Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/mv8CtYv0MBt7IF-Rt8ZR3mFuZZI.roa
File: mv8CtYv0MBt7IF-Rt8ZR3mFuZZI.roa (raw, json)
Hash identifier: a+d8ZNNbrDpFamCpZvqoHTJlJ3RlnkffyJN+/1+YYjw=
Subject key identifier: 9A:FF:02:B5:8B:F4:30:1B:7B:20:5F:91:B7:C6:51:DE:61:6E:65:92
Certificate issuer: /CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Certificate serial: 141639BC
Authority key identifier: 2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/mv8CtYv0MBt7IF-Rt8ZR3mFuZZI.roa
Signing time: Tue 08 Mar 2022 13:15:13 +0000
ROA not before: Tue 08 Mar 2022 13:15:13 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 31732
IP address blocks: 212.90.100.0/22 maxlen: 24
185.220.236.0/22 maxlen: 24
188.209.155.0/24 maxlen: 24
185.59.114.0/23 maxlen: 24
46.249.97.0/24 maxlen: 24
46.249.98.0/23 maxlen: 23
46.249.104.0/21 maxlen: 21
46.249.100.0/22 maxlen: 22
185.129.108.0/22 maxlen: 24
46.249.112.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 337000892 (0x141639bc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2ac3daa1b14850f2e61c592b2191915a5e65a478
Validity
Not Before: Mar 8 13:15:13 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9aff02b58bf4301b7b205f91b7c651de616e6592
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ec:43:03:cf:f0:8a:4c:8d:39:8d:f6:92:3c:2d:
5c:8a:de:1b:50:1d:9a:a8:5c:4d:b2:34:fb:24:56:
1a:66:25:19:4a:5b:d3:0a:22:fe:e0:2d:0c:aa:2a:
ec:05:45:e6:d6:b6:78:00:88:92:9d:8e:47:46:c8:
bb:81:f3:69:16:58:cc:57:33:4c:4f:11:36:32:a4:
3e:7b:e0:db:5f:5a:dd:22:7f:b5:60:1a:bc:9e:a4:
22:aa:aa:92:4f:47:7a:42:4c:38:f5:38:f1:4e:86:
d5:6e:44:b0:11:8e:e9:d8:f1:44:c7:d9:fb:f5:98:
f7:2d:d4:5e:da:e0:19:c2:cb:93:f9:fa:56:cf:c6:
1c:1e:f1:5e:19:a1:7d:a0:d0:89:82:47:a6:75:68:
15:d6:c7:66:64:76:e1:0d:53:32:2b:f8:94:27:80:
f3:c5:ae:4e:a7:07:d7:79:10:3b:1c:77:8d:b4:db:
30:41:cf:7b:db:85:48:06:a0:39:52:28:e5:0f:07:
8e:ef:0c:3d:fb:48:53:93:25:f8:61:44:0c:04:ac:
96:d2:6a:fa:ac:e4:d4:11:8a:74:2d:6c:e1:63:8e:
d5:b0:14:d8:55:eb:b6:86:40:80:59:27:b7:74:96:
3e:bf:6f:04:c0:e5:aa:92:3e:0f:8c:04:9a:79:79:
fa:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:FF:02:B5:8B:F4:30:1B:7B:20:5F:91:B7:C6:51:DE:61:6E:65:92
X509v3 Authority Key Identifier:
keyid:2A:C3:DA:A1:B1:48:50:F2:E6:1C:59:2B:21:91:91:5A:5E:65:A4:78
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/KsPaobFIUPLmHFkrIZGRWl5lpHg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/mv8CtYv0MBt7IF-Rt8ZR3mFuZZI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/70/405bbd-5913-4e95-8e75-fe0659176a56/1/KsPaobFIUPLmHFkrIZGRWl5lpHg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.249.97.0-46.249.119.255
185.59.114.0/23
185.129.108.0/22
185.220.236.0/22
