Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/fWKLiegseDiyEsmg5Jv1_eFzwAU.roa
File: fWKLiegseDiyEsmg5Jv1_eFzwAU.roa (raw, json)
Hash identifier: Z/rYMkEJ2OA8+TmCWcYyna1wMW6Buitkgvl3C9aBYTU=
Subject key identifier: 7D:62:8B:89:E8:2C:78:38:B2:12:C9:A0:E4:9B:F5:FD:E1:73:C0:05
Certificate issuer: /CN=679a75debd65359a45317f203f11a321e14b2f2c
Certificate serial: 0189AF58ECBD33AF811858680ACFF8BE886B
Authority key identifier: 67:9A:75:DE:BD:65:35:9A:45:31:7F:20:3F:11:A3:21:E1:4B:2F:2C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Z5p13r1lNZpFMX8gPxGjIeFLLyw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/fWKLiegseDiyEsmg5Jv1_eFzwAU.roa
Signing time: Tue 01 Aug 2023 04:26:27 +0000
ROA not before: Tue 01 Aug 2023 04:26:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200598
IP address blocks: 37.156.226.0/24 maxlen: 24
128.0.60.0/22 maxlen: 24
87.121.136.0/21 maxlen: 24
162.250.216.0/22 maxlen: 24
188.215.12.0/22 maxlen: 24
79.110.184.0/22 maxlen: 24
95.215.144.0/22 maxlen: 24
217.144.108.0/22 maxlen: 24
173.214.200.0/22 maxlen: 24
46.102.116.0/24 maxlen: 24
141.193.108.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:af:58:ec:bd:33:af:81:18:58:68:0a:cf:f8:be:88:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=679a75debd65359a45317f203f11a321e14b2f2c
Validity
Not Before: Aug 1 04:26:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7d628b89e82c7838b212c9a0e49bf5fde173c005
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:4f:c8:c0:0e:fe:57:29:66:18:ea:fb:df:62:
ad:b0:9c:69:24:24:07:02:73:d4:97:3d:59:44:e8:
30:d4:a1:54:fd:db:c9:f5:6b:c3:22:fc:21:74:a4:
a8:52:5e:a3:fe:7b:cf:4f:40:82:d2:ca:ef:07:ec:
ae:fa:ed:7b:2e:0f:2b:c2:82:a8:cf:17:cf:a1:fa:
69:cf:d9:0f:01:80:c5:75:db:1e:2b:5c:95:d8:04:
a5:2e:4e:0c:52:a4:eb:de:09:29:42:cf:cc:23:94:
c4:ef:71:19:9f:42:1d:b7:79:c6:2a:d9:f3:cc:b0:
96:82:a4:d9:aa:52:ac:e9:7e:d0:1d:7c:75:9b:14:
e5:07:92:de:b7:c1:60:2e:1a:3e:00:48:5b:64:99:
f1:f1:80:4e:be:75:db:b4:68:e1:ec:5a:3b:cb:3d:
4b:82:eb:2c:34:4c:f7:01:5a:7d:b7:d8:41:03:6f:
68:9b:37:a9:39:9a:d3:33:e8:0c:12:40:c5:d4:37:
8d:ae:3f:2f:9a:8a:ce:9f:af:fe:36:8f:c5:7e:f4:
60:4d:55:5f:8f:d5:22:19:fc:86:2b:33:c5:f4:1a:
e7:e3:96:ae:14:85:6a:fd:60:da:c3:c3:49:94:c0:
e3:10:8f:b2:b4:a8:de:87:31:18:03:73:e7:4f:1a:
64:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:62:8B:89:E8:2C:78:38:B2:12:C9:A0:E4:9B:F5:FD:E1:73:C0:05
X509v3 Authority Key Identifier:
keyid:67:9A:75:DE:BD:65:35:9A:45:31:7F:20:3F:11:A3:21:E1:4B:2F:2C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Z5p13r1lNZpFMX8gPxGjIeFLLyw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/fWKLiegseDiyEsmg5Jv1_eFzwAU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b5/7a39b1-1d1c-4919-b19c-3eebe7196972/1/Z5p13r1lNZpFMX8gPxGjIeFLLyw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.156.226.0/24
