Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/aa/31fda0-7aaa-461c-a352-eb35bfa065ad/1/1i8ItPsAd9eMcFgPFybxuXebrug.roa
File: 1i8ItPsAd9eMcFgPFybxuXebrug.roa (raw, json)
Hash identifier: 9wScLuYQpKXknYhy2vYTbxXGgsR4b/eMCezrIsfskI8=
Subject key identifier: D6:2F:08:B4:FB:00:77:D7:8C:70:58:0F:17:26:F1:B9:77:9B:AE:E8
Certificate issuer: /CN=e8c483b75c2db1cf9ff4e94c7a0fdf0db0000f00
Certificate serial: 018572C36A1401C99BDCD0C2263A9D2C5A16
Authority key identifier: E8:C4:83:B7:5C:2D:B1:CF:9F:F4:E9:4C:7A:0F:DF:0D:B0:00:0F:00
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6MSDt1wtsc-f9OlMeg_fDbAADwA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/aa/31fda0-7aaa-461c-a352-eb35bfa065ad/1/1i8ItPsAd9eMcFgPFybxuXebrug.roa
Signing time: Mon 02 Jan 2023 13:54:47 +0000
ROA not before: Mon 02 Jan 2023 13:54:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 51069
IP address blocks: 193.194.108.0/22 maxlen: 23
178.219.80.0/20 maxlen: 24
31.129.64.0/19 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:72:c3:6a:14:01:c9:9b:dc:d0:c2:26:3a:9d:2c:5a:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e8c483b75c2db1cf9ff4e94c7a0fdf0db0000f00
Validity
Not Before: Jan 2 13:54:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d62f08b4fb0077d78c70580f1726f1b9779baee8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:24:8c:53:d5:9b:60:8a:08:ff:99:e7:c0:aa:
9e:6c:3e:0a:a8:f7:ac:fd:0e:29:1c:53:28:bb:dc:
7a:bf:cd:14:7e:df:63:97:31:08:57:39:4e:98:e4:
b9:07:a3:17:68:d2:a9:b2:be:9a:fd:f8:4a:c5:3d:
c2:4c:8b:94:23:03:2c:b6:c2:79:7a:20:03:f1:bd:
e5:98:6e:9c:f4:05:f2:6f:e2:ef:bf:13:c6:6f:9d:
ff:2d:28:a7:33:94:29:d2:aa:6f:6c:cb:98:c8:d2:
3d:a5:a3:8f:d0:8e:f5:09:f4:95:d3:41:b3:69:ff:
b1:f2:b9:1e:45:bc:57:53:ae:9c:f2:33:0e:e5:96:
3a:a7:42:99:85:66:ee:a6:67:63:20:76:c5:61:d2:
4c:a9:f3:56:a9:88:a8:93:6b:59:2e:88:2b:89:42:
42:59:e3:c8:3b:4c:6c:eb:2f:63:6d:7d:6f:5a:a7:
82:8a:12:43:26:54:2c:c6:44:15:3d:97:83:9d:41:
e0:15:a4:0f:5a:76:33:39:61:32:cf:06:49:f4:f3:
48:90:ee:97:e0:99:5f:76:f9:1a:e6:e2:2d:d3:d8:
ce:7c:19:a7:c5:48:99:f6:9a:f9:55:c5:a6:95:0a:
6d:cb:10:9a:fe:36:52:a6:76:64:b4:59:af:19:c9:
ed:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:2F:08:B4:FB:00:77:D7:8C:70:58:0F:17:26:F1:B9:77:9B:AE:E8
X509v3 Authority Key Identifier:
keyid:E8:C4:83:B7:5C:2D:B1:CF:9F:F4:E9:4C:7A:0F:DF:0D:B0:00:0F:00
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6MSDt1wtsc-f9OlMeg_fDbAADwA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/31fda0-7aaa-461c-a352-eb35bfa065ad/1/1i8ItPsAd9eMcFgPFybxuXebrug.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/aa/31fda0-7aaa-461c-a352-eb35bfa065ad/1/6MSDt1wtsc-f9OlMeg_fDbAADwA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.129.64.0/19
