Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/XiBRZx6NQOh2aAToyg6BMluM4n8.roa
File: XiBRZx6NQOh2aAToyg6BMluM4n8.roa (raw, json)
Hash identifier: tn+c1J87aDZsYrLmR5QH4YvOS6NcQRsJNphRqx8MjNY=
Subject key identifier: 5E:20:51:67:1E:8D:40:E8:76:68:04:E8:CA:0E:81:32:5B:8C:E2:7F
Certificate issuer: /CN=d894365b28a082834a751a97771b791124524dec
Certificate serial: 097A8640
Authority key identifier: D8:94:36:5B:28:A0:82:83:4A:75:1A:97:77:1B:79:11:24:52:4D:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/XiBRZx6NQOh2aAToyg6BMluM4n8.roa
Signing time: Sat 01 Jan 2022 00:54:23 +0000
ROA not before: Sat 01 Jan 2022 00:54:23 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 41107
IP address blocks: 91.108.160.0/21 maxlen: 21
185.31.152.0/22 maxlen: 22
109.68.192.0/21 maxlen: 21
185.49.216.0/22 maxlen: 22
159.253.160.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 159024704 (0x97a8640)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d894365b28a082834a751a97771b791124524dec
Validity
Not Before: Jan 1 00:54:23 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5e2051671e8d40e8766804e8ca0e81325b8ce27f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:32:9c:a0:9d:ce:0f:c8:ff:be:69:7e:35:0e:
45:7f:e6:27:f2:d6:0c:4e:e6:2f:87:3a:4f:84:87:
8c:aa:57:28:e8:17:51:73:7d:bd:f4:bf:92:f6:c0:
7a:3a:81:f2:4f:bb:80:e5:8c:26:ca:82:06:a8:79:
e5:50:fd:82:da:c9:8b:a7:55:f7:13:2c:2f:59:9b:
21:66:36:52:e3:24:ca:3b:27:f9:19:d3:61:5e:a9:
c7:aa:7b:a7:d8:3e:6a:a3:9d:0d:14:60:60:32:ef:
e7:61:00:b8:da:a0:c1:37:94:37:93:58:3d:64:3b:
71:cc:0a:b7:e4:95:df:c9:43:95:0a:60:da:c0:ea:
f7:14:f4:fb:e3:ba:ce:1b:bf:ff:54:85:85:b7:f3:
1a:42:ea:8e:ef:6a:6b:b6:b7:4e:f2:d3:2a:62:b8:
92:10:c1:d2:e2:86:a8:f5:90:1d:6b:4e:65:7f:44:
1f:92:f5:46:54:5d:83:5e:0e:38:2e:b7:cf:3a:17:
40:b1:a4:e6:fa:96:0d:84:ba:f2:82:42:bd:eb:93:
e7:cd:af:63:84:2a:35:4e:8e:42:f4:da:69:19:55:
83:90:26:2c:07:2d:b9:6a:02:ec:e8:e6:54:bb:a6:
d8:81:32:d4:3c:e6:33:84:d4:63:ee:1b:57:d5:02:
4f:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:20:51:67:1E:8D:40:E8:76:68:04:E8:CA:0E:81:32:5B:8C:E2:7F
X509v3 Authority Key Identifier:
keyid:D8:94:36:5B:28:A0:82:83:4A:75:1A:97:77:1B:79:11:24:52:4D:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2JQ2WyiggoNKdRqXdxt5ESRSTew.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/XiBRZx6NQOh2aAToyg6BMluM4n8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c6/a607f4-15dc-4db5-9601-2146179d8e2b/1/2JQ2WyiggoNKdRqXdxt5ESRSTew.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.108.160.0/21
109.68.192.0/21
159.253.160.0/21
185.31.152.0/22
185.49.216.0/22
