Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/95/938a07-2758-4223-a947-49c844791ae2/1/MbfYVwrndHlRQlHCsgU_kMXWh3w.roa
File: MbfYVwrndHlRQlHCsgU_kMXWh3w.roa (raw, json)
Hash identifier: AnwJvCUExJCMLXesGqsDyoUbQA1fRY0qunPbFxnOX1M=
Subject key identifier: 31:B7:D8:57:0A:E7:74:79:51:42:51:C2:B2:05:3F:90:C5:D6:87:7C
Certificate issuer: /CN=8dcf82690262f0622eebfaad1433d58fb9ca9e1f
Certificate serial: 0A808A2F
Authority key identifier: 8D:CF:82:69:02:62:F0:62:2E:EB:FA:AD:14:33:D5:8F:B9:CA:9E:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jc-CaQJi8GIu6_qtFDPVj7nKnh8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/95/938a07-2758-4223-a947-49c844791ae2/1/MbfYVwrndHlRQlHCsgU_kMXWh3w.roa
Signing time: Sat 01 Jan 2022 06:54:12 +0000
ROA not before: Sat 01 Jan 2022 06:54:12 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 199493
IP address blocks: 193.221.196.0/22 maxlen: 24
37.220.64.0/24 maxlen: 24
37.220.64.0/20 maxlen: 24
37.220.71.0/24 maxlen: 24
37.220.70.0/24 maxlen: 24
37.220.65.0/24 maxlen: 24
37.220.67.0/24 maxlen: 24
37.220.66.0/24 maxlen: 24
37.220.69.0/24 maxlen: 24
37.220.68.0/24 maxlen: 24
37.220.78.0/24 maxlen: 24
37.220.77.0/24 maxlen: 24
37.220.72.0/23 maxlen: 23
37.220.74.0/24 maxlen: 24
37.220.74.0/23 maxlen: 23
37.220.76.0/24 maxlen: 24
37.220.75.0/24 maxlen: 24
37.220.79.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 176196143 (0xa808a2f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8dcf82690262f0622eebfaad1433d58fb9ca9e1f
Validity
Not Before: Jan 1 06:54:12 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=31b7d8570ae77479514251c2b2053f90c5d6877c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:96:f2:a9:87:bc:e5:85:c9:c9:6b:ac:3f:7d:
b3:e4:69:8d:a2:39:4e:89:41:74:cf:e0:d8:88:7d:
e9:b2:d7:b4:7b:d8:a0:63:f6:2d:5f:5b:d3:3d:54:
60:8c:ee:18:f7:84:dc:33:ff:a4:7f:e9:08:1e:fc:
3e:f9:0a:df:02:00:18:dc:b3:e8:34:10:9d:ea:14:
ba:07:2c:9a:79:a9:9a:83:07:58:21:72:0b:7f:db:
9a:dc:f0:12:b5:b5:43:e5:fc:0d:20:60:fa:d1:74:
ce:13:33:05:75:9e:07:d9:a0:93:20:fb:58:21:bb:
29:1d:e2:c2:52:6a:68:6e:2d:71:4c:df:78:1e:aa:
e4:38:b5:af:66:f0:b3:38:94:37:bb:ba:de:6d:2a:
ec:6d:a1:84:34:96:fb:79:88:33:67:f8:9d:ed:63:
55:49:c8:85:3a:53:19:52:fc:70:18:84:fb:90:d8:
a3:3b:a6:7a:f0:97:18:3e:08:8b:6f:fd:27:1c:aa:
44:fc:3d:51:31:ee:03:3c:d9:0b:0b:7e:e9:63:00:
c6:48:22:e5:b5:27:c9:7f:6d:09:07:5d:55:22:20:
10:2a:69:ed:a1:ae:9f:ea:da:46:13:b5:ec:fc:55:
d8:db:6c:4f:3d:75:34:8c:06:66:8a:77:cf:ef:54:
5d:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
31:B7:D8:57:0A:E7:74:79:51:42:51:C2:B2:05:3F:90:C5:D6:87:7C
X509v3 Authority Key Identifier:
