Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/866b6b-f56c-4a2f-902d-fbc36e4348f5/1/TDNDCtKErWMkiHc3MszgWit7Bug.roa
File: TDNDCtKErWMkiHc3MszgWit7Bug.roa (raw, json)
Hash identifier: NBJP3tNz0B5d8go/3CnzzzCyD4PALjKgvGdYfc2HeKU=
Subject key identifier: 4C:33:43:0A:D2:84:AD:63:24:88:77:37:32:CC:E0:5A:2B:7B:06:E8
Certificate issuer: /CN=002fa6e19056838905bc32b53ab0d1047d78e4d4
Certificate serial: 06D2E62B
Authority key identifier: 00:2F:A6:E1:90:56:83:89:05:BC:32:B5:3A:B0:D1:04:7D:78:E4:D4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AC-m4ZBWg4kFvDK1OrDRBH145NQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/67/866b6b-f56c-4a2f-902d-fbc36e4348f5/1/TDNDCtKErWMkiHc3MszgWit7Bug.roa
Signing time: Sat 30 Apr 2022 13:06:42 +0000
ROA not before: Sat 30 Apr 2022 13:06:42 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 39049
IP address blocks: 94.231.36.0/22 maxlen: 22
94.231.32.0/22 maxlen: 22
94.231.32.0/20 maxlen: 20
94.231.40.0/22 maxlen: 22
195.66.136.0/24 maxlen: 24
195.66.136.0/23 maxlen: 23
195.66.137.0/24 maxlen: 24
94.231.44.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 114484779 (0x6d2e62b)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=002fa6e19056838905bc32b53ab0d1047d78e4d4
Validity
Not Before: Apr 30 13:06:42 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=4c33430ad284ad632488773732cce05a2b7b06e8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:0b:af:64:7a:3f:b5:07:14:74:2c:c5:49:c6:
26:97:7d:2e:35:b5:f4:c8:46:26:b1:49:1a:77:98:
f0:fc:eb:49:f9:18:27:8a:87:1d:4a:1a:e3:92:98:
8c:f0:36:bc:0a:f7:a6:22:1c:1e:19:7a:0f:36:72:
cf:12:10:70:4d:b7:3c:d3:27:95:bb:8a:5c:13:f5:
de:0b:89:0d:66:26:04:cb:9c:a6:7e:af:5e:46:30:
d0:93:42:bb:0f:48:b7:99:81:2b:3d:a2:f4:e2:a3:
43:ac:c0:2c:d1:43:18:8e:1e:5b:1f:89:26:46:fa:
17:82:72:5f:3f:48:b6:da:3b:3f:59:4e:76:fe:6a:
30:0a:e6:c0:6a:f0:05:7a:75:af:8f:a1:2c:3e:21:
45:7e:fb:e3:c2:13:b0:71:83:5a:57:eb:95:c0:ba:
32:aa:df:f4:f1:cd:d8:3a:8a:97:95:f8:4e:15:46:
1b:a7:7b:c9:90:9a:ba:5c:0e:62:c2:e9:13:bb:f9:
04:c9:e0:55:f5:7c:53:98:5f:90:c1:b0:33:ed:a2:
bb:42:37:6c:4f:a5:93:cd:91:52:e3:8e:fd:de:4c:
27:6b:b5:45:e7:89:90:4a:39:88:44:e9:da:0c:76:
cb:de:93:fb:c6:b2:ea:91:03:a4:0c:25:cf:13:c3:
b1:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:33:43:0A:D2:84:AD:63:24:88:77:37:32:CC:E0:5A:2B:7B:06:E8
X509v3 Authority Key Identifier:
keyid:00:2F:A6:E1:90:56:83:89:05:BC:32:B5:3A:B0:D1:04:7D:78:E4:D4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AC-m4ZBWg4kFvDK1OrDRBH145NQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/866b6b-f56c-4a2f-902d-fbc36e4348f5/1/TDNDCtKErWMkiHc3MszgWit7Bug.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/67/866b6b-f56c-4a2f-902d-fbc36e4348f5/1/AC-m4ZBWg4kFvDK1OrDRBH145NQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.231.32.0/20
