Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/iY8DKA_savAoYSfY1lwpJkuY6T4.roa
File: iY8DKA_savAoYSfY1lwpJkuY6T4.roa (raw, json)
Hash identifier: HBYwHZ0RlwHZIeGbIqQAT/O2almiq7sCmv4miUkWUqU=
Subject key identifier: 89:8F:03:28:0F:EC:6A:F0:28:61:27:D8:D6:5C:29:26:4B:98:E9:3E
Certificate issuer: /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial: 162D2BEE
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/iY8DKA_savAoYSfY1lwpJkuY6T4.roa
Signing time: Fri 22 Apr 2022 12:41:18 +0000
ROA not before: Fri 22 Apr 2022 12:41:18 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 47223
IP address blocks: 94.240.52.0/22 maxlen: 22
94.240.63.0/24 maxlen: 24
94.240.60.0/22 maxlen: 22
212.7.223.0/24 maxlen: 24
91.106.30.0/23 maxlen: 23
94.240.0.0/19 maxlen: 19
91.106.26.0/23 maxlen: 23
185.139.16.0/22 maxlen: 22
94.240.32.0/21 maxlen: 21
94.240.40.0/24 maxlen: 24
94.240.42.0/24 maxlen: 24
94.240.44.0/22 maxlen: 22
94.240.46.0/24 maxlen: 24
94.240.48.0/22 maxlen: 22
94.240.48.0/24 maxlen: 24
94.240.48.0/21 maxlen: 21
91.106.24.0/23 maxlen: 23
194.152.46.0/23 maxlen: 23
2a01:6e80::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 372059118 (0x162d2bee)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Validity
Not Before: Apr 22 12:41:18 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=898f03280fec6af0286127d8d65c29264b98e93e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:97:db:21:85:b0:c7:e8:c5:5b:53:f4:3d:da:
17:b6:3d:86:f9:94:c5:77:3f:e3:c5:38:9e:7d:52:
8c:ad:27:9a:ff:d9:2b:4f:72:3e:6b:ca:44:22:21:
2c:9e:64:d3:0b:e6:eb:6d:58:0c:52:dc:5d:81:6e:
b8:d5:e1:da:af:15:4e:c3:85:f3:6d:f0:51:46:ab:
9d:86:79:dc:de:c4:be:01:e1:d7:fc:31:de:15:ff:
64:61:4a:3e:74:c7:f8:3f:79:6b:da:19:f0:dc:3a:
85:ab:ea:a8:66:cd:db:aa:33:3e:52:69:95:ac:57:
8f:08:b7:c6:72:90:23:33:d9:4f:0a:ae:2a:e6:24:
81:7b:b6:6e:1e:36:1f:d0:dc:18:03:61:4b:74:03:
61:b0:93:8d:ab:ff:14:32:55:b6:87:ac:52:f2:8a:
d4:39:d8:2f:9e:67:c3:02:60:fe:83:76:2a:7d:60:
14:09:e8:9d:07:b1:1a:0f:79:9e:c7:52:61:0e:ae:
5d:ac:6a:c1:ec:2f:3e:05:cf:08:ae:6f:49:af:e6:
a4:a2:03:99:a7:b2:45:22:de:f8:36:01:0a:30:9f:
48:54:95:49:17:2f:c9:19:3d:d0:de:c9:73:98:7e:
e1:a4:e2:ba:d2:c0:f3:87:83:19:3e:42:de:1d:95:
43:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:8F:03:28:0F:EC:6A:F0:28:61:27:D8:D6:5C:29:26:4B:98:E9:3E
X509v3 Authority Key Identifier:
keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/iY8DKA_savAoYSfY1lwpJkuY6T4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.106.24.0/22
91.106.30.0/23
94.240.0.0-94.240.40.255
94.240.42.0/24
94.240.44.0-94.240.55.255
94.240.60.0/22
185.139.16.0/22
194.152.46.0/23
212.7.223.0/24
IPv6:
2a01:6e80::/32
