Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/igwi1RBYLh6QaYCG4U-ofWIQyTU.roa
File: igwi1RBYLh6QaYCG4U-ofWIQyTU.roa (raw, json)
Hash identifier: 9YEApC5VEL9RlxBdfxDCrVOpvzDE19qrduO/gIWMUeA=
Subject key identifier: 8A:0C:22:D5:10:58:2E:1E:90:69:80:86:E1:4F:A8:7D:62:10:C9:35
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 0CBA9EFC
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/igwi1RBYLh6QaYCG4U-ofWIQyTU.roa
Signing time: Sat 01 Jan 2022 05:05:01 +0000
ROA not before: Sat 01 Jan 2022 05:05:01 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 59253
IP address blocks: 103.7.204.0/22 maxlen: 22
193.164.20.0/22 maxlen: 22
45.117.136.0/22 maxlen: 22
62.133.48.0/22 maxlen: 22
95.214.228.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 213556988 (0xcba9efc)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 1 05:05:01 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=8a0c22d510582e1e90698086e14fa87d6210c935
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:45:a5:12:05:db:71:93:68:93:dc:3f:01:42:
a8:c5:ec:98:f5:1f:26:55:ad:de:01:38:d5:5b:fd:
78:72:89:27:42:3d:bf:6a:cf:c0:de:a4:cb:66:7f:
23:b6:01:fb:a5:44:6f:b0:19:d4:8f:dd:73:48:08:
c9:df:a3:42:10:dc:51:5b:35:6e:e4:e0:70:08:12:
a8:e5:b9:1a:85:09:c8:61:0e:c1:d1:cd:56:b4:1d:
c1:62:88:c6:00:90:47:ed:85:e6:4b:30:82:84:7e:
da:3c:95:a1:53:0a:39:bf:ad:f5:8f:e0:da:df:48:
ba:16:a5:ef:1d:bb:96:25:df:91:31:73:74:ad:36:
d7:b3:e1:3f:d4:a0:4b:65:01:1a:7b:96:6d:0a:04:
cc:ab:64:f8:a0:99:b2:2d:d4:29:71:6a:44:0f:73:
a9:2a:f0:02:b6:1b:a8:c7:23:99:55:bf:5b:9c:51:
d6:2a:51:48:0a:4f:8a:94:89:20:82:d8:41:1b:63:
39:1b:a6:4f:1d:fb:34:70:2a:70:ce:42:6e:dd:27:
3c:0b:9e:40:d4:93:70:31:6f:0c:73:a9:e8:51:29:
ac:93:be:8e:dd:fa:b8:b9:da:9d:ef:2e:f3:28:20:
26:df:45:1f:28:c2:dc:f4:d8:96:c7:99:2f:2e:7c:
d2:d9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:0C:22:D5:10:58:2E:1E:90:69:80:86:E1:4F:A8:7D:62:10:C9:35
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/igwi1RBYLh6QaYCG4U-ofWIQyTU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.117.136.0/22
62.133.48.0/22
95.214.228.0/22
103.7.204.0/22
193.164.20.0/22
Signature Algorithm: sha256WithRSAEncryption
3d:6f:bc:1a:a5:9f:d1:10:48:94:3a:76:c0:bb:97:17:30:d6:
d6:d1:dd:d3:59:95:cd:04:45:41:6e:c3:f6:fc:51:dd:97:76:
1e:86:99:58:7d:b1:09:ca:9a:31:fc:a3:7c:67:59:af:df:34:
a3:2b:a9:b0:5e:f7:56:5e:ea:3e:ba:c7:9d:79:a5:25:08:c8:
28:d6:ff:2d:f7:93:b7:81:37:41:14:e8:79:94:b0:aa:b6:d9:
71:60:aa:dc:ac:81:41:d1:11:89:15:a8:af:ce:e0:d4:ea:06:
6c:7d:8f:12:04:45:15:47:81:14:c4:ad:09:f1:48:ae:0d:cf:
87:f0:39:69:53:4a:53:1e:55:10:f0:73:28:92:66:3f:d1:55:
fc:9b:86:48:c7:55:19:49:73:2b:72:e8:30:80:6c:b5:6a:88:
89:32:cd:94:58:bb:f5:9f:c8:dc:ff:2b:ad:42:bb:fc:15:d5:
e6:ef:3b:0f:42:df:b6:b2:e8:78:fd:37:b7:e7:1b:36:b4:54:
8a:2c:c3:ff:ee:f8:64:c3:0c:2b:ec:d3:5e:bf:c2:3d:0c:37:
3e:48:4e:9a:cd:4a:1a:a4:b9:55:3d:30:9a:86:8f:42:b8:ee:
78:7a:b1:d0:a6:e9:12:0e:26:84:85:30:93:6d:37:27:a8:1e:
3f:fb:ec:a9
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIEDLqe/DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NmMyYTRiN2Q1ZDczYzViNTcwNDYyMjNiZjMwZWI2NTMwMDViMGUyMB4XDTIyMDEw
MTA1MDUwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOGEwYzIyZDUxMDU4
MmUxZTkwNjk4MDg2ZTE0ZmE4N2Q2MjEwYzkzNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALlFpRIF23GTaJPcPwFCqMXsmPUfJlWt3gE41Vv9eHKJJ0I9
v2rPwN6ky2Z/I7YB+6VEb7AZ1I/dc0gIyd+jQhDcUVs1buTgcAgSqOW5GoUJyGEO
wdHNVrQdwWKIxgCQR+2F5kswgoR+2jyVoVMKOb+t9Y/g2t9Iuhal7x27liXfkTFz
dK0217PhP9SgS2UBGnuWbQoEzKtk+KCZsi3UKXFqRA9zqSrwArYbqMcjmVW/W5xR
1ipRSApPipSJIILYQRtjORumTx37NHAqcM5Cbt0nPAueQNSTcDFvDHOp6FEprJO+
jt36uLnane8u8yggJt9FHyjC3PTYlseZLy580tkCAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBSKDCLVEFguHpBpgIbhT6h9YhDJNTAfBgNVHSMEGDAWgBQ2wqS31dc8W1cE
YiO/MOtlMAWw4jAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05zS2t0OVhYUEZ0WEJHSWp2ekRyWlRBRnNPSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmMvOGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8x
L2lnd2kxUkJZTGg2UWFZQ0c0VS1vZldJUXlUVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmMv
OGRkODVhLWJmOGYtNDI1ZS1hMjRiLTJjY2VkYjk2NmE1OC8xL05zS2t0OVhYUEZ0
WEJHSWp2ekRyWlRBRnNPSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEAi11iAMEAj6FMAMEAl/W5AMEAmcH
zAMEAsGkFDANBgkqhkiG9w0BAQsFAAOCAQEAPW+8GqWf0RBIlDp2wLuXFzDW1tHd
01mVzQRFQW7D9vxR3Zd2HoaZWH2xCcqaMfyjfGdZr980oyupsF73Vl7qPrrHnXml
JQjIKNb/LfeTt4E3QRToeZSwqrbZcWCq3KyBQdERiRWor87g1OoGbH2PEgRFFUeB
FMStCfFIrg3Ph/A5aVNKUx5VEPBzKJJmP9FV/JuGSMdVGUlzK3LoMIBstWqIiTLN
lFi79Z/I3P8rrUK7/BXV5u87D0LftrLoeP03t+cbNrRUiizD/+74ZMMMK+zTXr/C
PQw3PkhOms1KGqS5VT0wmoaPQrjueHqx0KbpEg4mhIUwk203J6geP/vsqQ==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:56 2023 by rpki-client on console-ams.rpki-client.org