Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/o0kMA6wKV4rSug3PQm-uC2r4UPQ.roa
File: o0kMA6wKV4rSug3PQm-uC2r4UPQ.roa (raw, json)
Hash identifier: yq2frW6S62U279bQeJ5adnIDT+RV6VZqMfvns5pjmI8=
Subject key identifier: A3:49:0C:03:AC:0A:57:8A:D2:BA:0D:CF:42:6F:AE:0B:6A:F8:50:F4
Certificate issuer: /CN=8c060040ef3a0823aa973f0d0592b1dda808f782
Certificate serial: 018570DE4450C9EEB10E40C62FFC161E2095
Authority key identifier: 8C:06:00:40:EF:3A:08:23:AA:97:3F:0D:05:92:B1:DD:A8:08:F7:82
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jAYAQO86CCOqlz8NBZKx3agI94I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/o0kMA6wKV4rSug3PQm-uC2r4UPQ.roa
Signing time: Mon 02 Jan 2023 05:04:52 +0000
ROA not before: Mon 02 Jan 2023 05:04:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20900
IP address blocks: 31.217.232.0/21 maxlen: 24
185.182.252.0/22 maxlen: 24
213.190.64.0/19 maxlen: 24
78.159.132.0/22 maxlen: 22
195.78.82.0/24 maxlen: 24
78.159.148.0/24 maxlen: 24
45.11.208.0/22 maxlen: 22
91.214.114.0/23 maxlen: 23
91.214.114.0/24 maxlen: 24
91.214.115.0/24 maxlen: 24
2001:1b08::/32 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:70:de:44:50:c9:ee:b1:0e:40:c6:2f:fc:16:1e:20:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8c060040ef3a0823aa973f0d0592b1dda808f782
Validity
Not Before: Jan 2 05:04:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a3490c03ac0a578ad2ba0dcf426fae0b6af850f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:e8:43:e3:d5:e3:6e:e3:f5:a8:42:24:c5:e7:
ac:c4:60:9e:5e:40:ca:79:1b:78:a4:26:03:54:38:
66:eb:e4:de:24:f2:96:fd:eb:30:90:a5:2c:29:61:
80:7a:34:b4:60:bf:5d:b6:a7:f7:02:f5:db:e1:c2:
45:fb:76:5f:f3:55:8e:85:02:82:aa:1a:ea:d1:fe:
e4:40:cf:47:0a:c7:dc:f5:65:88:c1:81:e8:45:ec:
ea:f4:b4:23:11:6a:2c:ef:88:8e:02:a8:0a:ec:e5:
64:f6:62:7a:e4:54:1d:f1:67:a7:1c:86:81:a7:68:
21:81:fd:8b:f5:fb:4c:73:62:9f:b4:f6:82:ed:7a:
74:2f:86:6a:fe:b4:da:88:79:f2:34:93:6e:22:35:
04:a9:a4:cd:6b:61:e7:3d:a3:67:a9:37:bd:01:b9:
bf:6a:6a:ec:80:9e:50:30:d7:ac:16:79:e5:94:3c:
b7:42:57:ef:a6:74:4e:77:8c:cf:07:b1:31:e4:79:
ad:e8:49:4c:85:b0:af:96:06:73:27:75:3f:30:b7:
89:d2:6b:67:1d:ae:33:db:42:42:14:8e:32:92:34:
1f:bd:81:07:68:b5:91:eb:15:d3:e0:c3:74:f0:9c:
4c:f0:65:79:47:e0:27:61:c5:52:af:fc:d2:91:91:
ad:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:49:0C:03:AC:0A:57:8A:D2:BA:0D:CF:42:6F:AE:0B:6A:F8:50:F4
X509v3 Authority Key Identifier:
keyid:8C:06:00:40:EF:3A:08:23:AA:97:3F:0D:05:92:B1:DD:A8:08:F7:82
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jAYAQO86CCOqlz8NBZKx3agI94I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/o0kMA6wKV4rSug3PQm-uC2r4UPQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/e7549e-5b25-4200-88b9-4e4a35dd3677/1/jAYAQO86CCOqlz8NBZKx3agI94I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.217.232.0/21
