Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/jIM4wtyZo-MJeH2q_R0xVn1lMWo.roa
File: jIM4wtyZo-MJeH2q_R0xVn1lMWo.roa (raw, json)
Hash identifier: pGIohMInH5k+XiuBJA+aIOFgfBigVTenlF1u8pWx11Y=
Subject key identifier: 8C:83:38:C2:DC:99:A3:E3:09:78:7D:AA:FD:1D:31:56:7D:65:31:6A
Certificate issuer: /CN=942588b91da9cca81b49e603a988e2b1eabddc98
Certificate serial: 0188C01A88266944AC3D25E3A2A0008EC4E0
Authority key identifier: 94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/jIM4wtyZo-MJeH2q_R0xVn1lMWo.roa
Signing time: Thu 15 Jun 2023 17:29:04 +0000
ROA not before: Thu 15 Jun 2023 17:29:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 15596
IP address blocks: 31.42.112.0/20 maxlen: 20
31.42.124.0/22 maxlen: 22
91.210.144.0/22 maxlen: 22
193.110.20.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:c0:1a:88:26:69:44:ac:3d:25:e3:a2:a0:00:8e:c4:e0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=942588b91da9cca81b49e603a988e2b1eabddc98
Validity
Not Before: Jun 15 17:29:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8c8338c2dc99a3e309787daafd1d31567d65316a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:ca:19:d8:ac:28:36:ea:11:3f:a5:40:ae:5e:
a1:78:35:ef:6b:72:2d:17:6c:16:40:89:6b:81:29:
2f:7d:96:f4:5c:4a:72:04:b7:9f:e6:20:ee:04:93:
50:79:ad:1e:e4:b2:41:c4:c0:e2:63:68:6f:16:f6:
76:fd:9b:d6:d5:9b:52:24:29:1b:d5:80:c9:48:42:
ca:9f:b1:3d:22:6a:da:1b:66:f2:16:32:51:91:e2:
33:96:ea:f6:19:d6:7b:e8:9c:8e:de:15:ec:25:63:
7c:8a:b2:5f:35:ee:1a:a1:c8:98:68:ee:fe:50:b2:
e3:e9:7c:44:a2:39:7d:d5:f4:b9:81:39:2b:1d:f0:
9f:52:1e:58:62:f4:d8:a8:5f:f9:61:ad:6c:a9:e3:
ad:1d:2f:90:a6:6a:e3:c9:fc:39:40:82:bc:ff:8a:
eb:86:8a:60:16:73:30:b4:15:cf:a9:be:af:10:b5:
89:e3:39:16:c7:1d:a6:36:da:71:2a:c4:d2:4f:cc:
8f:5c:39:50:5c:0c:cd:65:da:af:06:ce:9f:b2:39:
8b:e0:38:fb:fc:c5:31:0d:79:fc:83:49:5c:67:9c:
0c:eb:a0:7a:63:b8:cb:78:57:f1:cc:d2:97:c1:6f:
66:bb:12:9b:94:50:1e:80:d4:9c:db:f6:31:34:74:
c4:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:83:38:C2:DC:99:A3:E3:09:78:7D:AA:FD:1D:31:56:7D:65:31:6A
X509v3 Authority Key Identifier:
keyid:94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/jIM4wtyZo-MJeH2q_R0xVn1lMWo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.42.112.0/20
91.210.144.0/22
193.110.20.0/22
Signature Algorithm: sha256WithRSAEncryption
