Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8REpnCxgpO7hs1BF1_fo68QJHr8.roa
File: 8REpnCxgpO7hs1BF1_fo68QJHr8.roa (raw, json)
Hash identifier: L+8KqpUJZjAL42PdA06w4WackP1XPkIm4hK8LmXmV1g=
Subject key identifier: F1:11:29:9C:2C:60:A4:EE:E1:B3:50:45:D7:F7:E8:EB:C4:09:1E:BF
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01877AA00B98CF6C03EE76912E33BC1680CF
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8REpnCxgpO7hs1BF1_fo68QJHr8.roa
Signing time: Thu 13 Apr 2023 12:38:41 +0000
ROA not before: Thu 13 Apr 2023 12:38:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1
IP address blocks: 31.13.198.0/24 maxlen: 24
193.168.196.0/22 maxlen: 24
45.91.193.0/24 maxlen: 24
45.139.100.0/22 maxlen: 24
88.218.76.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:7a:a0:0b:98:cf:6c:03:ee:76:91:2e:33:bc:16:80:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 13 12:38:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f111299c2c60a4eee1b35045d7f7e8ebc4091ebf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ed:14:1a:f7:04:70:58:d3:0e:ef:e0:c7:1f:16:
d0:b8:35:31:d4:48:33:bb:95:1e:4c:e3:a0:2b:80:
2b:b0:80:0e:bb:f6:a7:61:04:a5:d0:e0:cd:59:fd:
f4:b0:79:f1:1b:ae:8a:23:ad:df:25:24:6c:23:da:
de:31:c7:75:ee:33:3b:44:76:86:b6:57:04:10:49:
9d:a7:d5:88:4a:04:55:0d:1c:01:17:5d:cc:41:dd:
07:9a:b4:d8:88:88:36:89:92:1c:28:c9:89:a4:08:
65:77:72:c5:ae:ce:74:45:c2:c0:0c:0f:3e:9b:b8:
6c:d1:ae:80:d6:15:d7:1e:66:06:8c:4e:49:72:e3:
aa:6e:ea:08:a2:b7:7b:06:0a:71:5f:f4:c2:c8:ca:
37:8c:cc:0c:6e:ce:e3:76:4d:81:b3:21:3e:5b:0e:
a9:10:46:b0:04:47:8c:13:3d:f6:df:8c:3a:28:65:
f5:07:67:d9:b3:45:45:5e:83:8a:41:a5:76:18:90:
36:ec:ba:13:ad:a7:2b:87:b3:64:aa:d7:95:97:47:
ff:ff:2d:84:a9:d1:ff:85:db:b2:0a:d2:9b:7e:05:
4b:f5:2e:ad:18:f0:15:be:e3:97:5d:bb:80:8c:8e:
8d:66:89:05:3a:7e:6b:33:46:88:79:2d:8b:c5:06:
71:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F1:11:29:9C:2C:60:A4:EE:E1:B3:50:45:D7:F7:E8:EB:C4:09:1E:BF
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8REpnCxgpO7hs1BF1_fo68QJHr8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.13.198.0/24
45.91.193.0/24
45.139.100.0/22
88.218.76.0/22
193.168.196.0/22
Signature Algorithm: sha256WithRSAEncryption
9f:3e:ea:b0:da:ec:b2:ab:15:69:93:2d:0e:c1:fc:4a:05:1c:
c6:b3:1b:73:aa:e3:36:12:ac:4c:43:4b:7f:54:e4:0b:7e:b4:
84:86:8e:bc:c2:4e:a4:21:8f:e3:a1:dc:ac:ae:c0:91:7a:ad:
e8:05:f8:be:c6:e0:b9:26:be:b0:54:a2:ca:e8:ce:eb:7b:9c:
13:19:c0:0a:68:44:9f:6a:b4:75:3e:94:b8:c6:75:d4:bb:ce:
a9:23:c1:e0:c2:fa:8e:d7:87:8b:00:8b:0d:50:38:db:d4:7e:
aa:fa:42:97:96:49:1a:73:98:61:c5:fd:85:b0:ed:05:20:0e:
81:a2:c6:1a:17:06:06:62:6f:d8:58:9e:7c:2e:d8:a3:d7:11:
74:d2:92:0b:11:c5:9c:5c:e2:79:bb:fa:92:fd:c7:aa:32:4e:
3c:29:b0:c9:f3:c7:cf:68:06:60:aa:16:0d:74:38:19:cb:64:
50:4e:19:15:97:45:77:20:dc:5b:3a:ae:25:62:d0:9e:30:a3:
be:a1:7e:78:ac:bb:d7:d2:d9:19:01:75:2d:9b:18:05:0c:c5:
5e:c6:57:b4:a3:bf:94:4c:69:80:80:79:e8:90:23:98:52:c8:
19:a6:1f:8d:c7:7b:97:e0:6c:8f:b3:dd:c7:3c:ae:01:1b:49:
ab:6a:63:77
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYd6oAuYz2wD7naRLjO8FoDPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDEzMTIzODQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMTExMjk5YzJjNjBhNGVlZTFiMzUwNDVkN2Y3ZThlYmM0MDkxZWJmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7RQa9wRwWNMO7+DHHxbQuDUx1Egz
u5UeTOOgK4ArsIAOu/anYQSl0ODNWf30sHnxG66KI63fJSRsI9reMcd17jM7RHaG
tlcEEEmdp9WISgRVDRwBF13MQd0HmrTYiIg2iZIcKMmJpAhld3LFrs50RcLADA8+
m7hs0a6A1hXXHmYGjE5JcuOqbuoIord7BgpxX/TCyMo3jMwMbs7jdk2BsyE+Ww6p
EEawBEeMEz3234w6KGX1B2fZs0VFXoOKQaV2GJA27LoTracrh7NkqteVl0f//y2E
qdH/hduyCtKbfgVL9S6tGPAVvuOXXbuAjI6NZokFOn5rM0aIeS2LxQZxrwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFPERKZwsYKTu4bNQRdf36OvECR6/MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvOFJFcG5DeGdwTzdoczFCRjFfZm82OFFKSHI4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAHw3GAwQA
LVvBAwQCLYtkAwQCWNpMAwQCwajEMA0GCSqGSIb3DQEBCwUAA4IBAQCfPuqw2uyy
qxVpky0OwfxKBRzGsxtzquM2EqxMQ0t/VOQLfrSEho68wk6kIY/jodysrsCReq3o
Bfi+xuC5Jr6wVKLK6M7re5wTGcAKaESfarR1PpS4xnXUu86pI8HgwvqO14eLAIsN
UDjb1H6q+kKXlkkac5hhxf2FsO0FIA6BosYaFwYGYm/YWJ58Ltij1xF00pILEcWc
XOJ5u/qS/ceqMk48KbDJ88fPaAZgqhYNdDgZy2RQThkVl0V3INxbOq4lYtCeMKO+
oX54rLvX0tkZAXUtmxgFDMVexle0o7+UTGmAgHnokCOYUsgZph+Nx3uX4GyPs93H
PK4BG0mramN3
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:32 2023 by rpki-client on console-ams.rpki-client.org