Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/r37b08PDzukbJal7jOl3q6w8g30.roa
File: r37b08PDzukbJal7jOl3q6w8g30.roa (raw, json)
Hash identifier: GQHOfEn/woaIY64y9XKFhThZ1z04MzQguK/pjNkf84Y=
Subject key identifier: AF:7E:DB:D3:C3:C3:CE:E9:1B:25:A9:7B:8C:E9:77:AB:AC:3C:83:7D
Certificate issuer: /CN=942588b91da9cca81b49e603a988e2b1eabddc98
Certificate serial: 07C495FA
Authority key identifier: 94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/r37b08PDzukbJal7jOl3q6w8g30.roa
Signing time: Sat 01 Jan 2022 08:05:52 +0000
ROA not before: Sat 01 Jan 2022 08:05:52 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 34661
IP address blocks: 45.149.24.0/22 maxlen: 22
89.251.16.0/22 maxlen: 23
89.28.206.0/23 maxlen: 23
89.28.200.0/21 maxlen: 23
89.251.28.0/22 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 130323962 (0x7c495fa)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=942588b91da9cca81b49e603a988e2b1eabddc98
Validity
Not Before: Jan 1 08:05:52 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=af7edbd3c3c3cee91b25a97b8ce977abac3c837d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:b3:13:71:f7:cc:07:a1:95:8a:10:fc:50:68:
cb:18:23:56:28:7b:5c:37:3b:6f:4d:65:1c:f2:b0:
93:65:f1:fd:e0:92:8c:3e:18:15:10:a5:b8:2a:b5:
aa:0f:9f:04:b2:cc:c2:c4:44:9c:6e:25:53:7a:30:
7b:00:48:3c:ea:c0:52:4f:19:d2:d0:a2:67:4a:24:
39:78:8a:4a:0c:bd:49:75:77:e1:33:78:ee:e3:d6:
68:ab:fc:70:88:a1:74:d0:aa:63:fc:78:4e:bb:cf:
11:97:80:d3:b4:8c:55:ad:dc:84:5b:c7:09:c6:8b:
7d:28:ff:29:53:59:e2:ea:66:7b:4d:3e:83:20:d9:
52:d4:2d:df:df:83:92:8e:9b:b8:67:79:39:f3:78:
a1:bb:ed:e7:77:df:96:52:bc:29:b7:d7:38:33:ad:
42:7f:f0:f7:54:c1:de:ed:bd:23:e5:e7:e9:c8:48:
73:e4:61:de:78:28:0e:71:8f:5e:41:98:4c:ac:cb:
ac:16:34:f1:f1:c2:a4:ab:8b:56:e2:75:67:44:7d:
02:33:f9:f2:96:99:fc:70:01:e0:11:fb:4c:cc:89:
ba:7f:62:b1:e1:62:d3:13:6a:e3:1d:41:5f:9f:51:
6e:c1:d7:86:28:93:d4:9b:86:3b:58:b5:a7:e3:89:
71:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AF:7E:DB:D3:C3:C3:CE:E9:1B:25:A9:7B:8C:E9:77:AB:AC:3C:83:7D
X509v3 Authority Key Identifier:
keyid:94:25:88:B9:1D:A9:CC:A8:1B:49:E6:03:A9:88:E2:B1:EA:BD:DC:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lCWIuR2pzKgbSeYDqYjiseq93Jg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/r37b08PDzukbJal7jOl3q6w8g30.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/4bba7c-a81f-40e1-8814-65daad632957/1/lCWIuR2pzKgbSeYDqYjiseq93Jg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.149.24.0/22
89.28.200.0/21
89.251.16.0/22
89.251.28.0/22
Signature Algorithm: sha256WithRSAEncryption
