Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/AYJUw6ffXvbm1cP7XppzQbBES1I.roa
File: AYJUw6ffXvbm1cP7XppzQbBES1I.roa (raw, json)
Hash identifier: LE+guSrFHbuLGZDOg4v4WHh50X1lRyCWG1XmNgD8u68=
Subject key identifier: 01:82:54:C3:A7:DF:5E:F6:E6:D5:C3:FB:5E:9A:73:41:B0:44:4B:52
Certificate issuer: /CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
Certificate serial: 01843259B3049C5E7FF6F85CD8EB7C98DF28
Authority key identifier: EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/AYJUw6ffXvbm1cP7XppzQbBES1I.roa
Signing time: Tue 01 Nov 2022 08:40:50 +0000
ROA not before: Tue 01 Nov 2022 08:40:50 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 19905
IP address blocks: 147.189.176.0/20 maxlen: 20
194.169.122.0/23 maxlen: 23
194.169.121.0/24 maxlen: 24
194.169.122.0/24 maxlen: 24
194.169.123.0/24 maxlen: 24
199.204.215.0/24 maxlen: 24
94.26.112.0/20 maxlen: 20
217.66.224.0/19 maxlen: 19
82.205.0.0/17 maxlen: 17
199.250.128.0/19 maxlen: 19
86.107.16.0/22 maxlen: 22
188.209.208.0/22 maxlen: 22
87.252.108.0/22 maxlen: 22
188.215.100.0/22 maxlen: 22
89.239.32.0/20 maxlen: 20
37.8.0.0/17 maxlen: 17
85.184.240.0/22 maxlen: 22
212.33.96.0/19 maxlen: 19
185.171.132.0/22 maxlen: 22
109.232.162.0/23 maxlen: 23
185.40.192.0/22 maxlen: 22
185.138.132.0/22 maxlen: 22
185.90.242.0/24 maxlen: 24
82.102.192.0/18 maxlen: 18
212.106.64.0/19 maxlen: 19
217.78.48.0/21 maxlen: 21
217.78.60.0/22 maxlen: 22
217.21.0.0/20 maxlen: 20
85.113.96.0/19 maxlen: 19
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:32:59:b3:04:9c:5e:7f:f6:f8:5c:d8:eb:7c:98:df:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
Validity
Not Before: Nov 1 08:40:50 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=018254c3a7df5ef6e6d5c3fb5e9a7341b0444b52
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:20:06:8d:a2:bc:51:43:29:3a:e6:97:30:59:
f3:93:84:30:d4:a3:4a:91:d6:b9:55:c0:dc:b7:de:
1f:01:fc:e5:7d:f0:e5:7b:2e:26:89:ab:1c:b7:2b:
f3:f5:4a:eb:c3:e4:d2:f8:9e:f6:9e:d9:5f:d2:13:
04:9a:19:45:22:7f:12:cd:ee:7e:9d:f9:5d:36:79:
19:d7:92:c7:25:d2:dc:55:0c:0d:1b:c8:8d:fc:54:
db:26:65:8d:16:8e:8e:a7:13:56:38:b2:2d:8b:87:
75:bc:71:d6:e6:65:1e:3a:be:fa:11:28:97:cf:16:
0e:e7:00:e5:ed:03:6c:aa:6d:2c:9e:d6:92:06:68:
09:6d:61:6c:0b:6f:ea:1e:81:f2:da:08:10:3d:b1:
7b:00:c5:86:a3:f7:7f:e5:87:82:8f:58:95:02:87:
34:49:12:c3:cc:81:5b:48:02:8e:1e:70:ed:00:0e:
b4:0c:22:18:c3:fa:7e:4c:20:04:a0:91:1c:94:57:
07:5f:cd:1f:77:f6:aa:9e:5d:c6:0d:5d:14:01:2c:
2d:0d:cf:76:e5:69:b2:31:e9:c5:a4:60:78:3c:fa:
dc:8b:10:1b:26:49:3f:da:cf:b4:6d:0d:7e:fa:60:
65:cd:ff:26:74:09:7c:c4:ad:a1:e6:fc:b2:14:e3:
ac:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:82:54:C3:A7:DF:5E:F6:E6:D5:C3:FB:5E:9A:73:41:B0:44:4B:52
X509v3 Authority Key Identifier:
keyid:EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/AYJUw6ffXvbm1cP7XppzQbBES1I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/7DpjPvLAglGlhgNWLlaqbvqT7CU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.8.0.0/17
82.102.192.0/18
82.205.0.0/17
85.113.96.0/19
85.184.240.0/22
86.107.16.0/22
87.252.108.0/22
89.239.32.0/20
94.26.112.0/20
109.232.162.0/23
