Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/ezPvEFIamlz945a-FYVGZeLkeSs.roa
File: ezPvEFIamlz945a-FYVGZeLkeSs.roa (raw, json)
Hash identifier: gNm+5gLm8TanMM6VgN5G3uKmUV68TBKYd9AZuv8x2YI=
Subject key identifier: 7B:33:EF:10:52:1A:9A:5C:FD:E3:96:BE:15:85:46:65:E2:E4:79:2B
Certificate issuer: /CN=942588b91da9cca81b49e603a988e2b1eabddc98
Certificate serial: 0185E814760C217DFE2CEE04BC4BF7BE0570
Authority key identifier: 94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/ezPvEFIamlz945a-FYVGZeLkeSs.roa
Signing time: Wed 25 Jan 2023 08:38:52 +0000
ROA not before: Wed 25 Jan 2023 08:38:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15596
IP address blocks: 31.42.112.0/20 maxlen: 20
31.42.120.0/21 maxlen: 24
91.210.144.0/22 maxlen: 22
193.110.20.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:e8:14:76:0c:21:7d:fe:2c:ee:04:bc:4b:f7:be:05:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=942588b91da9cca81b49e603a988e2b1eabddc98
Validity
Not Before: Jan 25 08:38:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7b33ef10521a9a5cfde396be15854665e2e4792b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:3e:33:c5:25:6f:85:19:0b:ed:98:de:eb:89:
96:bd:76:8c:ac:0b:43:5f:8a:34:e8:36:7f:e6:de:
8d:49:30:0f:32:18:89:d6:71:b4:2e:cc:92:f2:5d:
fe:f0:22:44:e3:7d:25:71:2f:50:d1:14:40:b0:8a:
f7:07:ec:95:d1:3d:27:7f:8f:5b:81:27:45:59:42:
aa:67:14:aa:fd:cb:0e:fa:de:91:94:d9:84:1c:6d:
89:d7:8f:74:e9:3e:72:ca:62:09:0b:43:58:2d:95:
ce:92:0a:1d:8f:fa:bf:79:35:bb:a5:31:7e:f9:fa:
fb:54:de:cf:7e:8b:26:d0:75:6e:52:d9:b8:8b:92:
55:3e:36:26:ec:c1:65:a9:c6:d3:eb:95:94:76:a9:
32:ae:22:d5:9c:64:11:df:58:8e:0d:c7:16:15:85:
86:48:97:de:84:db:2b:2f:77:8c:2f:15:bd:81:77:
26:f2:35:38:5e:ce:44:cd:56:93:79:c6:8a:25:ef:
38:f6:50:25:e7:61:03:e1:c5:c4:ba:cd:63:a2:c6:
b6:a2:24:2d:16:1c:6e:17:be:34:fd:ba:c1:8d:ff:
31:bc:0b:d8:fd:8c:0e:96:23:96:de:79:d0:07:fb:
14:ef:cc:2d:19:e4:31:23:5b:10:fb:4f:d6:1f:cf:
16:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:33:EF:10:52:1A:9A:5C:FD:E3:96:BE:15:85:46:65:E2:E4:79:2B
X509v3 Authority Key Identifier:
keyid:94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/ezPvEFIamlz945a-FYVGZeLkeSs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.42.112.0/20
91.210.144.0/22
193.110.20.0/22
Signature Algorithm: sha256WithRSAEncryption
9a:e0:3c:de:50:9a:7a:2f:6a:59:ce:87:43:eb:b4:59:ef:45:
d6:61:d6:fd:e3:78:73:d0:58:c4:9f:ae:15:bb:af:01:4b:6e:
55:a5:96:5b:34:40:9c:53:a2:56:c5:9e:47:f5:e3:b6:ee:f9:
28:8f:72:6c:16:87:a7:63:f8:4b:a9:78:fe:e5:8e:16:a9:59:
e9:7d:0c:4e:e2:62:5c:13:63:c2:6f:ff:d5:3a:30:fa:c4:f6:
e1:f2:dc:1d:34:76:2c:ab:eb:c0:eb:ca:c5:f9:f1:db:95:67:
e2:38:e6:1d:de:9d:bd:fa:9f:80:8d:d3:71:fb:cc:71:57:6b:
c0:27:ba:7c:2d:5b:d8:fc:4a:55:e1:97:20:e4:a5:69:c0:59:
f7:ad:36:e5:2c:4c:ba:68:97:64:3b:bc:4e:28:ae:62:a3:32:
b3:76:5a:8d:74:1f:e1:df:2f:93:a8:f6:dc:43:f2:34:9e:6c:
69:4c:f1:ab:c2:66:37:9c:c4:77:bb:56:69:1b:04:1b:b6:1c:
12:94:c6:e4:9d:8f:03:cc:5e:d1:c1:5b:56:8d:b2:9e:6d:ac:
4a:51:87:e5:82:08:49:16:c3:73:c3:a9:18:b1:12:40:32:e2:
02:98:22:45:65:02:b7:b0:d5:5d:9f:47:31:1e:4d:3c:51:61:
38:66:82:77
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYXoFHYMIX3+LO4EvEv3vgVwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MjU4OGI5MWRhOWNjYTgxYjQ5ZTYwM2E5ODhlMmIxZWFi
ZGRjOTgwHhcNMjMwMTI1MDgzODUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YjMzZWYxMDUyMWE5YTVjZmRlMzk2YmUxNTg1NDY2NWUyZTQ3OTJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAij4zxSVvhRkL7Zje64mWvXaMrAtD
X4o06DZ/5t6NSTAPMhiJ1nG0LsyS8l3+8CJE430lcS9Q0RRAsIr3B+yV0T0nf49b
gSdFWUKqZxSq/csO+t6RlNmEHG2J14906T5yymIJC0NYLZXOkgodj/q/eTW7pTF+
+fr7VN7Pfosm0HVuUtm4i5JVPjYm7MFlqcbT65WUdqkyriLVnGQR31iODccWFYWG
SJfehNsrL3eMLxW9gXcm8jU4Xs5EzVaTecaKJe849lAl52ED4cXEus1josa2oiQt
FhxuF740/brBjf8xvAvY/YwOliOW3nnQB/sU78wtGeQxI1sQ+0/WH88WGQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFHsz7xBSGppc/eOWvhWFRmXi5HkrMB8GA1UdIwQY
MBaAFJQliLkdqcyoG0nmA6mI4rHqvdyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQt
NjVkYWFkNjMyOTU3LzEvZXpQdkVGSWFtbHo5NDVhLUZZVkdaZUxrZVNzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQtNjVkYWFkNjMyOTU3
LzEvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEHypwAwQC
W9KQAwQCwW4UMA0GCSqGSIb3DQEBCwUAA4IBAQCa4DzeUJp6L2pZzodD67RZ70XW
Ydb943hz0FjEn64Vu68BS25VpZZbNECcU6JWxZ5H9eO27vkoj3JsFoenY/hLqXj+
5Y4WqVnpfQxO4mJcE2PCb//VOjD6xPbh8twdNHYsq+vA68rF+fHblWfiOOYd3p29
+p+AjdNx+8xxV2vAJ7p8LVvY/EpV4Zcg5KVpwFn3rTblLEy6aJdkO7xOKK5iozKz
dlqNdB/h3y+TqPbcQ/I0nmxpTPGrwmY3nMR3u1ZpGwQbthwSlMbknY8DzF7RwVtW
jbKebaxKUYflgghJFsNzw6kYsRJAMuICmCJFZQK3sNVdn0cxHk08UWE4ZoJ3
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:49 2024 by rpki-client on console-ams.rpki-client.org