195.66.136.0/23
Signature Algorithm: sha256WithRSAEncryption
7b:56:62:52:df:c0:f4:d2:d6:43:ef:2f:ec:c6:28:eb:1e:b9:
a8:3d:19:52:4e:b2:04:df:a5:f1:58:cc:ae:24:d7:7e:3d:9e:
27:e4:c9:71:51:82:8c:cc:04:5b:be:9b:46:7e:76:1d:80:a0:
2c:1a:ec:76:f7:74:92:0b:45:d2:d7:ac:9c:16:05:db:b2:8f:
cf:b6:42:2d:96:e4:8a:86:ed:51:6c:a9:5e:7d:1b:66:57:28:
7a:88:eb:54:1e:c3:70:85:f2:ff:2e:d5:87:57:3a:d5:d9:b9:
e9:fa:93:d6:dc:05:00:47:53:54:87:e0:b3:96:ee:63:62:10:
22:49:32:e2:99:44:ea:71:fa:0d:e9:2d:cd:2b:3b:bc:7c:00:
a5:a1:2b:eb:ce:93:0a:af:e4:9c:3f:0d:63:45:d3:0f:fe:a9:
af:dc:a9:29:08:1d:e9:27:b7:86:aa:46:42:52:17:d4:4b:50:
91:37:7d:93:7e:d1:f0:49:dd:7d:bc:a3:34:5d:25:04:6e:43:
f5:93:48:d7:49:32:43:56:d2:75:a1:42:a2:85:c5:d9:6c:0f:
3c:8d:84:3d:86:09:78:eb:d0:d4:de:fe:1a:9a:20:1c:5d:61:
bf:d8:87:cb:e8:a9:59:da:3f:cc:12:30:9a:5c:fb:4b:7e:c1:
5e:c3:f0:fa
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIEBtLmKzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
MDJmYTZlMTkwNTY4Mzg5MDViYzMyYjUzYWIwZDEwNDdkNzhlNGQ0MB4XDTIyMDQz
MDEzMDY0MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGMzMzQzMGFkMjg0
YWQ2MzI0ODg3NzM3MzJjY2UwNWEyYjdiMDZlODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJILr2R6P7UHFHQsxUnGJpd9LjW19MhGJrFJGneY8PzrSfkY
J4qHHUoa45KYjPA2vAr3piIcHhl6DzZyzxIQcE23PNMnlbuKXBP13guJDWYmBMuc
pn6vXkYw0JNCuw9It5mBKz2i9OKjQ6zALNFDGI4eWx+JJkb6F4JyXz9Itto7P1lO
dv5qMArmwGrwBXp1r4+hLD4hRX7748ITsHGDWlfrlcC6Mqrf9PHN2DqKl5X4ThVG
G6d7yZCaulwOYsLpE7v5BMngVfV8U5hfkMGwM+2iu0I3bE+lk82RUuOO/d5MJ2u1
ReeJkEo5iETp2gx2y96T+8ay6pEDpAwlzxPDsfcCAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBRMM0MK0oStYySIdzcyzOBaK3sG6DAfBgNVHSMEGDAWgBQAL6bhkFaDiQW8
MrU6sNEEfXjk1DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0FDLW00WkJXZzRrRnZESzFPckRSQkgxNDVOUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNjcvODY2YjZiLWY1NmMtNGEyZi05MDJkLWZiYzM2ZTQzNDhmNS8x
L1RETkRDdEtFcldNa2lIYzNNc3pnV2l0N0J1Zy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNjcv
ODY2YjZiLWY1NmMtNGEyZi05MDJkLWZiYzM2ZTQzNDhmNS8xL0FDLW00WkJXZzRr
RnZESzFPckRSQkgxNDVOUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEBF7nIAMEAcNCiDANBgkqhkiG9w0B
AQsFAAOCAQEAe1ZiUt/A9NLWQ+8v7MYo6x65qD0ZUk6yBN+l8VjMriTXfj2eJ+TJ
cVGCjMwEW76bRn52HYCgLBrsdvd0kgtF0tesnBYF27KPz7ZCLZbkiobtUWypXn0b
ZlcoeojrVB7DcIXy/y7Vh1c61dm56fqT1twFAEdTVIfgs5buY2IQIkky4plE6nH6
DektzSs7vHwApaEr686TCq/knD8NY0XTD/6pr9ypKQgd6Se3hqpGQlIX1EtQkTd9
k37R8EndfbyjNF0lBG5D9ZNI10kyQ1bSdaFCooXF2WwPPI2EPYYJeOvQ1N7+Gpog
HF1hv9iHy+ipWdo/zBIwmlz7S37BXsPw+g==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:00:58 2023 by rpki-client on console-ams.rpki-client.org