Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/xtWKt8GSj9LMulA-JoBAO6Oc3aY.roa
File: xtWKt8GSj9LMulA-JoBAO6Oc3aY.roa (raw, json)
Hash identifier: Ilvre0qPmk8zNBxQcuRC7QdsKTJT/y+/noTYE7ud1qU=
Subject key identifier: C6:D5:8A:B7:C1:92:8F:D2:CC:BA:50:3E:26:80:40:3B:A3:9C:DD:A6
Certificate issuer: /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial: 3DC5AEA0
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/xtWKt8GSj9LMulA-JoBAO6Oc3aY.roa
Signing time: Sat 01 Jan 2022 08:56:53 +0000
ROA not before: Sat 01 Jan 2022 08:56:53 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 3301
IP address blocks: 217.208.0.0/13 maxlen: 13
194.18.0.0/16 maxlen: 16
195.252.32.0/19 maxlen: 19
194.16.0.0/15 maxlen: 15
195.198.0.0/16 maxlen: 16
62.20.0.0/16 maxlen: 16
195.67.0.0/16 maxlen: 16
2.255.191.0/24 maxlen: 24
192.16.152.0/23 maxlen: 23
2.255.190.0/24 maxlen: 24
192.16.153.0/24 maxlen: 24
193.44.0.0/15 maxlen: 15
194.236.0.0/15 maxlen: 15
192.150.58.0/23 maxlen: 23
192.150.64.0/22 maxlen: 22
192.150.60.0/22 maxlen: 22
192.150.68.0/23 maxlen: 23
192.150.78.0/23 maxlen: 23
213.64.0.0/14 maxlen: 14
212.28.192.0/19 maxlen: 19
194.22.0.0/15 maxlen: 15
81.228.4.0/24 maxlen: 24
81.228.4.0/23 maxlen: 23
2.248.0.0/13 maxlen: 13
81.228.5.0/24 maxlen: 24
194.218.0.0/16 maxlen: 16
212.181.0.0/16 maxlen: 16
78.64.0.0/12 maxlen: 12
95.192.0.0/12 maxlen: 12
90.224.0.0/12 maxlen: 12
81.224.0.0/12 maxlen: 12
192.150.82.0/24 maxlen: 24
192.150.80.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1036365472 (0x3dc5aea0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Validity
Not Before: Jan 1 08:56:53 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c6d58ab7c1928fd2ccba503e2680403ba39cdda6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:78:c7:10:ee:e8:61:b3:e9:99:87:de:7e:03:
37:56:28:68:b8:37:43:d7:df:cc:fa:8c:78:6a:b5:
7c:9d:9c:9a:aa:e7:96:98:c1:a6:9f:cd:e8:86:b3:
03:23:ee:a8:a7:f4:69:01:1e:75:44:52:3c:4f:15:
b5:33:6d:78:03:a1:39:da:4c:db:b3:7b:d1:f7:5a:
ed:08:c7:a0:3e:99:1e:76:85:bc:0c:6e:cd:aa:79:
f2:b1:20:81:79:25:a0:5a:a8:0b:bb:8e:ee:6c:ff:
7c:86:97:87:94:0c:05:fd:5d:16:08:fc:af:0f:0b:
f5:52:74:1a:b7:af:ab:81:17:0f:bb:16:93:1c:05:
73:a0:b5:e4:d8:5d:77:46:50:be:af:e3:c5:5d:c4:
8b:c6:ea:42:67:82:10:c2:ca:55:b3:28:c5:34:ec:
b3:09:4b:76:b7:ea:e0:fa:a9:7b:da:70:17:a8:ca:
18:d9:4d:a6:ff:07:3f:dc:64:46:2f:fc:14:7c:e0:
6c:ca:2d:3c:ce:55:31:b7:4c:ff:f2:32:70:ab:91:
4a:ef:64:86:72:98:46:bc:8d:3e:f8:6c:c8:cf:f9:
62:59:c2:2f:61:d1:62:fa:0e:a8:e1:12:a8:81:3e:
e1:28:c1:46:59:d9:49:53:ba:f8:b5:17:f3:1c:9a:
e7:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C6:D5:8A:B7:C1:92:8F:D2:CC:BA:50:3E:26:80:40:3B:A3:9C:DD:A6
X509v3 Authority Key Identifier:
keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/xtWKt8GSj9LMulA-JoBAO6Oc3aY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.248.0.0/13
62.20.0.0/16
78.64.0.0/12
81.224.0.0/12
90.224.0.0/12
95.192.0.0/12
192.16.152.0/23
192.150.58.0-192.150.69.255
192.150.78.0-192.150.82.255
