Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8d/605f1c-0d7a-4bd3-88b6-2f0a6bdbbe51/1/spBoOzAPZVEBVM-MUD2iBc3xW5A.roa
File: spBoOzAPZVEBVM-MUD2iBc3xW5A.roa (raw, json)
Hash identifier: QsDKgxSiZuNeCfVIZHBsdEMNhfSFNjGC0FyN8AaMnYk=
Subject key identifier: B2:90:68:3B:30:0F:65:51:01:54:CF:8C:50:3D:A2:05:CD:F1:5B:90
Certificate issuer: /CN=10f1d0dbe093c722350618f4045c25ba94317f87
Certificate serial: 0E625B3C
Authority key identifier: 10:F1:D0:DB:E0:93:C7:22:35:06:18:F4:04:5C:25:BA:94:31:7F:87
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EPHQ2-CTxyI1Bhj0BFwlupQxf4c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8d/605f1c-0d7a-4bd3-88b6-2f0a6bdbbe51/1/spBoOzAPZVEBVM-MUD2iBc3xW5A.roa
Signing time: Sat 01 Jan 2022 15:00:35 +0000
ROA not before: Sat 01 Jan 2022 15:00:35 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 9120
IP address blocks: 217.145.48.0/20 maxlen: 20
217.145.48.0/21 maxlen: 21
217.145.56.0/23 maxlen: 23
217.145.58.0/24 maxlen: 24
217.145.63.0/24 maxlen: 24
217.145.62.0/24 maxlen: 24
92.43.88.0/21 maxlen: 21
217.145.61.0/24 maxlen: 24
217.145.60.0/24 maxlen: 24
217.145.59.0/24 maxlen: 24
80.70.8.0/21 maxlen: 21
212.97.128.0/22 maxlen: 22
212.97.136.0/22 maxlen: 22
212.97.144.0/20 maxlen: 20
185.238.192.0/22 maxlen: 22
185.221.246.0/23 maxlen: 23
2a04:3f80::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 241326908 (0xe625b3c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=10f1d0dbe093c722350618f4045c25ba94317f87
Validity
Not Before: Jan 1 15:00:35 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b290683b300f65510154cf8c503da205cdf15b90
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:9b:32:d8:1d:ad:a9:b9:83:db:62:0c:56:6c:
83:36:8f:a4:71:6a:92:07:44:a3:60:79:15:5d:9e:
03:b7:8f:ec:4b:84:1c:e3:7f:2d:f9:cd:f8:da:c5:
d9:82:b1:c9:fc:81:7e:83:18:53:16:44:59:b2:39:
1a:ff:49:6b:1d:9c:7e:bc:37:3f:bc:31:47:46:c2:
b8:f8:e3:6e:a5:95:f0:60:e3:0e:59:02:e8:a8:02:
a6:9a:71:73:ed:75:01:7c:a0:a2:73:80:53:6b:e6:
5c:49:45:76:51:fc:1a:86:61:af:cc:f6:49:b3:b2:
de:f8:87:1e:5f:9c:a2:62:c0:3f:4b:ec:59:a7:cd:
43:97:0a:e2:fa:01:65:de:30:d5:77:59:38:d7:9b:
a6:62:93:39:2a:3f:9a:42:60:5f:e3:13:49:19:50:
18:5f:59:f6:7e:f8:2c:d0:b9:4b:d3:89:b0:f2:5e:
22:a6:d2:64:17:04:9b:94:56:9b:68:80:f0:41:8d:
4f:ea:18:77:b5:8a:dc:fe:90:44:4b:da:8e:e0:3e:
fb:9d:fc:12:c5:64:e7:db:05:b3:44:48:f1:c7:85:
5f:f4:6f:fc:e2:5d:5e:ee:b2:ae:e8:f5:02:3a:5a:
ca:49:94:a3:60:6a:81:38:8f:65:06:9a:53:19:c2:
eb:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B2:90:68:3B:30:0F:65:51:01:54:CF:8C:50:3D:A2:05:CD:F1:5B:90
X509v3 Authority Key Identifier:
keyid:10:F1:D0:DB:E0:93:C7:22:35:06:18:F4:04:5C:25:BA:94:31:7F:87
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EPHQ2-CTxyI1Bhj0BFwlupQxf4c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/605f1c-0d7a-4bd3-88b6-2f0a6bdbbe51/1/spBoOzAPZVEBVM-MUD2iBc3xW5A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8d/605f1c-0d7a-4bd3-88b6-2f0a6bdbbe51/1/EPHQ2-CTxyI1Bhj0BFwlupQxf4c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.70.8.0/21
