Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/kwjpa5d4ie7X6HfQo6Q0NhQoOCI.roa
File: kwjpa5d4ie7X6HfQo6Q0NhQoOCI.roa (raw, json)
Hash identifier: +BtEmBPWllup8F601Ivh6iid+Zvk7DypEibPO0z74QU=
Subject key identifier: 93:08:E9:6B:97:78:89:EE:D7:E8:77:D0:A3:A4:34:36:14:28:38:22
Certificate issuer: /CN=94166b704843d3d9754095c83a91b493828200a2
Certificate serial: 01890EEB2506056ABAEA5AEFAF78FA77471A
Authority key identifier: 94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/kwjpa5d4ie7X6HfQo6Q0NhQoOCI.roa
Signing time: Sat 01 Jul 2023 00:47:18 +0000
ROA not before: Sat 01 Jul 2023 00:47:18 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 185.235.71.0/24 maxlen: 24
95.111.128.0/20 maxlen: 20
95.111.144.0/20 maxlen: 20
185.149.12.0/23 maxlen: 24
185.149.13.0/24 maxlen: 24
185.149.14.0/23 maxlen: 24
89.46.97.0/24 maxlen: 24
89.46.98.0/24 maxlen: 24
89.46.96.0/24 maxlen: 24
89.46.96.0/22 maxlen: 24
89.46.99.0/24 maxlen: 24
171.22.144.0/24 maxlen: 24
171.22.146.0/24 maxlen: 24
171.22.147.0/24 maxlen: 24
91.103.120.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:0e:eb:25:06:05:6a:ba:ea:5a:ef:af:78:fa:77:47:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=94166b704843d3d9754095c83a91b493828200a2
Validity
Not Before: Jul 1 00:47:18 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=9308e96b977889eed7e877d0a3a4343614283822
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:f2:18:fd:48:df:64:46:27:f2:32:70:ed:66:
20:2f:7a:8a:74:62:0b:39:f9:10:ef:9a:a6:56:8d:
ac:a1:25:07:cf:f3:51:0d:a5:3e:9c:38:c7:fc:34:
7f:a6:38:34:8c:88:fb:79:d1:7d:c9:c9:b7:32:db:
a5:37:3d:93:93:e6:0b:ee:01:29:ff:72:cc:62:f4:
55:64:1c:92:ea:c2:e3:35:6a:45:7c:8e:ac:04:47:
b9:aa:8e:62:e8:8b:87:b8:53:2e:9f:43:45:f8:09:
1e:68:23:0e:5e:ea:f5:90:c4:ae:a4:65:98:26:c4:
be:43:b8:e9:3b:34:d2:45:31:3a:5a:a5:5d:e2:eb:
45:5b:41:cf:aa:39:1d:6b:00:9a:6b:28:b0:a1:da:
4d:39:23:e6:41:fd:7e:e4:9c:82:b9:88:12:c9:fc:
af:01:06:18:e3:5e:be:d1:9e:30:d7:5f:50:9a:0f:
cd:72:0f:1e:c8:7f:a2:fd:8f:60:b5:61:ff:6e:63:
70:e9:98:66:3a:bd:fc:83:94:12:e2:8c:d8:16:a0:
df:22:75:62:0e:3b:c0:83:2e:0f:f6:2a:43:5d:ff:
ee:af:92:62:be:52:3d:bf:f1:66:02:cb:55:a3:66:
22:b0:08:47:c0:b5:16:a4:d7:4d:d3:32:b8:ea:84:
2d:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:08:E9:6B:97:78:89:EE:D7:E8:77:D0:A3:A4:34:36:14:28:38:22
X509v3 Authority Key Identifier:
keyid:94:16:6B:70:48:43:D3:D9:75:40:95:C8:3A:91:B4:93:82:82:00:A2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/lBZrcEhD09l1QJXIOpG0k4KCAKI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/kwjpa5d4ie7X6HfQo6Q0NhQoOCI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/62/43ff8f-cd54-4cf1-8aaf-4be18ef128b4/1/lBZrcEhD09l1QJXIOpG0k4KCAKI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
