Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/3wl6el0riiJYRu8XJYRV-1IAwQE.roa
File: 3wl6el0riiJYRu8XJYRV-1IAwQE.roa (raw, json)
Hash identifier: s/LCoDXkhB5dHehjAGcrds2A4ofAmTLzs3eZ30UgR1o=
Subject key identifier: DF:09:7A:7A:5D:2B:8A:22:58:46:EF:17:25:84:55:FB:52:00:C1:01
Certificate issuer: /CN=424feffb576e411de511871dc1e0bd7a20e2c4d7
Certificate serial: 02CA4162
Authority key identifier: 42:4F:EF:FB:57:6E:41:1D:E5:11:87:1D:C1:E0:BD:7A:20:E2:C4:D7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/3wl6el0riiJYRu8XJYRV-1IAwQE.roa
Signing time: Sat 01 Jan 2022 16:05:46 +0000
ROA not before: Sat 01 Jan 2022 16:05:46 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 213035
IP address blocks: 194.99.44.0/24 maxlen: 24
194.31.98.0/23 maxlen: 24
194.31.97.0/24 maxlen: 24
194.99.47.0/24 maxlen: 24
31.210.23.0/24 maxlen: 24
194.59.216.0/22 maxlen: 24
162.12.206.0/24 maxlen: 24
162.12.204.0/23 maxlen: 24
162.12.207.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 46809442 (0x2ca4162)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=424feffb576e411de511871dc1e0bd7a20e2c4d7
Validity
Not Before: Jan 1 16:05:46 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=df097a7a5d2b8a225846ef17258455fb5200c101
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:fb:16:7c:f2:e2:7c:38:d0:fe:db:43:6e:ad:
34:e2:88:e8:63:05:90:7f:34:0b:4f:db:49:c3:a2:
00:ad:71:61:78:8b:ee:41:29:5a:94:a5:14:ca:04:
79:cc:bb:c9:2d:6e:28:96:82:0a:38:1c:cb:6e:84:
58:43:a3:42:67:b7:09:e1:ff:1b:ef:9e:b7:3e:9b:
79:b8:b1:3a:3d:c7:86:1f:b3:35:a9:cb:6a:fb:5f:
65:d1:68:69:89:ca:25:50:7d:2d:6b:fe:7c:5a:9d:
dd:06:85:63:9f:0b:3a:bc:a7:96:6a:3b:db:c3:0e:
d6:80:3f:f5:9e:a0:68:c1:0b:fa:12:b2:7a:f6:4a:
7c:11:c4:ce:73:c2:62:69:6e:7a:91:1d:a2:a6:6e:
51:6b:27:da:f2:8d:e7:ac:73:ad:7e:54:f9:e2:c1:
8c:12:a4:eb:51:bf:4c:33:be:60:76:37:d7:52:d3:
61:45:d0:14:18:49:ec:06:d7:40:66:d1:45:e7:86:
20:20:b1:90:7a:8b:31:2e:76:39:ff:1a:1d:eb:6b:
77:ef:c9:f1:4c:41:aa:7c:33:e1:23:46:32:30:a3:
01:5c:4a:0a:69:86:3a:a8:56:3e:dd:ea:98:8c:cd:
2b:20:a6:7e:47:b9:37:90:90:d3:45:89:cd:7e:5b:
71:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DF:09:7A:7A:5D:2B:8A:22:58:46:EF:17:25:84:55:FB:52:00:C1:01
X509v3 Authority Key Identifier:
keyid:42:4F:EF:FB:57:6E:41:1D:E5:11:87:1D:C1:E0:BD:7A:20:E2:C4:D7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Qk_v-1duQR3lEYcdweC9eiDixNc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/3wl6el0riiJYRu8XJYRV-1IAwQE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/613508-0832-41f6-acb7-831f7e6f5ccd/1/Qk_v-1duQR3lEYcdweC9eiDixNc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.210.23.0/24
162.12.204.0/22
194.31.97.0-194.31.99.255
194.59.216.0/22
