Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/1-kfa70ctIlwOPPDqPI9lgzSYTIM.roa
File: 1-kfa70ctIlwOPPDqPI9lgzSYTIM.roa (raw, json)
Hash identifier: gyX8kh374XCfuzuzLZOuaDypy2BTAAVb/5lvgr7Wg6U=
Subject key identifier: FA:47:DA:EF:47:2D:22:5C:0E:3C:F0:EA:3C:8F:65:83:34:98:4C:83
Certificate issuer: /CN=679a75debd65359a45317f203f11a321e14b2f2c
Certificate serial: 068DA682
Authority key identifier: 67:9A:75:DE:BD:65:35:9A:45:31:7F:20:3F:11:A3:21:E1:4B:2F:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z5p13r1lNZpFMX8gPxGjIeFLLyw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/1-kfa70ctIlwOPPDqPI9lgzSYTIM.roa
Signing time: Tue 26 Apr 2022 18:44:03 +0000
ROA not before: Tue 26 Apr 2022 18:44:03 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 37.156.226.0/24 maxlen: 24
93.113.31.0/24 maxlen: 24
87.121.136.0/21 maxlen: 24
94.176.96.0/24 maxlen: 24
93.113.175.0/24 maxlen: 24
185.61.156.0/22 maxlen: 24
31.177.0.0/21 maxlen: 24
188.241.223.0/24 maxlen: 24
185.137.36.0/22 maxlen: 24
62.245.0.0/19 maxlen: 24
93.114.129.0/24 maxlen: 24
86.106.135.0/24 maxlen: 24
86.104.228.0/24 maxlen: 24
89.44.77.0/24 maxlen: 24
46.102.116.0/24 maxlen: 24
89.35.25.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 109946498 (0x68da682)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=679a75debd65359a45317f203f11a321e14b2f2c
Validity
Not Before: Apr 26 18:44:03 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=fa47daef472d225c0e3cf0ea3c8f658334984c83
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:0c:45:a9:ef:cb:c8:93:27:a1:4a:ff:10:9b:
fe:57:10:eb:3d:25:62:4b:70:32:aa:40:f9:20:a3:
4f:72:3e:44:f6:69:a9:bb:93:d2:18:31:f4:48:a0:
54:60:14:61:fe:c8:0f:0e:cd:48:71:9f:80:be:4a:
03:71:38:fd:48:e4:fc:ee:db:f1:3d:58:2e:67:1a:
6e:b3:9e:8d:49:07:09:bf:16:e3:70:3c:46:9a:93:
20:e0:ee:0f:55:1b:c9:10:4c:f2:f6:2e:5e:b2:67:
46:d4:fc:0d:63:0c:8a:47:e7:84:7c:03:16:77:91:
0c:fb:80:dc:5d:cc:a7:a0:c5:22:80:92:e5:87:3e:
cc:0e:a3:2e:90:a7:38:7a:3a:c0:52:25:87:51:f1:
80:39:e2:1b:33:96:30:7b:18:e5:1e:dd:b0:45:70:
e1:06:76:24:71:12:7e:20:d0:c9:53:c1:b0:e8:3c:
a7:2e:f5:19:5b:41:71:03:22:c8:57:b8:be:ed:d9:
a9:ab:f0:dc:b3:5e:3a:65:d6:f7:94:ae:05:cc:83:
7d:1c:b6:29:83:b0:9b:44:29:e2:0c:c9:15:4a:fd:
f3:01:ba:4d:91:bc:42:59:db:aa:6d:82:5e:33:58:
87:11:3c:06:26:cf:d9:01:77:2f:df:d5:18:d2:c0:
3e:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FA:47:DA:EF:47:2D:22:5C:0E:3C:F0:EA:3C:8F:65:83:34:98:4C:83
X509v3 Authority Key Identifier:
keyid:67:9A:75:DE:BD:65:35:9A:45:31:7F:20:3F:11:A3:21:E1:4B:2F:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5p13r1lNZpFMX8gPxGjIeFLLyw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/1-kfa70ctIlwOPPDqPI9lgzSYTIM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/Z5p13r1lNZpFMX8gPxGjIeFLLyw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.177.0.0/21
37.156.226.0/24
46.102.116.0/24
62.245.0.0/19
86.104.228.0/24
86.106.135.0/24
87.121.136.0/21
89.35.25.0/24
