Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/mpv1VUF56KNiK5pLxDufikoD31E.roa
File: mpv1VUF56KNiK5pLxDufikoD31E.roa (raw, json)
Hash identifier: S2HVrNd3Qm+bmW+66WK23bXbx8C5Aq3nF/iYBwdTTTc=
Subject key identifier: 9A:9B:F5:55:41:79:E8:A3:62:2B:9A:4B:C4:3B:9F:8A:4A:03:DF:51
Certificate issuer: /CN=9fb4a8b93af9ea9cf18aaca4e73f116ec26eb357
Certificate serial: 01856BEED0F60BCBBE07773A7ABCAE552074
Authority key identifier: 9F:B4:A8:B9:3A:F9:EA:9C:F1:8A:AC:A4:E7:3F:11:6E:C2:6E:B3:57
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/mpv1VUF56KNiK5pLxDufikoD31E.roa
Signing time: Sun 01 Jan 2023 06:04:51 +0000
ROA not before: Sun 01 Jan 2023 06:04:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43060
IP address blocks: 91.196.76.0/23 maxlen: 24
185.196.216.0/22 maxlen: 22
94.158.48.0/21 maxlen: 21
94.158.48.0/20 maxlen: 20
94.158.56.0/24 maxlen: 24
94.158.57.0/24 maxlen: 24
94.158.58.0/24 maxlen: 24
94.158.60.0/24 maxlen: 24
94.158.61.0/24 maxlen: 24
94.158.62.0/24 maxlen: 24
94.158.63.0/24 maxlen: 24
94.158.59.0/24 maxlen: 24
109.207.240.0/20 maxlen: 22
2a04:1b80::/32 maxlen: 36
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:ee:d0:f6:0b:cb:be:07:77:3a:7a:bc:ae:55:20:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9fb4a8b93af9ea9cf18aaca4e73f116ec26eb357
Validity
Not Before: Jan 1 06:04:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9a9bf5554179e8a3622b9a4bc43b9f8a4a03df51
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:4a:92:52:11:3d:33:73:d6:b4:95:3b:5b:c5:
d1:f2:8c:0b:22:ea:26:f5:d1:a6:24:2d:a5:f9:78:
ae:78:9b:e0:37:df:64:08:6b:65:c0:8a:4b:b9:cc:
b1:e9:be:fe:18:2d:fe:40:14:f4:73:61:34:d0:c4:
7f:72:66:35:03:03:19:98:18:3e:26:79:96:33:77:
4b:86:66:2d:7e:07:52:70:ab:b2:f8:87:19:81:17:
cc:ea:4d:94:22:43:ae:20:3a:b9:f2:6d:99:3f:53:
2b:88:68:5a:da:2e:b0:50:a9:35:87:16:ee:76:38:
8b:9a:0a:32:8b:bc:93:da:b8:42:f8:b3:c3:2a:c4:
ab:d8:49:dc:8c:ab:60:f5:03:96:98:fd:34:a8:56:
67:60:d3:97:f1:54:78:61:73:31:e5:b1:10:06:4f:
fc:1b:6e:8c:fe:05:e4:7b:9b:ef:9c:f5:68:87:35:
7e:08:9e:10:c6:a6:11:67:5e:b7:99:76:49:27:6a:
c3:aa:7c:c9:09:02:39:78:41:9f:b4:6c:d5:7f:44:
ad:bf:49:eb:c6:11:b1:44:21:6c:9d:ae:5b:8e:ad:
aa:75:eb:bd:8d:90:39:84:4f:6c:7b:26:ce:85:3d:
f1:42:8b:23:a8:41:91:2a:b8:b0:84:47:a0:27:27:
12:e5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:9B:F5:55:41:79:E8:A3:62:2B:9A:4B:C4:3B:9F:8A:4A:03:DF:51
X509v3 Authority Key Identifier:
keyid:9F:B4:A8:B9:3A:F9:EA:9C:F1:8A:AC:A4:E7:3F:11:6E:C2:6E:B3:57
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/n7SouTr56pzxiqyk5z8RbsJus1c.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/mpv1VUF56KNiK5pLxDufikoD31E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c8/898741-eda4-4c5d-af9f-8d68eb20fbdd/1/n7SouTr56pzxiqyk5z8RbsJus1c.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.196.76.0/23
