Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4N1Rn4tQNS-TdEpBPPd66RMhDYM.roa
File: 4N1Rn4tQNS-TdEpBPPd66RMhDYM.roa (raw, json)
Hash identifier: vClNiRxn1H8LTghAVBVjxLcRXBZDX3DOG0oh9clp60k=
Subject key identifier: E0:DD:51:9F:8B:50:35:2F:93:74:4A:41:3C:F7:7A:E9:13:21:0D:83
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0187E0A15A2B5EAD1A3C9AB270ACDB00218D
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4N1Rn4tQNS-TdEpBPPd66RMhDYM.roa
Signing time: Wed 03 May 2023 08:01:23 +0000
ROA not before: Wed 03 May 2023 08:01:23 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50225
IP address blocks: 94.156.234.0/24 maxlen: 24
94.156.160.0/24 maxlen: 24
193.42.34.0/24 maxlen: 24
193.47.63.0/24 maxlen: 24
176.125.253.0/24 maxlen: 24
176.125.252.0/24 maxlen: 24
193.47.60.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:e0:a1:5a:2b:5e:ad:1a:3c:9a:b2:70:ac:db:00:21:8d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 3 08:01:23 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e0dd519f8b50352f93744a413cf77ae913210d83
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:a2:91:4a:75:14:ca:04:e5:30:dc:e9:06:0a:
b4:c7:d2:62:74:55:a3:a2:b7:d2:5f:e8:0b:9a:17:
b4:3f:d2:89:d2:7f:f4:0d:ee:f3:cb:79:66:ff:bd:
c8:e4:8b:bf:73:cd:4d:f2:a0:4d:ad:d2:f6:24:e1:
7b:a3:29:61:11:21:e9:e0:a1:61:e4:be:c3:5d:ee:
8d:db:6a:14:27:0e:4a:b1:45:58:c3:dc:12:00:89:
dc:b4:9e:2c:ec:55:94:fb:a8:12:12:37:83:3a:f5:
00:e7:01:61:b3:3f:73:65:80:70:71:83:a3:42:c2:
04:0d:98:a0:d4:2c:ce:68:a7:d6:c4:d9:9d:a9:a1:
5e:0a:f2:b4:a8:36:e6:76:79:74:91:58:33:68:0d:
d2:ab:70:74:26:75:05:b8:da:e0:aa:b2:7e:c2:84:
ea:08:db:91:3b:82:37:b2:bb:53:6b:80:03:ad:2a:
a7:a5:52:08:22:a2:17:0f:0b:39:17:95:58:23:fa:
85:d2:e3:7e:26:a8:88:87:ee:6f:6b:9a:bb:ea:44:
cf:4e:f2:f7:b0:45:e0:53:68:02:7f:d5:32:63:ea:
44:6d:cd:5c:99:29:a4:bb:d7:d1:7c:6d:cd:b8:5d:
51:5e:55:3d:66:9b:77:0c:e5:91:1f:bc:8e:7d:dc:
36:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:DD:51:9F:8B:50:35:2F:93:74:4A:41:3C:F7:7A:E9:13:21:0D:83
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4N1Rn4tQNS-TdEpBPPd66RMhDYM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.156.160.0/24
94.156.234.0/24
176.125.252.0/23
193.42.34.0/24
193.47.60.0/24
193.47.63.0/24
Signature Algorithm: sha256WithRSAEncryption
26:0e:cf:5c:d0:59:3a:f0:fc:20:c3:a2:63:93:9c:62:fe:d8:
42:18:d3:67:43:69:64:d5:8b:36:03:a9:1e:cd:9e:be:48:7a:
21:6e:2a:fd:41:0c:99:f2:aa:6c:9e:cb:cc:f8:d9:53:a7:be:
20:d5:4a:36:7b:39:39:7d:04:a2:88:84:f1:b0:e4:79:39:ec:
6e:47:df:5c:91:b9:fe:1d:9c:a3:50:0f:db:86:e0:20:73:7f:
41:91:b4:a1:1e:d1:f6:17:88:cd:98:90:d0:55:1d:db:46:09:
44:7c:d5:46:a0:5d:65:8e:ca:57:52:7b:19:bb:e7:e8:72:32:
93:dd:83:c8:93:6c:ba:5f:42:13:76:a9:75:84:84:3c:aa:6f:
5e:0b:c9:5c:5a:f5:de:ad:b6:4c:ac:92:0d:1a:15:d1:bf:47:
99:ec:d4:05:ea:8a:49:4d:08:8f:b9:4b:fd:65:1d:4d:04:94:
6b:6d:e1:1e:e3:8b:97:7d:6e:66:2c:82:d3:54:7b:1c:b0:e7:
ac:26:2d:41:b8:63:53:22:81:26:05:9a:0f:e6:a1:d8:3f:9c:
b6:f7:cb:cb:b0:3b:5d:15:35:60:2b:b6:4c:37:43:68:cd:4c:
cc:ab:4a:23:9a:18:67:36:7a:43:c5:6b:15:51:5f:dc:05:7c:
8d:4d:a1:fe
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYfgoVorXq0aPJqycKzbACGNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTAzMDgwMTIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGRkNTE5ZjhiNTAzNTJmOTM3NDRhNDEzY2Y3N2FlOTEzMjEwZDgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmKKRSnUUygTlMNzpBgq0x9JidFWj
orfSX+gLmhe0P9KJ0n/0De7zy3lm/73I5Iu/c81N8qBNrdL2JOF7oylhESHp4KFh
5L7DXe6N22oUJw5KsUVYw9wSAInctJ4s7FWU+6gSEjeDOvUA5wFhsz9zZYBwcYOj
QsIEDZig1CzOaKfWxNmdqaFeCvK0qDbmdnl0kVgzaA3Sq3B0JnUFuNrgqrJ+woTq
CNuRO4I3srtTa4ADrSqnpVIIIqIXDws5F5VYI/qF0uN+JqiIh+5va5q76kTPTvL3
sEXgU2gCf9UyY+pEbc1cmSmku9fRfG3NuF1RXlU9Zpt3DOWRH7yOfdw2UwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFODdUZ+LUDUvk3RKQTz3eukTIQ2DMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNE4xUm40dFFOUy1UZEVwQlBQZDY2Uk1oRFlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAXpygAwQA
XpzqAwQBsH38AwQAwSoiAwQAwS88AwQAwS8/MA0GCSqGSIb3DQEBCwUAA4IBAQAm
Ds9c0Fk68Pwgw6Jjk5xi/thCGNNnQ2lk1Ys2A6kezZ6+SHohbir9QQyZ8qpsnsvM
+NlTp74g1Uo2ezk5fQSiiITxsOR5OexuR99ckbn+HZyjUA/bhuAgc39BkbShHtH2
F4jNmJDQVR3bRglEfNVGoF1ljspXUnsZu+focjKT3YPIk2y6X0ITdql1hIQ8qm9e
C8lcWvXerbZMrJINGhXRv0eZ7NQF6opJTQiPuUv9ZR1NBJRrbeEe44uXfW5mLILT
VHscsOesJi1BuGNTIoEmBZoP5qHYP5y298vLsDtdFTVgK7ZMN0NozUzMq0ojmhhn
NnpDxWsVUV/cBXyNTaH+
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:31 2023 by rpki-client on console-ams.rpki-client.org