194.99.44.0/24
194.99.47.0/24
Signature Algorithm: sha256WithRSAEncryption
ae:1e:c2:84:13:88:14:ca:b3:ff:b0:f6:fa:24:8d:e3:e2:6c:
54:e4:ed:7a:a8:01:91:35:f4:88:9c:af:c2:4b:5b:78:8f:cc:
27:b2:34:1e:f9:61:a2:13:67:a9:8e:9c:42:ec:08:7a:a7:2d:
fc:ae:af:df:78:b4:a4:eb:1d:92:2a:61:b9:d0:ea:ac:a8:79:
46:6d:46:9a:ef:0f:a8:3f:6c:54:c1:7f:65:1b:4e:e0:08:49:
49:72:a8:c0:4f:af:45:ae:11:9d:97:f4:61:ab:7b:56:11:c2:
83:8d:9a:08:fc:0e:b6:51:19:a3:14:12:ce:3e:5c:f0:ea:74:
7f:41:9a:51:9e:30:3a:10:4f:52:fb:1e:4a:45:15:78:dc:5b:
8d:f4:66:ca:b9:69:f8:09:71:3d:6a:ea:61:8e:0b:f7:00:6d:
f1:22:ed:4f:fe:37:38:b6:14:8f:28:5b:ab:c8:14:c9:fe:be:
b2:8e:75:80:ae:54:74:46:e7:8b:ff:fb:14:69:50:67:7a:19:
4f:3b:d4:52:48:6d:f8:5c:45:a5:61:f9:06:79:4e:2f:1c:22:
7e:47:24:16:ae:dc:5a:73:78:43:09:38:6a:70:cf:99:34:58:
b3:81:44:21:0b:42:2c:98:93:ca:f2:ed:df:44:50:8a:21:26:
6a:ba:da:5a
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgIEAspBYjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg0
MjRmZWZmYjU3NmU0MTFkZTUxMTg3MWRjMWUwYmQ3YTIwZTJjNGQ3MB4XDTIyMDEw
MTE2MDU0NloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZGYwOTdhN2E1ZDJi
OGEyMjU4NDZlZjE3MjU4NDU1ZmI1MjAwYzEwMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMb7Fnzy4nw40P7bQ26tNOKI6GMFkH80C0/bScOiAK1xYXiL
7kEpWpSlFMoEecy7yS1uKJaCCjgcy26EWEOjQme3CeH/G++etz6bebixOj3Hhh+z
NanLavtfZdFoaYnKJVB9LWv+fFqd3QaFY58LOrynlmo728MO1oA/9Z6gaMEL+hKy
evZKfBHEznPCYmluepEdoqZuUWsn2vKN56xzrX5U+eLBjBKk61G/TDO+YHY311LT
YUXQFBhJ7AbXQGbRReeGICCxkHqLMS52Of8aHetrd+/J8UxBqnwz4SNGMjCjAVxK
CmmGOqhWPt3qmIzNKyCmfke5N5CQ00WJzX5bcV8CAwEAAaOCAi8wggIrMB0GA1Ud
DgQWBBTfCXp6XSuKIlhG7xclhFX7UgDBATAfBgNVHSMEGDAWgBRCT+/7V25BHeUR
hx3B4L16IOLE1zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L1FrX3YtMWR1UVIzbEVZY2R3ZUM5ZWlEaXhOYy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGMvNjEzNTA4LTA4MzItNDFmNi1hY2I3LTgzMWY3ZTZmNWNjZC8x
LzN3bDZlbDByaWlKWVJ1OFhKWVJWLTFJQXdRRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGMv
NjEzNTA4LTA4MzItNDFmNi1hY2I3LTgzMWY3ZTZmNWNjZC8xL1FrX3YtMWR1UVIz
bEVZY2R3ZUM5ZWlEaXhOYy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBF
BggrBgEFBQcBBwEB/wQ2MDQwMgQCAAEwLAMEAB/SFwMEAqIMzDAMAwQAwh9hAwQC
wh9gAwQCwjvYAwQAwmMsAwQAwmMvMA0GCSqGSIb3DQEBCwUAA4IBAQCuHsKEE4gU
yrP/sPb6JI3j4mxU5O16qAGRNfSInK/CS1t4j8wnsjQe+WGiE2epjpxC7Ah6py38
rq/feLSk6x2SKmG50OqsqHlGbUaa7w+oP2xUwX9lG07gCElJcqjAT69FrhGdl/Rh
q3tWEcKDjZoI/A62URmjFBLOPlzw6nR/QZpRnjA6EE9S+x5KRRV43FuN9GbKuWn4
CXE9auphjgv3AG3xIu1P/jc4thSPKFuryBTJ/r6yjnWArlR0RueL//sUaVBnehlP
O9RSSG34XEWlYfkGeU4vHCJ+RyQWrtxac3hDCThqcM+ZNFizgUQhC0IsmJPK8u3f
RFCKISZqutpa
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:04:57 2023 by rpki-client on console-fra.rpki-client.org