Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5YQk73v5uXCtwDvz-UOM_R8mHQc.roa
File: 5YQk73v5uXCtwDvz-UOM_R8mHQc.roa (raw, json)
Hash identifier: f/BlIJHK26KV/RrUezIW49wXblpLkqwQ3cuEYjizKg0=
Subject key identifier: E5:84:24:EF:7B:F9:B9:70:AD:C0:3B:F3:F9:43:8C:FD:1F:26:1D:07
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018408F01EBE32D60AE89DB8C7777902D31B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5YQk73v5uXCtwDvz-UOM_R8mHQc.roa
Signing time: Mon 24 Oct 2022 07:41:05 +0000
ROA not before: Mon 24 Oct 2022 07:41:05 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 8866
IP address blocks: 94.156.234.0/23 maxlen: 24
94.156.236.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:08:f0:1e:be:32:d6:0a:e8:9d:b8:c7:77:79:02:d3:1b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Oct 24 07:41:05 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=e58424ef7bf9b970adc03bf3f9438cfd1f261d07
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:9b:aa:89:44:0e:5c:d4:58:2b:9a:f3:07:a3:
63:ed:32:bc:ec:e8:1e:01:85:ee:a9:5a:0e:3b:96:
06:fd:f9:5c:0e:83:57:5b:59:5a:cc:47:0e:c9:37:
6e:80:05:73:8e:35:b2:26:36:ca:10:b6:fb:d9:08:
47:ce:8e:15:e3:ca:f1:f0:94:84:08:58:40:95:ec:
b1:d0:eb:a1:bc:3d:c1:28:83:96:ff:69:f5:0b:3c:
45:70:13:76:cd:77:e7:f2:9a:bc:ed:31:71:4f:65:
29:26:d4:1a:03:76:06:a5:ca:78:98:5e:17:ce:9e:
31:c3:d8:d3:74:2c:e6:ba:2d:8c:9d:dd:ea:df:1e:
68:bd:41:60:9a:cd:40:68:b4:e1:25:be:84:c7:34:
3c:89:41:85:02:57:69:06:13:fa:64:32:43:01:49:
0f:8a:fd:9b:92:24:ba:0f:b9:0d:89:a2:24:4b:21:
c7:5d:69:7a:92:da:99:92:aa:e3:e8:ab:68:22:17:
4a:c8:4b:f0:e4:67:f3:77:c0:4d:e1:4b:16:44:90:
f8:03:3c:32:1e:64:5f:f0:e6:b8:27:1c:76:59:a3:
3a:73:ff:f5:7d:92:4e:24:eb:40:23:72:a6:67:70:
de:ab:81:d2:db:14:55:0c:ca:a3:77:03:89:ef:64:
57:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E5:84:24:EF:7B:F9:B9:70:AD:C0:3B:F3:F9:43:8C:FD:1F:26:1D:07
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5YQk73v5uXCtwDvz-UOM_R8mHQc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.156.234.0-94.156.239.255
Signature Algorithm: sha256WithRSAEncryption
21:12:f8:58:e0:48:66:7a:31:e2:97:49:0c:c0:6f:29:52:50:
8d:0d:91:f1:a7:c4:2e:17:cb:06:6b:ac:49:b9:fe:c7:9d:90:
c4:19:12:bd:93:a1:7a:81:70:32:82:6c:48:c1:e9:58:84:ab:
72:5a:36:f3:8d:8f:08:c5:5a:82:30:c8:b0:10:83:4d:c5:5a:
d7:26:e1:7d:90:e1:5f:c2:99:e3:78:02:b7:f1:b7:fb:b1:0b:
4c:fa:00:d5:cf:ca:cf:4a:6f:9d:6e:21:35:9c:7a:83:42:95:
d0:c5:be:ec:4d:a8:d1:87:94:e9:43:94:d7:e9:88:26:ca:a9:
26:34:32:cb:c2:4d:16:9c:16:31:a7:15:b7:ab:4c:f3:28:b4:
86:0e:33:28:41:03:aa:51:37:f7:10:80:32:e9:4e:5a:91:bf:
b7:c6:c6:45:6d:17:81:47:56:6b:b8:bc:46:5e:f2:75:28:1c:
ce:c6:23:b9:63:04:c5:87:04:5f:56:b8:18:03:bf:ce:2b:28:
19:d8:d9:ca:0a:1f:07:2b:e6:3d:0b:2e:59:32:04:ae:e7:20:
44:c5:44:ec:26:66:5c:3b:3e:a7:1f:7c:65:0d:99:ca:48:ed:
fd:48:24:aa:95:ec:87:df:3f:ee:b5:c9:d0:c5:91:c3:4f:37:
cc:f2:83:f4
-----BEGIN CERTIFICATE-----
MIIFBTCCA+2gAwIBAgISAYQI8B6+MtYK6J24x3d5AtMbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMDI0MDc0MTA1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNTg0MjRlZjdiZjliOTcwYWRjMDNiZjNmOTQzOGNmZDFmMjYxZDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu5uqiUQOXNRYK5rzB6Nj7TK87Oge
AYXuqVoOO5YG/flcDoNXW1lazEcOyTdugAVzjjWyJjbKELb72QhHzo4V48rx8JSE
CFhAleyx0OuhvD3BKIOW/2n1CzxFcBN2zXfn8pq87TFxT2UpJtQaA3YGpcp4mF4X
zp4xw9jTdCzmui2Mnd3q3x5ovUFgms1AaLThJb6ExzQ8iUGFAldpBhP6ZDJDAUkP
iv2bkiS6D7kNiaIkSyHHXWl6ktqZkqrj6KtoIhdKyEvw5Gfzd8BN4UsWRJD4Azwy
HmRf8Oa4Jxx2WaM6c//1fZJOJOtAI3KmZ3Deq4HS2xRVDMqjdwOJ72RXuQIDAQAB
o4ICETCCAg0wHQYDVR0OBBYEFOWEJO97+blwrcA78/lDjP0fJh0HMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNVlRazczdjV1WEN0d0R2ei1VT01fUjhtSFFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCcGCCsGAQUFBwEHAQH/BBgwFjAUBAIAATAOMAwDBAFenOoD
BARenOAwDQYJKoZIhvcNAQELBQADggEBACES+FjgSGZ6MeKXSQzAbylSUI0NkfGn
xC4XywZrrEm5/sedkMQZEr2ToXqBcDKCbEjB6ViEq3JaNvONjwjFWoIwyLAQg03F
Wtcm4X2Q4V/CmeN4Arfxt/uxC0z6ANXPys9Kb51uITWceoNCldDFvuxNqNGHlOlD
lNfpiCbKqSY0MsvCTRacFjGnFberTPMotIYOMyhBA6pRN/cQgDLpTlqRv7fGxkVt
F4FHVmu4vEZe8nUoHM7GI7ljBMWHBF9WuBgDv84rKBnY2coKHwcr5j0LLlkyBK7n
IETFROwmZlw7PqcffGUNmcpI7f1IJKqV7IffP+61ydDFkcNPN8zyg/Q=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:42:38 2023 by rpki-client on console-fra.rpki-client.org