Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/b8c851-16ec-476f-9918-a62473abaa91/1/2twEmuHwDtWrY-qs3CA5h7Y46p8.roa
File: 2twEmuHwDtWrY-qs3CA5h7Y46p8.roa (raw, json)
Hash identifier: KqoiA7+z6SZRWrE+qPepZWB8J0ZAT29Bb3VtvNgo8WU=
Subject key identifier: DA:DC:04:9A:E1:F0:0E:D5:AB:63:EA:AC:DC:20:39:87:B6:38:EA:9F
Certificate issuer: /CN=d1f5d55a1bb009d181992e241851d5f9939237cc
Certificate serial: 01856EA6A079651910FEF75C65CA9CFD5F2A
Authority key identifier: D1:F5:D5:5A:1B:B0:09:D1:81:99:2E:24:18:51:D5:F9:93:92:37:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0fXVWhuwCdGBmS4kGFHV-ZOSN8w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bd/b8c851-16ec-476f-9918-a62473abaa91/1/2twEmuHwDtWrY-qs3CA5h7Y46p8.roa
Signing time: Sun 01 Jan 2023 18:44:51 +0000
ROA not before: Sun 01 Jan 2023 18:44:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 44053
IP address blocks: 185.50.200.0/22 maxlen: 22
31.15.16.0/21 maxlen: 32
92.53.224.0/21 maxlen: 21
95.174.88.0/21 maxlen: 21
31.177.104.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:a6:a0:79:65:19:10:fe:f7:5c:65:ca:9c:fd:5f:2a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d1f5d55a1bb009d181992e241851d5f9939237cc
Validity
Not Before: Jan 1 18:44:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dadc049ae1f00ed5ab63eaacdc203987b638ea9f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:01:7a:b4:c0:84:7c:12:e2:55:f8:5d:e2:2a:
dd:b3:10:46:f1:13:90:fa:4a:7f:6d:9f:2c:1b:70:
de:74:f2:03:07:12:1d:c6:07:dd:04:b2:20:a7:62:
88:56:94:7c:19:3a:a3:81:6d:aa:22:7d:5a:7c:1a:
54:9c:2e:30:ad:0c:db:93:35:69:a5:e3:97:70:2e:
a0:36:42:6b:78:75:3c:70:5c:74:0b:ee:bb:34:f8:
f0:bf:46:ee:44:de:9d:36:99:25:2b:e4:57:6e:7e:
8c:64:f0:50:3e:f7:90:a7:48:37:06:65:73:ee:50:
01:3e:61:62:f6:e8:1d:4f:d5:21:84:0b:32:d7:d6:
51:15:c7:75:56:01:c7:24:d2:9a:27:ba:ad:6a:e0:
19:e5:3a:a4:3e:85:83:53:af:eb:f1:b7:97:ff:41:
da:db:ad:0e:93:b7:b8:34:d5:c9:8f:b9:d1:87:e8:
35:1c:92:61:14:16:42:fb:a5:8f:6e:43:a0:08:c9:
8b:1f:9e:bc:bf:81:7d:b3:90:ee:29:55:0e:06:e0:
32:36:60:0d:4c:ba:f4:f2:17:56:df:ec:ed:b4:92:
63:18:25:9e:c6:6b:72:a3:18:e4:70:2d:ed:18:5b:
1a:55:01:31:e2:23:a0:bd:c0:e6:0a:de:23:a0:63:
0f:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DA:DC:04:9A:E1:F0:0E:D5:AB:63:EA:AC:DC:20:39:87:B6:38:EA:9F
X509v3 Authority Key Identifier:
keyid:D1:F5:D5:5A:1B:B0:09:D1:81:99:2E:24:18:51:D5:F9:93:92:37:CC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0fXVWhuwCdGBmS4kGFHV-ZOSN8w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/b8c851-16ec-476f-9918-a62473abaa91/1/2twEmuHwDtWrY-qs3CA5h7Y46p8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/b8c851-16ec-476f-9918-a62473abaa91/1/0fXVWhuwCdGBmS4kGFHV-ZOSN8w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.15.16.0/21
