Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/rDIdJzTXJrc5E3Up5HM_ugIEww4.roa
File: rDIdJzTXJrc5E3Up5HM_ugIEww4.roa (raw, json)
Hash identifier: HrCtMTOWqHlDltlwYKCShZW3Re5gHbpD/WZ1pdYwayA=
Subject key identifier: AC:32:1D:27:34:D7:26:B7:39:13:75:29:E4:73:3F:BA:02:04:C3:0E
Certificate issuer: /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial: 01847A8197F1D016E2A30C2420FB227B8F2A
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/rDIdJzTXJrc5E3Up5HM_ugIEww4.roa
Signing time: Tue 15 Nov 2022 08:57:04 +0000
ROA not before: Tue 15 Nov 2022 08:57:04 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 47223
IP address blocks: 94.240.52.0/22 maxlen: 22
94.240.63.0/24 maxlen: 24
91.106.30.0/23 maxlen: 23
94.240.0.0/19 maxlen: 19
91.106.26.0/23 maxlen: 23
185.139.16.0/22 maxlen: 22
94.240.32.0/21 maxlen: 21
94.240.40.0/24 maxlen: 24
94.240.42.0/24 maxlen: 24
94.240.44.0/22 maxlen: 22
94.240.46.0/24 maxlen: 24
94.240.48.0/22 maxlen: 22
94.240.48.0/24 maxlen: 24
94.240.48.0/21 maxlen: 21
91.106.24.0/23 maxlen: 23
194.152.46.0/23 maxlen: 23
2a01:6e80::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:7a:81:97:f1:d0:16:e2:a3:0c:24:20:fb:22:7b:8f:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Validity
Not Before: Nov 15 08:57:04 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ac321d2734d726b739137529e4733fba0204c30e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:48:83:97:8b:1e:ab:d2:2d:13:b0:64:6c:ba:
f4:71:50:c0:10:95:54:45:ec:80:66:5f:da:a8:0c:
77:14:b3:77:cf:57:0d:56:12:98:d3:9e:af:1e:87:
01:c5:90:1b:3d:14:a7:bb:62:72:d1:17:6c:f2:47:
fd:b7:0b:47:9e:b6:88:57:01:d3:12:3e:ed:9c:56:
cf:b7:60:75:88:36:5e:85:ac:bc:ad:30:fe:2c:e1:
6f:41:18:75:4d:ba:45:27:7a:84:e7:03:41:50:bd:
00:72:e6:f7:92:8d:41:7e:b7:9e:06:af:5a:c9:0e:
69:22:f0:83:a6:1b:1b:d4:da:a4:07:c7:a3:fe:fe:
94:e9:ac:d0:07:0a:e5:21:35:e9:fa:0a:4b:1b:0f:
f0:f2:75:2c:12:1c:ce:b3:51:b8:3b:96:2b:cb:cf:
40:81:8e:97:a7:e5:49:98:e8:55:06:06:df:7f:ff:
ff:ed:47:a2:54:ee:17:4c:dc:fe:f5:4b:ee:5b:bb:
e5:7e:85:c9:06:d8:c6:69:f4:ed:03:91:91:d7:a8:
52:36:c7:a0:bb:b2:c4:91:23:d7:b4:3b:f3:f6:aa:
81:f1:47:66:25:7f:20:fd:85:51:80:34:7e:bb:27:
49:87:a2:3c:91:11:14:0f:a2:77:45:dc:44:ba:9c:
8a:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AC:32:1D:27:34:D7:26:B7:39:13:75:29:E4:73:3F:BA:02:04:C3:0E
X509v3 Authority Key Identifier:
keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/rDIdJzTXJrc5E3Up5HM_ugIEww4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.106.24.0/22