6b:35:40:62:55:5b:b4:3b:01:f8:a8:8b:e9:03:c4:b6:1b:46:
0f:e6:22:e6:66:a0:b8:76:d8:36:f7:85:85:27:5f:5d:ab:25:
cb:0e:97:18:c5:60:31:d5:a3:e9:a7:45:1e:69:d4:ed:5d:4b:
64:9c:0f:ec:b2:5b:7d:d7:a9:9a:c7:1b:97:35:07:b4:76:ee:
5c:06:1a:2b:53:28:10:c0:86:b2:59:6d:c9:13:9d:a3:ed:1c:
fc:54:da:bc:8f:c9:3f:6e:ea:ac:94:54:dd:1a:16:56:25:e2:
12:21:f0:f0:8b:8a:d3:d7:79:55:ae:f3:1e:3e:98:47:d7:39:
41:0d:53:7c:cd:c7:0e:10:43:bc:e8:2b:47:24:6f:d5:98:82:
09:da:1a:48:85:a9:df:b4:30:02:41:cf:ca:16:eb:94:89:a4:
f8:24:47:fa:1e:88:54:d9:41:7e:ff:9e:6a:6e:14:78:42:c6:
2c:b7:c0:6d:67:93:79:aa:56:c1:b6:4d:bd:07:4f:17:ca:dd:
56:af:8f:c1:62:42:14:d0:a2:ac:8c:43:fd:7c:1b:a4:aa:96:
2a:e1:6c:01:ed:d5:c5:73:cd:36:7b:82:76:33:e6:ee:93:e4:
84:19:a9:0d:4b:87:78:bb:fc:bc:b1:96:c0:8e:73:73:e9:32:
bc:00:0c:f5
-----BEGIN CERTIFICATE-----
MIIFATCCA+mgAwIBAgIEB8SV+jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg5
NDI1ODhiOTFkYTljY2E4MWI0OWU2MDNhOTg4ZTJiMWVhYmRkYzk4MB4XDTIyMDEw
MTA4MDU1MloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWY3ZWRiZDNjM2Mz
Y2VlOTFiMjVhOTdiOGNlOTc3YWJhYzNjODM3ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJuzE3H3zAehlYoQ/FBoyxgjVih7XDc7b01lHPKwk2Xx/eCS
jD4YFRCluCq1qg+fBLLMwsREnG4lU3owewBIPOrAUk8Z0tCiZ0okOXiKSgy9SXV3
4TN47uPWaKv8cIihdNCqY/x4TrvPEZeA07SMVa3chFvHCcaLfSj/KVNZ4upme00+
gyDZUtQt39+Dko6buGd5OfN4obvt53ffllK8KbfXODOtQn/w91TB3u29I+Xn6chI
c+Rh3ngoDnGPXkGYTKzLrBY08fHCpKuLVuJ1Z0R9AjP58paZ/HAB4BH7TMyJun9i
seFi0xNq4x1BX59RbsHXhiiT1JuGO1i1p+OJcTsCAwEAAaOCAhswggIXMB0GA1Ud
DgQWBBSvftvTw8PO6RslqXuM6XerrDyDfTAfBgNVHSMEGDAWgBSUJYi5HanMqBtJ
5gOpiOKx6r3cmDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2xDV0l1UjJwektnYlNlWURxWWppc2VxOTNKZy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvN2QvNGJiYTdjLWE4MWYtNDBlMS04ODE0LTY1ZGFhZDYzMjk1Ny8x
L3IzN2IwOFBEenVrYkphbDdqT2wzcTZ3OGczMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvN2Qv
NGJiYTdjLWE4MWYtNDBlMS04ODE0LTY1ZGFhZDYzMjk1Ny8xL2xDV0l1UjJwektn
YlNlWURxWWppc2VxOTNKZy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAx
BggrBgEFBQcBBwEB/wQiMCAwHgQCAAEwGAMEAi2VGAMEA1kcyAMEAln7EAMEAln7
HDANBgkqhkiG9w0BAQsFAAOCAQEAazVAYlVbtDsB+KiL6QPEthtGD+Yi5maguHbY
NveFhSdfXaslyw6XGMVgMdWj6adFHmnU7V1LZJwP7LJbfdepmscblzUHtHbuXAYa
K1MoEMCGslltyROdo+0c/FTavI/JP27qrJRU3RoWViXiEiHw8IuK09d5Va7zHj6Y
R9c5QQ1TfM3HDhBDvOgrRyRv1ZiCCdoaSIWp37QwAkHPyhbrlImk+CRH+h6IVNlB
fv+eam4UeELGLLfAbWeTeapWwbZNvQdPF8rdVq+PwWJCFNCirIxD/XwbpKqWKuFs
Ae3VxXPNNnuCdjPm7pPkhBmpDUuHeLv8vLGWwI5zc+kyvAAM9Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:49 2024 by rpki-client on console-ams.rpki-client.org