Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/ax1wv8NTWBvVt3IgEGZ80YA47Iw.roa
File: ax1wv8NTWBvVt3IgEGZ80YA47Iw.roa (raw, json)
Hash identifier: gAw9BNdO/AlDMY8Ljq5Ak1JtW/3GVlaF0WsNfgR1qF8=
Subject key identifier: 6B:1D:70:BF:C3:53:58:1B:D5:B7:72:20:10:66:7C:D1:80:38:EC:8C
Certificate issuer: /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial: 3F05DBA5
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/ax1wv8NTWBvVt3IgEGZ80YA47Iw.roa
Signing time: Thu 12 May 2022 08:25:02 +0000
ROA not before: Thu 12 May 2022 08:25:02 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1299
IP address blocks: 217.212.224.0/19 maxlen: 19
193.45.0.0/22 maxlen: 22
2.255.248.0/21 maxlen: 21
193.45.6.0/24 maxlen: 24
193.45.10.0/23 maxlen: 24
193.45.14.0/23 maxlen: 23
192.150.82.0/24 maxlen: 24
193.45.142.0/24 maxlen: 24
193.45.142.0/23 maxlen: 23
193.45.254.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1057348517 (0x3f05dba5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Validity
Not Before: May 12 08:25:02 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6b1d70bfc353581bd5b7722010667cd18038ec8c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:d5:49:4b:4e:a7:24:39:d7:5d:cf:73:99:b9:
8a:2f:51:db:81:c8:9b:31:a2:56:49:11:df:49:82:
57:21:34:99:da:a5:a3:67:eb:22:f2:1d:d2:0a:ce:
ee:38:49:e9:ae:94:c1:6a:6e:c3:82:9a:bf:6b:e2:
ea:2b:b7:bd:93:e8:14:10:b7:b1:15:f8:4e:f7:ee:
85:89:bf:28:f1:d6:56:49:24:f6:ee:72:c6:aa:df:
a6:e6:da:28:9b:45:30:90:59:e4:29:95:96:ad:ae:
cd:af:17:9b:a0:cb:d2:eb:7c:8c:c4:fc:e8:8a:9a:
e4:ea:49:a6:54:41:46:c7:c1:cf:68:c2:69:ac:e7:
29:ab:40:99:ee:7b:de:7e:0d:a6:d8:23:5f:b0:5a:
e1:b8:ef:61:88:4c:9c:b8:1c:db:f7:ac:26:d7:91:
e0:20:ec:97:2d:9d:19:40:9a:f5:c8:c1:5e:dc:03:
39:2e:88:ec:4e:7f:5c:6d:12:ea:4e:80:b9:97:d3:
06:78:7c:8e:95:28:63:88:cc:03:0b:93:40:76:32:
ad:3a:5b:33:ee:8a:7b:3f:27:22:31:ed:21:3c:5a:
f9:da:2f:d2:2b:e0:64:e2:9b:60:2c:bb:86:e6:47:
7d:a2:b3:bc:ab:19:98:11:97:f3:c2:fa:20:63:7b:
d5:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6B:1D:70:BF:C3:53:58:1B:D5:B7:72:20:10:66:7C:D1:80:38:EC:8C
X509v3 Authority Key Identifier:
keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/ax1wv8NTWBvVt3IgEGZ80YA47Iw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.255.248.0/21
192.150.82.0/24
193.45.0.0/22
193.45.6.0/24
193.45.10.0/23
193.45.14.0/23
193.45.142.0/23
193.45.254.0/24
217.212.224.0/19
Signature Algorithm: sha256WithRSAEncryption
aa:1b:8c:26:85:08:ef:80:df:8b:dd:12:87:8d:28:05:1f:90:
db:96:8e:82:3f:66:f5:99:38:9c:9b:be:0a:52:75:87:19:fe:
