Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fc/77c6fc-8a99-42f4-ac23-56c6a1031dbb/1/I0oKPZqsbXwybMNZoS26MoTc1MA.roa
File: I0oKPZqsbXwybMNZoS26MoTc1MA.roa (raw, json)
Hash identifier: QG22US6Sf4onQlZSqSbOEMfFmGpHjUxZ6/9FzwBt1Hw=
Subject key identifier: 23:4A:0A:3D:9A:AC:6D:7C:32:6C:C3:59:A1:2D:BA:32:84:DC:D4:C0
Certificate issuer: /CN=252cb35c3f56b2798ff61bd4d9a5ced0ee039fb0
Certificate serial: 0DD8914C
Authority key identifier: 25:2C:B3:5C:3F:56:B2:79:8F:F6:1B:D4:D9:A5:CE:D0:EE:03:9F:B0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/JSyzXD9WsnmP9hvU2aXO0O4Dn7A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fc/77c6fc-8a99-42f4-ac23-56c6a1031dbb/1/I0oKPZqsbXwybMNZoS26MoTc1MA.roa
Signing time: Sat 01 Jan 2022 13:59:11 +0000
ROA not before: Sat 01 Jan 2022 13:59:11 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 41157
IP address blocks: 81.201.176.0/20 maxlen: 20
185.177.180.0/22 maxlen: 22
2a02:2218::/29 maxlen: 32
2a02:2218::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 232296780 (0xdd8914c)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=252cb35c3f56b2798ff61bd4d9a5ced0ee039fb0
Validity
Not Before: Jan 1 13:59:11 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=234a0a3d9aac6d7c326cc359a12dba3284dcd4c0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:db:83:76:ec:2b:9b:1b:22:38:57:6c:e0:bc:73:
ef:95:ff:be:6f:8c:24:ed:5b:66:6e:25:c2:a4:fa:
74:20:c1:9d:fb:0e:c1:d6:96:a1:44:54:b7:29:14:
74:67:a6:31:31:e0:ad:2c:b5:7b:0d:8e:f8:90:e5:
01:e2:d0:aa:ce:74:4c:b7:b8:5b:52:05:b1:20:1d:
67:73:42:9a:79:a1:48:68:ad:fd:0b:7d:a6:7c:12:
12:d7:8f:c2:51:8b:42:af:d1:a2:46:5c:f0:ee:a5:
4c:5a:8f:78:db:8a:d7:6a:85:9b:7e:a5:ec:6a:08:
0c:2c:f2:32:20:4f:78:8d:37:08:8b:a7:19:38:92:
b7:60:c7:4a:ea:9c:32:a4:26:9b:af:e2:eb:37:a7:
98:91:d9:88:5f:9e:c6:7a:99:79:25:3d:ae:06:80:
76:8d:a1:34:dc:69:56:d8:ed:d0:a1:de:86:e1:89:
50:00:85:f7:07:51:58:51:ce:b5:8f:23:c6:af:38:
34:14:2b:56:5e:80:3d:74:4b:f2:b4:32:86:a4:29:
4e:95:58:4b:4e:9e:bc:7f:87:61:b0:4a:66:22:af:
45:26:73:ca:1f:b0:f8:fe:c6:6a:35:d0:9e:05:db:
1e:09:24:4c:ff:25:5e:5a:70:2d:cc:0a:1b:32:13:
92:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:4A:0A:3D:9A:AC:6D:7C:32:6C:C3:59:A1:2D:BA:32:84:DC:D4:C0
X509v3 Authority Key Identifier:
keyid:25:2C:B3:5C:3F:56:B2:79:8F:F6:1B:D4:D9:A5:CE:D0:EE:03:9F:B0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/JSyzXD9WsnmP9hvU2aXO0O4Dn7A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/77c6fc-8a99-42f4-ac23-56c6a1031dbb/1/I0oKPZqsbXwybMNZoS26MoTc1MA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fc/77c6fc-8a99-42f4-ac23-56c6a1031dbb/1/JSyzXD9WsnmP9hvU2aXO0O4Dn7A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.201.176.0/20
