Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4Y_vtkvzccdDXhdvT4_TupccpFQ.roa
File: 4Y_vtkvzccdDXhdvT4_TupccpFQ.roa (raw, json)
Hash identifier: gKaPCHjO4CaUpCEf+8ayX4/Kj6RCfEopmRbrb2Fny6Y=
Subject key identifier: E1:8F:EF:B6:4B:F3:71:C7:43:5E:17:6F:4F:8F:D3:BA:97:1C:A4:54
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0188BF3936A074BF7B122E5C7254E4ABDF44
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4Y_vtkvzccdDXhdvT4_TupccpFQ.roa
Signing time: Thu 15 Jun 2023 13:22:57 +0000
ROA not before: Thu 15 Jun 2023 13:22:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50225
IP address blocks: 85.209.132.0/24 maxlen: 24
83.143.112.0/24 maxlen: 24
85.217.145.0/24 maxlen: 24
83.143.113.0/24 maxlen: 24
185.222.163.0/24 maxlen: 24
45.128.99.0/24 maxlen: 24
87.121.69.0/24 maxlen: 24
193.42.34.0/24 maxlen: 24
193.47.63.0/24 maxlen: 24
176.125.252.0/24 maxlen: 24
193.47.60.0/24 maxlen: 24
194.48.251.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:bf:39:36:a0:74:bf:7b:12:2e:5c:72:54:e4:ab:df:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jun 15 13:22:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e18fefb64bf371c7435e176f4f8fd3ba971ca454
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:b7:6d:a5:8a:b3:e8:1d:a7:5e:0f:d3:33:49:
62:48:4c:89:68:7d:0e:68:f0:4e:78:5e:14:03:c3:
3c:eb:7c:0f:fc:40:57:cd:9f:21:2f:25:7e:97:32:
e4:e7:e4:dd:c3:dc:c0:d8:88:78:c4:1a:35:00:c1:
19:b4:f0:a5:a5:91:e6:40:62:2e:ca:51:6b:b9:ac:
88:36:69:c1:da:59:a0:b4:69:94:31:f4:85:23:18:
60:6b:02:7a:a5:84:a1:99:62:36:3f:6f:f2:ed:29:
b3:ba:22:2f:16:0b:8d:f1:52:de:32:e8:75:09:df:
66:ef:08:97:f0:70:a9:6c:ed:9c:8c:a1:be:97:93:
4a:30:1a:de:a5:27:fd:f4:c8:eb:de:aa:3f:33:ff:
5f:a4:aa:9d:52:a9:55:7c:18:99:b4:83:fd:90:1f:
75:98:b3:46:fd:a0:d0:0e:b6:2d:2a:46:bf:ed:7c:
44:cf:77:2e:47:93:28:c9:f3:2f:2a:88:43:17:6a:
4e:7d:29:34:66:18:ae:c1:7a:ad:50:e5:f4:9d:de:
17:cf:68:34:3a:e7:3b:77:fc:71:97:0c:e2:94:2f:
0a:25:45:6f:c8:00:e9:21:c0:72:b0:f5:20:af:ee:
4c:2d:44:cb:82:5e:4d:b0:44:c9:60:43:c1:eb:9a:
c7:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:8F:EF:B6:4B:F3:71:C7:43:5E:17:6F:4F:8F:D3:BA:97:1C:A4:54
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/4Y_vtkvzccdDXhdvT4_TupccpFQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.128.99.0/24
83.143.112.0/23
85.209.132.0/24
85.217.145.0/24
87.121.69.0/24
176.125.252.0/24