25:e5:e1:9e:52:64:43:b7:24:9a:4d:2b:47:b7:3f:a4:10:57:
fa:09:ab:c8:b1:a1:e6:d1:bf:bc:d3:34:f7:c8:41:5f:bd:28:
94:57:0b:7e:23:95:b7:54:c4:93:b5:ee:46:2d:89:8f:7c:1a:
71:18:1b:fc:70:63:d4:a1:53:df:d5:fa:10:94:59:ad:cd:6c:
5d:36:d7:5a:6c:95:65:b8:1d:e2:18:49:4b:15:09:16:f3:a6:
b1:04:a7:e8:b4:6c:93:6a:48:ae:b7:6e:e1:c5:05:aa:f7:8b:
80:a4:ba:1e:16:69:85:c0:6b:6f:bf:82:cf:c0:f2:37:f8:a1:
24:4f:02:69:9a:75:be:ed:dd:08:0e:b7:b5:97:3b:b2:24:3d:
25:d6:87:8f:d0:e2:32:29:81:f0:ae:d0:5c:63:93:68:96:2e:
03:c6:f4:16:f5:2d:9a:27:69:9a:a6:92:15:f5:c4:61:a3:34:
19:70:7f:5e:ef:79:d0:f5:f2:5b:0d:6b:06:e6:ae:24:5d:97:
ef:cc:09:cc:88:5f:9f:d7:24:82:74:ce:97:8b:65:34:b6:49:
26:9d:6c:bf
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgIEPwXbpTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
ZjY4MTM4ZDRlYzJlYTUxY2FjZWYwOWZmMTA1OGEzNzBhNWJlMTkwMB4XDTIyMDUx
MjA4MjUwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmIxZDcwYmZjMzUz
NTgxYmQ1Yjc3MjIwMTA2NjdjZDE4MDM4ZWM4YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJDVSUtOpyQ5113Pc5m5ii9R24HImzGiVkkR30mCVyE0mdql
o2frIvId0grO7jhJ6a6UwWpuw4Kav2vi6iu3vZPoFBC3sRX4TvfuhYm/KPHWVkkk
9u5yxqrfpubaKJtFMJBZ5CmVlq2uza8Xm6DL0ut8jMT86Iqa5OpJplRBRsfBz2jC
aaznKatAme573n4NptgjX7Ba4bjvYYhMnLgc2/esJteR4CDsly2dGUCa9cjBXtwD
OS6I7E5/XG0S6k6AuZfTBnh8jpUoY4jMAwuTQHYyrTpbM+6Kez8nIjHtITxa+dov
0ivgZOKbYCy7huZHfaKzvKsZmBGX88L6IGN71fcCAwEAAaOCAjkwggI1MB0GA1Ud
DgQWBBRrHXC/w1NYG9W3ciAQZnzRgDjsjDAfBgNVHSMEGDAWgBQfaBONTsLqUcrO
8J/xBYo3ClvhkDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0gyZ1RqVTdDNmxIS3p2Q2Y4UVdLTndwYjRaQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTcvYjlhZGY0LWY5MTAtNDM1NS1iZmM4LTYwODU2NDgzOWZkMC8x
L2F4MXd2OE5UV0J2VnQzSWdFR1o4MFlBNDdJdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTcv
YjlhZGY0LWY5MTAtNDM1NS1iZmM4LTYwODU2NDgzOWZkMC8xL0gyZ1RqVTdDNmxI
S3p2Q2Y4UVdLTndwYjRaQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBP
BggrBgEFBQcBBwEB/wRAMD4wPAQCAAEwNgMEAwL/+AMEAMCWUgMEAsEtAAMEAMEt
BgMEAcEtCgMEAcEtDgMEAcEtjgMEAMEt/gMEBdnU4DANBgkqhkiG9w0BAQsFAAOC
AQEAqhuMJoUI74Dfi90Sh40oBR+Q25aOgj9m9Zk4nJu+ClJ1hxn+JeXhnlJkQ7ck
mk0rR7c/pBBX+gmryLGh5tG/vNM098hBX70olFcLfiOVt1TEk7XuRi2Jj3wacRgb
/HBj1KFT39X6EJRZrc1sXTbXWmyVZbgd4hhJSxUJFvOmsQSn6LRsk2pIrrdu4cUF
qveLgKS6HhZphcBrb7+Cz8DyN/ihJE8CaZp1vu3dCA63tZc7siQ9JdaHj9DiMimB
8K7QXGOTaJYuA8b0FvUtmidpmqaSFfXEYaM0GXB/Xu950PXyWw1rBuauJF2X78wJ
zIhfn9ckgnTOl4tlNLZJJp1svw==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:05:44 2023 by rpki-client on console-ams.rpki-client.org