185.177.180.0/22
IPv6:
2a02:2218::/29
Signature Algorithm: sha256WithRSAEncryption
8f:fe:5c:92:c7:b1:f0:59:6d:17:4e:53:a2:6c:4a:6e:d8:85:
c3:93:8b:ae:e2:0d:d9:7c:65:a1:1c:37:28:f3:7f:ad:71:da:
d5:78:6b:91:33:b1:eb:b9:d1:3c:5e:6d:e3:5c:ff:ef:2e:ea:
e8:75:68:d2:98:ab:aa:a2:b0:ba:ab:73:26:33:e5:5c:6a:64:
10:61:91:e8:48:4b:fd:55:af:04:4b:8b:31:f8:ff:e1:d4:50:
a9:48:7c:19:3d:00:a1:77:f0:f0:c7:9d:c7:ef:b1:2a:99:82:
c7:b9:20:57:68:27:d1:f2:af:c7:b4:06:a0:7e:9f:62:b0:83:
0f:ac:4a:b4:63:bd:66:16:69:61:0f:fe:00:e9:95:78:a4:00:
3e:70:4a:46:c5:e2:35:30:3e:a3:79:05:bd:b5:e5:f9:29:9b:
21:bc:2a:ac:a5:d0:a8:b5:72:5b:9e:a0:ac:f3:77:36:b3:c1:
b5:b2:46:3b:d2:72:1e:31:51:8a:7b:11:a1:f2:d2:19:79:2c:
82:c7:bc:a7:8f:12:83:3d:2d:79:fd:b8:a4:e8:ac:46:ea:28:
f6:eb:9d:6f:71:d8:bb:67:15:c7:78:06:f6:eb:93:3d:33:d0:
98:b8:1e:0c:9b:f1:81:65:dd:a4:96:05:07:4e:80:68:eb:a1:
0f:be:1f:30
-----BEGIN CERTIFICATE-----
MIIFBDCCA+ygAwIBAgIEDdiRTDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
NTJjYjM1YzNmNTZiMjc5OGZmNjFiZDRkOWE1Y2VkMGVlMDM5ZmIwMB4XDTIyMDEw
MTEzNTkxMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMjM0YTBhM2Q5YWFj
NmQ3YzMyNmNjMzU5YTEyZGJhMzI4NGRjZDRjMDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANuDduwrmxsiOFds4Lxz75X/vm+MJO1bZm4lwqT6dCDBnfsO
wdaWoURUtykUdGemMTHgrSy1ew2O+JDlAeLQqs50TLe4W1IFsSAdZ3NCmnmhSGit
/Qt9pnwSEtePwlGLQq/RokZc8O6lTFqPeNuK12qFm36l7GoIDCzyMiBPeI03CIun
GTiSt2DHSuqcMqQmm6/i6zenmJHZiF+exnqZeSU9rgaAdo2hNNxpVtjt0KHehuGJ
UACF9wdRWFHOtY8jxq84NBQrVl6APXRL8rQyhqQpTpVYS06evH+HYbBKZiKvRSZz
yh+w+P7GajXQngXbHgkkTP8lXlpwLcwKGzITks0CAwEAAaOCAh4wggIaMB0GA1Ud
DgQWBBQjSgo9mqxtfDJsw1mhLboyhNzUwDAfBgNVHSMEGDAWgBQlLLNcP1ayeY/2
G9TZpc7Q7gOfsDAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0pTeXpYRDlXc25tUDlodlUyYVhPME80RG43QS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZmMvNzdjNmZjLThhOTktNDJmNC1hYzIzLTU2YzZhMTAzMWRiYi8x
L0kwb0tQWnFzYlh3eWJNTlpvUzI2TW9UYzFNQS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZmMv
NzdjNmZjLThhOTktNDJmNC1hYzIzLTU2YzZhMTAzMWRiYi8xL0pTeXpYRDlXc25t
UDlodlUyYVhPME80RG43QS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA0
BggrBgEFBQcBBwEB/wQlMCMwEgQCAAEwDAMEBFHJsAMEArmxtDANBAIAAjAHAwUD
KgIiGDANBgkqhkiG9w0BAQsFAAOCAQEAj/5cksex8FltF05TomxKbtiFw5OLruIN
2XxloRw3KPN/rXHa1XhrkTOx67nRPF5t41z/7y7q6HVo0pirqqKwuqtzJjPlXGpk
EGGR6EhL/VWvBEuLMfj/4dRQqUh8GT0AoXfw8Medx++xKpmCx7kgV2gn0fKvx7QG
oH6fYrCDD6xKtGO9ZhZpYQ/+AOmVeKQAPnBKRsXiNTA+o3kFvbXl+SmbIbwqrKXQ
qLVyW56grPN3NrPBtbJGO9JyHjFRinsRofLSGXksgse8p48Sgz0tef24pOisRuoo
9uudb3HYu2cVx3gG9uuTPTPQmLgeDJvxgWXdpJYFB06AaOuhD74fMA==
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:10:45 2023 by rpki-client on console-ams.rpki-client.org