Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/3RjTMUHSoW1McdYQ8Uo0qt47c0U.roa
File: 3RjTMUHSoW1McdYQ8Uo0qt47c0U.roa (raw, json)
Hash identifier: AmX2ZlcaGLoQihs40/1T78enjsxbzW/P9qjdgnQcetM=
Subject key identifier: DD:18:D3:31:41:D2:A1:6D:4C:71:D6:10:F1:4A:34:AA:DE:3B:73:45
Certificate issuer: /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial: 3E95F594
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/3RjTMUHSoW1McdYQ8Uo0qt47c0U.roa
Signing time: Wed 30 Mar 2022 08:34:31 +0000
ROA not before: Wed 30 Mar 2022 08:34:31 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1299
IP address blocks: 217.212.224.0/19 maxlen: 19
193.45.0.0/22 maxlen: 22
2.255.248.0/21 maxlen: 21
193.45.6.0/24 maxlen: 24
193.45.10.0/23 maxlen: 24
193.45.14.0/23 maxlen: 23
193.45.142.0/24 maxlen: 24
193.45.142.0/23 maxlen: 23
193.45.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1050015124 (0x3e95f594)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Validity
Not Before: Mar 30 08:34:31 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=dd18d33141d2a16d4c71d610f14a34aade3b7345
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:f5:fd:25:37:0a:1a:6f:8e:6b:b0:e1:0f:c4:
e4:5a:56:b9:31:06:6f:0f:1c:7f:06:33:33:7a:7f:
dc:dd:7c:d9:04:cc:48:92:ed:77:b0:39:d8:f9:a2:
d2:a1:07:6d:11:b8:62:e8:15:5a:11:a4:00:8e:8b:
3b:96:0e:cc:a9:c6:15:0b:38:3f:d4:76:e0:4f:5a:
98:8e:ae:36:de:6e:cc:0c:62:c2:0f:d0:41:01:7c:
fd:07:c4:3b:df:10:61:af:f9:b8:4d:ee:1a:e8:d1:
5d:1d:c4:39:76:ca:68:a9:a4:13:ce:4a:e1:a6:4f:
c1:b1:ed:bb:a8:bc:31:4b:a8:61:aa:ff:65:07:56:
d0:88:e8:c7:95:5c:50:f6:cf:cb:95:77:c8:c9:98:
c2:30:75:13:78:90:57:a9:c6:c6:3c:77:c7:bf:74:
4b:af:5e:97:b0:78:b0:cc:8c:df:3e:15:61:91:03:
ce:3f:97:d0:7d:20:8a:ce:a6:72:e3:1f:01:f3:fd:
2d:e7:89:21:57:d7:77:2f:de:2f:a3:0a:b9:18:c3:
ad:ee:39:76:4d:1f:85:a4:9a:38:24:68:6d:30:42:
79:75:24:bf:7e:b5:fb:03:dd:db:af:fe:f9:7d:d5:
0f:b0:c0:22:71:80:32:17:77:2f:f1:93:53:96:e3:
cf:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:18:D3:31:41:D2:A1:6D:4C:71:D6:10:F1:4A:34:AA:DE:3B:73:45
X509v3 Authority Key Identifier:
keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/3RjTMUHSoW1McdYQ8Uo0qt47c0U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.255.248.0/21
193.45.0.0/22
193.45.6.0/24
193.45.10.0/23
193.45.14.0/23
193.45.142.0/23
193.45.254.0/24
217.212.224.0/19
Signature Algorithm: sha256WithRSAEncryption
c4:93:94:2d:37:3e:a6:e3:6e:2f:f0:f8:b2:2f:f6:65:83:de:
3c:7c:10:52:a6:75:32:72:77:77:77:e1:6d:08:2b:cc:de:fd:
1a:5e:c2:4c:6b:39:f3:ec:75:1b:0a:32:f6:89:31:65:5c:37:
91:d6:b8:fb:47:73:9c:93:a4:3a:ef:33:a3:b2:86:4b:27:58:
34:4c:8e:e1:9a:ca:77:6a:66:db:fd:87:48:76:c4:5c:b8:ae:
6d:8a:1e:30:a0:1d:4d:2c:23:84:96:f9:3a:68:2e:0b:b4:b6:
72:92:7b:7f:6f:6a:58:e0:9a:26:98:46:2f:98:bd:af:be:f6:
c0:32:22:f5:60:ef:87:b9:ec:f0:96:14:80:7a:d2:fa:f0:44:
62:3a:55:ff:b1:9e:a2:e3:fc:b4:3b:5d:bf:57:b3:67:a5:6f:
81:af:f4:0e:88:29:3b:fc:eb:fa:32:79:66:96:bd:35:ea:04:
15:ac:f6:76:ec:be:05:48:54:d5:7a:13:ad:86:be:de:49:ca:
63:21:98:1c:88:98:4e:07:fa:90:fa:3c:f1:0a:27:74:07:5c:
fe:2c:bf:fc:b6:9d:a3:03:07:f7:24:76:f2:13:ad:fa:d2:96:
54:92:59:41:c1:b5:67:d5:8c:6b:22:a9:82:5f:54:e1:3a:3f:
24:10:51:84
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgIEPpX1lDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
ZjY4MTM4ZDRlYzJlYTUxY2FjZWYwOWZmMTA1OGEzNzBhNWJlMTkwMB4XDTIyMDMz
MDA4MzQzMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGQxOGQzMzE0MWQy
YTE2ZDRjNzFkNjEwZjE0YTM0YWFkZTNiNzM0NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ31/SU3Chpvjmuw4Q/E5FpWuTEGbw8cfwYzM3p/3N182QTM
SJLtd7A52Pmi0qEHbRG4YugVWhGkAI6LO5YOzKnGFQs4P9R24E9amI6uNt5uzAxi
wg/QQQF8/QfEO98QYa/5uE3uGujRXR3EOXbKaKmkE85K4aZPwbHtu6i8MUuoYar/
ZQdW0Ijox5VcUPbPy5V3yMmYwjB1E3iQV6nGxjx3x790S69el7B4sMyM3z4VYZED
zj+X0H0gis6mcuMfAfP9LeeJIVfXdy/eL6MKuRjDre45dk0fhaSaOCRobTBCeXUk
v361+wPd26/++X3VD7DAInGAMhd3L/GTU5bjzxECAwEAAaOCAjMwggIvMB0GA1Ud
DgQWBBTdGNMxQdKhbUxx1hDxSjSq3jtzRTAfBgNVHSMEGDAWgBQfaBONTsLqUcrO
8J/xBYo3ClvhkDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0gyZ1RqVTdDNmxIS3p2Q2Y4UVdLTndwYjRaQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTcvYjlhZGY0LWY5MTAtNDM1NS1iZmM4LTYwODU2NDgzOWZkMC8x
LzNSalRNVUhTb1cxTWNkWVE4VW8wcXQ0N2MwVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTcv
YjlhZGY0LWY5MTAtNDM1NS1iZmM4LTYwODU2NDgzOWZkMC8xL0gyZ1RqVTdDNmxI
S3p2Q2Y4UVdLTndwYjRaQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBJ
BggrBgEFBQcBBwEB/wQ6MDgwNgQCAAEwMAMEAwL/+AMEAsEtAAMEAMEtBgMEAcEt
CgMEAcEtDgMEAcEtjgMEAMEt/gMEBdnU4DANBgkqhkiG9w0BAQsFAAOCAQEAxJOU
LTc+puNuL/D4si/2ZYPePHwQUqZ1MnJ3d3fhbQgrzN79Gl7CTGs58+x1Gwoy9okx
ZVw3kda4+0dznJOkOu8zo7KGSydYNEyO4ZrKd2pm2/2HSHbEXLiubYoeMKAdTSwj
hJb5OmguC7S2cpJ7f29qWOCaJphGL5i9r772wDIi9WDvh7ns8JYUgHrS+vBEYjpV
/7GeouP8tDtdv1ezZ6Vvga/0DogpO/zr+jJ5Zpa9NeoEFaz2duy+BUhU1XoTrYa+
3knKYyGYHIiYTgf6kPo88QondAdc/iy//LadowMH9yR28hOt+tKWVJJZQcG1Z9WM
ayKpgl9U4To/JBBRhA==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:05:44 2023 by rpki-client on console-ams.rpki-client.org