178.219.80.0/20
193.194.108.0/22
Signature Algorithm: sha256WithRSAEncryption
96:79:c2:39:22:f5:3d:c3:49:b5:7c:0a:b7:c0:3c:07:b6:d1:
ef:c4:5e:09:7f:c1:e4:48:9b:bc:8d:07:a9:95:66:7a:7c:aa:
0e:06:41:f7:3c:f9:42:29:b2:40:f6:6d:61:b3:49:da:4d:88:
27:5e:67:69:52:2c:d4:29:dd:cd:cf:23:4c:c6:c6:0c:ff:37:
da:62:79:12:e4:41:b8:b3:61:19:03:b6:c5:d9:05:b9:1b:3c:
4b:16:ae:a8:d7:50:ce:16:cb:45:20:db:84:96:45:fc:28:3f:
be:d7:ea:05:1e:f2:4e:26:5e:21:5a:19:89:9c:83:2e:1d:ac:
f3:1d:5a:be:6d:4c:b1:eb:d0:f1:42:20:f9:12:0c:a7:41:49:
a3:7d:c2:2f:4d:68:cd:42:c6:0e:d3:10:f1:ac:63:1c:64:1d:
22:05:0d:20:45:cd:29:95:8b:ff:df:ab:1a:93:0d:c4:d8:32:
f2:50:9b:37:da:54:7e:b7:9f:9c:eb:75:01:9c:13:07:9a:a0:
d4:72:03:0d:ce:ad:d3:2a:62:39:38:55:4e:2b:b1:28:10:62:
7f:89:81:1e:d3:26:3b:ad:2d:9b:79:05:62:85:3c:ca:3d:1c:
c6:80:2c:2d:6c:48:d3:54:74:ec:af:35:d8:76:ea:60:a1:99:
e6:fa:d2:03
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYVyw2oUAcmb3NDCJjqdLFoWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU4YzQ4M2I3NWMyZGIxY2Y5ZmY0ZTk0YzdhMGZkZjBkYjAw
MDBmMDAwHhcNMjMwMTAyMTM1NDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNjJmMDhiNGZiMDA3N2Q3OGM3MDU4MGYxNzI2ZjFiOTc3OWJhZWU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6iSMU9WbYIoI/5nnwKqebD4KqPes
/Q4pHFMou9x6v80Uft9jlzEIVzlOmOS5B6MXaNKpsr6a/fhKxT3CTIuUIwMstsJ5
eiAD8b3lmG6c9AXyb+LvvxPGb53/LSinM5Qp0qpvbMuYyNI9paOP0I71CfSV00Gz
af+x8rkeRbxXU66c8jMO5ZY6p0KZhWbupmdjIHbFYdJMqfNWqYiok2tZLogriUJC
WePIO0xs6y9jbX1vWqeCihJDJlQsxkQVPZeDnUHgFaQPWnYzOWEyzwZJ9PNIkO6X
4Jlfdvka5uIt09jOfBmnxUiZ9pr5VcWmlQptyxCa/jZSpnZktFmvGcntzQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFNYvCLT7AHfXjHBYDxcm8bl3m67oMB8GA1UdIwQY
MBaAFOjEg7dcLbHPn/TpTHoP3w2wAA8AMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNk1TRHQxd3RzYy1mOU9sTWVnX2ZEYkFBRHdBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYS8zMWZkYTAtN2FhYS00NjFjLWEzNTIt
ZWIzNWJmYTA2NWFkLzEvMWk4SXRQc0FkOWVNY0ZnUEZ5Ynh1WGVicnVnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYS8zMWZkYTAtN2FhYS00NjFjLWEzNTItZWIzNWJmYTA2NWFk
LzEvNk1TRHQxd3RzYy1mOU9sTWVnX2ZEYkFBRHdBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQFH4FAAwQE
sttQAwQCwcJsMA0GCSqGSIb3DQEBCwUAA4IBAQCWecI5IvU9w0m1fAq3wDwHttHv
xF4Jf8HkSJu8jQeplWZ6fKoOBkH3PPlCKbJA9m1hs0naTYgnXmdpUizUKd3NzyNM
xsYM/zfaYnkS5EG4s2EZA7bF2QW5GzxLFq6o11DOFstFINuElkX8KD++1+oFHvJO
Jl4hWhmJnIMuHazzHVq+bUyx69DxQiD5EgynQUmjfcIvTWjNQsYO0xDxrGMcZB0i
BQ0gRc0plYv/36sakw3E2DLyUJs32lR+t5+c63UBnBMHmqDUcgMNzq3TKmI5OFVO
K7EoEGJ/iYEe0yY7rS2beQVihTzKPRzGgCwtbEjTVHTsrzXYdupgoZnm+tID
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:37 2024 by rpki-client on console-ams.rpki-client.org