Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/A7WlcpthjHIonaPqUVMMPZQzDW8.roa
File: A7WlcpthjHIonaPqUVMMPZQzDW8.roa (raw, json)
Hash identifier: 1zP5+gYR4AvLTCvatIULs5MxlRTmFxnov1SBpJxAzcI=
Subject key identifier: 03:B5:A5:72:9B:61:8C:72:28:9D:A3:EA:51:53:0C:3D:94:33:0D:6F
Certificate issuer: /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial: 01833BBA1B3E5B62521A382E21BE8E042D5B
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/A7WlcpthjHIonaPqUVMMPZQzDW8.roa
Signing time: Wed 14 Sep 2022 11:19:55 +0000
ROA not before: Wed 14 Sep 2022 11:19:55 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1299
IP address blocks: 217.212.224.0/19 maxlen: 19
193.45.0.0/22 maxlen: 22
2.255.248.0/21 maxlen: 21
193.45.6.0/24 maxlen: 24
193.45.10.0/23 maxlen: 24
193.45.14.0/23 maxlen: 23
193.45.142.0/24 maxlen: 24
193.45.142.0/23 maxlen: 23
193.45.254.0/24 maxlen: 24
2.255.192.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:3b:ba:1b:3e:5b:62:52:1a:38:2e:21:be:8e:04:2d:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Validity
Not Before: Sep 14 11:19:55 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=03b5a5729b618c72289da3ea51530c3d94330d6f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:40:10:74:a1:e0:30:48:63:22:18:6e:7a:7b:
51:da:e3:f8:dd:28:06:81:c8:79:3b:f3:f0:90:3a:
2e:f5:11:8b:16:91:84:28:4c:2a:0c:5d:8c:3e:af:
92:ad:c4:d1:5e:f1:c2:f0:8e:db:db:bb:69:dd:52:
a8:3a:e0:1d:e4:e0:52:46:51:b2:e4:c7:0c:b5:08:
7d:4f:09:c9:7b:a4:91:41:d0:f7:6d:69:eb:7b:de:
a7:df:35:ca:b9:ce:2e:85:8b:6d:63:7e:54:01:8e:
c8:86:dc:03:f0:a5:9a:fa:32:c5:ff:94:14:f2:45:
47:79:77:4e:0c:ce:0c:0e:43:48:e7:e9:f0:04:96:
cc:43:b0:e4:c8:66:68:2f:3b:12:9c:85:0d:a5:24:
64:53:e9:7f:8b:24:14:75:9a:fd:7a:71:4e:7e:28:
0f:eb:22:16:3a:42:01:ca:b2:36:3f:26:e1:35:1c:
0f:3c:62:6b:2d:78:29:91:c8:b8:d7:0b:38:1c:33:
69:67:99:0c:d8:91:63:11:5f:d7:36:80:f4:9c:28:
bd:d6:20:c8:91:7e:13:96:ba:73:6e:4c:36:ea:6e:
e7:38:de:5f:ee:51:7b:01:b7:3b:89:90:d2:7e:3c:
6a:15:b8:e2:65:fe:68:9b:ad:4c:3b:f0:75:79:58:
08:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:B5:A5:72:9B:61:8C:72:28:9D:A3:EA:51:53:0C:3D:94:33:0D:6F
X509v3 Authority Key Identifier:
keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/A7WlcpthjHIonaPqUVMMPZQzDW8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.255.192.0/18
193.45.0.0/22
193.45.6.0/24
193.45.10.0/23
193.45.14.0/23
193.45.142.0/23
193.45.254.0/24
217.212.224.0/19
