Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/67/866b6b-f56c-4a2f-902d-fbc36e4348f5/1/ivYNjFhsCZPJ7h1L5bjrGTNon58.roa
File: ivYNjFhsCZPJ7h1L5bjrGTNon58.roa (raw, json)
Hash identifier: DODjjdxPD7K0ap0DIENW979aQN7f2XkubfjfHu8Usuk=
Subject key identifier: 8A:F6:0D:8C:58:6C:09:93:C9:EE:1D:4B:E5:B8:EB:19:33:68:9F:9F
Certificate issuer: /CN=002fa6e19056838905bc32b53ab0d1047d78e4d4
Certificate serial: 01896E43EC1B4552DE1E57E3BEDF6CD28F16
Authority key identifier: 00:2F:A6:E1:90:56:83:89:05:BC:32:B5:3A:B0:D1:04:7D:78:E4:D4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/AC-m4ZBWg4kFvDK1OrDRBH145NQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/67/866b6b-f56c-4a2f-902d-fbc36e4348f5/1/ivYNjFhsCZPJ7h1L5bjrGTNon58.roa
Signing time: Wed 19 Jul 2023 13:08:12 +0000
ROA not before: Wed 19 Jul 2023 13:08:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39049
IP address blocks: 94.231.36.0/23 maxlen: 23
94.231.32.0/22 maxlen: 22
195.66.136.0/24 maxlen: 24
195.66.136.0/23 maxlen: 23
195.66.137.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:6e:43:ec:1b:45:52:de:1e:57:e3:be:df:6c:d2:8f:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=002fa6e19056838905bc32b53ab0d1047d78e4d4
Validity
Not Before: Jul 19 13:08:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8af60d8c586c0993c9ee1d4be5b8eb1933689f9f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:eb:c0:ad:22:e3:07:eb:3e:fc:91:04:ab:fa:
56:6e:ca:bc:cd:97:86:39:fa:53:3b:ce:f4:c3:1b:
8b:e4:0e:ca:4b:e9:a9:ba:55:01:63:4d:0f:48:76:
4d:fc:7c:4b:c3:15:a8:9a:8a:40:08:54:e5:c4:bf:
00:9e:8b:d2:c5:0f:57:57:6f:79:bb:c2:fa:67:a8:
88:12:07:55:69:42:1c:b4:77:78:46:06:99:c0:20:
e0:b9:b8:9f:aa:43:35:ad:ae:83:76:06:42:e9:9d:
9a:66:be:6d:c6:3a:e9:5b:b8:e3:c5:00:75:8a:fb:
89:d3:03:0c:09:6f:9b:07:b9:9c:93:4a:7b:a5:a1:
1d:c4:d8:75:f3:95:68:8f:1b:cf:f9:fa:62:e6:b5:
eb:2b:d4:d2:74:0b:e2:0c:45:78:7f:ec:91:65:cf:
f0:c9:0e:cf:06:34:e5:70:19:1d:2c:a8:fb:42:89:
a6:62:bb:75:27:73:59:ec:1f:92:da:92:9d:75:cd:
c1:27:4c:02:0e:40:01:00:00:3b:74:e3:a4:d6:88:
3d:52:30:6d:37:a0:0d:70:42:51:a6:7b:23:03:94:
9a:5d:7c:5e:66:cb:8b:96:58:90:0a:68:20:d4:fe:
92:7b:59:e4:06:48:b7:3e:81:a4:9f:26:84:75:48:
b9:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:F6:0D:8C:58:6C:09:93:C9:EE:1D:4B:E5:B8:EB:19:33:68:9F:9F
X509v3 Authority Key Identifier:
keyid:00:2F:A6:E1:90:56:83:89:05:BC:32:B5:3A:B0:D1:04:7D:78:E4:D4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/AC-m4ZBWg4kFvDK1OrDRBH145NQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/67/866b6b-f56c-4a2f-902d-fbc36e4348f5/1/ivYNjFhsCZPJ7h1L5bjrGTNon58.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/67/866b6b-f56c-4a2f-902d-fbc36e4348f5/1/AC-m4ZBWg4kFvDK1OrDRBH145NQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.231.32.0-94.231.37.255
