Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/jL3LAXvCLfHuRUMNW2No78iP8i0.roa
File: jL3LAXvCLfHuRUMNW2No78iP8i0.roa (raw, json)
Hash identifier: 1bUSUxrqr02s/z8DW21+5k7u/ylCiv6T61ynesmJvtQ=
Subject key identifier: 8C:BD:CB:01:7B:C2:2D:F1:EE:45:43:0D:5B:63:68:EF:C8:8F:F2:2D
Certificate issuer: /CN=942588b91da9cca81b49e603a988e2b1eabddc98
Certificate serial: 01838B8452BACC64B7AFB0BBCD1E575C6273
Authority key identifier: 94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/jL3LAXvCLfHuRUMNW2No78iP8i0.roa
Signing time: Thu 29 Sep 2022 23:10:48 +0000
ROA not before: Thu 29 Sep 2022 23:10:48 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 15596
IP address blocks: 31.42.112.0/20 maxlen: 20
31.42.120.0/21 maxlen: 24
91.210.144.0/22 maxlen: 22
89.251.24.0/22 maxlen: 22
89.251.20.0/22 maxlen: 22
193.110.20.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:8b:84:52:ba:cc:64:b7:af:b0:bb:cd:1e:57:5c:62:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=942588b91da9cca81b49e603a988e2b1eabddc98
Validity
Not Before: Sep 29 23:10:48 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=8cbdcb017bc22df1ee45430d5b6368efc88ff22d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:86:82:80:ee:d8:68:55:ec:cf:0e:dd:97:78:
60:98:ff:d0:63:c9:92:7a:fe:91:c2:20:6e:40:8b:
f5:cd:31:b3:2a:b1:38:ec:7a:de:08:5a:d8:76:ca:
08:61:25:d9:81:f7:5a:41:77:04:32:41:08:90:a3:
65:70:6e:e3:e5:e2:ef:38:a2:79:b3:af:39:13:c6:
51:04:13:e0:0a:68:52:60:db:44:b3:7f:ec:0d:38:
69:ba:ba:76:c7:7b:cd:1e:89:c4:e6:c7:c7:22:16:
d6:bd:e8:eb:03:4f:2e:a3:00:cc:76:7b:07:73:e1:
72:96:0f:80:93:2d:0c:62:cb:55:92:85:e4:e7:1e:
6f:d9:31:b6:e1:4a:d8:ae:2d:d1:1d:e9:aa:a8:0d:
e3:32:34:45:78:e0:47:92:f7:99:44:6d:ca:9a:e5:
07:67:dc:1e:9f:f5:da:5b:ec:63:3f:f1:2e:cb:f4:
91:35:8b:d5:e3:5f:ab:63:c8:31:49:75:7e:49:44:
c5:f8:2c:72:9f:d6:ee:2c:bc:8c:c8:fe:eb:fc:5e:
79:26:5d:f4:09:ac:de:b0:db:21:0c:b5:dd:87:83:
c2:09:8d:b9:92:6c:95:7a:97:19:90:5c:69:26:fe:
d4:6e:26:db:f9:94:a7:b3:54:af:5c:91:0a:23:de:
53:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:BD:CB:01:7B:C2:2D:F1:EE:45:43:0D:5B:63:68:EF:C8:8F:F2:2D
X509v3 Authority Key Identifier:
keyid:94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/jL3LAXvCLfHuRUMNW2No78iP8i0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.42.112.0/20
89.251.20.0-89.251.27.255
91.210.144.0/22
193.110.20.0/22
Signature Algorithm: sha256WithRSAEncryption
2b:bf:a9:3b:1e:db:b7:32:a3:db:9c:20:ea:d2:95:7a:02:2e:
