Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bd/b8c851-16ec-476f-9918-a62473abaa91/1/JawhDMh3TWR9ZVoTYCOxT8TbR40.roa
File: JawhDMh3TWR9ZVoTYCOxT8TbR40.roa (raw, json)
Hash identifier: B79+L3l3lnOxq+IiVErY21ns1jndLOY5YeOjqT2HaSo=
Subject key identifier: 25:AC:21:0C:C8:77:4D:64:7D:65:5A:13:60:23:B1:4F:C4:DB:47:8D
Certificate issuer: /CN=d1f5d55a1bb009d181992e241851d5f9939237cc
Certificate serial: 103509ED
Authority key identifier: D1:F5:D5:5A:1B:B0:09:D1:81:99:2E:24:18:51:D5:F9:93:92:37:CC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/0fXVWhuwCdGBmS4kGFHV-ZOSN8w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bd/b8c851-16ec-476f-9918-a62473abaa91/1/JawhDMh3TWR9ZVoTYCOxT8TbR40.roa
Signing time: Thu 21 Apr 2022 12:11:14 +0000
ROA not before: Thu 21 Apr 2022 12:11:14 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 44053
IP address blocks: 185.50.200.0/22 maxlen: 22
31.15.16.0/21 maxlen: 32
92.53.224.0/21 maxlen: 21
95.174.88.0/21 maxlen: 21
31.177.104.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 271911405 (0x103509ed)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d1f5d55a1bb009d181992e241851d5f9939237cc
Validity
Not Before: Apr 21 12:11:14 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=25ac210cc8774d647d655a136023b14fc4db478d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:32:ce:a4:73:25:90:18:16:f9:2b:7f:70:90:
6d:1b:7e:0c:92:ac:71:28:73:60:56:a7:92:37:53:
9b:13:87:03:5d:35:f6:35:83:c2:56:49:6c:42:bb:
32:8d:b8:df:d7:4e:e0:81:f6:c4:21:f5:d3:eb:b6:
8a:a5:99:af:ea:7a:6c:23:58:78:1c:43:11:8a:78:
75:b0:e7:d9:51:58:73:01:1e:bf:30:bd:bd:24:3b:
e1:53:d8:ec:75:97:1e:da:ba:47:77:a5:9f:07:57:
f9:15:ca:ad:5c:35:2b:de:02:32:30:4f:68:e4:f6:
23:8f:72:5f:94:6b:5e:3e:52:8f:7f:ed:a5:af:b0:
c5:31:47:09:93:2a:77:e1:2f:2a:69:ae:ab:f8:63:
90:34:7c:2b:23:31:dc:32:13:88:5d:89:c2:2b:a4:
a8:2a:62:ad:6d:38:42:1d:33:26:ab:e3:fc:32:52:
45:a0:b4:40:01:3c:e8:81:a1:a5:a6:25:89:a6:f3:
e2:69:4f:ab:3c:cc:4e:fd:86:e1:b4:f9:5f:d9:eb:
f3:e1:55:e9:91:e6:3a:1f:e9:f9:32:21:10:94:fc:
ec:e9:bd:3c:07:3b:fc:4f:75:9f:66:5a:f6:82:92:
fc:fb:bd:c3:a5:13:c1:58:60:f7:8d:b0:e6:d6:a0:
76:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:AC:21:0C:C8:77:4D:64:7D:65:5A:13:60:23:B1:4F:C4:DB:47:8D
X509v3 Authority Key Identifier:
keyid:D1:F5:D5:5A:1B:B0:09:D1:81:99:2E:24:18:51:D5:F9:93:92:37:CC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0fXVWhuwCdGBmS4kGFHV-ZOSN8w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/b8c851-16ec-476f-9918-a62473abaa91/1/JawhDMh3TWR9ZVoTYCOxT8TbR40.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bd/b8c851-16ec-476f-9918-a62473abaa91/1/0fXVWhuwCdGBmS4kGFHV-ZOSN8w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.15.16.0/21
