Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/2zaIELSxl46iOcqSXJ8TbmR_Xa8.roa
File: 2zaIELSxl46iOcqSXJ8TbmR_Xa8.roa (raw, json)
Hash identifier: JIzh5R4tAGkd2FPZz08755tA05QLV5Rycm1DaW84jB4=
Subject key identifier: DB:36:88:10:B4:B1:97:8E:A2:39:CA:92:5C:9F:13:6E:64:7F:5D:AF
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01857C474757E72B50AA5D63EFA90B42C9DA
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/2zaIELSxl46iOcqSXJ8TbmR_Xa8.roa
Signing time: Wed 04 Jan 2023 10:15:24 +0000
ROA not before: Wed 04 Jan 2023 10:15:24 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 87.121.124.0/23 maxlen: 24
164.40.185.0/24 maxlen: 24
185.218.137.0/24 maxlen: 24
185.252.176.0/24 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
185.219.126.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:7c:47:47:57:e7:2b:50:aa:5d:63:ef:a9:0b:42:c9:da
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 4 10:15:24 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=db368810b4b1978ea239ca925c9f136e647f5daf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:aa:87:b0:f1:e6:5a:6b:1d:67:e7:18:1a:6b:3d:
52:45:28:47:a7:84:17:ff:20:b9:a8:c0:2f:7e:19:
3e:d7:e1:ad:76:ae:34:3f:c8:cc:e5:24:75:77:9f:
31:88:fb:b2:46:23:ac:9d:e7:5d:23:1a:58:36:60:
ad:60:17:e6:6f:8d:62:ba:ca:50:4c:95:7d:ac:24:
32:a4:f4:b0:a4:30:af:bf:27:0a:e9:21:6d:51:2b:
0f:5b:56:99:3c:15:33:07:53:32:1c:a4:5f:1a:a9:
df:47:0d:e6:04:80:c3:39:36:6a:e2:62:22:7a:d5:
aa:38:67:9c:3c:0c:02:a9:45:55:a0:31:52:24:85:
b0:f5:4d:2c:ae:0f:3e:64:d8:95:5e:a5:ed:84:7b:
27:7a:23:b1:2b:b1:1c:3a:d8:5f:e9:d4:dc:aa:57:
f2:4a:6d:57:87:06:87:80:ee:cf:e2:c0:99:04:ce:
1a:f8:52:75:77:1f:d4:0d:6b:f7:ef:08:47:19:ac:
0a:6e:83:14:c9:5e:06:79:b6:18:81:d3:da:28:a8:
f2:b4:1e:a0:95:ab:bc:67:48:fd:9f:b3:fd:af:1f:
8b:0c:82:a1:09:ca:46:7d:0d:5a:7a:1d:23:fa:04:
eb:97:7d:48:64:b2:df:93:69:f6:25:84:5a:12:8f:
bf:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:36:88:10:B4:B1:97:8E:A2:39:CA:92:5C:9F:13:6E:64:7F:5D:AF
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/2zaIELSxl46iOcqSXJ8TbmR_Xa8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.121.124.0/23
94.154.161.0-94.154.163.255
164.40.185.0/24
185.218.137.0/24
185.219.126.0/24
185.252.176.0/24
Signature Algorithm: sha256WithRSAEncryption
6e:d9:1e:8b:c1:15:9d:52:5c:9e:75:ab:a2:7c:b2:66:6a:c3:
f5:da:85:de:77:f8:55:09:78:89:a9:bd:c9:ef:f1:bf:f2:6e:
01:cd:bc:61:94:6e:db:87:94:bb:3c:0b:e8:60:55:b8:f2:ae:
93:68:88:96:f7:6b:1e:bd:4c:5e:3f:b6:9f:85:3b:a8:01:42:
b8:2f:60:ab:7d:d9:4d:ad:22:b0:39:cb:9b:13:8e:b8:83:85:
d3:da:14:45:f0:63:b1:b0:93:14:a6:ba:90:a9:3d:33:09:11:
af:a8:ae:35:7b:03:07:27:e1:f9:f6:f4:74:70:38:86:cc:20:
30:2d:43:4b:6e:e4:96:47:de:55:f9:1a:f6:26:e6:25:fe:6c:
24:86:91:11:ed:5f:1f:ad:81:e1:c5:ad:84:39:b0:3a:4c:20:
e0:45:a2:b2:ce:1b:f2:cd:d2:1f:35:1e:79:35:50:aa:7b:1e:
94:cf:af:a1:2b:f0:b9:50:13:2e:38:5c:b9:4d:11:9e:0d:cc:
2e:b3:08:1a:dc:fe:6d:25:21:50:7a:fa:e7:67:65:bb:d8:1c:
99:c2:3f:28:bc:e2:31:50:96:55:fa:f8:32:31:bf:15:a5:0c:
85:a5:72:03:41:4c:50:f1:32:4a:ce:c4:4a:6d:71:b8:a2:ca:
d1:cc:1a:5a
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYV8R0dX5ytQql1j76kLQsnaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTA0MTAxNTI0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjM2ODgxMGI0YjE5NzhlYTIzOWNhOTI1YzlmMTM2ZTY0N2Y1ZGFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqoew8eZaax1n5xgaaz1SRShHp4QX
/yC5qMAvfhk+1+Gtdq40P8jM5SR1d58xiPuyRiOsneddIxpYNmCtYBfmb41iuspQ
TJV9rCQypPSwpDCvvycK6SFtUSsPW1aZPBUzB1MyHKRfGqnfRw3mBIDDOTZq4mIi
etWqOGecPAwCqUVVoDFSJIWw9U0srg8+ZNiVXqXthHsneiOxK7EcOthf6dTcqlfy
Sm1XhwaHgO7P4sCZBM4a+FJ1dx/UDWv37whHGawKboMUyV4GebYYgdPaKKjytB6g
lau8Z0j9n7P9rx+LDIKhCcpGfQ1aeh0j+gTrl31IZLLfk2n2JYRaEo+/iwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFNs2iBC0sZeOojnKklyfE25kf12vMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMnphSUVMU3hsNDZpT2NxU1hKOFRibVJfWGE4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQBV3l8MAwD
BABemqEDBAJemqADBACkKLkDBAC52okDBAC5234DBAC5/LAwDQYJKoZIhvcNAQEL
BQADggEBAG7ZHovBFZ1SXJ51q6J8smZqw/Xahd53+FUJeImpvcnv8b/ybgHNvGGU
btuHlLs8C+hgVbjyrpNoiJb3ax69TF4/tp+FO6gBQrgvYKt92U2tIrA5y5sTjriD
hdPaFEXwY7GwkxSmupCpPTMJEa+orjV7Awcn4fn29HRwOIbMIDAtQ0tu5JZH3lX5
GvYm5iX+bCSGkRHtXx+tgeHFrYQ5sDpMIOBForLOG/LN0h81Hnk1UKp7HpTPr6Er
8LlQEy44XLlNEZ4NzC6zCBrc/m0lIVB6+udnZbvYHJnCPyi84jFQllX6+DIxvxWl
DIWlcgNBTFDxMkrOxEptcbiiytHMGlo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:23 2024 by rpki-client on console-ams.rpki-client.org