Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/IpcVCuWskRoJoWNB3OMdDc8UYmY.roa
File: IpcVCuWskRoJoWNB3OMdDc8UYmY.roa (raw, json)
Hash identifier: gu6ZUlR/VzoPuUUdR6IHOV1gB4i3HjAdxiZn8WsHXn0=
Subject key identifier: 22:97:15:0A:E5:AC:91:1A:09:A1:63:41:DC:E3:1D:0D:CF:14:62:66
Certificate issuer: /CN=d894365b28a082834a751a97771b791124524dec
Certificate serial: 018210A4851354BDD25D57180F1E71729BE1
Authority key identifier: D8:94:36:5B:28:A0:82:83:4A:75:1A:97:77:1B:79:11:24:52:4D:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/IpcVCuWskRoJoWNB3OMdDc8UYmY.roa
Signing time: Mon 18 Jul 2022 09:29:53 +0000
ROA not before: Mon 18 Jul 2022 09:29:53 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 41107
IP address blocks: 91.108.160.0/21 maxlen: 21
185.31.152.0/22 maxlen: 22
109.68.192.0/21 maxlen: 21
159.253.160.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:10:a4:85:13:54:bd:d2:5d:57:18:0f:1e:71:72:9b:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d894365b28a082834a751a97771b791124524dec
Validity
Not Before: Jul 18 09:29:53 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=2297150ae5ac911a09a16341dce31d0dcf146266
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:c4:59:7e:64:6f:0f:37:d0:9d:2c:3b:8b:95:
60:fe:c8:0f:e0:3c:09:87:c5:88:b7:2b:2c:d4:b5:
d0:38:10:76:bf:9a:a0:2e:e7:74:10:f2:ee:85:cf:
e0:17:4c:cf:35:31:4b:cf:94:23:e6:31:9d:4b:19:
08:ba:2e:e2:a6:fd:54:5b:02:7c:69:94:62:cc:ab:
37:fa:c5:3b:c6:e3:71:c9:46:0f:3c:66:f7:1c:9c:
32:82:3c:40:e7:2e:0b:be:57:b3:31:e3:cb:22:36:
01:6d:d0:f2:49:ab:05:8d:cb:a3:10:88:87:a1:67:
98:75:d8:85:41:73:a6:9c:11:29:a7:ba:0f:37:f2:
ba:ec:94:9e:d3:ad:03:bf:f9:f2:a7:74:70:d7:3a:
12:a5:40:99:b5:82:7c:6f:50:e3:5f:95:a7:11:98:
3f:10:f8:07:04:a2:68:9c:0e:77:4f:a4:48:f0:2f:
57:e7:88:58:2a:03:b3:08:60:2d:e9:8b:21:c5:a8:
51:05:2a:4a:3f:c0:4f:ac:2f:f1:12:f2:4b:ae:76:
14:69:37:43:75:6c:c5:56:09:9b:ed:b5:c6:cb:4d:
c5:6e:cd:48:17:a3:ee:7a:e8:23:2f:4f:a7:cd:56:
23:1d:b3:99:74:f7:4c:a2:4c:1c:3e:ab:b8:b4:99:
7a:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
22:97:15:0A:E5:AC:91:1A:09:A1:63:41:DC:E3:1D:0D:CF:14:62:66
X509v3 Authority Key Identifier:
keyid:D8:94:36:5B:28:A0:82:83:4A:75:1A:97:77:1B:79:11:24:52:4D:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/IpcVCuWskRoJoWNB3OMdDc8UYmY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.108.160.0/21
109.68.192.0/21
159.253.160.0/21
185.31.152.0/22
Signature Algorithm: sha256WithRSAEncryption
9e:16:f6:5a:9a:66:84:78:3d:94:c8:8b:3c:bb:9f:98:15:14:
a4:16:ee:3c:d6:42:31:8c:9c:6b:a3:bd:f8:f0:78:1e:0f:a3:
25:31:94:bd:74:7a:67:3c:bb:87:37:c6:31:53:7c:da:1e:7c:
21:a0:83:83:9d:a6:d3:2b:fb:89:1c:f9:61:04:45:3a:fe:8c:
67:bf:47:0d:56:b1:8e:04:86:33:33:17:73:44:6b:3e:c4:41:
0e:14:2d:43:58:df:a6:16:d7:4e:4a:fc:d7:4d:b9:c7:47:cb:
98:44:2e:de:cf:7f:fe:d3:9e:87:20:24:2d:78:d0:a3:93:9f:
27:90:5d:ce:70:37:0b:e2:bf:d0:4b:12:8e:b5:12:c3:9c:2e:
c4:b7:b6:fb:76:85:65:a9:37:6d:40:4f:d4:16:13:9b:d7:6f:
6d:cf:f1:cd:39:e0:8e:fb:c2:56:2d:42:97:61:b3:ec:c6:77:
fd:24:fc:fa:6a:ca:27:16:41:4e:8f:49:e2:3c:16:99:ca:fa:
3e:ec:85:d2:7e:a3:29:6a:8f:9b:7d:23:26:2b:e5:9b:59:fd:
d2:11:73:8c:3d:47:4e:c4:ff:23:f6:48:94:0a:d3:07:94:ec:
ae:aa:fa:65:7f:cc:ec:12:5d:7d:4e:21:54:20:71:73:f7:a2:
d8:b0:dc:e2
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYIQpIUTVL3SXVcYDx5xcpvhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ4OTQzNjViMjhhMDgyODM0YTc1MWE5Nzc3MWI3OTExMjQ1
MjRkZWMwHhcNMjIwNzE4MDkyOTUzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMjk3MTUwYWU1YWM5MTFhMDlhMTYzNDFkY2UzMWQwZGNmMTQ2MjY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhsRZfmRvDzfQnSw7i5Vg/sgP4DwJ
h8WItyss1LXQOBB2v5qgLud0EPLuhc/gF0zPNTFLz5Qj5jGdSxkIui7ipv1UWwJ8
aZRizKs3+sU7xuNxyUYPPGb3HJwygjxA5y4LvlezMePLIjYBbdDySasFjcujEIiH
oWeYddiFQXOmnBEpp7oPN/K67JSe060Dv/nyp3Rw1zoSpUCZtYJ8b1DjX5WnEZg/
EPgHBKJonA53T6RI8C9X54hYKgOzCGAt6YshxahRBSpKP8BPrC/xEvJLrnYUaTdD
dWzFVgmb7bXGy03Fbs1IF6PueugjL0+nzVYjHbOZdPdMokwcPqu4tJl6hwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFCKXFQrlrJEaCaFjQdzjHQ3PFGJmMB8GA1UdIwQY
MBaAFNiUNlsooIKDSnUal3cbeREkUk3sMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMkpRMld5aWdnb05LZFJxWGR4dDVFU1JTVGV3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNi9hNjA3ZjQtMTVkYy00ZGI1LTk2MDEt
MjE0NjE3OWQ4ZTJiLzEvSXBjVkN1V3NrUm9Kb1dOQjNPTWREYzhVWW1ZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNi9hNjA3ZjQtMTVkYy00ZGI1LTk2MDEtMjE0NjE3OWQ4ZTJi
LzEvMkpRMld5aWdnb05LZFJxWGR4dDVFU1JTVGV3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQDW2ygAwQD
bUTAAwQDn/2gAwQCuR+YMA0GCSqGSIb3DQEBCwUAA4IBAQCeFvZammaEeD2UyIs8
u5+YFRSkFu481kIxjJxro7348HgeD6MlMZS9dHpnPLuHN8YxU3zaHnwhoIODnabT
K/uJHPlhBEU6/oxnv0cNVrGOBIYzMxdzRGs+xEEOFC1DWN+mFtdOSvzXTbnHR8uY
RC7ez3/+056HICQteNCjk58nkF3OcDcL4r/QSxKOtRLDnC7Et7b7doVlqTdtQE/U
FhOb129tz/HNOeCO+8JWLUKXYbPsxnf9JPz6asonFkFOj0niPBaZyvo+7IXSfqMp
ao+bfSMmK+WbWf3SEXOMPUdOxP8j9kiUCtMHlOyuqvplf8zsEl19TiFUIHFz96LY
sNzi
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:07:35 2023 by rpki-client on console-ams.rpki-client.org