Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8_X_uEWhtLgKA3tmzy0e8zp21dg.roa
File: 8_X_uEWhtLgKA3tmzy0e8zp21dg.roa (raw, json)
Hash identifier: 0X5x4iieezjIbDZ/56naH1UW+wNZfs788UzdADJLZY0=
Subject key identifier: F3:F5:FF:B8:45:A1:B4:B8:0A:03:7B:66:CF:2D:1E:F3:3A:76:D5:D8
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0187EAF009F33ADCC4F01302AC0BBFFCC29B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8_X_uEWhtLgKA3tmzy0e8zp21dg.roa
Signing time: Fri 05 May 2023 08:03:32 +0000
ROA not before: Fri 05 May 2023 08:03:32 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50225
IP address blocks: 94.156.234.0/24 maxlen: 24
94.156.160.0/24 maxlen: 24
193.42.34.0/24 maxlen: 24
193.47.63.0/24 maxlen: 24
94.156.78.0/24 maxlen: 24
176.125.253.0/24 maxlen: 24
176.125.252.0/24 maxlen: 24
193.47.60.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:ea:f0:09:f3:3a:dc:c4:f0:13:02:ac:0b:bf:fc:c2:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 5 08:03:32 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f3f5ffb845a1b4b80a037b66cf2d1ef33a76d5d8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:c4:65:0d:9f:4d:5c:00:2e:1f:d1:87:5d:e4:
83:83:98:e5:95:42:16:06:74:5c:df:a3:a8:5c:3e:
3f:7b:cf:9a:21:42:75:0e:14:c7:19:91:5e:09:96:
a4:a3:18:40:ee:f9:81:89:37:a0:58:9c:fb:21:9c:
95:15:bd:ec:5a:21:c2:32:cd:9c:e3:6d:f5:96:25:
ee:0f:af:b8:d2:fc:a5:d6:c1:01:05:63:44:eb:d0:
b2:3c:2d:c0:8a:e6:f9:be:fd:2a:ea:4c:df:48:ca:
71:5e:f3:46:07:24:76:9a:91:df:98:04:84:4b:e9:
f4:3c:04:0b:88:02:26:e0:a4:fa:05:f7:42:c8:e9:
b5:da:9a:a4:0c:a5:5f:bd:11:07:f7:83:bc:d3:25:
f0:ea:ca:88:dd:6f:3e:11:45:ba:c1:5e:2d:2e:4a:
e2:35:33:4a:22:25:db:66:e7:8b:09:32:f1:a9:2f:
f1:eb:76:ef:b5:37:43:93:c0:19:68:6d:73:f1:e1:
38:01:9a:ac:d8:b2:ac:94:d8:a1:df:20:96:3a:b3:
8a:5b:0b:72:56:0f:1c:94:57:a0:41:29:c4:c5:7e:
36:82:dc:ee:48:65:4f:a9:08:51:a9:30:2a:60:42:
8f:19:fe:35:09:08:20:ca:7c:10:61:a9:a6:a3:59:
60:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F3:F5:FF:B8:45:A1:B4:B8:0A:03:7B:66:CF:2D:1E:F3:3A:76:D5:D8
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8_X_uEWhtLgKA3tmzy0e8zp21dg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.156.78.0/24
94.156.160.0/24
94.156.234.0/24
176.125.252.0/23
193.42.34.0/24
193.47.60.0/24
193.47.63.0/24
Signature Algorithm: sha256WithRSAEncryption
9c:e0:c7:e9:0d:b8:e8:1e:96:a5:1a:dc:48:b4:00:b3:8f:cd:
2b:2f:64:b6:19:fe:6b:c4:cb:d0:dc:3d:a7:53:cd:0d:5e:5d:
23:71:c4:78:8e:75:fe:10:a3:91:d9:be:ae:36:d9:c3:7a:e5:
b6:4d:7c:b7:c9:53:24:b8:21:a1:e1:d4:9a:d4:dc:e4:92:7e:
14:c5:b2:a5:3b:02:23:9b:f7:4b:4c:d3:95:09:3f:3c:c6:92:
05:25:31:6e:5e:5b:52:d4:f6:7e:d2:6e:59:6b:a7:6c:18:eb:
24:cb:43:7e:00:42:14:e5:ea:c4:e7:03:26:2f:f1:54:a2:36:
9f:bc:f7:3c:be:49:30:d4:9a:0d:91:b1:c6:03:b3:da:2b:7d:
6a:01:f9:8b:25:a5:b5:28:19:10:af:0e:c1:ce:a8:7a:58:d4:
28:38:0c:32:81:89:cb:cc:e9:80:53:b0:0c:6c:1c:9a:82:40:
9d:04:c6:fe:d8:11:1a:d2:40:50:40:32:be:d3:31:e8:bc:f7:
67:ad:9f:ae:80:fc:3d:b2:b9:85:0e:dc:1b:39:ca:72:a0:8e:
65:74:91:12:97:33:54:3c:d2:de:35:38:72:cf:ae:2d:1a:07:
de:f9:9a:75:15:60:7e:e4:c5:61:dc:d5:0e:ce:f0:3c:17:4b:
b2:0f:4c:30
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYfq8AnzOtzE8BMCrAu//MKbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTA1MDgwMzMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmM2Y1ZmZiODQ1YTFiNGI4MGEwMzdiNjZjZjJkMWVmMzNhNzZkNWQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmcRlDZ9NXAAuH9GHXeSDg5jllUIW
BnRc36OoXD4/e8+aIUJ1DhTHGZFeCZakoxhA7vmBiTegWJz7IZyVFb3sWiHCMs2c
4231liXuD6+40vyl1sEBBWNE69CyPC3Aiub5vv0q6kzfSMpxXvNGByR2mpHfmASE
S+n0PAQLiAIm4KT6BfdCyOm12pqkDKVfvREH94O80yXw6sqI3W8+EUW6wV4tLkri
NTNKIiXbZueLCTLxqS/x63bvtTdDk8AZaG1z8eE4AZqs2LKslNih3yCWOrOKWwty
Vg8clFegQSnExX42gtzuSGVPqQhRqTAqYEKPGf41CQggynwQYammo1lgKwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFPP1/7hFobS4CgN7Zs8tHvM6dtXYMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvOF9YX3VFV2h0TGdLQTN0bXp5MGU4enAyMWRnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAXpxOAwQA
XpygAwQAXpzqAwQBsH38AwQAwSoiAwQAwS88AwQAwS8/MA0GCSqGSIb3DQEBCwUA
A4IBAQCc4MfpDbjoHpalGtxItACzj80rL2S2Gf5rxMvQ3D2nU80NXl0jccR4jnX+
EKOR2b6uNtnDeuW2TXy3yVMkuCGh4dSa1Nzkkn4UxbKlOwIjm/dLTNOVCT88xpIF
JTFuXltS1PZ+0m5Za6dsGOsky0N+AEIU5erE5wMmL/FUojafvPc8vkkw1JoNkbHG
A7PaK31qAfmLJaW1KBkQrw7Bzqh6WNQoOAwygYnLzOmAU7AMbByagkCdBMb+2BEa
0kBQQDK+0zHovPdnrZ+ugPw9srmFDtwbOcpyoI5ldJESlzNUPNLeNThyz64tGgfe
+Zp1FWB+5MVh3NUOzvA8F0uyD0ww
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:32 2023 by rpki-client on console-ams.rpki-client.org