Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/cESY-zpxyiBVqAgCgMFhxG8onng.roa
File: cESY-zpxyiBVqAgCgMFhxG8onng.roa (raw, json)
Hash identifier: ww3gwjFKLgsh1V3LLDAJ085zjbEZ6n9tvMfSlKHonWo=
Subject key identifier: 70:44:98:FB:3A:71:CA:20:55:A8:08:02:80:C1:61:C4:6F:28:9E:78
Certificate issuer: /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial: 3490161C
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/cESY-zpxyiBVqAgCgMFhxG8onng.roa
Signing time: Sat 01 Jan 2022 05:04:39 +0000
ROA not before: Sat 01 Jan 2022 05:04:39 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 5430
IP address blocks: 89.48.0.0/13 maxlen: 24
62.104.164.0/24 maxlen: 24
62.104.178.0/24 maxlen: 24
62.104.182.0/24 maxlen: 24
194.97.192.0/18 maxlen: 18
194.97.0.0/18 maxlen: 18
89.49.127.0/24 maxlen: 24
195.4.0.0/16 maxlen: 16
195.4.16.0/24 maxlen: 24
62.104.75.0/24 maxlen: 24
194.97.160.0/19 maxlen: 19
194.97.167.0/24 maxlen: 24
62.104.0.0/16 maxlen: 16
62.104.20.0/24 maxlen: 24
194.97.96.0/19 maxlen: 19
2001:748::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 881858076 (0x3490161c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Validity
Not Before: Jan 1 05:04:39 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=704498fb3a71ca2055a8080280c161c46f289e78
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:91:ea:37:61:c7:6c:34:12:af:52:90:a0:17:
58:12:a0:08:be:11:27:c6:8c:a0:91:2e:60:dd:7d:
92:8f:e0:d6:52:ad:84:43:02:5e:2f:a4:77:a5:01:
77:bc:8b:0c:4c:47:49:fd:23:d8:9b:c3:c5:23:f2:
43:5d:a9:e5:d3:12:cb:41:59:dd:8c:64:10:7e:f6:
7e:fb:e2:ec:ee:2f:28:24:e9:6c:47:d9:5c:9d:47:
65:81:03:ce:d1:30:1d:15:d8:97:1f:be:50:93:d8:
3f:72:23:4f:45:73:b5:2c:90:cb:75:29:08:ea:26:
a4:61:d8:6e:c5:26:03:ff:c1:c8:88:75:5c:bf:b3:
4a:37:08:4f:e9:7e:34:54:f7:7f:41:ca:9f:1d:c8:
3c:18:bc:3b:eb:a8:21:ca:30:61:6b:b2:67:a4:22:
24:20:2a:e4:37:76:ce:54:2f:46:ac:86:20:0e:91:
9d:e8:bb:92:53:0c:3f:c7:81:0c:c8:b6:12:d1:97:
0f:47:58:e4:a6:6a:f4:1a:7e:84:99:aa:42:4c:cd:
39:a3:52:a6:d1:9c:68:a4:08:b9:a7:cc:d5:8f:78:
f0:06:21:f5:a3:0f:5f:cc:c4:b1:77:56:ed:9d:e5:
a1:cb:95:bd:ec:f7:56:a3:02:8e:00:e5:09:18:66:
7c:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
70:44:98:FB:3A:71:CA:20:55:A8:08:02:80:C1:61:C4:6F:28:9E:78
X509v3 Authority Key Identifier:
keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/cESY-zpxyiBVqAgCgMFhxG8onng.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.104.0.0/16
89.48.0.0/13
194.97.0.0/18
194.97.96.0/19
194.97.160.0-194.97.255.255
195.4.0.0/16
IPv6:
2001:748::/32
Signature Algorithm: sha256WithRSAEncryption