keyid:8D:CF:82:69:02:62:F0:62:2E:EB:FA:AD:14:33:D5:8F:B9:CA:9E:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jc-CaQJi8GIu6_qtFDPVj7nKnh8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/95/938a07-2758-4223-a947-49c844791ae2/1/MbfYVwrndHlRQlHCsgU_kMXWh3w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/95/938a07-2758-4223-a947-49c844791ae2/1/jc-CaQJi8GIu6_qtFDPVj7nKnh8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.220.64.0/20
193.221.196.0/22
Signature Algorithm: sha256WithRSAEncryption
7d:0f:da:33:ed:e7:fe:53:ad:d2:64:34:8b:c1:17:d7:a0:78:
00:df:06:b4:83:ba:28:73:84:a8:d8:fa:1d:05:76:fd:a2:f7:
70:d1:75:db:92:a0:2b:39:0f:18:a7:f1:28:b1:d0:d3:b6:f2:
f0:e9:5a:3d:d7:a0:d4:89:6c:ce:98:62:dd:eb:08:f7:be:58:
13:8c:5e:ed:90:73:a0:d0:cd:ed:93:b6:dd:19:0a:1c:6b:1e:
a1:62:5b:dc:90:f3:0d:48:b4:c5:ed:e5:5d:c7:63:04:f6:22:
cc:8f:10:a2:cd:5f:df:33:05:11:c9:7d:13:af:1a:04:95:cc:
ec:f1:f1:61:b8:27:0d:aa:70:17:26:80:58:7a:78:13:56:e4:
95:53:8b:1c:46:6f:d1:54:2e:92:2c:41:8f:5c:c4:69:3c:bd:
1f:37:8c:81:2c:5e:03:75:7b:54:32:5e:e7:04:b6:92:1c:c2:
c4:ac:cb:6a:b8:63:b1:97:29:f4:39:16:c1:5d:0a:b0:b9:9a:
b2:c8:36:be:dd:dc:85:97:c0:3f:99:d9:14:85:34:ac:ee:e4:
40:17:e4:70:c5:27:0c:ee:02:74:3c:32:e4:01:ea:bf:e4:db:
db:d1:c3:cb:e3:50:eb:fd:b0:23:59:e9:a4:97:59:be:7f:21:
1b:a3:ce:f2
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIECoCKLzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ZGNmODI2OTAyNjJmMDYyMmVlYmZhYWQxNDMzZDU4ZmI5Y2E5ZTFmMB4XDTIyMDEw
MTA2NTQxMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMzFiN2Q4NTcwYWU3
NzQ3OTUxNDI1MWMyYjIwNTNmOTBjNWQ2ODc3YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALCW8qmHvOWFyclrrD99s+RpjaI5TolBdM/g2Ih96bLXtHvY
oGP2LV9b0z1UYIzuGPeE3DP/pH/pCB78PvkK3wIAGNyz6DQQneoUugcsmnmpmoMH
WCFyC3/bmtzwErW1Q+X8DSBg+tF0zhMzBXWeB9mgkyD7WCG7KR3iwlJqaG4tcUzf
eB6q5Di1r2bwsziUN7u63m0q7G2hhDSW+3mIM2f4ne1jVUnIhTpTGVL8cBiE+5DY
ozumevCXGD4Ii2/9JxyqRPw9UTHuAzzZCwt+6WMAxkgi5bUnyX9tCQddVSIgECpp
7aGun+raRhO17PxV2NtsTz11NIwGZop3z+9UXX0CAwEAAaOCAg8wggILMB0GA1Ud
DgQWBBQxt9hXCud0eVFCUcKyBT+QxdaHfDAfBgNVHSMEGDAWgBSNz4JpAmLwYi7r
+q0UM9WPucqeHzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2pjLUNhUUppOEdJdTZfcXRGRFBWajduS25oOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvOTUvOTM4YTA3LTI3NTgtNDIyMy1hOTQ3LTQ5Yzg0NDc5MWFlMi8x
L01iZllWd3JuZEhsUlFsSENzZ1Vfa01YV2gzdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvOTUv
OTM4YTA3LTI3NTgtNDIyMy1hOTQ3LTQ5Yzg0NDc5MWFlMi8xL2pjLUNhUUppOEdJ
dTZfcXRGRFBWajduS25oOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAl
BggrBgEFBQcBBwEB/wQWMBQwEgQCAAEwDAMEBCXcQAMEAsHdxDANBgkqhkiG9w0B
AQsFAAOCAQEAfQ/aM+3n/lOt0mQ0i8EX16B4AN8GtIO6KHOEqNj6HQV2/aL3cNF1
25KgKzkPGKfxKLHQ07by8OlaPdeg1Ilszphi3esI975YE4xe7ZBzoNDN7ZO23RkK
HGseoWJb3JDzDUi0xe3lXcdjBPYizI8Qos1f3zMFEcl9E68aBJXM7PHxYbgnDapw
FyaAWHp4E1bklVOLHEZv0VQukixBj1zEaTy9HzeMgSxeA3V7VDJe5wS2khzCxKzL
arhjsZcp9DkWwV0KsLmassg2vt3chZfAP5nZFIU0rO7kQBfkcMUnDO4CdDwy5AHq
v+Tb29HDy+NQ6/2wI1nppJdZvn8hG6PO8g==
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:14:57 2025 by rpki-client