31.177.104.0/21
92.53.224.0/21
95.174.88.0/21
185.50.200.0/22
Signature Algorithm: sha256WithRSAEncryption
98:de:22:dd:29:50:77:38:2c:ba:f6:10:6e:a6:fa:cb:e6:62:
0e:3d:52:e8:15:80:cd:ba:ac:88:eb:9c:a4:aa:89:69:e3:f8:
f2:47:ce:1e:74:1b:09:d6:af:26:80:93:27:ec:f5:4c:39:dd:
14:19:cc:af:c8:e0:88:d8:31:0d:ee:bf:05:37:61:4f:7c:01:
03:ab:09:9b:3c:db:af:a5:61:c2:7f:94:75:2f:8b:4c:a7:b9:
3c:88:48:49:58:f2:7a:d7:4d:58:52:f7:3f:c7:ce:6a:b0:db:
0e:0f:98:83:95:1f:01:ce:55:19:61:2e:4f:2e:dd:3d:3e:f1:
3c:f9:ee:4c:cb:f4:51:82:65:2b:8e:44:7a:ec:f5:c7:fe:11:
bb:59:a9:2d:72:32:b1:5b:87:a5:b1:8a:38:ec:93:92:14:54:
59:22:70:f9:07:01:b5:08:7a:9f:24:d2:87:e3:0d:91:43:29:
fd:1c:9b:2a:33:f5:04:f7:0a:15:34:a1:3f:6a:9a:c3:06:bc:
45:1d:f9:a0:db:2a:ec:f1:11:f8:29:5f:dc:b5:cd:a0:bc:d2:
64:90:5a:7f:90:12:43:ce:9a:23:dc:9e:c9:61:f3:a7:4c:dc:
7e:8a:d3:17:3b:fc:62:4c:b7:f8:4f:ee:4b:b6:0c:7c:6d:90:
35:26:6f:17
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYVupqB5ZRkQ/vdcZcqc/V8qMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQxZjVkNTVhMWJiMDA5ZDE4MTk5MmUyNDE4NTFkNWY5OTM5
MjM3Y2MwHhcNMjMwMTAxMTg0NDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYWRjMDQ5YWUxZjAwZWQ1YWI2M2VhYWNkYzIwMzk4N2I2MzhlYTlmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1AF6tMCEfBLiVfhd4irdsxBG8ROQ
+kp/bZ8sG3DedPIDBxIdxgfdBLIgp2KIVpR8GTqjgW2qIn1afBpUnC4wrQzbkzVp
peOXcC6gNkJreHU8cFx0C+67NPjwv0buRN6dNpklK+RXbn6MZPBQPveQp0g3BmVz
7lABPmFi9ugdT9UhhAsy19ZRFcd1VgHHJNKaJ7qtauAZ5TqkPoWDU6/r8beX/0Ha
260Ok7e4NNXJj7nRh+g1HJJhFBZC+6WPbkOgCMmLH568v4F9s5DuKVUOBuAyNmAN
TLr08hdW3+zttJJjGCWexmtyoxjkcC3tGFsaVQEx4iOgvcDmCt4joGMPgQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFNrcBJrh8A7Vq2PqrNwgOYe2OOqfMB8GA1UdIwQY
MBaAFNH11VobsAnRgZkuJBhR1fmTkjfMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMGZYVldodXdDZEdCbVM0a0dGSFYtWk9TTjh3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZC9iOGM4NTEtMTZlYy00NzZmLTk5MTgt
YTYyNDczYWJhYTkxLzEvMnR3RW11SHdEdFdyWS1xczNDQTVoN1k0NnA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZC9iOGM4NTEtMTZlYy00NzZmLTk5MTgtYTYyNDczYWJhYTkx
LzEvMGZYVldodXdDZEdCbVM0a0dGSFYtWk9TTjh3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDHw8QAwQD
H7FoAwQDXDXgAwQDX65YAwQCuTLIMA0GCSqGSIb3DQEBCwUAA4IBAQCY3iLdKVB3
OCy69hBupvrL5mIOPVLoFYDNuqyI65ykqolp4/jyR84edBsJ1q8mgJMn7PVMOd0U
GcyvyOCI2DEN7r8FN2FPfAEDqwmbPNuvpWHCf5R1L4tMp7k8iEhJWPJ6101YUvc/
x85qsNsOD5iDlR8BzlUZYS5PLt09PvE8+e5My/RRgmUrjkR67PXH/hG7WaktcjKx
W4elsYo47JOSFFRZInD5BwG1CHqfJNKH4w2RQyn9HJsqM/UE9woVNKE/aprDBrxF
Hfmg2yrs8RH4KV/ctc2gvNJkkFp/kBJDzpoj3J7JYfOnTNx+itMXO/xiTLf4T+5L
tgx8bZA1Jm8X
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:07:01 2023 by rpki-client on console-ams.rpki-client.org