Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f2/266caf-3b43-49e0-b6e1-9c174e53e4fe/1/GrhAHQ1iyrBmSLdC-Mxw6foU4X8.roa
File: GrhAHQ1iyrBmSLdC-Mxw6foU4X8.roa (raw, json)
Hash identifier: Pekf3yLGkE35eZucmhfWjZpSZPeyKt7b2xvYPM91eAg=
Subject key identifier: 1A:B8:40:1D:0D:62:CA:B0:66:48:B7:42:F8:CC:70:E9:FA:14:E1:7F
Certificate issuer: /CN=1045dacc837798c3e6cf31f4d27946a33b0de661
Certificate serial: 29EBCAF3
Authority key identifier: 10:45:DA:CC:83:77:98:C3:E6:CF:31:F4:D2:79:46:A3:3B:0D:E6:61
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/EEXazIN3mMPmzzH00nlGozsN5mE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f2/266caf-3b43-49e0-b6e1-9c174e53e4fe/1/GrhAHQ1iyrBmSLdC-Mxw6foU4X8.roa
Signing time: Sat 01 Jan 2022 13:54:22 +0000
ROA not before: Sat 01 Jan 2022 13:54:22 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 59793
IP address blocks: 95.85.80.0/23 maxlen: 23
93.179.70.0/23 maxlen: 23
93.179.72.0/21 maxlen: 21
79.133.106.0/23 maxlen: 23
93.179.80.0/21 maxlen: 21
79.133.112.0/21 maxlen: 21
95.181.136.0/21 maxlen: 21
95.181.240.0/21 maxlen: 21
93.179.122.0/23 maxlen: 23
2a02:d0c2:1::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 703318771 (0x29ebcaf3)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1045dacc837798c3e6cf31f4d27946a33b0de661
Validity
Not Before: Jan 1 13:54:22 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=1ab8401d0d62cab06648b742f8cc70e9fa14e17f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:bf:a1:12:ec:08:d9:ef:b7:ed:43:31:06:b1:
0d:36:c3:28:fd:7d:ad:12:db:a5:4f:1f:11:f8:1b:
0b:b9:88:c8:64:82:f2:60:09:45:48:05:59:f8:6f:
84:43:de:03:18:f2:da:1e:73:f3:03:ef:30:c9:38:
bb:a8:1f:8d:03:f2:5e:f2:5a:bb:9a:f5:99:ef:dc:
60:96:cd:bb:a0:77:7c:cb:0c:a7:de:bc:7c:e5:43:
76:51:dd:17:09:cd:36:37:6d:cc:76:fd:a7:cc:67:
5e:00:f0:c0:53:8c:4c:12:70:d2:fc:47:85:30:9f:
b8:0d:6a:a3:33:88:70:aa:eb:ca:6c:d3:e5:83:97:
7f:6b:29:78:c9:ad:5d:db:56:92:15:74:f9:7e:ac:
4d:b2:0f:74:d3:12:73:ae:7e:6b:a8:af:aa:cf:12:
5e:01:a6:76:5a:42:40:f4:f0:a1:4e:e7:e6:0e:fd:
d4:69:34:29:4b:b2:b6:e4:bf:6f:3b:d7:52:a5:7b:
ee:97:13:f4:d1:8a:c5:15:50:3a:0d:1d:48:10:12:
25:8d:94:7a:4e:2b:72:02:a2:8f:1f:43:39:e2:d7:
ae:9e:dd:84:d6:0f:60:21:88:a0:34:c0:7e:49:01:
8e:3a:e0:47:97:1f:86:b9:2a:0e:a4:58:39:d8:5f:
8b:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:B8:40:1D:0D:62:CA:B0:66:48:B7:42:F8:CC:70:E9:FA:14:E1:7F
X509v3 Authority Key Identifier:
keyid:10:45:DA:CC:83:77:98:C3:E6:CF:31:F4:D2:79:46:A3:3B:0D:E6:61
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/EEXazIN3mMPmzzH00nlGozsN5mE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/266caf-3b43-49e0-b6e1-9c174e53e4fe/1/GrhAHQ1iyrBmSLdC-Mxw6foU4X8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f2/266caf-3b43-49e0-b6e1-9c174e53e4fe/1/EEXazIN3mMPmzzH00nlGozsN5mE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.133.106.0/23