45.11.208.0/22
78.159.132.0/22
78.159.148.0/24
91.214.114.0/23
185.182.252.0/22
195.78.82.0/24
213.190.64.0/19
IPv6:
2001:1b08::/32
Signature Algorithm: sha256WithRSAEncryption
7c:44:9a:c1:dc:c0:90:01:32:6a:2f:54:cd:55:7d:ac:c5:cf:
8c:60:bc:1a:dc:a9:c5:6b:d0:ef:7d:44:43:d4:c6:bc:6c:90:
32:c1:92:26:d7:a2:23:93:c3:00:a3:be:dd:76:cb:ef:2c:b1:
14:d9:f4:e0:cf:1e:de:ea:19:e2:2b:5f:48:95:d8:81:88:e1:
91:6f:73:f6:c3:43:69:93:76:ff:b4:c1:95:45:36:ad:b5:a3:
ba:cc:99:f7:2c:2e:b4:b0:86:1d:2d:42:ac:4a:84:03:dc:38:
e1:86:f4:d1:50:b8:12:c4:12:49:c1:4f:5b:ce:11:f4:90:da:
c2:b3:6a:ce:7b:79:64:cb:9d:5b:cc:86:09:db:ca:84:55:61:
ff:a7:78:cb:cd:e7:ee:1a:5e:04:28:6a:08:bc:df:77:6c:65:
3f:27:5d:e9:8c:a0:f8:06:54:28:1f:38:62:ee:47:e7:85:25:
ad:c1:9e:bf:06:4a:ee:39:0e:8b:f6:7a:11:10:3a:23:6b:0b:
33:61:5a:67:ad:14:8c:2a:1c:84:3a:c4:83:90:58:7b:39:c1:
fb:34:23:a7:fe:2b:04:56:df:e3:f7:27:ec:3b:b1:86:2d:80:
ff:f7:58:1c:55:e0:44:11:66:fb:96:92:bd:da:b9:d4:93:b3:
d0:04:1d:52
-----BEGIN CERTIFICATE-----
MIIFNjCCBB6gAwIBAgISAYVw3kRQye6xDkDGL/wWHiCVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhjMDYwMDQwZWYzYTA4MjNhYTk3M2YwZDA1OTJiMWRkYTgw
OGY3ODIwHhcNMjMwMTAyMDUwNDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMzQ5MGMwM2FjMGE1NzhhZDJiYTBkY2Y0MjZmYWUwYjZhZjg1MGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+hD49XjbuP1qEIkxeesxGCeXkDK
eRt4pCYDVDhm6+TeJPKW/eswkKUsKWGAejS0YL9dtqf3AvXb4cJF+3Zf81WOhQKC
qhrq0f7kQM9HCsfc9WWIwYHoRezq9LQjEWos74iOAqgK7OVk9mJ65FQd8WenHIaB
p2ghgf2L9ftMc2KftPaC7Xp0L4Zq/rTaiHnyNJNuIjUEqaTNa2HnPaNnqTe9Abm/
amrsgJ5QMNesFnnllDy3QlfvpnROd4zPB7Ex5Hmt6ElMhbCvlgZzJ3U/MLeJ0mtn
Ha4z20JCFI4ykjQfvYEHaLWR6xXT4MN08JxM8GV5R+AnYcVSr/zSkZGtdQIDAQAB
o4ICQjCCAj4wHQYDVR0OBBYEFKNJDAOsCleK0roNz0Jvrgtq+FD0MB8GA1UdIwQY
MBaAFIwGAEDvOggjqpc/DQWSsd2oCPeCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvakFZQVFPODZDQ09xbHo4TkJaS3gzYWdJOTRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS9lNzU0OWUtNWIyNS00MjAwLTg4Yjkt
NGU0YTM1ZGQzNjc3LzEvbzBrTUE2d0tWNHJTdWczUFFtLXVDMnI0VVBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS9lNzU0OWUtNWIyNS00MjAwLTg4YjktNGU0YTM1ZGQzNjc3
LzEvakFZQVFPODZDQ09xbHo4TkJaS3gzYWdJOTRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFgGCCsGAQUFBwEHAQH/BEkwRzA2BAIAATAwAwQDH9noAwQC
LQvQAwQCTp+EAwQATp+UAwQBW9ZyAwQCubb8AwQAw05SAwQF1b5AMA0EAgACMAcD
BQAgARsIMA0GCSqGSIb3DQEBCwUAA4IBAQB8RJrB3MCQATJqL1TNVX2sxc+MYLwa
3KnFa9DvfURD1Ma8bJAywZIm16Ijk8MAo77ddsvvLLEU2fTgzx7e6hniK19IldiB
iOGRb3P2w0Npk3b/tMGVRTattaO6zJn3LC60sIYdLUKsSoQD3DjhhvTRULgSxBJJ
wU9bzhH0kNrCs2rOe3lky51bzIYJ28qEVWH/p3jLzefuGl4EKGoIvN93bGU/J13p
jKD4BlQoHzhi7kfnhSWtwZ6/BkruOQ6L9noREDojawszYVpnrRSMKhyEOsSDkFh7
OcH7NCOn/isEVt/j9yfsO7GGLYD/91gcVeBEEWb7lpK92rnUk7PQBB1S
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:35 2024 by rpki-client on console-ams.rpki-client.org