Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/j696qgliyjWAww-84BkHGXZlS1c.roa
File: j696qgliyjWAww-84BkHGXZlS1c.roa (raw, json)
Hash identifier: 9lm31LXs5qySrTs98vDU3pZ43aadgSGEmTJEF9lxcgY=
Subject key identifier: 8F:AF:7A:AA:09:62:CA:35:80:C3:0F:BC:E0:19:07:19:76:65:4B:57
Certificate issuer: /CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Certificate serial: 018848C3B2DA3A5EB0E0643773355DF04417
Authority key identifier: C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/j696qgliyjWAww-84BkHGXZlS1c.roa
Signing time: Tue 23 May 2023 13:19:24 +0000
ROA not before: Tue 23 May 2023 13:19:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 29300
IP address blocks: 81.88.64.0/20 maxlen: 20
217.196.48.0/20 maxlen: 20
82.148.160.0/19 maxlen: 19
93.184.112.0/20 maxlen: 20
109.169.96.0/19 maxlen: 19
2a02:2828::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:48:c3:b2:da:3a:5e:b0:e0:64:37:73:35:5d:f0:44:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c592786ced6ce597585468bb4f36b31cf6acec6e
Validity
Not Before: May 23 13:19:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8faf7aaa0962ca3580c30fbce019071976654b57
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:0e:1c:da:c7:c4:b0:af:4f:d1:d9:94:d3:dd:
fe:47:a6:b0:5f:b1:e6:d4:27:b5:6e:1c:17:f4:a8:
c8:00:82:91:b4:65:61:61:73:3e:d4:d4:a5:4c:c6:
70:01:61:78:06:16:18:5e:2c:a0:8e:c9:01:e5:e5:
66:2d:72:6b:0d:00:dc:b7:14:6a:c5:74:b5:07:f6:
0a:52:df:43:93:bd:ea:d0:e4:c1:51:0d:c5:1c:d3:
8d:ae:74:cc:05:b4:14:98:32:ad:08:b6:06:83:af:
1f:a2:11:1f:71:a8:b1:06:1d:9c:ed:72:d2:9f:ca:
9c:49:5c:fd:9a:b2:39:ca:4a:a0:39:4f:d5:2b:10:
f1:2e:75:54:03:48:dc:c0:0a:82:90:d5:45:20:7a:
68:a7:91:71:1b:16:fd:df:a5:b3:62:ec:b1:ee:fe:
7e:89:01:1e:50:74:cb:47:42:1d:f8:58:fc:51:9a:
59:04:66:00:7c:f5:cf:0f:c0:26:86:d6:b9:24:21:
88:a2:5d:aa:99:11:6b:2a:1c:54:12:63:10:14:eb:
7c:dd:e5:1c:9b:37:c5:8a:53:81:23:6e:c4:08:80:
be:27:cc:b7:d9:bf:8a:96:b4:18:db:6d:45:04:85:
fc:a6:a8:f6:e7:6a:17:15:92:9f:45:19:6b:74:a0:
7a:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8F:AF:7A:AA:09:62:CA:35:80:C3:0F:BC:E0:19:07:19:76:65:4B:57
X509v3 Authority Key Identifier:
keyid:C5:92:78:6C:ED:6C:E5:97:58:54:68:BB:4F:36:B3:1C:F6:AC:EC:6E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xZJ4bO1s5ZdYVGi7TzazHPas7G4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/j696qgliyjWAww-84BkHGXZlS1c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ae/a9c0b7-a23a-458f-8f64-ba37511404c2/1/xZJ4bO1s5ZdYVGi7TzazHPas7G4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.88.64.0/20
82.148.160.0/19
93.184.112.0/20
