Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/866b6b-f56c-4a2f-902d-fbc36e4348f5/1/VJEhGpSPxZPGrojGSgsdw-enB84.roa
File: VJEhGpSPxZPGrojGSgsdw-enB84.roa (raw, json)
Hash identifier: HhZtYrsWK5PclpMEHgO7Wia0CmYwf5w+tSsOq4/E6bo=
Subject key identifier: 54:91:21:1A:94:8F:C5:93:C6:AE:88:C6:4A:0B:1D:C3:E7:A7:07:CE
Certificate issuer: /CN=002fa6e19056838905bc32b53ab0d1047d78e4d4
Certificate serial: 01856F94D76D67DF21BF517CA4B9F33C8F5B
Authority key identifier: 00:2F:A6:E1:90:56:83:89:05:BC:32:B5:3A:B0:D1:04:7D:78:E4:D4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AC-m4ZBWg4kFvDK1OrDRBH145NQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/67/866b6b-f56c-4a2f-902d-fbc36e4348f5/1/VJEhGpSPxZPGrojGSgsdw-enB84.roa
Signing time: Sun 01 Jan 2023 23:05:03 +0000
ROA not before: Sun 01 Jan 2023 23:05:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39049
IP address blocks: 94.231.36.0/22 maxlen: 23
94.231.36.0/23 maxlen: 23
94.231.32.0/21 maxlen: 23
94.231.38.0/24 maxlen: 24
94.231.32.0/22 maxlen: 22
195.66.136.0/24 maxlen: 24
195.66.136.0/23 maxlen: 23
195.66.137.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:94:d7:6d:67:df:21:bf:51:7c:a4:b9:f3:3c:8f:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=002fa6e19056838905bc32b53ab0d1047d78e4d4
Validity
Not Before: Jan 1 23:05:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5491211a948fc593c6ae88c64a0b1dc3e7a707ce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:4d:b6:54:68:22:5d:7d:90:54:69:86:fb:21:
6e:55:30:2a:65:6b:8a:f3:b5:be:dd:c2:f6:4d:50:
24:10:42:22:e8:56:9d:67:0d:89:83:1e:48:a6:85:
15:e8:89:fb:ce:86:4f:65:01:6a:1b:fd:39:e7:b5:
40:e3:2e:63:8e:82:9a:c8:25:91:12:53:64:43:17:
0b:a8:74:ba:3e:f7:60:f9:f3:72:3e:c0:c6:48:5e:
6f:55:2b:48:2e:21:29:0a:ce:95:ee:84:7e:48:54:
e0:85:ed:b5:78:b2:66:4b:46:9b:99:74:8d:2a:70:
c9:71:7a:18:07:14:b7:c4:9b:4f:90:79:7b:4c:ad:
36:15:8b:a8:e6:c5:77:13:cf:0f:f8:7f:2c:8a:ca:
28:23:01:85:a2:f2:b6:ad:79:d6:57:3e:e0:0b:ad:
52:2d:24:30:6f:a3:16:5a:ab:ed:67:4d:db:d4:55:
68:20:7f:82:2a:28:9e:24:25:61:74:60:c9:82:fc:
43:5b:a7:84:57:ec:0d:13:c1:74:de:b6:f0:55:ea:
29:93:e1:8f:61:3e:3b:96:2a:68:71:fb:6d:a8:26:
f8:1d:c3:1d:6c:71:f4:9d:47:aa:81:42:77:56:92:
9b:17:bf:ff:c3:c9:7d:82:d5:7a:16:8d:81:66:69:
7c:fd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:91:21:1A:94:8F:C5:93:C6:AE:88:C6:4A:0B:1D:C3:E7:A7:07:CE
X509v3 Authority Key Identifier:
keyid:00:2F:A6:E1:90:56:83:89:05:BC:32:B5:3A:B0:D1:04:7D:78:E4:D4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AC-m4ZBWg4kFvDK1OrDRBH145NQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/866b6b-f56c-4a2f-902d-fbc36e4348f5/1/VJEhGpSPxZPGrojGSgsdw-enB84.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/67/866b6b-f56c-4a2f-902d-fbc36e4348f5/1/AC-m4ZBWg4kFvDK1OrDRBH145NQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.231.32.0/21
