Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/4ac7e0-7b52-41ce-a3c2-4afe3ca5f1a5/1/RpXlxHsIGyZJNyh9nYL1P5IYx98.roa
File: RpXlxHsIGyZJNyh9nYL1P5IYx98.roa (raw, json)
Hash identifier: TsTOhx0x8a9JjYaxnkX9EA6ROqqBKhcCRTkypNwbeUg=
Subject key identifier: 46:95:E5:C4:7B:08:1B:26:49:37:28:7D:9D:82:F5:3F:92:18:C7:DF
Certificate issuer: /CN=a16f2a8162a75524ff52783f8132c33007da4d98
Certificate serial: 01917AAE821717F9CBB7A6D17E1E5072E29F
Authority key identifier: A1:6F:2A:81:62:A7:55:24:FF:52:78:3F:81:32:C3:30:07:DA:4D:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/oW8qgWKnVST_Ung_gTLDMAfaTZg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e7/4ac7e0-7b52-41ce-a3c2-4afe3ca5f1a5/1/RpXlxHsIGyZJNyh9nYL1P5IYx98.roa
Signing time: Thu 22 Aug 2024 15:22:22 +0000
ROA not before: Thu 22 Aug 2024 15:22:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 1299
IP address blocks: 31.22.12.0/22 maxlen: 24
193.17.86.0/23 maxlen: 24
193.17.176.0/23 maxlen: 24
212.132.160.0/19 maxlen: 24
2a04:c880::/32 maxlen: 48
2a0f:9d80::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:7a:ae:82:17:17:f9:cb:b7:a6:d1:7e:1e:50:72:e2:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a16f2a8162a75524ff52783f8132c33007da4d98
Validity
Not Before: Aug 22 15:22:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4695e5c47b081b264937287d9d82f53f9218c7df
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:3d:b4:a9:2a:23:ac:82:5a:76:64:6d:56:15:
b3:e2:76:80:0d:9d:cd:cd:e6:cf:69:5a:ad:2d:a0:
35:d0:fd:7c:00:f8:39:9b:0a:b2:3d:5b:06:75:57:
89:37:64:88:6f:35:f0:a1:17:38:c5:3a:79:fb:e0:
7c:fe:be:90:8e:22:d5:70:e7:e5:a6:86:73:66:94:
72:4f:f2:67:06:50:ea:f5:e3:c2:b0:99:f3:29:6d:
34:8d:37:2c:40:78:2f:c6:13:c3:5a:7a:27:df:4e:
16:c3:89:37:81:16:26:a8:7c:8a:a8:41:99:7d:94:
ed:eb:96:b0:92:97:72:02:62:58:40:44:11:62:6e:
1d:87:86:42:cf:68:4b:a2:f3:29:ae:e9:0b:5b:8f:
08:d0:a2:54:0f:2c:5d:bb:b4:54:80:d1:70:a7:57:
3c:60:1e:6c:48:72:bd:cd:45:0b:da:28:93:fa:13:
ea:d7:65:d2:32:58:a3:03:85:b4:9f:b4:cf:20:40:
40:07:14:28:5e:06:95:ab:72:44:a6:7f:5c:da:5c:
9a:dd:63:31:65:58:5a:11:8d:36:35:75:2d:04:1b:
f8:98:33:46:0e:f6:6a:8e:5c:31:94:40:b5:25:76:
e7:00:6a:6e:3b:53:aa:50:01:f3:97:11:f0:9e:e6:
cd:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
46:95:E5:C4:7B:08:1B:26:49:37:28:7D:9D:82:F5:3F:92:18:C7:DF
X509v3 Authority Key Identifier:
keyid:A1:6F:2A:81:62:A7:55:24:FF:52:78:3F:81:32:C3:30:07:DA:4D:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/oW8qgWKnVST_Ung_gTLDMAfaTZg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/4ac7e0-7b52-41ce-a3c2-4afe3ca5f1a5/1/RpXlxHsIGyZJNyh9nYL1P5IYx98.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/4ac7e0-7b52-41ce-a3c2-4afe3ca5f1a5/1/oW8qgWKnVST_Ung_gTLDMAfaTZg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.22.12.0/22
