Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/7UQ_qZc18xlitfYUmOeNe6dV7wU.roa
File: 7UQ_qZc18xlitfYUmOeNe6dV7wU.roa (raw, json)
Hash identifier: KjADCcomQUK49+Ws8yfkwscfSn8zDTq2ONwqfrQoFG8=
Subject key identifier: ED:44:3F:A9:97:35:F3:19:62:B5:F6:14:98:E7:8D:7B:A7:55:EF:05
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018732B8A7A8CFE6435CE3B4FAAB9F82D59F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/7UQ_qZc18xlitfYUmOeNe6dV7wU.roa
Signing time: Thu 30 Mar 2023 13:32:54 +0000
ROA not before: Thu 30 Mar 2023 13:32:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 397423
IP address blocks: 178.215.224.0/24 maxlen: 24
79.110.61.0/24 maxlen: 24
94.103.127.0/24 maxlen: 24
92.249.51.0/24 maxlen: 24
92.249.48.0/24 maxlen: 24
193.37.44.0/24 maxlen: 24
193.25.216.0/24 maxlen: 24
109.206.238.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:32:b8:a7:a8:cf:e6:43:5c:e3:b4:fa:ab:9f:82:d5:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 30 13:32:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ed443fa99735f31962b5f61498e78d7ba755ef05
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:67:fb:bc:51:cc:e7:51:37:fb:82:46:93:4d:
77:61:92:14:ca:69:3b:42:0f:1c:a6:34:e4:4d:2a:
21:e8:f7:35:33:3e:c0:98:c5:43:2f:5b:fe:2c:ad:
42:88:2c:db:7a:9e:69:a5:9f:22:02:af:94:6a:c6:
87:4b:f4:01:d3:b6:b8:fe:ae:af:14:16:c5:17:58:
29:45:f2:74:20:74:ba:dd:d8:b0:44:c5:4c:7d:bb:
73:c6:56:27:57:29:12:d5:35:2d:5f:1d:2a:39:70:
b8:4f:9f:24:37:75:c8:7f:13:81:af:4f:9d:4b:ca:
97:4b:70:21:a7:34:64:80:03:3f:62:5a:79:5a:75:
50:d7:5b:e7:39:44:19:38:d9:19:80:eb:d7:42:46:
ce:f7:1a:bb:8d:61:8e:bf:f4:dd:b2:a3:6f:71:e7:
f8:32:3f:d5:24:59:96:99:fc:63:41:96:c9:24:dd:
81:4c:28:30:aa:36:dc:39:dc:4e:6a:b4:91:71:dd:
3e:88:2c:6d:83:d7:04:fe:8e:48:b9:ef:9c:1d:c8:
3c:5c:3e:a6:13:4e:42:25:22:9c:ab:03:ce:88:6c:
97:5b:89:19:88:57:76:87:1b:da:cb:87:b6:66:41:
09:81:d5:c5:07:e9:bf:ed:90:05:10:18:ed:a5:e6:
43:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:44:3F:A9:97:35:F3:19:62:B5:F6:14:98:E7:8D:7B:A7:55:EF:05
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/7UQ_qZc18xlitfYUmOeNe6dV7wU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.110.61.0/24
92.249.48.0/24
92.249.51.0/24
94.103.127.0/24
109.206.238.0/24
178.215.224.0/24
193.25.216.0/24
193.37.44.0/24
Signature Algorithm: sha256WithRSAEncryption
a6:07:ac:30:e9:20:3a:04:f0:14:7c:03:ec:82:4b:40:26:64:
94:8d:f9:5e:1b:5e:f6:8b:e4:40:2e:0f:a2:09:19:7f:b5:5c:
94:e2:3f:81:99:b2:60:ba:77:8e:f2:c9:b6:2a:b3:46:de:a3:
9e:00:12:a9:2f:5b:71:cf:99:48:c6:ed:ba:64:c8:cd:d0:d7:
5e:ff:cb:e3:66:f3:ea:3c:36:1d:74:c3:d9:d9:a9:a1:25:59:
2e:2d:ca:e5:dc:9c:a0:f8:73:c2:74:6c:eb:24:d6:a0:02:f7:
57:ad:e6:88:2b:b9:b1:00:ec:81:a1:cc:06:f0:c3:9c:9f:09:
39:83:7e:a7:06:ae:a0:28:3b:05:be:a0:aa:2c:94:dd:55:36:
ca:fa:39:a5:24:a1:b4:a3:47:bf:0c:df:a6:fc:a0:07:16:20:
4a:01:d3:aa:9f:d5:a5:9a:62:6c:46:c6:81:62:1d:41:62:93:
df:6e:76:59:f3:b2:93:d6:50:07:73:fd:19:74:37:ee:78:9c:
bd:7b:00:e9:7b:a3:93:0a:83:20:29:60:ee:53:bf:5e:6e:1e:
c8:b4:66:07:22:77:7f:26:41:0c:e7:31:8f:08:59:9a:4f:56:
dd:af:24:59:21:30:b1:50:1a:a1:c2:f5:6b:67:ba:eb:a5:c9:
90:93:d3:f5
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYcyuKeoz+ZDXOO0+qufgtWfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMzMwMTMzMjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDQ0M2ZhOTk3MzVmMzE5NjJiNWY2MTQ5OGU3OGQ3YmE3NTVlZjA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi2f7vFHM51E3+4JGk013YZIUymk7
Qg8cpjTkTSoh6Pc1Mz7AmMVDL1v+LK1CiCzbep5ppZ8iAq+UasaHS/QB07a4/q6v
FBbFF1gpRfJ0IHS63diwRMVMfbtzxlYnVykS1TUtXx0qOXC4T58kN3XIfxOBr0+d
S8qXS3AhpzRkgAM/Ylp5WnVQ11vnOUQZONkZgOvXQkbO9xq7jWGOv/TdsqNvcef4
Mj/VJFmWmfxjQZbJJN2BTCgwqjbcOdxOarSRcd0+iCxtg9cE/o5Iue+cHcg8XD6m
E05CJSKcqwPOiGyXW4kZiFd2hxvay4e2ZkEJgdXFB+m/7ZAFEBjtpeZDnQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFO1EP6mXNfMZYrX2FJjnjXunVe8FMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvN1VRX3FaYzE4eGxpdGZZVW1PZU5lNmRWN3dVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAT249AwQA
XPkwAwQAXPkzAwQAXmd/AwQAbc7uAwQAstfgAwQAwRnYAwQAwSUsMA0GCSqGSIb3
DQEBCwUAA4IBAQCmB6ww6SA6BPAUfAPsgktAJmSUjfleG172i+RALg+iCRl/tVyU
4j+BmbJguneO8sm2KrNG3qOeABKpL1txz5lIxu26ZMjN0Nde/8vjZvPqPDYddMPZ
2amhJVkuLcrl3Jyg+HPCdGzrJNagAvdXreaIK7mxAOyBocwG8MOcnwk5g36nBq6g
KDsFvqCqLJTdVTbK+jmlJKG0o0e/DN+m/KAHFiBKAdOqn9WlmmJsRsaBYh1BYpPf
bnZZ87KT1lAHc/0ZdDfueJy9ewDpe6OTCoMgKWDuU79ebh7ItGYHInd/JkEM5zGP
CFmaT1bdryRZITCxUBqhwvVrZ7rrpcmQk9P1
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:32 2023 by rpki-client on console-ams.rpki-client.org