195.66.136.0/23
Signature Algorithm: sha256WithRSAEncryption
23:dd:32:02:2c:67:ab:79:cf:3d:53:66:b9:52:5c:50:9f:39:
11:08:70:87:cb:8b:21:ac:42:17:92:50:12:e7:94:3f:39:34:
47:34:8a:04:0b:65:67:88:5d:7f:9e:72:57:35:aa:55:cc:57:
2a:29:b4:96:1e:58:8f:65:8f:9b:3f:27:58:ff:c3:95:5b:95:
04:aa:2a:35:de:48:74:1e:3c:9e:41:4e:93:15:88:be:db:a7:
9a:40:51:ed:e8:ad:31:4c:7d:75:92:8f:ed:ed:5a:22:66:6d:
d9:9a:70:46:b3:c6:66:b9:76:8b:1a:8a:a9:cb:eb:fa:87:89:
d2:77:c8:61:ab:17:65:5b:75:11:ad:c5:bf:00:bb:c2:cf:bb:
e7:5a:ee:46:28:75:d9:73:9d:26:ca:de:8d:11:db:a6:f6:3e:
dd:4d:6b:0f:cd:4f:65:ef:3a:53:42:80:63:63:d0:a8:42:b7:
22:c5:22:13:05:d2:10:fd:ad:ad:e8:50:2e:c2:2b:df:a2:a8:
de:cf:13:cb:d7:50:db:ab:9d:38:c3:d1:4d:d2:2d:39:1a:9d:
37:44:02:4f:98:7b:51:a9:da:d5:e9:e5:dc:f8:7b:90:1c:11:
b6:26:22:a0:53:25:b5:58:6d:d8:f1:19:8e:da:37:1d:90:86:
be:96:11:2f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVvlNdtZ98hv1F8pLnzPI9bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMmZhNmUxOTA1NjgzODkwNWJjMzJiNTNhYjBkMTA0N2Q3
OGU0ZDQwHhcNMjMwMTAxMjMwNTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDkxMjExYTk0OGZjNTkzYzZhZTg4YzY0YTBiMWRjM2U3YTcwN2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsU22VGgiXX2QVGmG+yFuVTAqZWuK
87W+3cL2TVAkEEIi6FadZw2Jgx5IpoUV6In7zoZPZQFqG/0557VA4y5jjoKayCWR
ElNkQxcLqHS6Pvdg+fNyPsDGSF5vVStILiEpCs6V7oR+SFTghe21eLJmS0abmXSN
KnDJcXoYBxS3xJtPkHl7TK02FYuo5sV3E88P+H8sisooIwGFovK2rXnWVz7gC61S
LSQwb6MWWqvtZ03b1FVoIH+CKiieJCVhdGDJgvxDW6eEV+wNE8F03rbwVeopk+GP
YT47lipocfttqCb4HcMdbHH0nUeqgUJ3VpKbF7//w8l9gtV6Fo2BZml8/QIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFFSRIRqUj8WTxq6IxkoLHcPnpwfOMB8GA1UdIwQY
MBaAFAAvpuGQVoOJBbwytTqw0QR9eOTUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUMtbTRaQldnNGtGdkRLMU9yRFJCSDE0NU5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny84NjZiNmItZjU2Yy00YTJmLTkwMmQt
ZmJjMzZlNDM0OGY1LzEvVkpFaEdwU1B4WlBHcm9qR1Nnc2R3LWVuQjg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny84NjZiNmItZjU2Yy00YTJmLTkwMmQtZmJjMzZlNDM0OGY1
LzEvQUMtbTRaQldnNGtGdkRLMU9yRFJCSDE0NU5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQDXucgAwQB
w0KIMA0GCSqGSIb3DQEBCwUAA4IBAQAj3TICLGerec89U2a5UlxQnzkRCHCHy4sh
rEIXklAS55Q/OTRHNIoEC2VniF1/nnJXNapVzFcqKbSWHliPZY+bPydY/8OVW5UE
qio13kh0HjyeQU6TFYi+26eaQFHt6K0xTH11ko/t7VoiZm3ZmnBGs8ZmuXaLGoqp
y+v6h4nSd8hhqxdlW3URrcW/ALvCz7vnWu5GKHXZc50myt6NEdum9j7dTWsPzU9l
7zpTQoBjY9CoQrcixSITBdIQ/a2t6FAuwivfoqjezxPL11Dbq504w9FN0i05Gp03
RAJPmHtRqdrV6eXc+HuQHBG2JiKgUyW1WG3Y8RmO2jcdkIa+lhEv
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:00:58 2023 by rpki-client on console-ams.rpki-client.org