193.17.86.0/23
193.17.176.0/23
212.132.160.0/19
IPv6:
2a04:c880::/32
2a0f:9d80::/32
Signature Algorithm: sha256WithRSAEncryption
03:bb:ca:b7:da:4f:6e:20:37:bd:d0:f6:f0:b2:b7:61:9a:c4:
27:b9:80:0d:0c:b0:fa:07:ae:3f:56:32:dc:48:c0:1f:82:e9:
d4:44:1d:10:8d:92:f8:3d:3c:cd:dd:79:b8:e6:9c:ec:9b:0a:
81:38:77:34:58:0d:92:70:b0:dd:a1:d0:48:c1:fa:27:37:fb:
6e:44:ff:c4:9d:74:1c:e9:9d:29:4f:45:2e:04:2e:30:48:00:
9b:6f:d8:2b:06:13:97:79:33:55:16:1c:28:e0:da:6d:cf:b3:
b5:c1:85:fb:10:37:fd:4e:91:83:02:ce:53:9f:59:b2:8d:28:
72:26:c6:0d:50:e0:4e:05:4a:c5:88:88:c5:1e:9f:15:35:aa:
0a:40:da:d8:a0:fa:92:2e:c7:37:5c:b7:72:d3:68:7d:16:d4:
93:de:cc:3e:0e:4d:ff:6b:5a:1e:8b:6d:03:4d:95:24:f9:27:
8d:98:b2:a0:5b:28:f3:32:d8:8e:34:e6:a9:fa:3e:80:3a:1a:
19:ba:a2:0d:d2:0d:7a:64:ba:92:99:8e:58:a4:56:29:ea:d7:
31:01:e2:94:49:ca:db:cc:8b:bc:d1:ff:a7:ad:19:46:3e:93:
d1:ee:74:a1:60:fb:c5:2f:2a:19:6c:ee:df:ab:cd:0f:92:e5:
fa:1d:2b:7d
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZF6roIXF/nLt6bRfh5QcuKfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGExNmYyYTgxNjJhNzU1MjRmZjUyNzgzZjgxMzJjMzMwMDdk
YTRkOTgwHhcNMjQwODIyMTUyMjIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Njk1ZTVjNDdiMDgxYjI2NDkzNzI4N2Q5ZDgyZjUzZjkyMThjN2RmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtD20qSojrIJadmRtVhWz4naADZ3N
zebPaVqtLaA10P18APg5mwqyPVsGdVeJN2SIbzXwoRc4xTp5++B8/r6QjiLVcOfl
poZzZpRyT/JnBlDq9ePCsJnzKW00jTcsQHgvxhPDWnon304Ww4k3gRYmqHyKqEGZ
fZTt65awkpdyAmJYQEQRYm4dh4ZCz2hLovMprukLW48I0KJUDyxdu7RUgNFwp1c8
YB5sSHK9zUUL2iiT+hPq12XSMlijA4W0n7TPIEBABxQoXgaVq3JEpn9c2lya3WMx
ZVhaEY02NXUtBBv4mDNGDvZqjlwxlEC1JXbnAGpuO1OqUAHzlxHwnubNbQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFEaV5cR7CBsmSTcofZ2C9T+SGMffMB8GA1UdIwQY
MBaAFKFvKoFip1Uk/1J4P4EywzAH2k2YMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvb1c4cWdXS25WU1RfVW5nX2dUTERNQWZhVFpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNy80YWM3ZTAtN2I1Mi00MWNlLWEzYzIt
NGFmZTNjYTVmMWE1LzEvUnBYbHhIc0lHeVpKTnloOW5ZTDFQNUlZeDk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNy80YWM3ZTAtN2I1Mi00MWNlLWEzYzItNGFmZTNjYTVmMWE1
LzEvb1c4cWdXS25WU1RfVW5nX2dUTERNQWZhVFpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjAeBAIAATAYAwQCHxYMAwQB
wRFWAwQBwRGwAwQF1ISgMBQEAgACMA4DBQAqBMiAAwUAKg+dgDANBgkqhkiG9w0B
AQsFAAOCAQEAA7vKt9pPbiA3vdD28LK3YZrEJ7mADQyw+geuP1Yy3EjAH4Lp1EQd
EI2S+D08zd15uOac7JsKgTh3NFgNknCw3aHQSMH6Jzf7bkT/xJ10HOmdKU9FLgQu
MEgAm2/YKwYTl3kzVRYcKODabc+ztcGF+xA3/U6RgwLOU59Zso0ocibGDVDgTgVK
xYiIxR6fFTWqCkDa2KD6ki7HN1y3ctNofRbUk97MPg5N/2taHottA02VJPknjZiy
oFso8zLYjjTmqfo+gDoaGbqiDdINemS6kpmOWKRWKerXMQHilEnK28yLvNH/p60Z
Rj6T0e50oWD7xS8qGWzu36vND5Ll+h0rfQ==
-----END CERTIFICATE-----
Generated at Thu Aug 29 14:50:21 2024 by rpki-client on console-fra.rpki-client.org