Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/vTgyg17rYB6sOyk4iw-zESi-EoE.roa
File: vTgyg17rYB6sOyk4iw-zESi-EoE.roa (raw, json)
Hash identifier: enblnKR3Dq8YmfQf+12JnPX6J2CG1MShNJRRGxvj45Q=
Subject key identifier: BD:38:32:83:5E:EB:60:1E:AC:3B:29:38:8B:0F:B3:11:28:BE:12:81
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 018B4291DEB69455A478204ACFB9DA2EE82F
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/vTgyg17rYB6sOyk4iw-zESi-EoE.roa
Signing time: Wed 18 Oct 2023 11:35:37 +0000
ROA not before: Wed 18 Oct 2023 11:35:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 171.22.144.0/24 maxlen: 24
171.22.146.0/24 maxlen: 24
91.103.120.0/21 maxlen: 24
31.43.174.0/24 maxlen: 24
185.235.71.0/24 maxlen: 24
95.111.128.0/20 maxlen: 20
95.111.144.0/20 maxlen: 20
185.149.14.0/23 maxlen: 24
185.149.14.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:42:91:de:b6:94:55:a4:78:20:4a:cf:b9:da:2e:e8:2f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Oct 18 11:35:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=bd3832835eeb601eac3b29388b0fb31128be1281
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:65:cb:20:ce:81:8e:1c:b7:66:c0:06:db:fe:
d8:59:4f:e5:2d:86:3f:37:68:0b:c7:01:9e:74:99:
c4:f8:52:37:e2:0e:70:00:3f:38:9c:ad:78:50:b9:
1f:5e:94:b5:3b:4b:83:cc:c4:10:fc:ce:3b:0e:88:
c9:02:a9:b1:da:e6:8b:19:10:27:5a:4a:2f:c4:45:
2a:15:f0:35:43:4f:dd:25:61:aa:9e:99:da:07:f8:
99:b5:66:db:ed:ba:03:8d:3c:fd:ab:b1:85:66:de:
1e:2e:a3:db:03:90:4f:53:ec:d9:4c:d2:5b:1e:61:
b8:d5:0c:a5:92:4f:68:40:03:14:e7:a3:9a:93:eb:
e3:56:04:f0:6e:64:e8:99:87:de:b6:31:cd:50:cb:
a8:cf:4f:0d:c5:fa:b8:61:c8:98:4a:4e:c6:27:de:
4a:f5:19:0d:66:6f:a9:b7:ad:4b:21:a7:75:4b:65:
c6:c6:bf:d8:7e:92:63:b8:78:8d:45:d4:92:51:12:
ae:94:d9:87:51:d7:74:58:be:61:48:86:56:87:62:
7a:dd:58:ed:3d:97:be:2d:bd:ce:5a:05:ea:27:29:
a3:cf:af:16:21:87:08:64:8e:e5:bc:7b:ee:f3:cf:
f1:23:76:04:dc:63:12:ad:7b:cc:95:11:10:9b:db:
5c:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BD:38:32:83:5E:EB:60:1E:AC:3B:29:38:8B:0F:B3:11:28:BE:12:81
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/vTgyg17rYB6sOyk4iw-zESi-EoE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.43.174.0/24
91.103.120.0/21
95.111.128.0/19
171.22.144.0/24
171.22.146.0/24
185.149.14.0/23
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
31:f8:4f:de:4f:a4:c1:47:40:c5:0b:e2:d5:ab:2a:67:e0:51:
40:3e:f1:79:47:66:2a:e4:29:a6:eb:a8:32:12:79:3d:8f:f6:
d7:3e:43:55:15:f6:ff:ed:41:55:52:25:16:ed:a4:e0:77:b2:
b7:a8:10:d3:db:d0:df:e8:f1:8e:c9:8c:74:65:08:fe:fb:5d:
67:38:44:c9:75:f7:c2:a5:38:73:23:8c:e0:0c:76:3c:98:16:
4a:14:e3:04:69:1b:b9:92:35:8c:96:ba:1c:a6:75:7b:a3:2f:
dd:b9:12:f4:30:65:f2:89:6a:86:1d:03:2d:32:e1:00:1b:43:
98:6b:04:18:5f:8c:34:24:ba:79:58:2e:41:39:9a:b9:90:16:
e0:ec:45:77:3c:51:90:22:52:14:cb:0b:58:ef:fd:da:39:ed:
12:b6:14:03:26:b4:4c:d3:49:48:88:d6:a1:cc:42:ad:5a:d9:
60:f3:e2:46:77:09:a9:b2:4f:ad:bb:48:fc:03:dd:90:5d:83:
35:af:a1:f1:2a:47:2c:f6:21:e4:36:5c:22:60:9e:4e:80:04:
45:d7:4c:80:2e:13:00:c6:be:0c:7b:8e:4c:b2:aa:a6:6d:ef:
cb:46:2f:56:76:78:2e:d6:ad:33:71:67:28:5e:cd:86:16:ec:
c0:de:1f:1b
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYtCkd62lFWkeCBKz7naLugvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMxMDE4MTEzNTM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZDM4MzI4MzVlZWI2MDFlYWMzYjI5Mzg4YjBmYjMxMTI4YmUxMjgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyGXLIM6Bjhy3ZsAG2/7YWU/lLYY/
N2gLxwGedJnE+FI34g5wAD84nK14ULkfXpS1O0uDzMQQ/M47DojJAqmx2uaLGRAn
WkovxEUqFfA1Q0/dJWGqnpnaB/iZtWbb7boDjTz9q7GFZt4eLqPbA5BPU+zZTNJb
HmG41Qylkk9oQAMU56Oak+vjVgTwbmTomYfetjHNUMuoz08Nxfq4YciYSk7GJ95K
9RkNZm+pt61LIad1S2XGxr/YfpJjuHiNRdSSURKulNmHUdd0WL5hSIZWh2J63Vjt
PZe+Lb3OWgXqJymjz68WIYcIZI7lvHvu88/xI3YE3GMSrXvMlREQm9tcmQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFL04MoNe62AerDspOIsPsxEovhKBMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEvdlRneWcxN3JZQjZzT3lrNGl3LXpFU2ktRW9FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAHyuuAwQD
W2d4AwQFX2+AAwQAqxaQAwQAqxaSAwQBuZUOAwQAuetHMA0GCSqGSIb3DQEBCwUA
A4IBAQAx+E/eT6TBR0DFC+LVqypn4FFAPvF5R2Yq5Cmm66gyEnk9j/bXPkNVFfb/
7UFVUiUW7aTgd7K3qBDT29Df6PGOyYx0ZQj++11nOETJdffCpThzI4zgDHY8mBZK
FOMEaRu5kjWMlrocpnV7oy/duRL0MGXyiWqGHQMtMuEAG0OYawQYX4w0JLp5WC5B
OZq5kBbg7EV3PFGQIlIUywtY7/3aOe0SthQDJrRM00lIiNahzEKtWtlg8+JGdwmp
sk+tu0j8A92QXYM1r6HxKkcs9iHkNlwiYJ5OgARF10yALhMAxr4Me45Msqqmbe/L
Ri9Wdngu1q0zcWcoXs2GFuzA3h8b
-----END CERTIFICATE-----
Generated at Tue Oct 24 09:41:02 2023 by rpki-client on console-ams.rpki-client.org