Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/7v2uhlOHHfWOqAI0EMn7iEznffQ.roa
File: 7v2uhlOHHfWOqAI0EMn7iEznffQ.roa (raw, json)
Hash identifier: 0ZvvWhec9K37jNTbYg/naFk9JVuzKDlr+qLONDT0/h0=
Subject key identifier: EE:FD:AE:86:53:87:1D:F5:8E:A8:02:34:10:C9:FB:88:4C:E7:7D:F4
Certificate issuer: /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial: 3EFDE984
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/7v2uhlOHHfWOqAI0EMn7iEznffQ.roa
Signing time: Tue 10 May 2022 08:00:24 +0000
ROA not before: Tue 10 May 2022 08:00:24 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1299
IP address blocks: 217.212.224.0/19 maxlen: 19
193.45.0.0/22 maxlen: 22
2.255.248.0/21 maxlen: 21
193.45.6.0/24 maxlen: 24
193.45.10.0/23 maxlen: 24
193.45.14.0/23 maxlen: 23
192.150.82.0/24 maxlen: 24
193.45.142.0/24 maxlen: 24
193.45.142.0/23 maxlen: 23
193.45.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1056827780 (0x3efde984)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Validity
Not Before: May 10 08:00:24 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=eefdae8653871df58ea8023410c9fb884ce77df4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:e2:3d:42:51:f6:f4:12:75:b7:c4:42:6f:d1:
91:ec:fa:23:2e:ac:06:93:6d:20:d9:c3:4c:67:d8:
f9:c3:46:00:16:6c:16:40:f6:78:7a:29:aa:54:be:
c4:73:58:bc:d5:5a:2c:26:4e:b8:a5:c6:46:1a:26:
62:b4:29:dc:fb:da:9e:18:97:9a:51:2d:e8:46:54:
f6:89:7e:35:72:69:8b:9d:4d:f8:52:c7:b2:9b:d2:
9a:52:6f:19:a6:bf:20:eb:46:60:5d:97:7c:9a:72:
30:4c:93:51:24:59:36:ee:4b:19:27:07:12:24:dc:
24:1c:18:8d:4d:49:06:c8:12:79:b8:21:70:02:a1:
cf:20:16:41:8c:42:83:7f:9b:89:85:f7:3d:64:97:
57:c2:c8:7b:48:b8:80:c6:0b:bf:6b:74:f0:1f:36:
94:95:68:9e:f9:81:fd:a1:b8:8a:8c:0d:59:06:de:
d5:f9:d9:40:31:d1:8e:e3:a6:fd:e0:2d:f0:ef:61:
3f:74:fc:47:80:0b:63:96:b9:2f:e3:e5:90:93:53:
7f:20:fe:b7:1d:98:67:e6:ad:bb:64:af:a3:7b:6f:
81:2f:42:a9:68:ca:43:62:1d:66:30:cd:6f:64:4d:
14:a5:3b:97:84:7e:28:56:75:03:fb:4a:00:8e:0b:
a5:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:FD:AE:86:53:87:1D:F5:8E:A8:02:34:10:C9:FB:88:4C:E7:7D:F4
X509v3 Authority Key Identifier:
keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/7v2uhlOHHfWOqAI0EMn7iEznffQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.255.248.0/21
192.150.82.0/24
193.45.0.0/22
193.45.6.0/24
193.45.10.0/23
193.45.14.0/23
193.45.142.0/23
193.45.254.0/24
217.212.224.0/19
Signature Algorithm: sha256WithRSAEncryption
40:b9:dd:59:4f:38:7c:05:85:73:86:26:db:fe:b9:89:b0:35:
ac:63:9a:b6:0e:ed:a7:68:66:68:c0:56:ae:5a:d3:c2:c4:29:
52:a4:b1:5c:06:97:c8:57:2e:86:1c:b4:61:8f:e4:f6:2e:e9:
31:aa:8a:b1:3b:a7:38:38:71:eb:2c:7e:2b:41:8e:3e:be:f1:
a7:a6:d9:05:69:4e:49:24:5b:94:21:c5:5e:0f:9e:fd:9c:d6:
97:56:b8:a4:bd:7c:05:a9:be:23:2d:fc:6c:06:9b:11:47:89:
01:18:ed:a3:ac:20:b6:5a:01:06:a1:fe:7d:12:43:45:0d:7c:
73:68:d2:53:4e:b6:ca:f2:9c:1d:f7:ee:ba:0d:ac:c8:d7:64:
0b:e3:ed:f3:48:a9:01:34:99:64:a7:ef:46:a1:e4:18:96:56:
1d:b6:bb:23:5c:23:5a:4a:1c:64:53:3e:0b:59:ad:00:e9:d2:
2e:2d:27:fa:80:ec:50:9d:98:ab:d9:b9:b7:35:8c:46:aa:a8:
48:11:c5:76:78:63:aa:0c:dd:30:09:f1:c2:af:4f:46:a9:75:
a2:c9:59:58:7f:7b:25:fe:c1:9b:9b:f0:86:26:be:92:cf:af:
fd:7a:10:18:09:c4:bd:29:09:9b:df:76:cc:50:27:47:8f:69:
1f:c9:13:1c
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIEPv3phDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
ZjY4MTM4ZDRlYzJlYTUxY2FjZWYwOWZmMTA1OGEzNzBhNWJlMTkwMB4XDTIyMDUx
MDA4MDAyNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZWVmZGFlODY1Mzg3
MWRmNThlYTgwMjM0MTBjOWZiODg0Y2U3N2RmNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALniPUJR9vQSdbfEQm/Rkez6Iy6sBpNtINnDTGfY+cNGABZs
FkD2eHopqlS+xHNYvNVaLCZOuKXGRhomYrQp3PvanhiXmlEt6EZU9ol+NXJpi51N
+FLHspvSmlJvGaa/IOtGYF2XfJpyMEyTUSRZNu5LGScHEiTcJBwYjU1JBsgSebgh
cAKhzyAWQYxCg3+biYX3PWSXV8LIe0i4gMYLv2t08B82lJVonvmB/aG4iowNWQbe
1fnZQDHRjuOm/eAt8O9hP3T8R4ALY5a5L+PlkJNTfyD+tx2YZ+atu2Svo3tvgS9C
qWjKQ2IdZjDNb2RNFKU7l4R+KFZ1A/tKAI4LpTkCAwEAAaOCAjkwggI1MB0GA1Ud
DgQWBBTu/a6GU4cd9Y6oAjQQyfuITOd99DAfBgNVHSMEGDAWgBQfaBONTsLqUcrO
8J/xBYo3ClvhkDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0gyZ1RqVTdDNmxIS3p2Q2Y4UVdLTndwYjRaQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTcvYjlhZGY0LWY5MTAtNDM1NS1iZmM4LTYwODU2NDgzOWZkMC8x
Lzd2MnVobE9ISGZXT3FBSTBFTW43aUV6bmZmUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTcv
YjlhZGY0LWY5MTAtNDM1NS1iZmM4LTYwODU2NDgzOWZkMC8xL0gyZ1RqVTdDNmxI
S3p2Q2Y4UVdLTndwYjRaQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBP
BggrBgEFBQcBBwEB/wRAMD4wPAQCAAEwNgMEAwL/+AMEAMCWUgMEAsEtAAMEAMEt
BgMEAcEtCgMEAcEtDgMEAcEtjgMEAMEt/gMEBdnU4DANBgkqhkiG9w0BAQsFAAOC
AQEAQLndWU84fAWFc4Ym2/65ibA1rGOatg7tp2hmaMBWrlrTwsQpUqSxXAaXyFcu
hhy0YY/k9i7pMaqKsTunODhx6yx+K0GOPr7xp6bZBWlOSSRblCHFXg+e/ZzWl1a4
pL18Bam+Iy38bAabEUeJARjto6wgtloBBqH+fRJDRQ18c2jSU062yvKcHffuug2s
yNdkC+Pt80ipATSZZKfvRqHkGJZWHba7I1wjWkocZFM+C1mtAOnSLi0n+oDsUJ2Y
q9m5tzWMRqqoSBHFdnhjqgzdMAnxwq9PRql1oslZWH97Jf7Bm5vwhia+ks+v/XoQ
GAnEvSkJm992zFAnR49pH8kTHA==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:52 2023 by rpki-client on console-fra.rpki-client.org