89.44.77.0/24
93.113.31.0/24
93.113.175.0/24
93.114.129.0/24
94.176.96.0/24
185.61.156.0/22
185.137.36.0/22
188.241.223.0/24
Signature Algorithm: sha256WithRSAEncryption
3c:8e:75:d5:e3:81:72:69:c5:76:8f:60:f9:1b:0a:b7:ee:6c:
f4:1c:48:42:59:c3:20:4c:27:eb:7d:3a:b1:5e:0e:81:e5:f1:
a1:9f:fd:4d:2d:40:46:9e:80:64:30:64:bb:6e:a2:5f:5e:62:
9c:17:28:a4:87:cb:fa:1f:cb:2c:78:b8:a6:72:bf:2b:a9:67:
f2:30:48:ad:6f:7a:6c:af:74:fb:2d:82:ef:d9:da:f8:29:e9:
2c:33:e0:b8:24:80:1c:23:79:eb:40:53:fe:6b:7a:27:c5:48:
47:97:01:3a:b9:ce:97:80:05:ef:76:ed:5c:de:6f:4b:b3:71:
7b:4e:24:96:e4:c0:2d:97:29:33:2a:a2:37:b5:73:6c:1b:e7:
2a:8a:08:50:f2:48:bc:79:4a:74:f4:43:0e:01:1f:77:94:4c:
d7:45:3c:4e:23:10:51:38:e1:2f:5f:85:17:4f:d1:13:9f:5e:
49:cb:64:d4:77:b0:2c:ec:4e:e1:07:bf:fd:53:26:38:ba:75:
03:a0:a8:c6:b4:43:08:41:17:12:ca:9e:4b:23:cf:f9:dd:87:
c2:93:f6:df:b0:59:d5:60:9c:66:b5:f0:3a:15:fd:d8:c9:5e:
64:54:46:68:8e:d3:31:c6:c1:ad:39:11:5b:45:45:9b:92:31:
39:78:bf:79
-----BEGIN CERTIFICATE-----
MIIFSjCCBDKgAwIBAgIEBo2mgjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg2
NzlhNzVkZWJkNjUzNTlhNDUzMTdmMjAzZjExYTMyMWUxNGIyZjJjMB4XDTIyMDQy
NjE4NDQwM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZmE0N2RhZWY0NzJk
MjI1YzBlM2NmMGVhM2M4ZjY1ODMzNDk4NGM4MzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMsMRanvy8iTJ6FK/xCb/lcQ6z0lYktwMqpA+SCjT3I+RPZp
qbuT0hgx9EigVGAUYf7IDw7NSHGfgL5KA3E4/Ujk/O7b8T1YLmcabrOejUkHCb8W
43A8RpqTIODuD1UbyRBM8vYuXrJnRtT8DWMMikfnhHwDFneRDPuA3F3Mp6DFIoCS
5Yc+zA6jLpCnOHo6wFIlh1HxgDniGzOWMHsY5R7dsEVw4QZ2JHESfiDQyVPBsOg8
py71GVtBcQMiyFe4vu3Zqavw3LNeOmXW95SuBcyDfRy2KYOwm0Qp4gzJFUr98wG6
TZG8Qlnbqm2CXjNYhxE8BibP2QF3L9/VGNLAPl0CAwEAAaOCAmQwggJgMB0GA1Ud
DgQWBBT6R9rvRy0iXA488Oo8j2WDNJhMgzAfBgNVHSMEGDAWgBRnmnXevWU1mkUx
fyA/EaMh4UsvLDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1o1cDEzcjFsTlpwRk1YOGdQeEdqSWVGTEx5dy5jZXIwgY4GCCsGAQUFBwELBIGB
MH8wfQYIKwYBBQUHMAuGcXJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYjUvN2EzOWIxLTFkMWMtNDkxOS1iMTljLTNlZWJlNzE5Njk3Mi8x
LzEta2ZhNzBjdElsd09QUERxUEk5bGd6U1lUSU0ucm9hMIGBBgNVHR8EejB4MHag
dKByhnByc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxUL2I1
LzdhMzliMS0xZDFjLTQ5MTktYjE5Yy0zZWViZTcxOTY5NzIvMS9aNXAxM3IxbE5a
cEZNWDhnUHhHakllRkxMeXcuY3JsMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIw
eQYIKwYBBQUHAQcBAf8EajBoMGYEAgABMGADBAMfsQADBAAlnOIDBAAuZnQDBAU+
9QADBABWaOQDBABWaocDBANXeYgDBABZIxkDBABZLE0DBABdcR8DBABdca8DBABd
coEDBABesGADBAK5PZwDBAK5iSQDBAC88d8wDQYJKoZIhvcNAQELBQADggEBADyO
ddXjgXJpxXaPYPkbCrfubPQcSEJZwyBMJ+t9OrFeDoHl8aGf/U0tQEaegGQwZLtu
ol9eYpwXKKSHy/ofyyx4uKZyvyupZ/IwSK1vemyvdPstgu/Z2vgp6Swz4LgkgBwj
eetAU/5reifFSEeXATq5zpeABe927Vzeb0uzcXtOJJbkwC2XKTMqoje1c2wb5yqK
CFDySLx5SnT0Qw4BH3eUTNdFPE4jEFE44S9fhRdP0ROfXknLZNR3sCzsTuEHv/1T
Jji6dQOgqMa0QwhBFxLKnksjz/ndh8KT9t+wWdVgnGa18DoV/djJXmRURmiO0zHG
wa05EVtFRZuSMTl4v3k=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:30 2023 by rpki-client on console-ams.rpki-client.org