89.46.96.0/22
91.103.120.0/21
95.111.128.0/19
171.22.144.0/24
171.22.146.0/23
185.149.12.0/22
185.235.71.0/24
Signature Algorithm: sha256WithRSAEncryption
99:06:88:95:e3:0c:81:88:ef:26:56:78:75:e9:fd:4c:19:f1:
bb:74:0d:2b:5e:3e:b5:29:8c:5e:c5:02:28:a8:b9:2f:a2:87:
17:f9:86:d0:74:d8:3d:e2:a6:93:43:9e:0e:bf:a7:1f:f7:d3:
81:e9:e3:6b:7f:1d:10:b8:39:9d:0b:11:cd:2f:45:c1:70:1f:
17:48:a1:c8:c3:c8:b8:70:0d:95:70:e8:7b:19:4b:cc:a7:a5:
18:18:ba:80:93:80:36:c0:a1:9d:9b:a6:48:b9:d0:1c:5b:3a:
55:49:27:3c:8e:e9:99:ec:14:9e:57:f4:42:9c:51:a1:ad:f3:
00:1b:9e:46:89:cb:5d:1e:a3:a6:ec:e0:6b:38:e5:76:6d:b8:
41:89:5b:b1:2c:d5:ff:8d:d5:e2:9b:c4:48:8c:2a:e6:0a:af:
cd:47:d9:e6:d0:4d:f7:a6:f7:a6:de:99:fe:e7:31:19:ff:51:
64:4c:5c:fd:47:dd:05:98:d5:03:b4:44:40:05:01:13:01:51:
b1:e6:b6:30:7a:9c:81:1e:ac:de:7c:8a:4a:7c:33:6c:7d:82:
59:2f:ff:1f:be:80:33:67:f5:3c:6c:32:2c:a2:1c:79:ed:6e:
7e:d9:a3:c6:1b:bd:f6:b6:47:f3:1c:3f:61:af:6a:5a:27:a4:
c7:4d:e6:db
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYkO6yUGBWq66lrvr3j6d0caMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk0MTY2YjcwNDg0M2QzZDk3NTQwOTVjODNhOTFiNDkzODI4
MjAwYTIwHhcNMjMwNzAxMDA0NzE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MzA4ZTk2Yjk3Nzg4OWVlZDdlODc3ZDBhM2E0MzQzNjE0MjgzODIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh/IY/UjfZEYn8jJw7WYgL3qKdGIL
OfkQ75qmVo2soSUHz/NRDaU+nDjH/DR/pjg0jIj7edF9ycm3MtulNz2Tk+YL7gEp
/3LMYvRVZByS6sLjNWpFfI6sBEe5qo5i6IuHuFMun0NF+AkeaCMOXur1kMSupGWY
JsS+Q7jpOzTSRTE6WqVd4utFW0HPqjkdawCaayiwodpNOSPmQf1+5JyCuYgSyfyv
AQYY416+0Z4w119Qmg/Ncg8eyH+i/Y9gtWH/bmNw6ZhmOr38g5QS4ozYFqDfInVi
DjvAgy4P9ipDXf/ur5JivlI9v/FmAstVo2YisAhHwLUWpNdN0zK46oQtJwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFJMI6WuXeInu1+h30KOkNDYUKDgiMB8GA1UdIwQY
MBaAFJQWa3BIQ9PZdUCVyDqRtJOCggCiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYt
NGJlMThlZjEyOGI0LzEva3dqcGE1ZDRpZTdYNkhmUW82UTBOaFFvT0NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82Mi80M2ZmOGYtY2Q1NC00Y2YxLThhYWYtNGJlMThlZjEyOGI0
LzEvbEJacmNFaEQwOWwxUUpYSU9wRzBrNEtDQUtJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQCWS5gAwQD
W2d4AwQFX2+AAwQAqxaQAwQBqxaSAwQCuZUMAwQAuetHMA0GCSqGSIb3DQEBCwUA
A4IBAQCZBoiV4wyBiO8mVnh16f1MGfG7dA0rXj61KYxexQIoqLkvoocX+YbQdNg9
4qaTQ54Ov6cf99OB6eNrfx0QuDmdCxHNL0XBcB8XSKHIw8i4cA2VcOh7GUvMp6UY
GLqAk4A2wKGdm6ZIudAcWzpVSSc8jumZ7BSeV/RCnFGhrfMAG55GictdHqOm7OBr
OOV2bbhBiVuxLNX/jdXim8RIjCrmCq/NR9nm0E33pvem3pn+5zEZ/1FkTFz9R90F
mNUDtERABQETAVGx5rYwepyBHqzefIpKfDNsfYJZL/8fvoAzZ/U8bDIsohx57W5+
2aPGG732tkfzHD9hr2paJ6THTebb
-----END CERTIFICATE-----
Generated at Wed Dec 27 18:41:39 2023 by rpki-client on console.sobornost.net