Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/03gV6IiqoIbKIfuMa7uIq6p0NHw.roa
File: 03gV6IiqoIbKIfuMa7uIq6p0NHw.roa (raw, json)
Hash identifier: cfX9F7oJzyEH7FGZDEI+c8tAgWSW80Mem163V5JmN+k=
Subject key identifier: D3:78:15:E8:88:AA:A0:86:CA:21:FB:8C:6B:BB:88:AB:AA:74:34:7C
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01888B1E3978F0D0038EB3995E33AEF6E216
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/03gV6IiqoIbKIfuMa7uIq6p0NHw.roa
Signing time: Mon 05 Jun 2023 10:33:13 +0000
ROA not before: Mon 05 Jun 2023 10:33:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207459
IP address blocks: 91.92.24.0/24 maxlen: 24
91.92.24.0/23 maxlen: 23
91.92.25.0/24 maxlen: 24
193.149.29.0/24 maxlen: 24
193.149.30.0/24 maxlen: 24
193.149.28.0/22 maxlen: 22
193.149.31.0/24 maxlen: 24
193.149.28.0/24 maxlen: 24
171.22.19.0/24 maxlen: 24
185.221.67.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
93.123.116.0/24 maxlen: 24
176.125.255.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:8b:1e:39:78:f0:d0:03:8e:b3:99:5e:33:ae:f6:e2:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jun 5 10:33:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d37815e888aaa086ca21fb8c6bbb88abaa74347c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:af:4c:3a:cb:29:cc:1c:bb:f9:2a:73:03:ba:
ce:c8:70:21:52:34:78:b1:ce:21:cc:38:3e:ef:e5:
f4:39:7f:a8:73:8e:7f:ca:b9:cb:39:20:b5:b1:48:
de:3b:80:b8:e1:6f:df:f3:ec:4a:36:96:43:fb:0c:
e4:e7:82:da:b5:85:9a:68:21:66:d7:65:5a:fe:87:
3e:07:06:2c:d6:3e:91:8a:17:16:05:d9:67:af:25:
71:c0:34:d4:71:33:bf:bc:77:ad:8b:3e:1e:ea:97:
5c:82:ea:04:e0:d0:be:5e:af:2f:1f:37:56:5b:28:
d3:3e:e3:8e:d7:ba:e3:75:63:a6:81:05:5a:b4:3a:
2f:9e:0a:6a:e2:69:b5:90:45:4a:fc:89:84:02:35:
5e:88:7d:80:bf:b4:f2:69:55:b8:84:01:87:a3:e7:
08:a0:1d:9a:a3:6b:19:7a:ce:79:7e:44:6e:fa:f5:
8d:29:e9:12:1b:cd:2e:a6:df:ce:01:a2:19:46:d1:
d8:9d:07:8e:29:63:7e:a3:c5:51:9a:a2:67:01:e8:
d3:cc:ff:f0:3f:0c:01:09:2d:f7:b7:76:b7:83:52:
06:18:bf:e5:f9:db:21:91:a2:5e:b5:67:b2:5b:18:
5a:6e:28:b1:87:32:45:80:23:3a:bf:71:20:e0:ab:
a8:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:78:15:E8:88:AA:A0:86:CA:21:FB:8C:6B:BB:88:AB:AA:74:34:7C
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/03gV6IiqoIbKIfuMa7uIq6p0NHw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.120.87.0/24
91.92.24.0/23
93.123.116.0/24
171.22.19.0/24
176.125.255.0/24
185.221.67.0/24
193.149.28.0/22
Signature Algorithm: sha256WithRSAEncryption
81:af:a6:4a:85:6b:b9:32:ca:2c:e5:3b:5f:e9:60:20:13:9a:
08:de:6e:26:2c:3a:79:81:2b:38:18:d0:67:0f:38:8a:fe:8d:
74:27:b7:33:3b:88:9c:6f:2f:d3:2a:3f:5a:1a:c5:ec:09:91:
08:25:b0:78:27:7a:6c:0e:dc:e7:aa:ed:14:18:7e:a4:30:9c:
ad:4d:0a:8e:7e:6d:a7:e6:55:c8:49:2e:da:95:58:ce:17:48:
f7:f9:9a:3b:d8:87:57:4e:59:3d:95:37:17:d3:86:46:88:44:
2e:2b:92:d5:32:f1:df:50:a8:ff:37:45:fe:1f:7c:1f:73:e9:
33:cc:f9:80:d3:d2:a0:df:71:65:d0:8c:e5:ac:8f:9d:bf:38:
9f:12:db:52:12:03:c1:42:5f:05:b9:eb:4b:04:c9:fb:6e:a0:
88:f1:ce:f5:fa:18:53:a8:ad:97:fd:fe:27:68:a3:e5:24:42:
9e:8c:33:15:6f:10:62:51:ea:7f:38:a3:cf:34:8d:4e:07:70:
f3:f8:1e:78:cb:df:00:4d:e4:99:28:62:90:ff:48:b1:89:b3:
04:0a:e4:93:21:ac:21:1c:14:af:19:50:f2:5e:78:6c:cb:c2:
3a:8f:5f:86:c6:d6:f9:dc:ad:99:89:59:8d:29:11:bb:ee:38:
b6:c4:af:82
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYiLHjl48NADjrOZXjOu9uIWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNjA1MTAzMzEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzc4MTVlODg4YWFhMDg2Y2EyMWZiOGM2YmJiODhhYmFhNzQzNDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtK9MOsspzBy7+SpzA7rOyHAhUjR4
sc4hzDg+7+X0OX+oc45/yrnLOSC1sUjeO4C44W/f8+xKNpZD+wzk54LatYWaaCFm
12Va/oc+BwYs1j6RihcWBdlnryVxwDTUcTO/vHetiz4e6pdcguoE4NC+Xq8vHzdW
WyjTPuOO17rjdWOmgQVatDovngpq4mm1kEVK/ImEAjVeiH2Av7TyaVW4hAGHo+cI
oB2ao2sZes55fkRu+vWNKekSG80upt/OAaIZRtHYnQeOKWN+o8VRmqJnAejTzP/w
PwwBCS33t3a3g1IGGL/l+dshkaJetWeyWxhabiixhzJFgCM6v3Eg4Kuo+wIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFNN4FeiIqqCGyiH7jGu7iKuqdDR8MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMDNnVjZJaXFvSWJLSWZ1TWE3dUlxNnAwTkh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAV3hXAwQB
W1wYAwQAXXt0AwQAqxYTAwQAsH3/AwQAud1DAwQCwZUcMA0GCSqGSIb3DQEBCwUA
A4IBAQCBr6ZKhWu5Msos5Ttf6WAgE5oI3m4mLDp5gSs4GNBnDziK/o10J7czO4ic
by/TKj9aGsXsCZEIJbB4J3psDtznqu0UGH6kMJytTQqOfm2n5lXISS7alVjOF0j3
+Zo72IdXTlk9lTcX04ZGiEQuK5LVMvHfUKj/N0X+H3wfc+kzzPmA09Kg33Fl0Izl
rI+dvzifEttSEgPBQl8FuetLBMn7bqCI8c71+hhTqK2X/f4naKPlJEKejDMVbxBi
Uep/OKPPNI1OB3Dz+B54y98ATeSZKGKQ/0ixibMECuSTIawhHBSvGVDyXnhsy8I6
j1+Gxtb53K2ZiVmNKRG77ji2xK+C
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:55 2024 by rpki-client on console-fra.rpki-client.org