147.189.176.0/20
185.40.192.0/22
185.90.242.0/24
185.138.132.0/22
185.171.132.0/22
188.209.208.0/22
188.215.100.0/22
194.169.121.0-194.169.123.255
199.204.215.0/24
199.250.128.0/19
212.33.96.0/19
212.106.64.0/19
217.21.0.0/20
217.66.224.0/19
217.78.48.0/21
217.78.60.0/22
Signature Algorithm: sha256WithRSAEncryption
7a:54:4b:af:a2:37:6e:37:41:3c:25:00:e7:dd:62:2b:59:7a:
4a:9b:f9:b3:90:9a:ff:de:19:9f:44:64:5c:a7:16:ba:3e:7f:
3d:ee:d7:e9:dc:c7:20:cb:d3:e4:e0:c1:76:b8:55:00:7a:39:
3c:52:29:a0:be:e3:54:26:dd:28:37:f7:68:42:a6:73:59:6f:
35:36:26:78:39:82:6a:49:84:21:1a:61:5b:1c:bb:fa:f6:20:
30:1d:44:60:06:d4:7f:ac:f5:ef:c7:af:3a:f9:4d:0b:e3:e7:
83:61:36:85:e9:bb:4a:bb:f9:fe:5c:89:44:47:91:b7:6d:f0:
52:9b:99:13:27:a4:4c:f7:58:4b:24:c8:9d:f0:f5:d6:46:67:
78:7c:75:5c:8f:37:5e:93:4f:c0:d8:95:ad:e0:0b:6d:b5:9f:
03:02:d9:6f:07:2f:0a:7b:b2:17:2d:e7:a6:74:e6:51:8d:47:
79:1d:2b:61:8b:39:05:18:5d:c9:19:fe:08:1d:fe:7c:73:8d:
6e:f3:5c:83:2f:a8:20:64:aa:dd:cf:9a:95:57:f9:42:31:75:
8a:7e:32:fd:25:4f:b4:cf:8d:83:93:30:98:48:53:98:5c:f5:
76:91:6e:d6:3b:07:32:7f:89:a5:16:5b:50:67:85:58:cb:a4:
d4:8f:d6:12
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgISAYQyWbMEnF5/9vhc2Ot8mN8oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVjM2E2MzNlZjJjMDgyNTFhNTg2MDM1NjJlNTZhYTZlZmE5
M2VjMjUwHhcNMjIxMTAxMDg0MDUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTgyNTRjM2E3ZGY1ZWY2ZTZkNWMzZmI1ZTlhNzM0MWIwNDQ0YjUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhSAGjaK8UUMpOuaXMFnzk4Qw1KNK
kda5VcDct94fAfzlffDley4miasctyvz9Urrw+TS+J72ntlf0hMEmhlFIn8Sze5+
nfldNnkZ15LHJdLcVQwNG8iN/FTbJmWNFo6OpxNWOLIti4d1vHHW5mUeOr76ESiX
zxYO5wDl7QNsqm0sntaSBmgJbWFsC2/qHoHy2ggQPbF7AMWGo/d/5YeCj1iVAoc0
SRLDzIFbSAKOHnDtAA60DCIYw/p+TCAEoJEclFcHX80fd/aqnl3GDV0UASwtDc92
5WmyMenFpGB4PPrcixAbJkk/2s+0bQ1++mBlzf8mdAl8xK2h5vyyFOOsCQIDAQAB
o4ICrDCCAqgwHQYDVR0OBBYEFAGCVMOn31725tXD+16ac0GwREtSMB8GA1UdIwQY
MBaAFOw6Yz7ywIJRpYYDVi5Wqm76k+wlMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN0RwalB2TEFnbEdsaGdOV0xsYXFidnFUN0NVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kNC9jMWIxZjAtMjM0Zi00NWQ1LTg1OTUt
ZjdjMmMyYTkxYmMyLzEvQVlKVXc2ZmZYdmJtMWNQN1hwcHpRYkJFUzFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kNC9jMWIxZjAtMjM0Zi00NWQ1LTg1OTUtZjdjMmMyYTkxYmMy
LzEvN0RwalB2TEFnbEdsaGdOV0xsYXFidnFUN0NVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHBBggrBgEFBQcBBwEB/wSBsTCBrjCBqwQCAAEwgaQDBAcl
CAADBAZSZsADBAdSzQADBAVVcWADBAJVuPADBAJWaxADBAJX/GwDBARZ7yADBARe
GnADBAFt6KIDBASTvbADBAK5KMADBAC5WvIDBAK5ioQDBAK5q4QDBAK80dADBAK8
12QwDAMEAMKpeQMEAsKpeAMEAMfM1wMEBcf6gAMEBdQhYAMEBdRqQAMEBNkVAAME
BdlC4AMEA9lOMAMEAtlOPDANBgkqhkiG9w0BAQsFAAOCAQEAelRLr6I3bjdBPCUA
591iK1l6Spv5s5Ca/94Zn0RkXKcWuj5/Pe7X6dzHIMvT5ODBdrhVAHo5PFIpoL7j
VCbdKDf3aEKmc1lvNTYmeDmCakmEIRphWxy7+vYgMB1EYAbUf6z178evOvlNC+Pn
g2E2hem7Srv5/lyJREeRt23wUpuZEyekTPdYSyTInfD11kZneHx1XI83XpNPwNiV
reALbbWfAwLZbwcvCnuyFy3npnTmUY1HeR0rYYs5BRhdyRn+CB3+fHONbvNcgy+o
IGSq3c+alVf5QjF1in4y/SVPtM+Ng5MwmEhTmFz1dpFu1jsHMn+JpRZbUGeFWMuk
1I/WEg==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:08:26 2023 by rpki-client on console-ams.rpki-client.org