188.209.155.0/24
212.90.100.0/22
Signature Algorithm: sha256WithRSAEncryption
96:d1:b3:22:0f:ac:31:bd:99:9b:f2:03:a2:0f:e6:94:a1:4f:
0d:c2:18:0d:56:5e:9f:88:66:f4:59:89:11:55:54:1e:b4:5e:
bc:9d:49:11:c9:cc:1b:9e:60:df:a1:6f:a7:a8:b0:d5:73:98:
c3:46:51:a7:1d:41:cc:21:ac:d9:39:3b:a0:1e:2e:67:de:77:
ea:e3:36:5d:9f:1c:7c:67:f3:a7:6c:16:66:37:ff:f4:5e:36:
8a:1a:4d:9b:2e:51:52:6a:c9:5d:71:0b:fb:a3:3e:24:a3:93:
9d:62:e1:50:50:a0:96:2c:72:73:0f:07:a9:ca:90:66:09:de:
77:2f:20:61:8f:03:d1:e1:d0:24:e2:c0:55:3c:37:cd:a9:45:
24:ba:19:fd:b2:a7:20:7f:32:05:89:4c:26:91:a2:eb:46:4f:
84:15:ac:36:bf:f0:74:5b:31:a9:71:cf:9e:21:e7:47:68:e9:
c9:4b:35:af:1f:ef:99:4a:30:ca:b5:cc:f2:b1:cd:c3:78:97:
2b:00:3d:26:f5:38:70:06:98:e0:e3:15:fa:e6:eb:82:37:54:
8c:3e:6a:b3:ce:d7:dc:18:4a:1e:c6:54:4d:24:9f:67:1e:25:
cd:21:26:12:63:89:25:09:11:3c:ba:d6:1a:59:94:88:d5:e9:
95:7a:59:03
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgIEFBY5vDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
YWMzZGFhMWIxNDg1MGYyZTYxYzU5MmIyMTkxOTE1YTVlNjVhNDc4MB4XDTIyMDMw
ODEzMTUxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOWFmZjAyYjU4YmY0
MzAxYjdiMjA1ZjkxYjdjNjUxZGU2MTZlNjU5MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOxDA8/wikyNOY32kjwtXIreG1AdmqhcTbI0+yRWGmYlGUpb
0woi/uAtDKoq7AVF5ta2eACIkp2OR0bIu4HzaRZYzFczTE8RNjKkPnvg219a3SJ/
tWAavJ6kIqqqkk9HekJMOPU48U6G1W5EsBGO6djxRMfZ+/WY9y3UXtrgGcLLk/n6
Vs/GHB7xXhmhfaDQiYJHpnVoFdbHZmR24Q1TMiv4lCeA88WuTqcH13kQOxx3jbTb
MEHPe9uFSAagOVIo5Q8Hju8MPftIU5Ml+GFEDASsltJq+qzk1BGKdC1s4WOO1bAU
2FXrtoZAgFknt3SWPr9vBMDlqpI+D4wEmnl5+vMCAwEAAaOCAi8wggIrMB0GA1Ud
DgQWBBSa/wK1i/QwG3sgX5G3xlHeYW5lkjAfBgNVHSMEGDAWgBQqw9qhsUhQ8uYc
WSshkZFaXmWkeDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0tzUGFvYkZJVVBMbUhGa3JJWkdSV2w1bHBIZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNzAvNDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8x
L212OEN0WXYwTUJ0N0lGLVJ0OFpSM21GdVpaSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNzAv
NDA1YmJkLTU5MTMtNGU5NS04ZTc1LWZlMDY1OTE3NmE1Ni8xL0tzUGFvYkZJVVBM
bUhGa3JJWkdSV2w1bHBIZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBF
BggrBgEFBQcBBwEB/wQ2MDQwMgQCAAEwLDAMAwQALvlhAwQDLvlwAwQBuTtyAwQC
uYFsAwQCudzsAwQAvNGbAwQC1FpkMA0GCSqGSIb3DQEBCwUAA4IBAQCW0bMiD6wx
vZmb8gOiD+aUoU8NwhgNVl6fiGb0WYkRVVQetF68nUkRycwbnmDfoW+nqLDVc5jD
RlGnHUHMIazZOTugHi5n3nfq4zZdnxx8Z/OnbBZmN//0XjaKGk2bLlFSasldcQv7
oz4ko5OdYuFQUKCWLHJzDwepypBmCd53LyBhjwPR4dAk4sBVPDfNqUUkuhn9sqcg
fzIFiUwmkaLrRk+EFaw2v/B0WzGpcc+eIedHaOnJSzWvH++ZSjDKtczysc3DeJcr
AD0m9ThwBpjg4xX65uuCN1SMPmqzztfcGEoexlRNJJ9nHiXNISYSY4klCRE8utYa
WZSI1emVelkD
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:24 2023 by rpki-client on console-ams.rpki-client.org