31.177.104.0/21
92.53.224.0/21
95.174.88.0/21
185.50.200.0/22
Signature Algorithm: sha256WithRSAEncryption
32:a3:9a:44:88:2a:60:20:67:8d:ed:9d:ab:57:ac:1e:20:46:
61:65:1d:80:2d:63:c6:ef:2e:d1:3b:fc:b2:8e:05:53:66:3f:
32:f3:ed:7a:1d:4b:bd:bc:3c:42:77:0d:dd:9f:fc:ae:f8:68:
e8:ff:96:fe:a0:b6:ac:f6:eb:e2:6b:82:5d:b5:82:2c:7a:30:
e8:18:ea:9b:5b:91:63:2f:07:07:d2:70:93:6d:51:8e:ce:0d:
c6:5a:f2:f7:ae:51:cf:d6:31:97:29:87:2d:9f:d9:55:94:0f:
33:ed:6e:03:f2:5b:cc:46:4b:2a:8c:ff:37:ec:ed:60:6a:0e:
bf:4f:b8:00:43:11:90:76:85:16:56:fc:aa:d6:0b:fa:75:e8:
40:f2:12:2a:0c:a4:bd:ec:2f:d0:75:c5:f2:c8:d8:9d:8b:73:
74:13:59:27:50:1b:8a:45:f7:91:b1:84:4d:f3:d0:5c:ef:14:
92:e0:0e:5f:03:96:73:b4:24:d5:9b:d5:28:e0:a7:37:51:52:
56:69:cc:48:14:e9:a5:75:50:ad:98:9f:1a:47:3a:82:97:25:
74:25:d3:9f:9b:09:cb:2c:c4:16:99:a3:41:73:8b:11:24:a4:
63:0e:f9:ea:26:fb:24:08:50:2d:46:50:14:ba:ce:a2:b2:4d:
19:29:17:5f
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIEEDUJ7TANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
MWY1ZDU1YTFiYjAwOWQxODE5OTJlMjQxODUxZDVmOTkzOTIzN2NjMB4XDTIyMDQy
MTEyMTExNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjVhYzIxMGNjODc3
NGQ2NDdkNjU1YTEzNjAyM2IxNGZjNGRiNDc4ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAK0yzqRzJZAYFvkrf3CQbRt+DJKscShzYFankjdTmxOHA101
9jWDwlZJbEK7Mo2439dO4IH2xCH10+u2iqWZr+p6bCNYeBxDEYp4dbDn2VFYcwEe
vzC9vSQ74VPY7HWXHtq6R3elnwdX+RXKrVw1K94CMjBPaOT2I49yX5RrXj5Sj3/t
pa+wxTFHCZMqd+EvKmmuq/hjkDR8KyMx3DITiF2JwiukqCpirW04Qh0zJqvj/DJS
RaC0QAE86IGhpaYliabz4mlPqzzMTv2G4bT5X9nr8+FV6ZHmOh/p+TIhEJT87Om9
PAc7/E91n2Za9oKS/Pu9w6UTwVhg942w5tagdtUCAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBQlrCEMyHdNZH1lWhNgI7FPxNtHjTAfBgNVHSMEGDAWgBTR9dVaG7AJ0YGZ
LiQYUdX5k5I3zDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzBmWFZXaHV3Q2RHQm1TNGtHRkhWLVpPU044dy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYmQvYjhjODUxLTE2ZWMtNDc2Zi05OTE4LWE2MjQ3M2FiYWE5MS8x
L0phd2hETWgzVFdSOVpWb1RZQ094VDhUYlI0MC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYmQv
YjhjODUxLTE2ZWMtNDc2Zi05OTE4LWE2MjQ3M2FiYWE5MS8xLzBmWFZXaHV3Q2RH
Qm1TNGtHRkhWLVpPU044dy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEAx8PEAMEAx+xaAMEA1w14AMEA1+u
WAMEArkyyDANBgkqhkiG9w0BAQsFAAOCAQEAMqOaRIgqYCBnje2dq1esHiBGYWUd
gC1jxu8u0Tv8so4FU2Y/MvPteh1Lvbw8QncN3Z/8rvho6P+W/qC2rPbr4muCXbWC
LHow6Bjqm1uRYy8HB9Jwk21Rjs4Nxlry965Rz9YxlymHLZ/ZVZQPM+1uA/JbzEZL
Koz/N+ztYGoOv0+4AEMRkHaFFlb8qtYL+nXoQPISKgykvewv0HXF8sjYnYtzdBNZ
J1AbikX3kbGETfPQXO8UkuAOXwOWc7Qk1ZvVKOCnN1FSVmnMSBTppXVQrZifGkc6
gpcldCXTn5sJyyzEFpmjQXOLESSkYw756ib7JAhQLUZQFLrOorJNGSkXXw==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:03:08 2023 by rpki-client on console-fra.rpki-client.org