Signature Algorithm: sha256WithRSAEncryption
51:4a:ae:ec:e6:ec:8a:3f:9a:35:30:69:79:88:a7:2a:7d:84:
13:51:3f:49:0d:a4:9f:7e:95:a4:14:fa:1e:f5:9b:47:2e:8c:
ce:dc:dd:9b:0a:28:c8:70:5d:46:93:45:bf:3f:a3:bd:27:bc:
6c:97:93:cf:28:b3:8f:df:48:53:ba:88:0a:78:d9:d6:e0:2e:
e6:a8:fa:ee:45:14:2a:c6:84:e0:c8:ed:fe:24:de:52:5c:53:
38:91:ab:16:70:5a:a3:4d:0d:8a:1d:cd:3e:1c:fb:36:4d:58:
db:18:5c:d6:05:83:27:3a:65:0b:6e:a4:21:b5:e6:b6:b0:82:
bf:ff:83:d1:21:87:8d:85:0e:26:e3:31:a3:cf:cb:10:40:98:
0f:10:db:f5:8a:49:33:8d:c1:a5:65:c3:4c:c2:44:0e:80:9a:
a7:e0:c9:3a:bd:f7:47:42:2c:c2:b1:35:3c:99:3c:3f:62:e7:
25:35:11:fc:0a:45:39:4b:05:38:b9:2e:81:66:21:83:b8:ac:
45:a9:94:19:03:d7:31:e5:fa:eb:49:79:81:90:79:39:d4:6f:
0d:e4:a4:e3:23:95:8d:4a:c9:a0:1f:dc:67:c5:0c:05:e6:ca:
19:1f:84:69:87:bc:5a:1d:c1:28:c3:65:3c:39:8f:a7:43:da:
8a:75:9d:78
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIECXqGQDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhk
ODk0MzY1YjI4YTA4MjgzNGE3NTFhOTc3NzFiNzkxMTI0NTI0ZGVjMB4XDTIyMDEw
MTAwNTQyM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNWUyMDUxNjcxZThk
NDBlODc2NjgwNGU4Y2EwZTgxMzI1YjhjZTI3ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKsynKCdzg/I/75pfjUORX/mJ/LWDE7mL4c6T4SHjKpXKOgX
UXN9vfS/kvbAejqB8k+7gOWMJsqCBqh55VD9gtrJi6dV9xMsL1mbIWY2UuMkyjsn
+RnTYV6px6p7p9g+aqOdDRRgYDLv52EAuNqgwTeUN5NYPWQ7ccwKt+SV38lDlQpg
2sDq9xT0++O6zhu//1SFhbfzGkLqju9qa7a3TvLTKmK4khDB0uKGqPWQHWtOZX9E
H5L1RlRdg14OOC63zzoXQLGk5vqWDYS68oJCveuT582vY4QqNU6OQvTaaRlVg5Am
LActuWoC7OjmVLum2IEy1DzmM4TUY+4bV9UCT5MCAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBReIFFnHo1A6HZoBOjKDoEyW4zifzAfBgNVHSMEGDAWgBTYlDZbKKCCg0p1
Gpd3G3kRJFJN7DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzJKUTJXeWlnZ29OS2RScVhkeHQ1RVNSU1Rldy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvYzYvYTYwN2Y0LTE1ZGMtNGRiNS05NjAxLTIxNDYxNzlkOGUyYi8x
L1hpQlJaeDZOUU9oMmFBVG95ZzZCTWx1TTRuOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvYzYv
YTYwN2Y0LTE1ZGMtNGRiNS05NjAxLTIxNDYxNzlkOGUyYi8xLzJKUTJXeWlnZ29O
S2RScVhkeHQ1RVNSU1Rldy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEA1tsoAMEA21EwAMEA5/9oAMEArkf
mAMEArkx2DANBgkqhkiG9w0BAQsFAAOCAQEAUUqu7Obsij+aNTBpeYinKn2EE1E/
SQ2kn36VpBT6HvWbRy6MztzdmwooyHBdRpNFvz+jvSe8bJeTzyizj99IU7qICnjZ
1uAu5qj67kUUKsaE4Mjt/iTeUlxTOJGrFnBao00Nih3NPhz7Nk1Y2xhc1gWDJzpl
C26kIbXmtrCCv/+D0SGHjYUOJuMxo8/LEECYDxDb9YpJM43BpWXDTMJEDoCap+DJ
Or33R0IswrE1PJk8P2LnJTUR/ApFOUsFOLkugWYhg7isRamUGQPXMeX660l5gZB5
OdRvDeSk4yOVjUrJoB/cZ8UMBebKGR+EaYe8Wh3BKMNlPDmPp0PainWdeA==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:07:35 2023 by rpki-client on console-ams.rpki-client.org