Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/8u3nuj45qNaDXttvpIkrGrxPOVE.roa
File: 8u3nuj45qNaDXttvpIkrGrxPOVE.roa (raw, json)
Hash identifier: X1WVegRWQFpHe7yHqG8dW4ueFsXFjWQ2sV8PPmjPoqg=
Subject key identifier: F2:ED:E7:BA:3E:39:A8:D6:83:5E:DB:6F:A4:89:2B:1A:BC:4F:39:51
Certificate issuer: /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial: 0181F705EF3B6F69EE3CDDC5A32D671F7E8C
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/8u3nuj45qNaDXttvpIkrGrxPOVE.roa
Signing time: Wed 13 Jul 2022 10:06:10 +0000
ROA not before: Wed 13 Jul 2022 10:06:10 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 58061
IP address blocks: 2.59.51.0/24 maxlen: 24
92.119.130.0/24 maxlen: 24
5.183.128.0/24 maxlen: 24
92.119.128.0/24 maxlen: 24
194.169.162.0/24 maxlen: 24
194.169.161.0/24 maxlen: 24
2.56.112.0/24 maxlen: 24
77.83.95.0/24 maxlen: 24
2.56.113.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:81:f7:05:ef:3b:6f:69:ee:3c:dd:c5:a3:2d:67:1f:7e:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Validity
Not Before: Jul 13 10:06:10 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=f2ede7ba3e39a8d6835edb6fa4892b1abc4f3951
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:91:5c:05:7e:32:1d:7c:fe:6c:5e:e2:7c:d9:
2c:ae:23:69:bc:0a:81:43:8e:b0:e5:2a:08:f1:96:
18:6b:cb:92:ab:78:39:23:f4:a7:50:02:e7:b3:36:
72:9e:39:69:39:32:b2:ae:c7:3f:6b:50:64:ed:f2:
51:ce:52:d2:b1:9b:c5:89:3b:45:da:e2:0d:bf:5e:
ef:ec:91:80:ef:50:0c:26:a9:4b:ae:c7:ea:76:6f:
f5:48:f2:b5:c2:ec:82:48:72:88:20:2b:fa:b0:db:
d8:9b:76:61:c5:df:23:21:30:01:f9:01:d3:01:b4:
58:7d:b9:fd:df:c6:9d:69:e2:62:a1:63:d1:10:4a:
4c:be:07:7f:c4:b8:6c:df:9a:00:a0:80:ab:38:35:
28:f2:9c:70:a0:04:c9:2b:5f:94:d8:fb:17:92:78:
10:5f:c1:20:b7:c8:05:9c:20:fc:ee:21:ea:a1:66:
e1:c3:e2:ff:db:e4:8c:36:46:84:ec:ac:6e:b5:5d:
d0:ee:e2:85:cd:70:3d:6d:47:07:46:96:ca:01:62:
69:82:38:7a:16:14:6e:2b:ee:55:9f:91:a9:49:9b:
95:f3:f6:32:ef:da:ec:66:64:2e:d7:d5:2c:f9:59:
1c:71:ae:1e:4b:de:8d:41:1a:81:c2:d4:0a:7a:fd:
3b:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:ED:E7:BA:3E:39:A8:D6:83:5E:DB:6F:A4:89:2B:1A:BC:4F:39:51
X509v3 Authority Key Identifier:
keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/8u3nuj45qNaDXttvpIkrGrxPOVE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.112.0/23
2.59.51.0/24
5.183.128.0/24
77.83.95.0/24
92.119.128.0/24
92.119.130.0/24
194.169.161.0-194.169.162.255
Signature Algorithm: sha256WithRSAEncryption
a9:de:af:66:b4:26:a8:b0:c5:46:62:0e:a1:66:30:6b:bd:3d:
5c:83:76:dc:6e:10:69:46:62:d5:5a:25:88:b0:06:aa:10:a2:
5c:7c:7d:a4:6c:be:63:f4:c7:dc:10:70:c3:aa:5f:bc:c3:57:
10:d0:61:cc:18:52:45:b1:0d:a0:f3:4d:ed:52:17:65:8c:69:
87:27:91:e3:44:65:a0:66:09:b5:fa:4a:d2:ba:c2:fc:8b:06:
ce:87:72:c5:66:aa:a2:2b:47:01:2e:fe:b1:42:a6:15:e4:b7:
c9:e2:71:e7:49:cb:2e:f2:88:9e:23:4e:a4:91:84:d0:23:f3:
fc:c3:04:f4:a6:2e:f4:90:d3:49:87:b9:2e:b0:40:0d:fb:e9:
e0:0f:97:11:08:94:5f:f2:e3:64:5b:50:e0:4b:ed:ae:8f:bb:
49:93:f2:51:b3:80:09:c3:6e:25:1f:b0:35:c3:f2:49:98:f9:
c9:d6:fb:03:03:ba:27:03:dd:41:9d:2e:83:11:6d:b3:b5:31:
00:49:29:30:6c:a4:e4:ac:f6:09:ee:d6:0f:ef:24:48:d6:d5:
60:1f:99:e0:cd:7d:a4:31:ee:42:a0:c4:7a:a0:21:ad:51:db:
06:90:71:17:ec:ac:7f:15:8a:60:ae:e2:9a:b4:49:79:06:3f:
f7:33:0a:6c
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYH3Be87b2nuPN3Foy1nH36MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjIwNzEzMTAwNjEwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMmVkZTdiYTNlMzlhOGQ2ODM1ZWRiNmZhNDg5MmIxYWJjNGYzOTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv5FcBX4yHXz+bF7ifNksriNpvAqB
Q46w5SoI8ZYYa8uSq3g5I/SnUALnszZynjlpOTKyrsc/a1Bk7fJRzlLSsZvFiTtF
2uINv17v7JGA71AMJqlLrsfqdm/1SPK1wuyCSHKIICv6sNvYm3Zhxd8jITAB+QHT
AbRYfbn938adaeJioWPREEpMvgd/xLhs35oAoICrODUo8pxwoATJK1+U2PsXkngQ
X8Egt8gFnCD87iHqoWbhw+L/2+SMNkaE7KxutV3Q7uKFzXA9bUcHRpbKAWJpgjh6
FhRuK+5Vn5GpSZuV8/Yy79rsZmQu19Us+Vkcca4eS96NQRqBwtQKev07gwIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFPLt57o+OajWg17bb6SJKxq8TzlRMB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvOHUzbnVqNDVxTmFEWHR0dnBJa3JHcnhQT1ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQBAjhwAwQA
AjszAwQABbeAAwQATVNfAwQAXHeAAwQAXHeCMAwDBADCqaEDBADCqaIwDQYJKoZI
hvcNAQELBQADggEBAKner2a0JqiwxUZiDqFmMGu9PVyDdtxuEGlGYtVaJYiwBqoQ
olx8faRsvmP0x9wQcMOqX7zDVxDQYcwYUkWxDaDzTe1SF2WMaYcnkeNEZaBmCbX6
StK6wvyLBs6HcsVmqqIrRwEu/rFCphXkt8nicedJyy7yiJ4jTqSRhNAj8/zDBPSm
LvSQ00mHuS6wQA376eAPlxEIlF/y42RbUOBL7a6Pu0mT8lGzgAnDbiUfsDXD8kmY
+cnW+wMDuicD3UGdLoMRbbO1MQBJKTBspOSs9gnu1g/vJEjW1WAfmeDNfaQx7kKg
xHqgIa1R2waQcRfsrH8VimCu4pq0SXkGP/czCmw=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:02:13 2023 by rpki-client on console-ams.rpki-client.org