45:41:d4:a8:3e:d8:51:ec:c0:70:f7:c8:03:ea:b2:86:ab:39:
34:36:95:a6:c9:be:59:af:d5:72:ed:a4:5c:af:bf:06:eb:d8:
b3:c2:ab:4d:bf:3b:98:72:76:08:85:2f:07:d8:ae:2a:69:94:
fa:2c:63:ae:f9:a0:39:69:73:6d:be:da:9a:4e:0f:52:a0:8f:
09:22:94:eb:86:52:31:fa:5c:04:9f:8e:62:56:7f:58:e7:2f:
70:de:52:57:fe:92:18:52:b7:6b:18:bb:67:4e:75:97:b9:35:
3f:86:b9:1d:13:61:a2:d3:46:1e:a8:6d:7e:7c:a2:3f:c6:25:
c7:ef:2c:2f:47:20:c0:af:73:dd:7a:f6:be:2e:6b:5a:04:e4:
62:1e:df:55:a1:74:0d:78:1d:1e:99:f5:f1:9e:50:22:c4:71:
9e:ec:06:d8:16:ff:82:30:d9:12:ce:3f:20:b6:0d:30:ea:19:
8c:f3:d5:fc:12:76:19:6c:f1:72:a5:46:ef:ae:d1:84:cc:7c:
96:33:a7:aa:ed:af:54:cb:10:3d:9a:a5:ce:d4:8c:fa:a2:d7:
77:d2:61:85:ff:df:fd:30:4d:37:bd:32:fa:61:fa:4f:14:07:
55:6b:e8:8c:82:f2:74:11:e1:77:f8:b5:c9:01:75:41:f7:39:
d1:25:17:a5
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYjAGogmaUSsPSXjoqAAjsTgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MjU4OGI5MWRhOWNjYTgxYjQ5ZTYwM2E5ODhlMmIxZWFi
ZGRjOTgwHhcNMjMwNjE1MTcyOTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzgzMzhjMmRjOTlhM2UzMDk3ODdkYWFmZDFkMzE1NjdkNjUzMTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt8oZ2KwoNuoRP6VArl6heDXva3It
F2wWQIlrgSkvfZb0XEpyBLef5iDuBJNQea0e5LJBxMDiY2hvFvZ2/ZvW1ZtSJCkb
1YDJSELKn7E9ImraG2byFjJRkeIzlur2GdZ76JyO3hXsJWN8irJfNe4aociYaO7+
ULLj6XxEojl91fS5gTkrHfCfUh5YYvTYqF/5Ya1sqeOtHS+Qpmrjyfw5QIK8/4rr
hopgFnMwtBXPqb6vELWJ4zkWxx2mNtpxKsTST8yPXDlQXAzNZdqvBs6fsjmL4Dj7
/MUxDXn8g0lcZ5wM66B6Y7jLeFfxzNKXwW9muxKblFAegNSc2/YxNHTELwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFIyDOMLcmaPjCXh9qv0dMVZ9ZTFqMB8GA1UdIwQY
MBaAFJQliLkdqcyoG0nmA6mI4rHqvdyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQt
NjVkYWFkNjMyOTU3LzEvaklNNHd0eVpvLU1KZUgycV9SMHhWbjFsTVdvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQtNjVkYWFkNjMyOTU3
LzEvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQEHypwAwQC
W9KQAwQCwW4UMA0GCSqGSIb3DQEBCwUAA4IBAQBFQdSoPthR7MBw98gD6rKGqzk0
NpWmyb5Zr9Vy7aRcr78G69izwqtNvzuYcnYIhS8H2K4qaZT6LGOu+aA5aXNtvtqa
Tg9SoI8JIpTrhlIx+lwEn45iVn9Y5y9w3lJX/pIYUrdrGLtnTnWXuTU/hrkdE2Gi
00YeqG1+fKI/xiXH7ywvRyDAr3Pdeva+LmtaBORiHt9VoXQNeB0emfXxnlAixHGe
7AbYFv+CMNkSzj8gtg0w6hmM89X8EnYZbPFypUbvrtGEzHyWM6eq7a9UyxA9mqXO
1Iz6otd30mGF/9/9ME03vTL6YfpPFAdVa+iMgvJ0EeF3+LXJAXVB9znRJRel
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:22 2024 by rpki-client on console-fra.rpki-client.org