91.106.30.0/23
94.240.0.0-94.240.40.255
94.240.42.0/24
94.240.44.0-94.240.55.255
94.240.63.0/24
185.139.16.0/22
194.152.46.0/23
IPv6:
2a01:6e80::/32
Signature Algorithm: sha256WithRSAEncryption
17:2d:8c:60:15:15:d0:ff:37:15:f5:bd:1d:ce:f6:c7:db:57:
24:22:d2:15:71:d5:b6:f4:fc:b4:b4:be:93:f2:23:b3:b6:a3:
dc:5a:63:d8:46:a5:04:9f:1d:c5:ec:b7:ff:6b:8e:69:1a:f8:
89:bd:0d:1d:2e:07:96:d5:94:2d:11:4e:17:c1:3a:b2:83:bd:
d1:f2:ba:f0:da:5a:0f:b0:03:64:86:f2:ee:b9:ba:f4:6a:4b:
9e:d5:df:26:a4:31:f8:50:1a:88:73:b0:a9:c1:c5:df:20:7d:
4d:fb:70:d0:a8:ce:74:1a:66:74:5c:6a:bd:5e:3f:60:d2:8c:
8d:7f:5e:ad:13:08:70:4a:c6:e8:dd:65:a2:75:fa:7f:54:a5:
1f:cc:64:c1:6a:b9:df:81:bb:2f:2d:60:a6:a7:34:d4:54:3b:
45:e5:c6:a0:e1:e7:d7:18:a1:d3:d9:c4:d9:b3:46:02:d4:67:
96:42:53:26:7e:1c:dc:02:9a:10:cf:5e:e4:df:14:6f:6c:32:
06:b5:22:8c:d2:f5:ef:fd:f6:c5:81:d9:43:1e:ea:a8:a2:a6:
8f:81:7b:56:3e:7b:41:10:82:ef:f3:8c:b9:66:e1:a7:0e:2e:
6d:4b:59:13:71:af:db:f5:82:9d:a8:ed:5c:37:82:34:64:ff:
20:76:24:a7
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYR6gZfx0BbiowwkIPsie48qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjIxMTE1MDg1NzA0WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYzMyMWQyNzM0ZDcyNmI3MzkxMzc1MjllNDczM2ZiYTAyMDRjMzBlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqEiDl4seq9ItE7BkbLr0cVDAEJVU
ReyAZl/aqAx3FLN3z1cNVhKY056vHocBxZAbPRSnu2Jy0Rds8kf9twtHnraIVwHT
Ej7tnFbPt2B1iDZehay8rTD+LOFvQRh1TbpFJ3qE5wNBUL0Acub3ko1BfreeBq9a
yQ5pIvCDphsb1NqkB8ej/v6U6azQBwrlITXp+gpLGw/w8nUsEhzOs1G4O5Yry89A
gY6Xp+VJmOhVBgbff///7UeiVO4XTNz+9UvuW7vlfoXJBtjGafTtA5GR16hSNseg
u7LEkSPXtDvz9qqB8UdmJX8g/YVRgDR+uydJh6I8kREUD6J3RdxEupyKvQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFKwyHSc01ya3ORN1KeRzP7oCBMMOMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvckRJZEp6VFhKcmM1RTNVcDVITV91Z0lFd3c0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBFBAIAATA/AwQCW2oYAwQB
W2oeMAsDAwRe8AMEAF7wKAMEAF7wKjAMAwQCXvAsAwQDXvAwAwQAXvA/AwQCuYsQ
AwQBwpguMA0EAgACMAcDBQAqAW6AMA0GCSqGSIb3DQEBCwUAA4IBAQAXLYxgFRXQ
/zcV9b0dzvbH21ckItIVcdW29Py0tL6T8iOztqPcWmPYRqUEnx3F7Lf/a45pGviJ
vQ0dLgeW1ZQtEU4XwTqyg73R8rrw2loPsANkhvLuubr0akue1d8mpDH4UBqIc7Cp
wcXfIH1N+3DQqM50GmZ0XGq9Xj9g0oyNf16tEwhwSsbo3WWidfp/VKUfzGTBarnf
gbsvLWCmpzTUVDtF5cag4efXGKHT2cTZs0YC1GeWQlMmfhzcApoQz17k3xRvbDIG
tSKM0vXv/fbFgdlDHuqooqaPgXtWPntBEILv84y5ZuGnDi5tS1kTca/b9YKdqO1c
N4I0ZP8gdiSn
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:34:38 2025 by rpki-client