Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/x1SwoElv6hi2zoEftc_nBzJD72k.roa
File: x1SwoElv6hi2zoEftc_nBzJD72k.roa (raw, json)
Hash identifier: yc3j/aEs8pQ0xbbWt4l1IhIh9g1jTR8/J+TwIiq2yh0=
Subject key identifier: C7:54:B0:A0:49:6F:EA:18:B6:CE:81:1F:B5:CF:E7:07:32:43:EF:69
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 018571030F1640418B003ABD04A4FECE8F12
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/x1SwoElv6hi2zoEftc_nBzJD72k.roa
Signing time: Mon 02 Jan 2023 05:45:03 +0000
ROA not before: Mon 02 Jan 2023 05:45:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 59253
IP address blocks: 103.7.204.0/22 maxlen: 22
193.164.20.0/22 maxlen: 22
45.117.136.0/22 maxlen: 22
62.133.48.0/22 maxlen: 22
95.214.228.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:03:0f:16:40:41:8b:00:3a:bd:04:a4:fe:ce:8f:12
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 2 05:45:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c754b0a0496fea18b6ce811fb5cfe7073243ef69
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:a7:4f:87:09:ca:1e:17:c6:4e:b3:85:78:b1:
c6:ef:8e:d1:ae:7b:48:da:e7:78:7b:46:eb:b9:49:
a5:98:cf:25:09:8c:94:1f:13:54:fa:f1:5e:09:e9:
c0:d8:54:ee:8b:12:01:d7:d8:bd:51:67:3a:8e:d7:
31:79:31:58:8b:7b:20:8e:5c:db:cd:06:a2:a5:27:
ec:d9:67:6e:3f:7b:99:45:2f:b4:30:00:1b:85:26:
db:cd:85:a6:8f:98:83:f5:17:02:a8:26:78:38:a6:
fe:0f:5c:50:6c:ff:a3:f4:d8:2a:45:39:68:46:27:
9e:fc:1d:31:c6:f5:1d:8d:0f:ad:48:0f:36:ec:b4:
cc:02:9c:d8:e5:71:bc:32:43:6c:43:02:0f:aa:7a:
38:3c:41:d9:ac:32:ed:6e:47:8a:79:7f:7f:e0:2d:
11:90:11:14:72:4a:59:99:b1:cb:26:4f:6c:82:fa:
0b:da:3a:35:41:54:86:6e:48:05:3d:55:39:19:35:
40:d1:10:f4:6f:4e:d8:49:1b:55:21:3b:1e:37:c4:
6e:45:a0:4e:7a:5c:0c:bb:b8:33:4f:f0:08:52:98:
52:05:72:a3:cc:a4:ff:16:5c:37:b4:cb:3d:a7:7c:
83:d8:6f:98:b4:10:17:be:3f:be:38:f2:77:e6:f3:
ff:1d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:54:B0:A0:49:6F:EA:18:B6:CE:81:1F:B5:CF:E7:07:32:43:EF:69
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/x1SwoElv6hi2zoEftc_nBzJD72k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.117.136.0/22
62.133.48.0/22
95.214.228.0/22
103.7.204.0/22
193.164.20.0/22
Signature Algorithm: sha256WithRSAEncryption
22:a3:01:a5:00:4a:ac:42:30:72:08:76:f3:92:e4:08:de:ca:
bc:7e:f1:42:a8:66:a4:77:4e:87:18:6c:2c:2f:b3:ab:a0:98:
9b:d7:63:8a:cf:08:ba:ee:41:d6:dd:fe:8a:78:2b:98:a9:f4:
6c:c4:8e:93:24:54:f0:c2:fa:5e:60:bb:3e:de:d6:a3:7c:50:
66:da:e7:e5:64:00:30:e1:a4:c4:85:3e:fc:d1:96:a6:c2:8d:
0c:7c:30:89:13:87:13:5f:71:60:a5:27:10:1b:88:e7:da:3a:
8d:73:5c:75:d0:26:ed:47:c5:9f:b9:72:ec:43:07:a7:75:43:
79:49:0c:03:8d:0b:83:60:f8:80:f2:4f:e1:c0:b9:af:bd:bd:
aa:c7:28:59:da:7d:8c:c0:e4:b1:63:9d:47:77:af:40:8c:8f:
74:8c:5d:67:bf:ea:91:bf:1e:cf:04:a8:65:26:e0:db:77:a5:
6b:59:9e:51:58:e1:07:47:2e:c5:0a:4b:45:cf:7f:6a:32:fc:
ab:3e:fb:ad:97:e6:67:f3:9e:22:7c:27:6d:f4:7d:44:48:af:
d9:ab:26:91:bf:be:8f:0d:20:da:3c:04:9a:2e:b7:b5:29:31:
38:4d:c6:a0:70:4f:01:66:86:52:53:65:c4:82:ec:2b:75:f3:
42:be:76:93
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYVxAw8WQEGLADq9BKT+zo8SMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMTAyMDU0NTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzU0YjBhMDQ5NmZlYTE4YjZjZTgxMWZiNWNmZTcwNzMyNDNlZjY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApKdPhwnKHhfGTrOFeLHG747RrntI
2ud4e0bruUmlmM8lCYyUHxNU+vFeCenA2FTuixIB19i9UWc6jtcxeTFYi3sgjlzb
zQaipSfs2WduP3uZRS+0MAAbhSbbzYWmj5iD9RcCqCZ4OKb+D1xQbP+j9NgqRTlo
Riee/B0xxvUdjQ+tSA827LTMApzY5XG8MkNsQwIPqno4PEHZrDLtbkeKeX9/4C0R
kBEUckpZmbHLJk9sgvoL2jo1QVSGbkgFPVU5GTVA0RD0b07YSRtVITseN8RuRaBO
elwMu7gzT/AIUphSBXKjzKT/Flw3tMs9p3yD2G+YtBAXvj++OPJ35vP/HQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFMdUsKBJb+oYts6BH7XP5wcyQ+9pMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEveDFTd29FbHY2aGkyem9FZnRjX25CekpENzJrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCLXWIAwQC
PoUwAwQCX9bkAwQCZwfMAwQCwaQUMA0GCSqGSIb3DQEBCwUAA4IBAQAiowGlAEqs
QjByCHbzkuQI3sq8fvFCqGakd06HGGwsL7OroJib12OKzwi67kHW3f6KeCuYqfRs
xI6TJFTwwvpeYLs+3tajfFBm2uflZAAw4aTEhT780Zamwo0MfDCJE4cTX3FgpScQ
G4jn2jqNc1x10CbtR8WfuXLsQwendUN5SQwDjQuDYPiA8k/hwLmvvb2qxyhZ2n2M
wOSxY51Hd69AjI90jF1nv+qRvx7PBKhlJuDbd6VrWZ5RWOEHRy7FCktFz39qMvyr
Pvutl+Zn854ifCdt9H1ESK/ZqyaRv76PDSDaPASaLre1KTE4TcagcE8BZoZSU2XE
guwrdfNCvnaT
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:57 2023 by rpki-client on console-ams.rpki-client.org