79.133.112.0/21
93.179.70.0-93.179.87.255
93.179.122.0/23
95.85.80.0/23
95.181.136.0/21
95.181.240.0/21
IPv6:
2a02:d0c2:1::/48
Signature Algorithm: sha256WithRSAEncryption
5f:eb:12:3d:d5:c6:95:b4:77:e8:60:6b:d3:2f:7e:d9:9e:e5:
20:8c:1e:d5:8f:0b:9a:c0:53:f3:99:2f:6f:8b:05:85:03:c9:
6f:8c:b4:ae:74:55:5a:56:ba:9e:f4:19:ea:8c:fe:f8:6c:66:
7d:69:f3:61:a0:ab:e8:9a:d8:84:fe:fc:73:56:3f:4c:c8:1d:
6d:7c:f4:4b:1e:50:93:04:74:07:d2:2b:53:b1:68:82:24:cf:
e4:f8:1e:97:de:69:92:bc:ab:85:e2:10:3e:90:f7:a1:b6:ba:
0c:f8:41:7a:f7:75:21:30:e1:37:bc:28:6a:a6:91:3b:0a:b6:
81:67:e5:88:64:88:dc:d6:64:62:a2:3b:48:88:a1:b6:db:c3:
33:ce:ad:24:52:c6:60:2c:ed:60:2a:af:3b:73:30:d7:69:0d:
74:5c:62:db:3d:8b:86:8a:20:83:f9:78:1a:49:68:74:f3:6c:
45:80:2f:25:fc:d4:26:75:95:24:d4:c4:92:58:e7:2b:68:70:
39:a4:76:b4:c9:c4:29:03:29:90:56:bb:16:30:aa:cb:33:2c:
75:cc:8a:0b:ee:03:0a:05:d6:96:30:23:2a:f3:43:89:a7:9d:
41:a1:10:1c:79:b7:a5:3b:15:36:9e:22:16:b6:cf:41:30:09:
9e:37:dc:0c
-----BEGIN CERTIFICATE-----
MIIFLDCCBBSgAwIBAgIEKevK8zANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
MDQ1ZGFjYzgzNzc5OGMzZTZjZjMxZjRkMjc5NDZhMzNiMGRlNjYxMB4XDTIyMDEw
MTEzNTQyMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMWFiODQwMWQwZDYy
Y2FiMDY2NDhiNzQyZjhjYzcwZTlmYTE0ZTE3ZjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKm/oRLsCNnvt+1DMQaxDTbDKP19rRLbpU8fEfgbC7mIyGSC
8mAJRUgFWfhvhEPeAxjy2h5z8wPvMMk4u6gfjQPyXvJau5r1me/cYJbNu6B3fMsM
p968fOVDdlHdFwnNNjdtzHb9p8xnXgDwwFOMTBJw0vxHhTCfuA1qozOIcKrrymzT
5YOXf2speMmtXdtWkhV0+X6sTbIPdNMSc65+a6ivqs8SXgGmdlpCQPTwoU7n5g79
1Gk0KUuytuS/bzvXUqV77pcT9NGKxRVQOg0dSBASJY2Uek4rcgKijx9DOeLXrp7d
hNYPYCGIoDTAfkkBjjrgR5cfhrkqDqRYOdhfizECAwEAAaOCAkYwggJCMB0GA1Ud
DgQWBBQauEAdDWLKsGZIt0L4zHDp+hThfzAfBgNVHSMEGDAWgBQQRdrMg3eYw+bP
MfTSeUajOw3mYTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0VFWGF6SU4zbU1QbXp6SDAwbmxHb3pzTjVtRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZjIvMjY2Y2FmLTNiNDMtNDllMC1iNmUxLTljMTc0ZTUzZTRmZS8x
L0dyaEFIUTFpeXJCbVNMZEMtTXh3NmZvVTRYOC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZjIv
MjY2Y2FmLTNiNDMtNDllMC1iNmUxLTljMTc0ZTUzZTRmZS8xL0VFWGF6SU4zbU1Q
bXp6SDAwbmxHb3pzTjVtRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBc
BggrBgEFBQcBBwEB/wRNMEswOAQCAAEwMgMEAU+FagMEA0+FcDAMAwQBXbNGAwQD
XbNQAwQBXbN6AwQBX1VQAwQDX7WIAwQDX7XwMA8EAgACMAkDBwAqAtDCAAEwDQYJ
KoZIhvcNAQELBQADggEBAF/rEj3VxpW0d+hga9Mvftme5SCMHtWPC5rAU/OZL2+L
BYUDyW+MtK50VVpWup70GeqM/vhsZn1p82Ggq+ia2IT+/HNWP0zIHW189EseUJME
dAfSK1OxaIIkz+T4HpfeaZK8q4XiED6Q96G2ugz4QXr3dSEw4Te8KGqmkTsKtoFn
5YhkiNzWZGKiO0iIobbbwzPOrSRSxmAs7WAqrztzMNdpDXRcYts9i4aKIIP5eBpJ
aHTzbEWALyX81CZ1lSTUxJJY5ytocDmkdrTJxCkDKZBWuxYwqsszLHXMigvuAwoF
1pYwIyrzQ4mnnUGhEBx5t6U7FTaeIha2z0EwCZ433Aw=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:10:13 2023 by rpki-client on console-ams.rpki-client.org