Signature Algorithm: sha256WithRSAEncryption
70:d0:89:d1:0a:e9:d4:91:dc:01:a9:fb:13:cf:53:bb:42:6b:
0d:a8:fb:d6:b9:a4:cf:37:64:3e:43:7e:9a:f9:c5:d2:5c:87:
b3:0f:d5:be:3c:51:7f:21:16:a6:10:4b:7b:05:7b:5b:f4:bd:
4b:71:6e:ee:cf:88:e5:2b:2e:ac:09:d0:d3:9e:18:5f:0a:f0:
6c:30:4d:2d:0a:60:a8:51:7a:ea:d9:44:32:0d:1c:49:0c:3e:
8b:b7:ac:31:9f:d9:af:1d:f1:47:c4:ae:72:5b:df:ae:4d:9b:
2c:fd:29:c6:0b:8c:0e:15:ce:1f:52:37:3c:4d:13:2f:4c:4a:
ce:01:f0:cb:da:4f:3a:36:d5:56:0e:51:05:a6:3d:cb:bb:1b:
9c:93:e2:3c:ba:14:fd:aa:fe:7c:93:8e:b5:89:17:90:11:21:
00:14:12:39:49:64:8f:85:a1:d8:4b:cf:3f:d4:29:7a:81:f3:
d9:5c:76:fd:85:e5:44:e9:d7:a6:7a:b6:1a:03:b6:8d:c3:92:
50:2b:b5:60:be:ef:98:c4:1d:dc:e3:57:94:98:e9:32:41:f0:
af:57:3f:ba:1d:ba:cc:20:a9:bb:89:91:b9:2b:28:1b:32:5b:
f8:74:ef:2e:aa:8d:8c:60:49:50:50:c0:f7:ce:51:36:44:5d:
b3:f9:0f:2f
-----BEGIN CERTIFICATE-----
MIIFPTCCBCWgAwIBAgIEFi0r7jANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NTFhMmZkNmY1ZTVhZjg3ZDVjZWEwOTUwNjZmYmNjM2QzZTU0NmE0MB4XDTIyMDQy
MjEyNDExOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODk4ZjAzMjgwZmVj
NmFmMDI4NjEyN2Q4ZDY1YzI5MjY0Yjk4ZTkzZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALyX2yGFsMfoxVtT9D3aF7Y9hvmUxXc/48U4nn1SjK0nmv/Z
K09yPmvKRCIhLJ5k0wvm621YDFLcXYFuuNXh2q8VTsOF823wUUarnYZ53N7EvgHh
1/wx3hX/ZGFKPnTH+D95a9oZ8Nw6havqqGbN26ozPlJplaxXjwi3xnKQIzPZTwqu
KuYkgXu2bh42H9DcGANhS3QDYbCTjav/FDJVtoesUvKK1DnYL55nwwJg/oN2Kn1g
FAnonQexGg95nsdSYQ6uXaxqwewvPgXPCK5vSa/mpKIDmaeyRSLe+DYBCjCfSFSV
SRcvyRk90N7Jc5h+4aTiutLA84eDGT5C3h2VQ/kCAwEAAaOCAlcwggJTMB0GA1Ud
DgQWBBSJjwMoD+xq8ChhJ9jWXCkmS5jpPjAfBgNVHSMEGDAWgBQ1Gi/W9eWvh9XO
oJUGb7zD0+VGpDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05Sb3YxdlhscjRmVnpxQ1ZCbS04dzlQbFJxUS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjEvY2RkZGQ1LTgxN2EtNDExMy04YjgyLTIzMDQ5ZTRkMmYxMi8x
L2lZOERLQV9zYXZBb1lTZlkxbHdwSmt1WTZUNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYjEv
Y2RkZGQ1LTgxN2EtNDExMy04YjgyLTIzMDQ5ZTRkMmYxMi8xL05Sb3YxdlhscjRm
VnpxQ1ZCbS04dzlQbFJxUS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBt
BggrBgEFBQcBBwEB/wReMFwwSwQCAAEwRQMEAltqGAMEAVtqHjALAwMEXvADBABe
8CgDBABe8CowDAMEAl7wLAMEA17wMAMEAl7wPAMEArmLEAMEAcKYLgMEANQH3zAN
BAIAAjAHAwUAKgFugDANBgkqhkiG9w0BAQsFAAOCAQEAcNCJ0Qrp1JHcAan7E89T
u0JrDaj71rmkzzdkPkN+mvnF0lyHsw/VvjxRfyEWphBLewV7W/S9S3Fu7s+I5Ssu
rAnQ054YXwrwbDBNLQpgqFF66tlEMg0cSQw+i7esMZ/Zrx3xR8Suclvfrk2bLP0p
xguMDhXOH1I3PE0TL0xKzgHwy9pPOjbVVg5RBaY9y7sbnJPiPLoU/ar+fJOOtYkX
kBEhABQSOUlkj4Wh2EvPP9QpeoHz2Vx2/YXlROnXpnq2GgO2jcOSUCu1YL7vmMQd
3ONXlJjpMkHwr1c/uh26zCCpu4mRuSsoGzJb+HTvLqqNjGBJUFDA985RNkRds/kP
Lw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:12 2024 by rpki-client on console-ams.rpki-client.org