Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/bd0d7d-f425-408a-b07d-07711ed02b75/1/X28CXqX1MTF2KwDiCoqpsMU4Wq8.roa
File: X28CXqX1MTF2KwDiCoqpsMU4Wq8.roa (raw, json)
Hash identifier: CSQNlPC49QzK+6paxScMjKzsDv6CnJcVcZHH6zrqqt8=
Subject key identifier: 5F:6F:02:5E:A5:F5:31:31:76:2B:00:E2:0A:8A:A9:B0:C5:38:5A:AF
Certificate issuer: /CN=d6e535ef216ebe6f7fc55cfbdc31532b912d8e63
Certificate serial: 01837EB64677129998CF6CA0DADDF2B8E918
Authority key identifier: D6:E5:35:EF:21:6E:BE:6F:7F:C5:5C:FB:DC:31:53:2B:91:2D:8E:63
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1uU17yFuvm9_xVz73DFTK5EtjmM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dc/bd0d7d-f425-408a-b07d-07711ed02b75/1/X28CXqX1MTF2KwDiCoqpsMU4Wq8.roa
Signing time: Tue 27 Sep 2022 11:30:18 +0000
ROA not before: Tue 27 Sep 2022 11:30:18 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 21069
IP address blocks: 46.231.200.0/21 maxlen: 24
81.173.80.0/20 maxlen: 24
185.46.56.0/22 maxlen: 24
80.74.128.0/20 maxlen: 24
80.74.144.0/20 maxlen: 24
94.126.16.0/21 maxlen: 24
2a00:1128::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:7e:b6:46:77:12:99:98:cf:6c:a0:da:dd:f2:b8:e9:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d6e535ef216ebe6f7fc55cfbdc31532b912d8e63
Validity
Not Before: Sep 27 11:30:18 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5f6f025ea5f53131762b00e20a8aa9b0c5385aaf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:a1:e8:42:5c:4d:67:93:5e:60:96:5a:24:c6:
d6:64:e1:19:a3:fe:aa:0c:c6:d8:8b:ac:e6:e9:99:
01:bc:42:a1:3b:ec:75:3f:4f:84:bc:5c:e5:6e:0e:
6c:dd:41:2c:e5:06:76:c9:de:58:f3:2d:12:76:5e:
73:39:71:ba:f9:79:cd:fa:4b:e1:0a:9e:6a:86:b3:
ae:e4:ef:e3:3c:a7:99:82:7c:d8:69:26:27:02:91:
5f:7e:a3:79:0b:6c:6c:28:a4:10:30:4a:dc:53:34:
e0:ee:ca:52:08:6d:2d:1a:64:46:b8:f8:54:29:3e:
63:f1:c5:0c:55:c7:0e:95:94:a9:5e:47:d3:b0:23:
71:a1:2c:4d:41:93:23:03:03:9a:55:d3:ae:c5:d5:
5d:ec:b8:51:d8:f9:e1:3d:fe:2d:64:0b:a4:34:aa:
fb:fa:f9:56:24:e1:c7:07:95:b1:72:7c:19:da:15:
1f:ff:b3:60:c5:47:99:fb:0c:f4:c0:98:d4:ca:5a:
bb:e3:39:19:cb:ab:37:cc:42:23:47:de:0b:a2:85:
ce:49:41:f2:47:e6:68:68:19:58:78:65:e9:b8:35:
0b:20:a7:9c:8c:92:5d:42:c8:ae:85:75:f7:e6:39:
ad:c8:3c:ba:bd:0a:c4:f9:e7:f3:d5:cb:68:42:d5:
8c:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:6F:02:5E:A5:F5:31:31:76:2B:00:E2:0A:8A:A9:B0:C5:38:5A:AF
X509v3 Authority Key Identifier:
keyid:D6:E5:35:EF:21:6E:BE:6F:7F:C5:5C:FB:DC:31:53:2B:91:2D:8E:63
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1uU17yFuvm9_xVz73DFTK5EtjmM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/bd0d7d-f425-408a-b07d-07711ed02b75/1/X28CXqX1MTF2KwDiCoqpsMU4Wq8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/bd0d7d-f425-408a-b07d-07711ed02b75/1/1uU17yFuvm9_xVz73DFTK5EtjmM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.231.200.0/21