Signature Algorithm: sha256WithRSAEncryption
cc:bd:18:d8:5b:4c:3d:25:a0:bf:1f:b7:4e:be:86:23:59:80:
e2:f9:c3:d6:52:b3:f3:97:e7:43:03:2b:0b:75:3c:72:2d:30:
1d:2a:1b:25:b7:f1:ea:17:99:6f:35:e2:53:6e:5c:bc:50:1e:
01:f6:15:03:c0:8d:78:9b:2f:a8:79:23:98:06:34:88:fd:4d:
a5:8c:77:c9:20:5a:0f:21:89:46:9b:a0:9b:bd:5e:f4:38:90:
da:eb:8b:03:ff:df:ea:70:31:f9:61:95:f0:73:a6:09:98:75:
89:22:6d:84:9b:a7:01:09:84:13:ef:8a:44:40:e3:b7:59:84:
32:d3:cd:44:b6:df:8a:05:8b:d2:73:6b:5e:50:a9:ab:7b:8e:
aa:66:06:4e:13:25:d8:35:89:f6:3f:9d:90:75:45:e3:8b:15:
09:e2:04:31:1c:47:3c:20:c7:04:a1:9f:d6:a1:58:2f:af:c0:
4b:8e:b7:ef:96:10:17:b8:2e:15:4a:11:be:56:af:99:c5:db:
13:84:0f:5e:4a:4d:be:ed:ad:a8:7b:60:c3:57:74:7b:fd:68:
6c:8d:f1:5a:29:4a:16:2b:83:57:9c:5a:b3:73:ad:38:02:31:
5d:e7:d9:5c:c2:c2:48:5c:a9:81:a2:ed:b9:73:a3:1d:b1:75:
2f:5f:a9:0e
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYM7uhs+W2JSGjguIb6OBC1bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjgxMzhkNGVjMmVhNTFjYWNlZjA5ZmYxMDU4YTM3MGE1
YmUxOTAwHhcNMjIwOTE0MTExOTU1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwM2I1YTU3MjliNjE4YzcyMjg5ZGEzZWE1MTUzMGMzZDk0MzMwZDZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkAQdKHgMEhjIhhuentR2uP43SgG
gch5O/PwkDou9RGLFpGEKEwqDF2MPq+SrcTRXvHC8I7b27tp3VKoOuAd5OBSRlGy
5McMtQh9TwnJe6SRQdD3bWnre96n3zXKuc4uhYttY35UAY7IhtwD8KWa+jLF/5QU
8kVHeXdODM4MDkNI5+nwBJbMQ7DkyGZoLzsSnIUNpSRkU+l/iyQUdZr9enFOfigP
6yIWOkIByrI2PybhNRwPPGJrLXgpkci41ws4HDNpZ5kM2JFjEV/XNoD0nCi91iDI
kX4Tlrpzbkw26m7nON5f7lF7Abc7iZDSfjxqFbjiZf5om61MO/B1eVgILQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFAO1pXKbYYxyKJ2j6lFTDD2UMw1vMB8GA1UdIwQY
MBaAFB9oE41OwupRys7wn/EFijcKW+GQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgt
NjA4NTY0ODM5ZmQwLzEvQTdXbGNwdGhqSElvbmFQcVVWTU1QWlF6RFc4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgtNjA4NTY0ODM5ZmQw
LzEvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQGAv/AAwQC
wS0AAwQAwS0GAwQBwS0KAwQBwS0OAwQBwS2OAwQAwS3+AwQF2dTgMA0GCSqGSIb3
DQEBCwUAA4IBAQDMvRjYW0w9JaC/H7dOvoYjWYDi+cPWUrPzl+dDAysLdTxyLTAd
Khslt/HqF5lvNeJTbly8UB4B9hUDwI14my+oeSOYBjSI/U2ljHfJIFoPIYlGm6Cb
vV70OJDa64sD/9/qcDH5YZXwc6YJmHWJIm2Em6cBCYQT74pEQOO3WYQy081Ett+K
BYvSc2teUKmre46qZgZOEyXYNYn2P52QdUXjixUJ4gQxHEc8IMcEoZ/WoVgvr8BL
jrfvlhAXuC4VShG+Vq+ZxdsThA9eSk2+7a2oe2DDV3R7/WhsjfFaKUoWK4NXnFqz
c604AjFd59lcwsJIXKmBou25c6MdsXUvX6kO
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:01:52 2023 by rpki-client on console-fra.rpki-client.org