195.66.136.0/23
Signature Algorithm: sha256WithRSAEncryption
18:54:72:ea:eb:4d:d5:aa:c8:68:e1:ba:45:86:24:30:2b:86:
b5:8f:61:02:c8:56:34:f5:53:58:91:0b:53:1a:27:46:05:a2:
b8:2e:b6:8f:a7:fa:2b:8b:e3:b2:f8:62:07:85:70:eb:97:f3:
37:08:d2:83:f8:2b:32:98:b5:f9:5d:6a:fe:71:85:59:b2:cd:
61:d3:7b:2d:84:41:1d:02:2c:27:c5:56:23:ae:c1:95:c2:39:
6c:6b:34:10:12:6b:43:ae:b2:1e:c5:09:90:34:0a:d5:6c:d2:
17:1f:14:4a:0f:ac:ed:fd:9b:80:3f:cf:02:fa:48:b5:3e:cf:
ca:da:b5:aa:b2:ff:b9:7e:10:62:5d:5c:75:59:87:fc:99:ef:
b5:29:4d:ee:25:d1:b9:ac:30:0d:7e:6d:f5:16:79:37:6a:ce:
0b:2a:d9:61:e0:5f:a4:48:e9:12:ab:94:5f:51:48:a5:40:79:
1b:29:47:4a:17:ca:60:f2:17:f4:19:bc:af:bb:a2:71:10:b0:
d7:39:93:db:04:49:08:3b:44:47:0a:1d:5f:5e:01:06:82:98:
4e:b8:d0:e9:91:9a:94:42:35:dc:80:bf:5c:23:c2:ef:2e:40:
35:a9:ca:73:b1:50:ab:50:69:f8:74:ea:2a:23:ea:f8:0c:b9:
56:ce:a5:99
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYluQ+wbRVLeHlfjvt9s0o8WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDAwMmZhNmUxOTA1NjgzODkwNWJjMzJiNTNhYjBkMTA0N2Q3
OGU0ZDQwHhcNMjMwNzE5MTMwODEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWY2MGQ4YzU4NmMwOTkzYzllZTFkNGJlNWI4ZWIxOTMzNjg5ZjlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkOvArSLjB+s+/JEEq/pWbsq8zZeG
OfpTO870wxuL5A7KS+mpulUBY00PSHZN/HxLwxWomopACFTlxL8AnovSxQ9XV295
u8L6Z6iIEgdVaUIctHd4RgaZwCDgubifqkM1ra6DdgZC6Z2aZr5txjrpW7jjxQB1
ivuJ0wMMCW+bB7mck0p7paEdxNh185VojxvP+fpi5rXrK9TSdAviDEV4f+yRZc/w
yQ7PBjTlcBkdLKj7QommYrt1J3NZ7B+S2pKddc3BJ0wCDkABAAA7dOOk1og9UjBt
N6ANcEJRpnsjA5SaXXxeZsuLlliQCmgg1P6Se1nkBki3PoGknyaEdUi5NwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFIr2DYxYbAmTye4dS+W46xkzaJ+fMB8GA1UdIwQY
MBaAFAAvpuGQVoOJBbwytTqw0QR9eOTUMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQUMtbTRaQldnNGtGdkRLMU9yRFJCSDE0NU5RLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Ny84NjZiNmItZjU2Yy00YTJmLTkwMmQt
ZmJjMzZlNDM0OGY1LzEvaXZZTmpGaHNDWlBKN2gxTDVianJHVE5vbjU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Ny84NjZiNmItZjU2Yy00YTJmLTkwMmQtZmJjMzZlNDM0OGY1
LzEvQUMtbTRaQldnNGtGdkRLMU9yRFJCSDE0NU5RLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUMAwDBAVe5yAD
BAFe5yQDBAHDQogwDQYJKoZIhvcNAQELBQADggEBABhUcurrTdWqyGjhukWGJDAr
hrWPYQLIVjT1U1iRC1MaJ0YForguto+n+iuL47L4YgeFcOuX8zcI0oP4KzKYtfld
av5xhVmyzWHTey2EQR0CLCfFViOuwZXCOWxrNBASa0Oush7FCZA0CtVs0hcfFEoP
rO39m4A/zwL6SLU+z8rataqy/7l+EGJdXHVZh/yZ77UpTe4l0bmsMA1+bfUWeTdq
zgsq2WHgX6RI6RKrlF9RSKVAeRspR0oXymDyF/QZvK+7onEQsNc5k9sESQg7REcK
HV9eAQaCmE640OmRmpRCNdyAv1wjwu8uQDWpynOxUKtQafh06ioj6vgMuVbOpZk=
-----END CERTIFICATE-----
Generated at Fri Jul 21 11:48:58 2023 by rpki-client on console-fra.rpki-client.org