80.74.128.0/19
81.173.80.0/20
94.126.16.0/21
185.46.56.0/22
IPv6:
2a00:1128::/32
Signature Algorithm: sha256WithRSAEncryption
b2:d5:10:7d:62:b0:1b:01:b2:18:24:7d:ce:97:da:da:fa:6a:
a1:b0:f7:b4:c7:89:65:24:40:ab:8a:b1:3c:20:90:ab:34:0c:
0e:c1:57:ce:84:69:5f:af:fb:34:92:c2:b2:90:36:d6:22:8c:
8f:c9:70:a3:d3:0c:84:41:70:30:07:b4:7d:63:2f:7a:1c:99:
10:ec:61:a7:3f:9e:d7:44:32:39:73:35:5a:68:7b:a5:56:dc:
53:25:4f:4c:58:37:f5:63:80:3a:d7:88:a5:ef:9e:b8:87:98:
d9:16:da:0a:7a:bc:56:aa:5d:ee:c9:7c:7e:0c:24:fb:51:29:
01:61:dc:95:65:b6:c4:17:7e:e8:e3:25:4c:c6:1c:54:db:7b:
c7:0a:e1:73:d4:a2:a5:54:26:88:3a:d0:15:52:00:9e:a5:98:
e4:da:07:68:07:d0:44:f6:37:6e:d2:ef:59:cf:b2:a0:07:b6:
75:86:c9:e5:fc:25:9b:da:8e:7d:79:74:d9:7a:6b:6e:ae:02:
3b:77:dd:05:2b:03:ae:25:0b:8e:55:82:c9:40:1e:2a:69:90:
8b:cd:d0:8a:39:31:9e:24:57:3d:2e:f6:d8:f7:a7:fd:6d:d9:
04:7d:b0:85:a1:e5:6e:67:58:1e:ad:bf:54:05:07:8e:2f:24:
71:7b:6c:ea
-----BEGIN CERTIFICATE-----
MIIFJDCCBAygAwIBAgISAYN+tkZ3EpmYz2yg2t3yuOkYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ2ZTUzNWVmMjE2ZWJlNmY3ZmM1NWNmYmRjMzE1MzJiOTEy
ZDhlNjMwHhcNMjIwOTI3MTEzMDE4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjZmMDI1ZWE1ZjUzMTMxNzYyYjAwZTIwYThhYTliMGM1Mzg1YWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArKHoQlxNZ5NeYJZaJMbWZOEZo/6q
DMbYi6zm6ZkBvEKhO+x1P0+EvFzlbg5s3UEs5QZ2yd5Y8y0Sdl5zOXG6+XnN+kvh
Cp5qhrOu5O/jPKeZgnzYaSYnApFffqN5C2xsKKQQMErcUzTg7spSCG0tGmRGuPhU
KT5j8cUMVccOlZSpXkfTsCNxoSxNQZMjAwOaVdOuxdVd7LhR2PnhPf4tZAukNKr7
+vlWJOHHB5WxcnwZ2hUf/7NgxUeZ+wz0wJjUylq74zkZy6s3zEIjR94LooXOSUHy
R+ZoaBlYeGXpuDULIKecjJJdQsiuhXX35jmtyDy6vQrE+efz1ctoQtWMLQIDAQAB
o4ICMDCCAiwwHQYDVR0OBBYEFF9vAl6l9TExdisA4gqKqbDFOFqvMB8GA1UdIwQY
MBaAFNblNe8hbr5vf8Vc+9wxUyuRLY5jMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMXVVMTd5RnV2bTlfeFZ6NzNERlRLNUV0am1NLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kYy9iZDBkN2QtZjQyNS00MDhhLWIwN2Qt
MDc3MTFlZDAyYjc1LzEvWDI4Q1hxWDFNVEYyS3dEaUNvcXBzTVU0V3E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kYy9iZDBkN2QtZjQyNS00MDhhLWIwN2QtMDc3MTFlZDAyYjc1
LzEvMXVVMTd5RnV2bTlfeFZ6NzNERlRLNUV0am1NLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEYGCCsGAQUFBwEHAQH/BDcwNTAkBAIAATAeAwQDLufIAwQF
UEqAAwQEUa1QAwQDXn4QAwQCuS44MA0EAgACMAcDBQAqABEoMA0GCSqGSIb3DQEB
CwUAA4IBAQCy1RB9YrAbAbIYJH3Ol9ra+mqhsPe0x4llJECrirE8IJCrNAwOwVfO
hGlfr/s0ksKykDbWIoyPyXCj0wyEQXAwB7R9Yy96HJkQ7GGnP57XRDI5czVaaHul
VtxTJU9MWDf1Y4A614il7564h5jZFtoKerxWql3uyXx+DCT7USkBYdyVZbbEF37o
4yVMxhxU23vHCuFz1KKlVCaIOtAVUgCepZjk2gdoB9BE9jdu0u9Zz7KgB7Z1hsnl
/CWb2o59eXTZemturgI7d90FKwOuJQuOVYLJQB4qaZCLzdCKOTGeJFc9LvbY96f9
bdkEfbCFoeVuZ1gerb9UBQeOLyRxe2zq
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:04:58 2023 by rpki-client on console-fra.rpki-client.org