Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/4kccyXWgAb7YXL5U9-xAjUgE22o.roa
File: 4kccyXWgAb7YXL5U9-xAjUgE22o.roa (raw, json)
Hash identifier: iE6h+aZKwlf1Vkav2mxY3XEqjy2IlYTbBGWFS0/j1fo=
Subject key identifier: E2:47:1C:C9:75:A0:01:BE:D8:5C:BE:54:F7:EC:40:8D:48:04:DB:6A
Certificate issuer: /CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Certificate serial: 373E3266
Authority key identifier: E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/4kccyXWgAb7YXL5U9-xAjUgE22o.roa
Signing time: Sat 01 Jan 2022 05:59:17 +0000
ROA not before: Sat 01 Jan 2022 05:59:17 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 8903
IP address blocks: 212.80.160.0/19 maxlen: 24
213.9.128.0/17 maxlen: 24
212.49.128.0/18 maxlen: 24
213.192.192.0/18 maxlen: 24
92.60.160.0/20 maxlen: 24
213.170.32.0/19 maxlen: 24
212.163.0.0/16 maxlen: 24
185.123.120.0/22 maxlen: 24
212.66.160.0/19 maxlen: 24
213.192.242.0/23 maxlen: 23
185.66.60.0/22 maxlen: 24
2001:ac0::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 926823014 (0x373e3266)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Validity
Not Before: Jan 1 05:59:17 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=e2471cc975a001bed85cbe54f7ec408d4804db6a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:e1:19:92:fb:b4:09:18:c9:ec:24:b6:88:99:
d6:3e:5c:5a:ac:77:c1:a8:04:f4:23:f2:70:f9:02:
1c:b0:2c:77:be:69:60:04:b0:1b:97:47:99:d7:eb:
e5:dd:3b:86:8a:fb:24:66:da:c2:a9:61:19:55:38:
1f:1c:d1:16:0a:2b:f9:a4:f6:bd:52:e0:97:30:2d:
37:ad:15:52:1a:bf:7f:93:b9:41:e9:17:fc:a0:8f:
9e:59:19:4e:e6:e5:ca:67:a3:80:1c:f1:8d:d9:0a:
82:d5:33:d8:a5:87:bf:a5:b9:d2:98:c9:a6:83:f5:
e1:d0:15:9f:55:78:dc:d6:35:51:8c:eb:ed:96:ec:
67:61:9e:8a:1f:f2:24:41:a8:56:1c:a9:8c:b6:f4:
a3:09:0e:25:24:72:1e:ee:96:8f:97:dc:61:35:5c:
a7:c3:4b:8b:b3:22:2c:a0:f5:5f:61:aa:68:d0:7a:
47:c5:9f:45:82:5e:bc:0f:8e:ad:ac:78:bf:62:6e:
67:1c:72:e8:8a:0e:c0:98:84:91:db:2c:13:2e:62:
23:ca:b5:8c:86:d8:18:d1:14:02:81:60:0a:be:8e:
45:db:8c:3a:04:2f:75:ba:64:e9:16:51:a1:ce:64:
ec:86:87:e8:ac:ad:a1:5b:08:fe:32:0d:f3:13:77:
5a:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E2:47:1C:C9:75:A0:01:BE:D8:5C:BE:54:F7:EC:40:8D:48:04:DB:6A
X509v3 Authority Key Identifier:
keyid:E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/4kccyXWgAb7YXL5U9-xAjUgE22o.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/6EA7XkXNWL5fbF0z-lZatJIj49s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.60.160.0/20
185.66.60.0/22
185.123.120.0/22
212.49.128.0/18
212.66.160.0/19
212.80.160.0/19
212.163.0.0/16
213.9.128.0/17
213.170.32.0/19
213.192.192.0/18
IPv6:
2001:ac0::/29
Signature Algorithm: sha256WithRSAEncryption