185.222.163.0/24
193.42.34.0/24
193.47.60.0/24
193.47.63.0/24
194.48.251.0/24
Signature Algorithm: sha256WithRSAEncryption
34:5e:28:e5:52:7c:4f:e7:23:f9:76:eb:78:88:78:19:39:60:
39:f0:ce:fc:c8:9f:51:7b:a6:5b:a8:2d:e1:d2:f8:8b:a7:34:
d8:77:fb:c8:5b:ed:82:0a:1b:8f:0f:75:9a:e2:1d:94:73:cd:
a8:12:09:d6:af:31:04:cf:5c:ff:5e:05:b6:c4:49:9c:7c:83:
bc:fa:05:2b:e1:f1:f2:6d:e8:d8:2f:17:b0:9c:d9:75:0f:3a:
72:87:1e:9b:fe:80:42:69:18:12:4a:d3:92:5f:6d:e1:65:8a:
18:60:21:b8:bc:46:a7:ad:d2:65:6d:a4:09:70:d1:cf:40:9e:
cc:da:20:79:57:fa:a6:55:19:89:98:c6:60:15:19:06:c5:08:
68:a6:bf:5a:99:05:cf:9c:0c:59:b8:42:98:54:5d:b1:7f:8d:
2a:d2:f6:57:3f:e0:e7:8b:39:90:8e:10:da:b1:75:eb:65:fe:
cf:21:f8:1b:ca:e5:94:fd:29:5a:c2:bf:ab:1e:c3:62:2b:90:
83:90:72:00:94:96:20:d1:e7:d2:b5:bc:28:99:2e:3b:5c:32:
81:a1:e6:b3:af:cc:4b:7d:eb:e8:cd:14:88:c3:11:74:22:bb:
d4:71:f9:97:32:5a:0e:a0:d6:a7:78:04:84:d3:a8:cd:e2:b8:
6a:7e:85:a9
-----BEGIN CERTIFICATE-----
MIIFOTCCBCGgAwIBAgISAYi/OTagdL97Ei5cclTkq99EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNjE1MTMyMjU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMThmZWZiNjRiZjM3MWM3NDM1ZTE3NmY0ZjhmZDNiYTk3MWNhNDU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjbdtpYqz6B2nXg/TM0liSEyJaH0O
aPBOeF4UA8M863wP/EBXzZ8hLyV+lzLk5+Tdw9zA2Ih4xBo1AMEZtPClpZHmQGIu
ylFruayINmnB2lmgtGmUMfSFIxhgawJ6pYShmWI2P2/y7SmzuiIvFguN8VLeMuh1
Cd9m7wiX8HCpbO2cjKG+l5NKMBrepSf99Mjr3qo/M/9fpKqdUqlVfBiZtIP9kB91
mLNG/aDQDrYtKka/7XxEz3cuR5MoyfMvKohDF2pOfSk0ZhiuwXqtUOX0nd4Xz2g0
Ouc7d/xxlwzilC8KJUVvyADpIcBysPUgr+5MLUTLgl5NsETJYEPB65rHdQIDAQAB
o4ICRTCCAkEwHQYDVR0OBBYEFOGP77ZL83HHQ14Xb0+P07qXHKRUMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNFlfdnRrdnpjY2REWGhkdlQ0X1R1cGNjcEZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFsGCCsGAQUFBwEHAQH/BEwwSjBIBAIAATBCAwQALYBjAwQB
U49wAwQAVdGEAwQAVdmRAwQAV3lFAwQAsH38AwQAud6jAwQAwSoiAwQAwS88AwQA
wS8/AwQAwjD7MA0GCSqGSIb3DQEBCwUAA4IBAQA0XijlUnxP5yP5dut4iHgZOWA5
8M78yJ9Re6ZbqC3h0viLpzTYd/vIW+2CChuPD3Wa4h2Uc82oEgnWrzEEz1z/XgW2
xEmcfIO8+gUr4fHybejYLxewnNl1Dzpyhx6b/oBCaRgSStOSX23hZYoYYCG4vEan
rdJlbaQJcNHPQJ7M2iB5V/qmVRmJmMZgFRkGxQhopr9amQXPnAxZuEKYVF2xf40q
0vZXP+DnizmQjhDasXXrZf7PIfgbyuWU/Slawr+rHsNiK5CDkHIAlJYg0efStbwo
mS47XDKBoeazr8xLfevozRSIwxF0IrvUcfmXMloOoNaneASE06jN4rhqfoWp
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:58 2024 by rpki-client on console-fra.rpki-client.org