193.44.0.0/15
194.16.0.0-194.18.255.255
194.22.0.0/15
194.218.0.0/16
194.236.0.0/15
195.67.0.0/16
195.198.0.0/16
195.252.32.0/19
212.28.192.0/19
212.181.0.0/16
213.64.0.0/14
217.208.0.0/13
Signature Algorithm: sha256WithRSAEncryption
34:72:51:5a:d2:5b:31:6c:93:fc:d7:c2:19:b2:a0:83:4a:28:
9b:f5:4c:3b:89:59:3e:7b:14:4f:13:ba:38:86:a9:ca:19:ab:
37:df:b3:ed:e4:cb:dd:ca:82:93:a0:6b:5f:16:6f:09:d4:49:
04:7b:77:70:8b:1d:56:dc:52:2a:98:80:fd:84:ba:96:8c:45:
63:f1:df:b4:de:5a:24:c5:21:bc:a2:31:ed:2c:6f:b5:43:42:
10:98:42:72:66:fd:2b:c8:5e:be:93:b1:a3:11:11:de:c7:ae:
b4:8e:45:b9:00:f1:05:c9:80:2c:95:e5:46:e9:d5:15:ac:74:
da:2f:ee:6f:b9:93:f1:2e:be:05:82:91:81:aa:b3:b9:b6:cb:
f7:6c:da:88:f0:9f:d8:87:a0:a4:6e:84:5c:45:3f:ac:68:0e:
83:77:40:3b:cf:6b:c4:56:a7:a7:be:92:b2:0d:24:69:ec:bd:
a8:c7:48:8f:23:34:70:f0:38:50:b4:a0:20:b4:50:58:a7:3c:
ee:74:6d:cb:b7:0f:f2:4f:87:b1:1e:5c:f2:21:cb:53:94:1d:
c0:fe:bb:43:ae:64:e9:13:c1:ba:43:e1:c5:17:06:7b:ed:53:
ff:84:fd:bf:c0:d3:ef:b8:65:eb:98:3d:04:ac:43:e5:0d:b3:
27:e7:80:bd
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgIEPcWuoDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
ZjY4MTM4ZDRlYzJlYTUxY2FjZWYwOWZmMTA1OGEzNzBhNWJlMTkwMB4XDTIyMDEw
MTA4NTY1M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzZkNThhYjdjMTky
OGZkMmNjYmE1MDNlMjY4MDQwM2JhMzljZGRhNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAI54xxDu6GGz6ZmH3n4DN1YoaLg3Q9ffzPqMeGq1fJ2cmqrn
lpjBpp/N6IazAyPuqKf0aQEedURSPE8VtTNteAOhOdpM27N70fda7QjHoD6ZHnaF
vAxuzap58rEggXkloFqoC7uO7mz/fIaXh5QMBf1dFgj8rw8L9VJ0Grevq4EXD7sW
kxwFc6C15Nhdd0ZQvq/jxV3Ei8bqQmeCEMLKVbMoxTTsswlLdrfq4Pqpe9pwF6jK
GNlNpv8HP9xkRi/8FHzgbMotPM5VMbdM//IycKuRSu9khnKYRryNPvhsyM/5YlnC
L2HRYvoOqOESqIE+4SjBRlnZSVO6+LUX8xya54kCAwEAAaOCAo0wggKJMB0GA1Ud
DgQWBBTG1Yq3wZKP0sy6UD4mgEA7o5zdpjAfBgNVHSMEGDAWgBQfaBONTsLqUcrO
8J/xBYo3ClvhkDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0gyZ1RqVTdDNmxIS3p2Q2Y4UVdLTndwYjRaQS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYTcvYjlhZGY0LWY5MTAtNDM1NS1iZmM4LTYwODU2NDgzOWZkMC8x
L3h0V0t0OEdTajlMTXVsQS1Kb0JBTzZPYzNhWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYTcv
YjlhZGY0LWY5MTAtNDM1NS1iZmM4LTYwODU2NDgzOWZkMC8xL0gyZ1RqVTdDNmxI
S3p2Q2Y4UVdLTndwYjRaQS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
ogYIKwYBBQUHAQcBAf8EgZIwgY8wgYwEAgABMIGFAwMDAvgDAwA+FAMDBE5AAwME
UeADAwRa4AMDBF/AAwQBwBCYMAwDBAHAljoDBAHAlkQwDAMEAcCWTgMEAMCWUgMD
AcEsMAoDAwTCEAMDAMISAwMBwhYDAwDC2gMDAcLsAwMAw0MDAwDDxgMEBcP8IAME
BdQcwAMDANS1AwMC1UADAwPZ0DANBgkqhkiG9w0BAQsFAAOCAQEANHJRWtJbMWyT
/NfCGbKgg0oom/VMO4lZPnsUTxO6OIapyhmrN9+z7eTL3cqCk6BrXxZvCdRJBHt3
cIsdVtxSKpiA/YS6loxFY/HftN5aJMUhvKIx7SxvtUNCEJhCcmb9K8hevpOxoxER
3seutI5FuQDxBcmALJXlRunVFax02i/ub7mT8S6+BYKRgaqzubbL92zaiPCf2Ieg
pG6EXEU/rGgOg3dAO89rxFanp76Ssg0kaey9qMdIjyM0cPA4ULSgILRQWKc87nRt
y7cP8k+HsR5c8iHLU5QdwP67Q65k6RPBukPhxRcGe+1T/4T9v8DT77hl65g9BKxD
5Q2zJ+eAvQ==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:05:44 2023 by rpki-client on console-ams.rpki-client.org