8d:e5:4e:60:f7:07:cf:aa:45:3d:62:7c:c2:28:bc:03:7d:1f:
c7:94:af:48:19:d3:ff:55:4f:91:48:6b:34:f3:53:8e:7c:13:
67:29:15:9b:6c:a1:fa:0e:00:8d:bd:0b:c6:fa:af:fc:59:64:
e6:2f:d4:b1:63:80:be:aa:dc:f6:d0:56:76:12:f0:61:5e:9b:
e8:ae:4b:6f:bd:cd:cd:78:c8:7c:31:d6:6e:29:d7:23:b1:2e:
16:2c:1b:02:6b:c8:de:11:22:81:3c:f9:3e:bc:32:fe:21:e2:
f6:9d:3d:52:b1:b2:5f:75:6a:db:65:73:a7:57:ab:d8:61:91:
ee:75:6e:b0:21:00:3e:6b:cf:86:88:f8:19:7c:d6:db:af:41:
af:e9:b1:d8:f4:a5:5f:80:a6:61:17:31:75:f7:fc:e1:88:4d:
ee:b3:03:79:64:1e:0d:29:5f:7e:ce:5b:52:c9:cd:d7:f2:db:
99:2e:c3:c1:83:2b:0c:d1:53:58:38:ea:c8:6c:61:d5:fa:a3:
94:06:92:eb:bb:12:93:27:d9:6e:9b:16:e2:bd:33:89:fd:c2:
e8:af:94:b7:59:7c:83:2d:0f:82:bd:3a:50:ea:a4:f4:0a:b5:
ac:8a:b3:7d:05:7e:c1:94:3c:8a:d9:c0:9c:b4:65:21:8d:10:
ff:a7:c9:d9
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgIENz4yZjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
ODQwM2I1ZTQ1Y2Q1OGJlNWY2YzVkMzNmYTU2NWFiNDkyMjNlM2RiMB4XDTIyMDEw
MTA1NTkxN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZTI0NzFjYzk3NWEw
MDFiZWQ4NWNiZTU0ZjdlYzQwOGQ0ODA0ZGI2YTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANrhGZL7tAkYyewktoiZ1j5cWqx3wagE9CPycPkCHLAsd75p
YASwG5dHmdfr5d07hor7JGbawqlhGVU4HxzRFgor+aT2vVLglzAtN60VUhq/f5O5
QekX/KCPnlkZTublymejgBzxjdkKgtUz2KWHv6W50pjJpoP14dAVn1V43NY1UYzr
7ZbsZ2Geih/yJEGoVhypjLb0owkOJSRyHu6Wj5fcYTVcp8NLi7MiLKD1X2GqaNB6
R8WfRYJevA+Orax4v2JuZxxy6IoOwJiEkdssEy5iI8q1jIbYGNEUAoFgCr6ORduM
OgQvdbpk6RZRoc5k7IaH6KytoVsI/jIN8xN3WrECAwEAAaOCAk0wggJJMB0GA1Ud
DgQWBBTiRxzJdaABvthcvlT37ECNSATbajAfBgNVHSMEGDAWgBToQDteRc1Yvl9s
XTP6Vlq0kiPj2zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzZFQTdYa1hOV0w1ZmJGMHotbFphdEpJajQ5cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTcvODk3NmVkLWRhMGEtNDlhNS1hNzUxLWE4NzFlY2MyMTJhNi8x
LzRrY2N5WFdnQWI3WVhMNVU5LXhBalVnRTIyby5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTcv
ODk3NmVkLWRhMGEtNDlhNS1hNzUxLWE4NzFlY2MyMTJhNi8xLzZFQTdYa1hOV0w1
ZmJGMHotbFphdEpJajQ5cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBj
BggrBgEFBQcBBwEB/wRUMFIwQQQCAAEwOwMEBFw8oAMEArlCPAMEArl7eAMEBtQx
gAMEBdRCoAMEBdRQoAMDANSjAwQH1QmAAwQF1aogAwQG1cDAMA0EAgACMAcDBQMg
AQrAMA0GCSqGSIb3DQEBCwUAA4IBAQCN5U5g9wfPqkU9YnzCKLwDfR/HlK9IGdP/
VU+RSGs081OOfBNnKRWbbKH6DgCNvQvG+q/8WWTmL9SxY4C+qtz20FZ2EvBhXpvo
rktvvc3NeMh8MdZuKdcjsS4WLBsCa8jeESKBPPk+vDL+IeL2nT1SsbJfdWrbZXOn
V6vYYZHudW6wIQA+a8+GiPgZfNbbr0Gv6bHY9KVfgKZhFzF19/zhiE3uswN5ZB4N
KV9+zltSyc3X8tuZLsPBgysM0VNYOOrIbGHV+qOUBpLruxKTJ9lumxbivTOJ/cLo
r5S3WXyDLQ+CvTpQ6qT0CrWsirN9BX7BlDyK2cCctGUhjRD/p8nZ
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:05:43 2023 by rpki-client on console-fra.rpki-client.org