Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9M_5c1WJgEpgG-hNOvCJOB3TRVM.roa
File: 9M_5c1WJgEpgG-hNOvCJOB3TRVM.roa (raw, json)
Hash identifier: 2YITKERWBeinIaFHbpkliR+rUdLl9kV5X2WpxBajFo4=
Subject key identifier: F4:CF:F9:73:55:89:80:4A:60:1B:E8:4D:3A:F0:89:38:1D:D3:45:53
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01856D81EA422D7747915966E530C7562B72
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9M_5c1WJgEpgG-hNOvCJOB3TRVM.roa
Signing time: Sun 01 Jan 2023 13:25:08 +0000
ROA not before: Sun 01 Jan 2023 13:25:08 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43561
IP address blocks: 31.13.252.0/24 maxlen: 24
31.13.253.0/24 maxlen: 24
31.13.254.0/24 maxlen: 24
31.13.255.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
87.121.104.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:81:ea:42:2d:77:47:91:59:66:e5:30:c7:56:2b:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 1 13:25:08 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f4cff9735589804a601be84d3af089381dd34553
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:50:30:c7:e6:91:61:40:ad:c6:b6:93:9a:6b:
cf:d0:de:fb:1c:29:44:2d:a5:a6:7b:58:41:a9:93:
35:44:72:f2:84:f9:4c:35:24:60:75:63:7a:13:63:
2f:3a:0d:0a:50:0d:80:78:87:06:af:a1:a5:ef:7c:
1e:a5:9f:19:aa:66:43:2c:0c:1d:8d:22:f1:b5:59:
24:27:bc:dc:b4:e7:d1:5c:87:60:71:64:36:19:d3:
fe:7d:fd:1f:00:fe:fb:db:60:84:5c:0a:84:3e:25:
f0:2d:e5:58:d7:ce:0f:68:e0:93:a7:f6:1d:d3:cf:
ef:d6:c0:a4:0c:50:6b:bd:50:22:e5:11:a2:20:f5:
15:69:26:d0:c3:bc:ab:06:f8:db:45:12:31:c5:12:
2c:76:c9:b0:66:be:c9:0c:c0:bc:e8:90:9f:c7:35:
cc:be:06:38:ee:15:e1:4b:c0:07:a1:72:33:da:32:
6b:7e:83:89:08:42:d0:0e:c1:5d:80:e3:eb:19:c8:
b0:62:80:8f:f3:09:ac:cc:9d:16:6e:39:01:e0:e3:
38:88:c5:6b:fe:57:2b:8b:29:09:db:70:88:4b:d7:
db:07:8f:00:98:17:1f:7a:b9:1c:59:e0:12:96:16:
6b:b3:08:18:18:e6:fd:5d:50:ea:38:ea:95:54:55:
ba:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:CF:F9:73:55:89:80:4A:60:1B:E8:4D:3A:F0:89:38:1D:D3:45:53
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9M_5c1WJgEpgG-hNOvCJOB3TRVM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.13.252.0/22
87.121.104.0/23
Signature Algorithm: sha256WithRSAEncryption
70:71:28:85:70:ca:89:dd:f4:51:36:91:21:e5:3a:36:c2:f5:
25:7d:64:7c:31:e8:c3:c3:85:25:ab:55:48:0f:14:1e:89:e9:
88:21:21:31:47:bf:df:ac:ed:26:31:ea:9c:d1:65:f2:9c:53:
97:ba:ca:ed:ed:a0:c4:e2:72:33:76:3d:5b:07:b9:65:46:61:
e3:9b:85:91:dd:9b:58:ca:65:91:62:04:a2:3f:96:3c:7f:bd:
5a:df:f5:94:74:83:ed:7b:3a:72:78:ed:97:f8:40:14:57:45:
7d:ee:50:c7:0d:5e:ad:bd:87:41:f0:1d:0b:57:f7:c5:a7:11:
a2:45:97:c4:74:00:b7:14:be:c3:d7:26:f3:20:eb:b1:d7:b4:
50:06:77:af:9f:94:07:1e:91:dd:b7:4f:8d:ee:58:80:b1:f3:
96:cf:fb:3b:9a:5f:8f:a4:b4:7d:9c:9c:56:e4:f1:45:26:dc:
2b:d6:30:bd:82:8a:f3:8b:56:b7:da:18:52:90:bc:11:3f:93:
24:cb:b9:b2:4f:d0:d7:f0:ca:b8:01:d8:d2:71:f2:71:ac:62:
7a:f5:77:46:d5:04:e2:49:3a:25:1d:0b:79:16:f2:a9:9e:5e:
8a:ba:9d:a1:9a:92:fd:ca:e1:6f:f4:ac:a8:19:52:4c:8a:47:
37:32:c8:1f
-----BEGIN CERTIFICATE-----
MIIFAzCCA+ugAwIBAgISAYVtgepCLXdHkVlm5TDHVityMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTAxMTMyNTA4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGNmZjk3MzU1ODk4MDRhNjAxYmU4NGQzYWYwODkzODFkZDM0NTUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2VAwx+aRYUCtxraTmmvP0N77HClE
LaWme1hBqZM1RHLyhPlMNSRgdWN6E2MvOg0KUA2AeIcGr6Gl73wepZ8ZqmZDLAwd
jSLxtVkkJ7zctOfRXIdgcWQ2GdP+ff0fAP7722CEXAqEPiXwLeVY184PaOCTp/Yd
08/v1sCkDFBrvVAi5RGiIPUVaSbQw7yrBvjbRRIxxRIsdsmwZr7JDMC86JCfxzXM
vgY47hXhS8AHoXIz2jJrfoOJCELQDsFdgOPrGciwYoCP8wmszJ0WbjkB4OM4iMVr
/lcriykJ23CIS9fbB48AmBcferkcWeASlhZrswgYGOb9XVDqOOqVVFW6pwIDAQAB
o4ICDzCCAgswHQYDVR0OBBYEFPTP+XNViYBKYBvoTTrwiTgd00VTMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvOU1fNWMxV0pnRXBnRy1oTk92Q0pPQjNUUlZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCUGCCsGAQUFBwEHAQH/BBYwFDASBAIAATAMAwQCHw38AwQB
V3loMA0GCSqGSIb3DQEBCwUAA4IBAQBwcSiFcMqJ3fRRNpEh5To2wvUlfWR8MejD
w4Ulq1VIDxQeiemIISExR7/frO0mMeqc0WXynFOXusrt7aDE4nIzdj1bB7llRmHj
m4WR3ZtYymWRYgSiP5Y8f71a3/WUdIPtezpyeO2X+EAUV0V97lDHDV6tvYdB8B0L
V/fFpxGiRZfEdAC3FL7D1ybzIOux17RQBnevn5QHHpHdt0+N7liAsfOWz/s7ml+P
pLR9nJxW5PFFJtwr1jC9gorzi1a32hhSkLwRP5Mky7myT9DX8Mq4AdjScfJxrGJ6
9XdG1QTiSTolHQt5FvKpnl6Kup2hmpL9yuFv9KyoGVJMikc3Msgf
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:26 2024 by rpki-client on console-ams.rpki-client.org