Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/VHYUoUQQb0enHzCIQ1N5kuW-ooI.roa
File: VHYUoUQQb0enHzCIQ1N5kuW-ooI.roa (raw, json)
Hash identifier: atxfAeLaNLTPAkSjmSh84UUBg54wrN2QHi47rtOWbwo=
Subject key identifier: 54:76:14:A1:44:10:6F:47:A7:1F:30:88:43:53:79:92:E5:BE:A2:82
Certificate issuer: /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial: 3EEE66DC
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/VHYUoUQQb0enHzCIQ1N5kuW-ooI.roa
Signing time: Fri 06 May 2022 08:01:41 +0000
ROA not before: Fri 06 May 2022 08:01:41 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1299
IP address blocks: 217.212.224.0/19 maxlen: 19
193.45.0.0/22 maxlen: 22
2.255.248.0/21 maxlen: 21
193.45.6.0/24 maxlen: 24
193.45.10.0/23 maxlen: 24
193.45.14.0/23 maxlen: 23
193.45.142.0/24 maxlen: 24
193.45.142.0/23 maxlen: 23
193.45.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1055811292 (0x3eee66dc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Validity
Not Before: May 6 08:01:41 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=547614a144106f47a71f308843537992e5bea282
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f6:fe:18:fd:83:54:70:38:36:0b:60:28:c8:20:
1a:0f:6b:12:bf:e3:3c:50:aa:b2:e6:e6:2a:ab:33:
27:9c:2a:79:a7:82:65:b2:86:84:cb:1c:9c:46:5f:
37:6c:c0:9d:27:86:9c:e9:0f:5f:f7:f2:c4:a3:f3:
82:90:dd:38:6f:8d:3c:96:06:71:95:74:7d:3a:59:
af:43:61:38:55:be:fd:15:b8:cf:37:ec:6d:aa:c7:
8d:e1:d9:9c:40:c5:f7:17:81:90:9e:dd:89:74:07:
de:f5:f6:77:f8:0b:9d:80:34:af:05:c9:0c:1a:9d:
d3:d2:79:15:4f:bb:9a:de:c4:1f:49:a9:d9:29:87:
a7:27:b9:79:79:b1:e2:13:9f:1c:2a:99:11:77:5c:
a8:f7:32:20:65:a5:ea:1f:1f:58:79:5b:db:4d:b3:
dd:84:ad:1f:7c:21:62:f0:02:18:d1:c2:f3:31:8a:
1c:59:bb:da:0f:c2:15:b6:07:79:c0:16:ce:1a:0c:
ff:ba:2c:09:d1:bd:08:2f:b3:7a:8d:f9:44:1c:68:
56:15:fb:b3:1b:54:44:cf:51:4d:9b:c7:5e:5f:48:
e9:42:3e:65:01:57:96:98:14:4a:82:cf:c2:8d:49:
8d:b5:00:cd:60:bd:6a:c8:ca:37:fc:59:67:24:15:
62:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:76:14:A1:44:10:6F:47:A7:1F:30:88:43:53:79:92:E5:BE:A2:82
X509v3 Authority Key Identifier:
keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/VHYUoUQQb0enHzCIQ1N5kuW-ooI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.255.248.0/21
193.45.0.0/22
193.45.6.0/24
193.45.10.0/23
193.45.14.0/23
193.45.142.0/23
193.45.254.0/24
217.212.224.0/19
Signature Algorithm: sha256WithRSAEncryption
76:5b:12:b3:80:19:c8:cf:7d:e8:1b:ef:49:97:da:68:62:6b:
53:a7:00:d8:d1:50:9d:3f:a3:11:d4:c3:57:e7:31:65:b4:49:
96:e7:50:da:54:f4:8b:97:81:b9:61:78:b8:21:64:73:4b:72:
9a:f7:1f:ae:09:94:1b:84:24:3c:bd:a4:2f:10:0f:49:01:c8:
f0:c1:cb:70:5e:bc:bc:88:31:8b:08:3f:c1:25:66:e5:3e:58:
cb:35:59:5c:d2:28:fc:43:05:9e:96:91:af:80:7e:ca:61:e8:
c2:17:ea:8d:34:61:af:22:88:1c:97:76:f0:5c:71:d6:4a:4f:
b3:f7:61:fe:9c:9b:a0:01:17:d5:19:a0:d8:06:53:96:05:f0:
93:f1:28:92:4a:2e:bb:d8:3c:1b:4d:a5:75:c1:b4:b7:d9:39:
a6:76:22:19:1c:d7:b4:f6:db:05:dd:28:5d:17:2b:4b:eb:68:
29:13:08:95:45:64:6e:2d:25:20:be:c5:11:7b:93:63:56:1a:
a2:54:d0:d7:00:d4:be:a7:7b:77:db:d8:e1:a5:38:f9:20:8c:
cb:dd:a4:7f:66:36:d2:ca:58:03:47:68:80:da:25:ce:44:e4:
f7:44:30:1d:77:d9:7f:16:26:ec:c4:89:07:28:72:cf:67:d2:
a5:bd:b6:2d
-----BEGIN CERTIFICATE-----
MIIFGTCCBAGgAwIBAgIEPu5m3DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
ZjY4MTM4ZDRlYzJlYTUxY2FjZWYwOWZmMTA1OGEzNzBhNWJlMTkwMB4XDTIyMDUw
NjA4MDE0MVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTQ3NjE0YTE0NDEw
NmY0N2E3MWYzMDg4NDM1Mzc5OTJlNWJlYTI4MjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAPb+GP2DVHA4NgtgKMggGg9rEr/jPFCqsubmKqszJ5wqeaeC
ZbKGhMscnEZfN2zAnSeGnOkPX/fyxKPzgpDdOG+NPJYGcZV0fTpZr0NhOFW+/RW4
zzfsbarHjeHZnEDF9xeBkJ7diXQH3vX2d/gLnYA0rwXJDBqd09J5FU+7mt7EH0mp
2SmHpye5eXmx4hOfHCqZEXdcqPcyIGWl6h8fWHlb202z3YStH3whYvACGNHC8zGK
HFm72g/CFbYHecAWzhoM/7osCdG9CC+zeo35RBxoVhX7sxtURM9RTZvHXl9I6UI+
ZQFXlpgUSoLPwo1JjbUAzWC9asjKN/xZZyQVYm8CAwEAAaOCAjMwggIvMB0GA1Ud
DgQWBBRUdhShRBBvR6cfMIhDU3mS5b6igjAfBgNVHSMEGDAWgBQfaBONTsLqUcrO
8J/xBYo3ClvhkDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0gyZ1RqVTdDNmxIS3p2Q2Y4UVdLTndwYjRaQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTcvYjlhZGY0LWY5MTAtNDM1NS1iZmM4LTYwODU2NDgzOWZkMC8x
L1ZIWVVvVVFRYjBlbkh6Q0lRMU41a3VXLW9vSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTcv
YjlhZGY0LWY5MTAtNDM1NS1iZmM4LTYwODU2NDgzOWZkMC8xL0gyZ1RqVTdDNmxI
S3p2Q2Y4UVdLTndwYjRaQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBJ
BggrBgEFBQcBBwEB/wQ6MDgwNgQCAAEwMAMEAwL/+AMEAsEtAAMEAMEtBgMEAcEt
CgMEAcEtDgMEAcEtjgMEAMEt/gMEBdnU4DANBgkqhkiG9w0BAQsFAAOCAQEAdlsS
s4AZyM996BvvSZfaaGJrU6cA2NFQnT+jEdTDV+cxZbRJludQ2lT0i5eBuWF4uCFk
c0tymvcfrgmUG4QkPL2kLxAPSQHI8MHLcF68vIgxiwg/wSVm5T5YyzVZXNIo/EMF
npaRr4B+ymHowhfqjTRhryKIHJd28Fxx1kpPs/dh/pyboAEX1Rmg2AZTlgXwk/Eo
kkouu9g8G02ldcG0t9k5pnYiGRzXtPbbBd0oXRcrS+toKRMIlUVkbi0lIL7FEXuT
Y1YaolTQ1wDUvqd7d9vY4aU4+SCMy92kf2Y20spYA0dogNolzkTk90QwHXfZfxYm
7MSJByhyz2fSpb22LQ==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:05:44 2023 by rpki-client on console-ams.rpki-client.org