8c:07:13:ce:a2:33:97:67:59:76:e4:8d:71:a7:ad:ab:c6:10:
88:88:49:e6:18:ae:b8:40:aa:d2:1f:dc:f8:75:e7:83:a6:9a:
2b:98:00:56:40:7a:05:3c:b0:1c:4a:5a:68:21:68:10:28:63:
51:4a:a5:00:c6:bb:38:18:de:26:1d:36:11:39:a8:30:f0:b7:
9b:af:c4:93:6e:8e:6f:bd:0d:19:18:c4:e1:b6:66:84:05:77:
a2:aa:4f:e9:1a:88:78:0d:3f:7f:fa:5b:ae:cf:fb:7b:7f:5e:
6d:46:aa:9f:dc:bb:41:e5:ce:18:6d:6c:16:5d:98:d1:8f:fa:
4a:29:b0:08:65:92:2c:d9:c2:68:f8:fe:aa:bc:44:9d:d0:37:
1b:0f:7d:23:1e:04:f3:eb:65:4c:c8:47:b7:83:4b:66:c2:5d:
54:76:4f:3b:f4:84:d8:d2:c8:ba:f9:f0:cc:8e:39:6d:ae:06:
27:05:36:4e:a8:be:32:80:f6:58:d5:00:21:0a:49:3c:c4:6c:
4b:78:44:66:8e:6e:b0:e9:99:9b:f6:38:57:84:12:4c:36:54:
41:85:85:84:3e:45:e3:42:fa:f1:e9:f7:b9:8e:e6:f6:d8:24:
e9:91:ad:d6:66:47:9d:44:6e:51:41:6e:06:6b:f4:ff:b1:92:
c3:bb:98:84
-----BEGIN CERTIFICATE-----
MIIFIDCCBAigAwIBAgIENJAWHDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhh
ZjgwMTk4NGNjMzhmMGE0ZmM1YWZlMWFkZWFiNjgwYzFiODllOTViMB4XDTIyMDEw
MTA1MDQzOVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzA0NDk4ZmIzYTcx
Y2EyMDU1YTgwODAyODBjMTYxYzQ2ZjI4OWU3ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKyR6jdhx2w0Eq9SkKAXWBKgCL4RJ8aMoJEuYN19ko/g1lKt
hEMCXi+kd6UBd7yLDExHSf0j2JvDxSPyQ12p5dMSy0FZ3YxkEH72fvvi7O4vKCTp
bEfZXJ1HZYEDztEwHRXYlx++UJPYP3IjT0VztSyQy3UpCOompGHYbsUmA//ByIh1
XL+zSjcIT+l+NFT3f0HKnx3IPBi8O+uoIcowYWuyZ6QiJCAq5Dd2zlQvRqyGIA6R
nei7klMMP8eBDMi2EtGXD0dY5KZq9Bp+hJmqQkzNOaNSptGcaKQIuafM1Y948AYh
9aMPX8zEsXdW7Z3locuVvez3VqMCjgDlCRhmfLECAwEAAaOCAjowggI2MB0GA1Ud
DgQWBBRwRJj7OnHKIFWoCAKAwWHEbyieeDAfBgNVHSMEGDAWgBSvgBmEzDjwpPxa
/hreq2gMG4npWzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L3I0QVpoTXc0OEtUOFd2NGEzcXRvREJ1SjZWcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTYvYmZkMzdjLWNiMTItNGE5Yy04ZjVkLTQwMjEyNjVjMzliMC8x
L2NFU1ktenB4eWlCVnFBZ0NnTUZoeEc4b25uZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTYv
YmZkMzdjLWNiMTItNGE5Yy04ZjVkLTQwMjEyNjVjMzliMC8xL3I0QVpoTXc0OEtU
OFd2NGEzcXRvREJ1SjZWcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBQ
BggrBgEFBQcBBwEB/wRBMD8wLgQCAAEwKAMDAD5oAwMDWTADBAbCYQADBAXCYWAw
CwMEBcJhoAMDAcJgAwMAwwQwDQQCAAIwBwMFACABB0gwDQYJKoZIhvcNAQELBQAD
ggEBAIwHE86iM5dnWXbkjXGnravGEIiISeYYrrhAqtIf3Ph154OmmiuYAFZAegU8
sBxKWmghaBAoY1FKpQDGuzgY3iYdNhE5qDDwt5uvxJNujm+9DRkYxOG2ZoQFd6Kq
T+kaiHgNP3/6W67P+3t/Xm1Gqp/cu0HlzhhtbBZdmNGP+kopsAhlkizZwmj4/qq8
RJ3QNxsPfSMeBPPrZUzIR7eDS2bCXVR2Tzv0hNjSyLr58MyOOW2uBicFNk6ovjKA
9ljVACEKSTzEbEt4RGaObrDpmZv2OFeEEkw2VEGFhYQ+ReNC+vHp97mO5vbYJOmR
rdZmR51EblFBbgZr9P+xksO7mIQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:53 2024 by rpki-client on console-ams.rpki-client.org