42:25:b9:0b:fe:2b:32:ff:5d:05:06:11:96:4a:17:93:11:8c:
a3:49:a6:7e:97:b7:9e:4c:f4:78:28:b1:2a:c9:2e:ac:dd:18:
81:31:2e:6a:b5:14:c3:44:ed:16:f0:df:f3:c4:d0:48:8b:5b:
2e:f1:a8:64:17:0b:f3:0c:eb:3d:67:05:f7:23:82:d2:cc:0d:
33:bd:c5:bc:81:5d:79:c8:07:14:f5:40:7c:e6:db:84:62:dd:
16:f0:48:30:b0:c8:cb:7f:e0:97:ce:2e:b2:43:1c:19:f7:f5:
67:a2:d1:e1:eb:66:c9:6d:9a:fa:15:e5:a4:c7:be:f3:40:29:
13:f0:c5:8b:c9:8d:bf:e2:a5:61:e3:cf:15:5f:29:e6:9b:5b:
19:7b:fc:70:00:6f:d6:ce:f7:20:b4:d9:d2:11:7c:cf:14:7d:
71:f5:5e:e2:3a:06:dd:b9:27:4a:d8:32:1b:be:8e:01:a3:24:
92:c9:2a:36:f2:5a:02:e1:f1:67:bd:67:22:54:8f:80:ac:63:
2f:d5:b4:0e:5b:19:df:1a:14:75:4b:2d:54:14:47:04:12:a0:
ef:4d:5a:d7:7f:bc:61:76:aa:56:b2:cd:5a:87:2b:f3:b0:a9:
d6:c8:ae:6e
-----BEGIN CERTIFICATE-----
MIIFFzCCA/+gAwIBAgISAYOLhFK6zGS3r7C7zR5XXGJzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MjU4OGI5MWRhOWNjYTgxYjQ5ZTYwM2E5ODhlMmIxZWFi
ZGRjOTgwHhcNMjIwOTI5MjMxMDQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4Y2JkY2IwMTdiYzIyZGYxZWU0NTQzMGQ1YjYzNjhlZmM4OGZmMjJkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtIaCgO7YaFXszw7dl3hgmP/QY8mS
ev6RwiBuQIv1zTGzKrE47HreCFrYdsoIYSXZgfdaQXcEMkEIkKNlcG7j5eLvOKJ5
s685E8ZRBBPgCmhSYNtEs3/sDThpurp2x3vNHonE5sfHIhbWvejrA08uowDMdnsH
c+Fylg+Aky0MYstVkoXk5x5v2TG24UrYri3RHemqqA3jMjRFeOBHkveZRG3KmuUH
Z9wen/XaW+xjP/Euy/SRNYvV41+rY8gxSXV+SUTF+Cxyn9buLLyMyP7r/F55Jl30
CazesNshDLXdh4PCCY25kmyVepcZkFxpJv7Ubibb+ZSns1SvXJEKI95TKwIDAQAB
o4ICIzCCAh8wHQYDVR0OBBYEFIy9ywF7wi3x7kVDDVtjaO/Ij/ItMB8GA1UdIwQY
MBaAFJQliLkdqcyoG0nmA6mI4rHqvdyYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQt
NjVkYWFkNjMyOTU3LzEvakwzTEFYdkNMZkh1UlVNTlcyTm83OGlQOGkwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC80YmJhN2MtYTgxZi00MGUxLTg4MTQtNjVkYWFkNjMyOTU3
LzEvbENXSXVSMnB6S2diU2VZRHFZamlzZXE5M0pnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDkGCCsGAQUFBwEHAQH/BCowKDAmBAIAATAgAwQEHypwMAwD
BAJZ+xQDBAJZ+xgDBAJb0pADBALBbhQwDQYJKoZIhvcNAQELBQADggEBACu/qTse
27cyo9ucIOrSlXoCLkIluQv+KzL/XQUGEZZKF5MRjKNJpn6Xt55M9HgosSrJLqzd
GIExLmq1FMNE7Rbw3/PE0EiLWy7xqGQXC/MM6z1nBfcjgtLMDTO9xbyBXXnIBxT1
QHzm24Ri3RbwSDCwyMt/4JfOLrJDHBn39Wei0eHrZsltmvoV5aTHvvNAKRPwxYvJ
jb/ipWHjzxVfKeabWxl7/HAAb9bO9yC02dIRfM8UfXH1XuI6Bt25J0rYMhu+jgGj
JJLJKjbyWgLh8We9ZyJUj4CsYy/VtA5bGd8aFHVLLVQURwQSoO9NWtd/vGF2qlay
zVqHK/OwqdbIrm4=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:02:02 2023 by rpki-client on console-ams.rpki-client.org