:9e:00:4d:1d:92:3c:98:33:3e:1b:b1:7b:47:
a7:4e:27:d3:86:0d:9b:5c:ff:b2:69:2d:f1:23:63:
05:09:18:fa:ca:95:22:20:fd:ac:9c:c9:e7:36:1a:
f2:0a:9e:20:10:2e:c7:d0:ff:63:b4:72:5f:08:70:
8d:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BC:49:D2:C6:8F:63:77:3B:30:A5:DE:72:6C:5E:E2:87:CE:AE:23:4A
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/vEnSxo9jdzswpd5ybF7ih86uI0o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.96.0/22
91.103.120.0/21
171.22.146.0/24
185.149.12.0/22
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
0d:4a:0a:97:e1:90:87:66:d2:bc:d7:3d:ae:80:ca:95:5c:f8:
88:26:c4:26:ed:07:de:d8:13:e4:5f:97:cf:f1:f9:0c:82:55:
ea:cc:ea:cd:40:cf:6c:02:46:3f:fa:63:82:3b:a7:6b:71:89:
c6:8e:60:ec:61:ac:15:58:03:a7:d0:d3:c4:00:72:a4:13:89:
df:82:20:b8:53:db:a0:72:cc:35:3e:fa:84:f7:2c:e8:81:50:
cd:f2:7b:15:77:3a:20:64:d3:f3:e7:91:9e:ed:c0:23:fa:bb:
81:8c:2f:e2:fe:93:2c:9c:5e:35:08:96:66:9b:b2:c7:b9:ca:
6a:be:aa:be:6e:95:2c:bb:af:b4:5e:db:14:be:39:84:2c:ca:
53:c2:75:c3:e5:b4:e4:6f:16:be:67:f1:82:e8:c3:0b:60:68:
19:eb:48:3b:80:31:1e:cc:91:55:13:aa:63:25:ba:10:19:0b:
d8:82:c4:a7:1f:68:24:3b:1a:57:9d:c7:b5:50:fb:c1:10:eb:
88:5b:0d:87:53:bb:45:93:7a:cb:dd:45:54:2e:a7:60:0d:62:
c1:7d:55:ea:a4:29:7c:f3:b1:c7:85:ca:f6:76:98:9c:2f:93:
72:d1:0f:cd:0c:f3:d4:ae:af:ad:d6:c4:b7:5d:e4:74:f1:7a:
50:6e:e1:30
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIEChGEMTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDE2NmI3MDQ4NDNkM2Q5NzU0MDk1YzgzYTkxYjQ5MzgyODIwMGEyMB4XDTIyMDIx
NDA5MTgzMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYmM0OWQyYzY4ZjYz
NzczYjMwYTVkZTcyNmM1ZWUyODdjZWFlMjM0YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKqUYsQDZxMQBhiSv+iP0r1C7W/LfLcRaRGX3PHDiBuKazw9
TC0wDpTlS5JWjCPeJS8hQOcrbRM8S++STc1HrLMrWg+NsQT9qQNX0dFCUALT1yzF
NLJmlVhftrofvUFOANyt1uiLbKNtPmXyB/5t2h0LjV2K0jeVWE+7T5XTMlxugwAp
pOdjIXK/+7jj6Ws7oSD92lMR/uUy71l3JYiyBCLO7bwrAv5MJSyP70HM29+V5dqK
qfIinqXvZBstoobidePblpieAE0dkjyYMz4bsXtHp04n04YNm1z/smkt8SNjBQkY
+sqVIiD9rJzJ5zYa8gqeIBAux9D/Y7RyXwhwjc0CAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBS8SdLGj2N3OzCl3nJsXuKHzq4jSjAfBgNVHSMEGDAWgBSUFmtwSEPT2XVA
lcg6kbSTgoIAojAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xCWnJjRWhEMDlsMVFKWElPcEcwazRLQ0FLSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjIvNDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8x
L3ZFblN4bzlqZHpzd3BkNXliRjdpaDg2dUkwby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjIv
NDNmZjhmLWNkNTQtNGNmMS04YWFmLTRiZTE4ZWYxMjhiNC8xL2xCWnJjRWhEMDls
MVFKWElPcEcwazRLQ0FLSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEAlkuYAMEA1tneAMEAKsWkgMEArmV
DAMEALnrRzANBgkqhkiG9w0BAQsFAAOCAQEADUoKl+GQh2bSvNc9roDKlVz4iCbE
Ju0H3tgT5F+Xz/H5DIJV6szqzUDPbAJGP/pjgjuna3GJxo5g7GGsFVgDp9DTxABy
pBOJ34IguFPboHLMNT76hPcs6IFQzfJ7FXc6IGTT8+eRnu3AI/q7gYwv4v6TLJxe
NQiWZpuyx7nKar6qvm6VLLuvtF7bFL45hCzKU8J1w+W05G8WvmfxgujDC2BoGetI
O4AxHsyRVROqYyW6EBkL2ILEpx9oJDsaV53HtVD7wRDriFsNh1O7RZN6y91FVC6n
YA1iwX1V6qQpfPOxx4XK9naYnC+TctEPzQzz1K6vrdbEt13kdPF6UG7hMA==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:00:42 2023 by rpki-client on console-ams.rpki-client.org