94.158.48.0/20
109.207.240.0/20
185.196.216.0/22
IPv6:
2a04:1b80::/32
Signature Algorithm: sha256WithRSAEncryption
7d:c8:a3:1c:a2:7c:af:43:74:ed:18:91:95:f0:ff:2f:a9:82:
29:dd:35:eb:1c:f1:1c:5f:7f:20:65:7c:ab:11:aa:6e:b3:08:
6c:03:b6:74:94:17:69:72:10:1b:64:00:19:56:2e:80:44:8c:
6d:4b:6d:de:e8:31:7c:86:62:52:80:9d:2b:64:03:33:e6:e6:
3c:1d:01:28:ac:bf:ff:7c:1b:5b:c1:27:f6:f5:e9:a1:88:5e:
1f:27:5a:a1:6e:d2:23:50:bf:78:ed:87:00:13:94:3c:69:51:
aa:b0:bf:63:16:12:e0:0d:2d:c9:f1:ce:18:11:e9:88:97:a3:
5a:5e:bb:77:01:79:ba:f8:b0:2e:33:aa:ca:8d:ad:5a:07:31:
fc:22:8f:82:ba:f7:67:b7:c3:00:0a:05:b2:78:0d:20:72:26:
fa:65:58:04:6b:fb:6d:d8:12:be:1f:a1:57:6a:37:b4:05:ed:
90:b4:5c:74:68:df:70:e6:8e:84:2f:f0:ba:f9:06:f3:33:1b:
ea:43:2a:85:08:27:7c:24:d8:12:6b:77:ef:2e:41:5b:7b:be:
09:25:22:26:04:65:1a:77:a1:8a:6a:42:6b:e7:4b:aa:05:1f:
36:e3:6b:9c:30:19:e4:88:f4:31:7b:60:f5:4e:12:e0:d4:e5:
87:2c:96:91
-----BEGIN CERTIFICATE-----
MIIFHjCCBAagAwIBAgISAYVr7tD2C8u+B3c6eryuVSB0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDlmYjRhOGI5M2FmOWVhOWNmMThhYWNhNGU3M2YxMTZlYzI2
ZWIzNTcwHhcNMjMwMTAxMDYwNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTliZjU1NTQxNzllOGEzNjIyYjlhNGJjNDNiOWY4YTRhMDNkZjUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0EqSUhE9M3PWtJU7W8XR8owLIuom
9dGmJC2l+XiueJvgN99kCGtlwIpLucyx6b7+GC3+QBT0c2E00MR/cmY1AwMZmBg+
JnmWM3dLhmYtfgdScKuy+IcZgRfM6k2UIkOuIDq58m2ZP1MriGha2i6wUKk1hxbu
djiLmgoyi7yT2rhC+LPDKsSr2EncjKtg9QOWmP00qFZnYNOX8VR4YXMx5bEQBk/8
G26M/gXke5vvnPVohzV+CJ4QxqYRZ163mXZJJ2rDqnzJCQI5eEGftGzVf0Stv0nr
xhGxRCFsna5bjq2qdeu9jZA5hE9seybOhT3xQosjqEGRKriwhEegJycS5QIDAQAB
o4ICKjCCAiYwHQYDVR0OBBYEFJqb9VVBeeijYiuaS8Q7n4pKA99RMB8GA1UdIwQY
MBaAFJ+0qLk6+eqc8YqspOc/EW7CbrNXMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbjdTb3VUcjU2cHp4aXF5azV6OFJic0p1czFjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOC84OTg3NDEtZWRhNC00YzVkLWFmOWYt
OGQ2OGViMjBmYmRkLzEvbXB2MVZVRjU2S05pSzVwTHhEdWZpa29EMzFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOC84OTg3NDEtZWRhNC00YzVkLWFmOWYtOGQ2OGViMjBmYmRk
LzEvbjdTb3VUcjU2cHp4aXF5azV6OFJic0p1czFjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEAGCCsGAQUFBwEHAQH/BDEwLzAeBAIAATAYAwQBW8RMAwQE
Xp4wAwQEbc/wAwQCucTYMA0EAgACMAcDBQAqBBuAMA0GCSqGSIb3DQEBCwUAA4IB
AQB9yKMconyvQ3TtGJGV8P8vqYIp3TXrHPEcX38gZXyrEapuswhsA7Z0lBdpchAb
ZAAZVi6ARIxtS23e6DF8hmJSgJ0rZAMz5uY8HQEorL//fBtbwSf29emhiF4fJ1qh
btIjUL947YcAE5Q8aVGqsL9jFhLgDS3J8c4YEemIl6NaXrt3AXm6+LAuM6rKja1a
BzH8Io+Cuvdnt8MACgWyeA0gcib6ZVgEa/tt2BK+H6FXaje0Be2QtFx0aN9w5o6E
L/C6+QbzMxvqQyqFCCd8JNgSa3fvLkFbe74JJSImBGUad6GKakJr50uqBR8242uc
MBnkiPQxe2D1ThLg1OWHLJaR
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:47 2024 by rpki-client on console-ams.rpki-client.org