46.102.116.0/24
79.110.184.0/22
87.121.136.0/21
95.215.144.0/22
128.0.60.0/22
141.193.108.0/22
162.250.216.0/22
173.214.200.0/22
188.215.12.0/22
217.144.108.0/22
Signature Algorithm: sha256WithRSAEncryption
4f:a8:dc:09:d5:9c:9d:6c:ea:28:b3:62:2a:77:ee:4e:06:c6:
dc:06:c7:73:7a:aa:22:10:4b:e6:09:dd:2c:1b:0d:25:06:e9:
4a:32:24:a9:f8:14:e4:6c:cf:c5:aa:ec:a0:6a:e6:b2:3b:77:
fe:27:0f:d8:f5:1d:b7:49:5c:13:f8:12:72:14:94:97:40:58:
01:50:81:46:02:9a:11:61:be:e0:e1:66:a5:16:e8:cc:fd:85:
86:6f:15:7e:3d:7d:33:a7:43:9b:36:3f:90:e7:27:cc:37:fb:
f7:20:a0:48:97:59:e4:34:36:70:a5:37:71:5b:98:05:c3:9f:
15:e2:93:98:77:ab:e3:d5:34:c5:53:df:8a:b0:13:a3:ce:43:
4a:f4:8e:86:2b:74:ad:71:a8:f4:0d:c1:04:36:bf:2d:52:f6:
9b:e4:c7:1b:c7:be:bc:69:71:e7:df:79:b9:bd:5a:c9:ab:af:
fb:07:cd:56:3a:2d:8d:30:4b:d0:48:18:c5:40:d2:7c:34:6a:
a5:d1:20:05:fe:94:0d:2e:91:06:e4:ef:e6:2e:70:dd:d4:e3:
f1:b0:fe:aa:75:31:fa:0c:12:fe:af:98:fd:20:9d:b1:d1:9d:
d2:af:fc:72:c5:a2:8d:ba:25:2a:64:b0:34:7c:0c:15:20:c8:
34:98:27:6f
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYmvWOy9M6+BGFhoCs/4vohrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDY3OWE3NWRlYmQ2NTM1OWE0NTMxN2YyMDNmMTFhMzIxZTE0
YjJmMmMwHhcNMjMwODAxMDQyNjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDYyOGI4OWU4MmM3ODM4YjIxMmM5YTBlNDliZjVmZGUxNzNjMDA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0/IwA7+VylmGOr732KtsJxpJCQH
AnPUlz1ZROgw1KFU/dvJ9WvDIvwhdKSoUl6j/nvPT0CC0srvB+yu+u17Lg8rwoKo
zxfPofppz9kPAYDFddseK1yV2ASlLk4MUqTr3gkpQs/MI5TE73EZn0Idt3nGKtnz
zLCWgqTZqlKs6X7QHXx1mxTlB5Let8FgLho+AEhbZJnx8YBOvnXbtGjh7Fo7yz1L
gussNEz3AVp9t9hBA29omzepOZrTM+gMEkDF1DeNrj8vmorOn6/+No/FfvRgTVVf
j9UiGfyGKzPF9Brn45auFIVq/WDaw8NJlMDjEI+ytKjehzEYA3PnTxpkiQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFH1ii4noLHg4shLJoOSb9f3hc8AFMB8GA1UdIwQY
MBaAFGeadd69ZTWaRTF/ID8RoyHhSy8sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWjVwMTNyMWxOWnBGTVg4Z1B4R2pJZUZMTHl3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iNS83YTM5YjEtMWQxYy00OTE5LWIxOWMt
M2VlYmU3MTk2OTcyLzEvZldLTGllZ3NlRGl5RXNtZzVKdjFfZUZ6d0FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iNS83YTM5YjEtMWQxYy00OTE5LWIxOWMtM2VlYmU3MTk2OTcy
LzEvWjVwMTNyMWxOWnBGTVg4Z1B4R2pJZUZMTHl3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQAJZziAwQA
LmZ0AwQCT264AwQDV3mIAwQCX9eQAwQCgAA8AwQCjcFsAwQCovrYAwQCrdbIAwQC
vNcMAwQC2ZBsMA0GCSqGSIb3DQEBCwUAA4IBAQBPqNwJ1ZydbOoos2Iqd+5OBsbc
BsdzeqoiEEvmCd0sGw0lBulKMiSp+BTkbM/FquygauayO3f+Jw/Y9R23SVwT+BJy
FJSXQFgBUIFGApoRYb7g4WalFujM/YWGbxV+PX0zp0ObNj+Q5yfMN/v3IKBIl1nk
NDZwpTdxW5gFw58V4pOYd6vj1TTFU9+KsBOjzkNK9I6GK3Stcaj0DcEENr8tUvab
5Mcbx768aXHn33m5vVrJq6/7B81WOi2NMEvQSBjFQNJ8NGql0SAF/pQNLpEG5O/m
LnDd1OPxsP6qdTH6DBL+r5j9IJ2x0Z3Sr/xyxaKNuiUqZLA0fAwVIMg0mCdv
-----END CERTIFICATE-----
Generated at Thu Aug 3 09:53:03 2023 by rpki-client on console-fra.rpki-client.org