109.169.96.0/19
217.196.48.0/20
IPv6:
2a02:2828::/32
Signature Algorithm: sha256WithRSAEncryption
0f:20:d7:f1:12:76:56:81:7a:1f:02:7e:ef:57:96:cc:4e:8e:
dc:d2:67:dd:4c:a6:3b:e8:25:bd:61:a7:ce:54:86:b1:5c:7f:
16:e2:37:91:cd:98:aa:36:4f:c2:31:99:93:87:70:a8:f4:1d:
ff:c5:f3:16:9a:0d:92:f5:fa:f9:38:f1:f5:55:be:73:72:ca:
51:6a:7e:23:58:22:c1:4b:98:f8:2b:88:cc:08:be:da:5b:c2:
b4:7d:0d:b7:01:b9:3f:d7:49:21:b6:f3:c7:e1:fa:fb:e0:2c:
3a:dd:69:13:e2:88:7a:ea:2a:95:80:8e:34:c7:69:11:b1:cf:
3f:9f:66:17:1b:6f:1b:65:9a:e1:07:8d:f9:2f:b9:ab:52:36:
86:7f:3c:6d:57:fe:1b:f4:bb:26:13:60:e5:e5:a5:8f:27:19:
55:8e:a4:e8:84:95:54:9a:3c:01:c3:1d:26:c2:13:59:7a:f6:
cb:6c:5e:c1:38:ba:6e:e7:2a:68:ba:1a:3c:8c:63:58:4a:3f:
14:bc:de:e7:05:59:0d:a6:1d:c5:a7:7f:d3:60:fe:f6:01:49:
d4:7a:fb:f5:fa:d6:78:3c:4b:61:34:6b:85:b3:be:fc:23:65:
be:f4:7a:6e:da:84:c9:3a:19:bd:3b:e0:3a:52:22:ff:26:7a:
55:8b:81:5e
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYhIw7LaOl6w4GQ3czVd8EQXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM1OTI3ODZjZWQ2Y2U1OTc1ODU0NjhiYjRmMzZiMzFjZjZh
Y2VjNmUwHhcNMjMwNTIzMTMxOTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZmFmN2FhYTA5NjJjYTM1ODBjMzBmYmNlMDE5MDcxOTc2NjU0YjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuA4c2sfEsK9P0dmU093+R6awX7Hm
1Ce1bhwX9KjIAIKRtGVhYXM+1NSlTMZwAWF4BhYYXiygjskB5eVmLXJrDQDctxRq
xXS1B/YKUt9Dk73q0OTBUQ3FHNONrnTMBbQUmDKtCLYGg68fohEfcaixBh2c7XLS
n8qcSVz9mrI5ykqgOU/VKxDxLnVUA0jcwAqCkNVFIHpop5FxGxb936WzYuyx7v5+
iQEeUHTLR0Id+Fj8UZpZBGYAfPXPD8Amhta5JCGIol2qmRFrKhxUEmMQFOt83eUc
mzfFilOBI27ECIC+J8y32b+KlrQY221FBIX8pqj252oXFZKfRRlrdKB69wIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFI+veqoJYso1gMMPvOAZBxl2ZUtXMB8GA1UdIwQY
MBaAFMWSeGztbOWXWFRou082sxz2rOxuMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQt
YmEzNzUxMTQwNGMyLzEvajY5NnFnbGl5aldBd3ctODRCa0hHWFpsUzFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hZS9hOWMwYjctYTIzYS00NThmLThmNjQtYmEzNzUxMTQwNGMy
LzEveFpKNGJPMXM1WmRZVkdpN1R6YXpIUGFzN0c0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQEUVhAAwQF
UpSgAwQEXbhwAwQFbalgAwQE2cQwMA0EAgACMAcDBQAqAigoMA0GCSqGSIb3DQEB
CwUAA4IBAQAPINfxEnZWgXofAn7vV5bMTo7c0mfdTKY76CW9YafOVIaxXH8W4jeR
zZiqNk/CMZmTh3Co9B3/xfMWmg2S9fr5OPH1Vb5zcspRan4jWCLBS5j4K4jMCL7a
W8K0fQ23Abk/10khtvPH4fr74Cw63WkT4oh66iqVgI40x2kRsc8/n2YXG28bZZrh
B435L7mrUjaGfzxtV/4b9LsmE2Dl5aWPJxlVjqTohJVUmjwBwx0mwhNZevbLbF7B
OLpu5ypouho8jGNYSj8UvN7nBVkNph3Fp3/TYP72AUnUevv1+tZ4PEthNGuFs778
I2W+9Hpu2oTJOhm9O+A6UiL/JnpVi4Fe
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:49:46 2024 by rpki-client on console-fra.rpki-client.org