92.43.88.0/21
185.221.246.0/23
185.238.192.0/22
212.97.128.0/22
212.97.136.0/22
212.97.144.0/20
217.145.48.0/20
IPv6:
2a04:3f80::/29
Signature Algorithm: sha256WithRSAEncryption
9e:0e:70:e6:e9:f8:1d:66:fc:48:45:5e:f9:e9:47:9c:3f:c5:
00:ce:9e:94:cd:34:b1:50:6e:86:c0:87:eb:7a:c4:f7:dd:3b:
3b:86:d6:94:4e:92:a5:07:3d:2c:ee:45:d7:42:c4:89:06:e9:
6e:85:c4:c1:48:9b:fe:76:5c:83:5b:87:f1:d7:48:34:00:78:
98:1c:67:a9:0c:f9:2e:12:62:b7:ba:e4:74:25:72:65:76:40:
62:f2:08:06:fb:98:62:56:f4:1e:f7:61:1b:24:09:3c:67:26:
08:15:53:ce:4d:a4:e4:53:02:1a:c8:70:a5:7d:79:66:17:ff:
85:6c:b1:fc:f9:aa:02:6e:5a:05:18:4f:7c:b9:67:af:9a:f5:
f5:b5:b1:d2:51:64:09:6f:df:20:8f:f5:96:f1:a2:42:65:f3:
76:73:b2:6c:a9:9c:44:0e:1c:3f:e3:58:8a:c8:5a:8c:65:8d:
76:73:f7:1d:b6:c4:ba:aa:e4:82:79:bb:a3:07:3d:3e:5a:7b:
5a:c5:97:c3:23:ac:3c:e2:1d:e6:3c:b1:ad:26:39:c4:99:fc:
f4:91:3b:28:27:29:74:78:0b:9a:19:34:21:7e:ff:cc:e7:4f:
29:ea:2a:d5:87:18:20:9b:46:59:fe:6e:41:73:2b:66:c9:0f:
a2:f4:27:b6
-----BEGIN CERTIFICATE-----
MIIFKDCCBBCgAwIBAgIEDmJbPDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MGYxZDBkYmUwOTNjNzIyMzUwNjE4ZjQwNDVjMjViYTk0MzE3Zjg3MB4XDTIyMDEw
MTE1MDAzNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYjI5MDY4M2IzMDBm
NjU1MTAxNTRjZjhjNTAzZGEyMDVjZGYxNWI5MDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALqbMtgdram5g9tiDFZsgzaPpHFqkgdEo2B5FV2eA7eP7EuE
HON/LfnN+NrF2YKxyfyBfoMYUxZEWbI5Gv9Jax2cfrw3P7wxR0bCuPjjbqWV8GDj
DlkC6KgCpppxc+11AXygonOAU2vmXElFdlH8GoZhr8z2SbOy3viHHl+comLAP0vs
WafNQ5cK4voBZd4w1XdZONebpmKTOSo/mkJgX+MTSRlQGF9Z9n74LNC5S9OJsPJe
IqbSZBcEm5RWm2iA8EGNT+oYd7WK3P6QREvajuA++538EsVk59sFs0RI8ceFX/Rv
/OJdXu6yruj1AjpaykmUo2BqgTiPZQaaUxnC63UCAwEAAaOCAkIwggI+MB0GA1Ud
DgQWBBSykGg7MA9lUQFUz4xQPaIFzfFbkDAfBgNVHSMEGDAWgBQQ8dDb4JPHIjUG
GPQEXCW6lDF/hzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VQSFEyLUNUeHlJMUJoajBCRndsdXBReGY0Yy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOGQvNjA1ZjFjLTBkN2EtNGJkMy04OGI2LTJmMGE2YmRiYmU1MS8x
L3NwQm9PekFQWlZFQlZNLU1VRDJpQmMzeFc1QS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOGQv
NjA1ZjFjLTBkN2EtNGJkMy04OGI2LTJmMGE2YmRiYmU1MS8xL0VQSFEyLUNUeHlJ
MUJoajBCRndsdXBReGY0Yy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBY
BggrBgEFBQcBBwEB/wRJMEcwNgQCAAEwMAMEA1BGCAMEA1wrWAMEAbnd9gMEArnu
wAMEAtRhgAMEAtRhiAMEBNRhkAMEBNmRMDANBAIAAjAHAwUDKgQ/gDANBgkqhkiG
9w0BAQsFAAOCAQEAng5w5un4HWb8SEVe+elHnD/FAM6elM00sVBuhsCH63rE9907
O4bWlE6SpQc9LO5F10LEiQbpboXEwUib/nZcg1uH8ddINAB4mBxnqQz5LhJit7rk
dCVyZXZAYvIIBvuYYlb0HvdhGyQJPGcmCBVTzk2k5FMCGshwpX15Zhf/hWyx/Pmq
Am5aBRhPfLlnr5r19bWx0lFkCW/fII/1lvGiQmXzdnOybKmcRA4cP+NYishajGWN
dnP3HbbEuqrkgnm7owc9Plp7WsWXwyOsPOId5jyxrSY5xJn89JE7KCcpdHgLmhk0
IX7/zOdPKeoq1YcYIJtGWf5uQXMrZskPovQntg==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:02:59 2023 by rpki-client on console-ams.rpki-client.org