Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9OvfO8Cw51HEtJ0idTOMAp7p8K4.roa
File: 9OvfO8Cw51HEtJ0idTOMAp7p8K4.roa (raw, json)
Hash identifier: DCKVIk8bStI/YtM1Dl01v/j4fANMI6/pRMSq+fQPiNk=
Subject key identifier: F4:EB:DF:3B:C0:B0:E7:51:C4:B4:9D:22:75:33:8C:02:9E:E9:F0:AE
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01881ECF3ECAE977A02F437A41FCAFBCACCA
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9OvfO8Cw51HEtJ0idTOMAp7p8K4.roa
Signing time: Mon 15 May 2023 09:47:58 +0000
ROA not before: Mon 15 May 2023 09:47:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 213200
IP address blocks: 84.21.173.0/24 maxlen: 24
91.92.21.0/24 maxlen: 24
87.121.59.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:1e:cf:3e:ca:e9:77:a0:2f:43:7a:41:fc:af:bc:ac:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 15 09:47:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f4ebdf3bc0b0e751c4b49d2275338c029ee9f0ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:97:4b:5d:e3:87:0d:d3:b4:cd:c9:9e:ec:cd:
3c:f4:42:1f:cc:d8:09:0d:16:c1:57:69:43:49:f7:
1a:a7:73:0c:45:c1:41:fa:02:76:bb:a8:1d:03:0f:
33:9b:b0:88:72:d4:37:0c:7c:b0:4c:7c:67:2f:9b:
e9:e6:79:e9:08:84:94:64:cf:a4:99:64:d3:4c:e1:
a8:a7:d0:46:0d:d8:9c:cf:5a:fd:0a:cf:ef:01:a6:
3d:64:35:b7:7a:9b:24:a0:5b:65:4b:39:a1:94:ff:
cb:e5:f6:ce:9c:0a:25:52:9c:36:8b:0c:a5:2b:58:
02:04:ac:af:04:b2:11:0d:ed:92:51:5a:21:09:e9:
6b:7f:78:2c:1d:bf:0b:3a:dc:66:d9:ad:32:56:d4:
63:5a:6b:c8:85:c4:b8:10:df:6b:fe:3c:b1:ea:80:
b6:a9:f9:d8:bd:82:ec:11:82:b9:47:37:8c:d9:29:
ad:21:19:59:f4:a7:c3:cf:9f:76:72:c7:12:62:c0:
b5:11:25:3e:04:26:05:ba:b1:77:49:bd:3f:82:80:
a6:42:ca:d0:b4:88:cf:ca:12:4e:5d:fc:e0:97:48:
d1:6d:9e:3d:a7:72:de:61:6e:26:3c:c0:d1:5a:9f:
db:40:6a:bd:88:ad:ab:19:aa:79:16:88:ca:32:09:
c8:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:EB:DF:3B:C0:B0:E7:51:C4:B4:9D:22:75:33:8C:02:9E:E9:F0:AE
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9OvfO8Cw51HEtJ0idTOMAp7p8K4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.21.173.0/24
87.121.59.0/24
91.92.21.0/24
Signature Algorithm: sha256WithRSAEncryption
9b:79:b8:36:90:c3:77:37:23:b0:4e:00:93:c7:48:3f:62:32:
cd:79:8b:78:fa:63:5a:1b:d3:1f:ae:75:a8:23:09:08:1b:6e:
05:df:d5:1b:15:a4:94:5c:21:47:02:0e:35:b3:f1:94:6e:d1:
dd:b9:da:00:f7:f1:c7:b7:c8:73:31:7e:a5:0d:35:6a:36:c2:
18:7d:1f:16:a7:17:2c:23:87:3b:8a:71:74:c9:a5:e8:7f:fe:
bc:0f:52:ed:69:92:91:4e:5f:4a:6c:38:78:80:15:2d:91:17:
05:ab:63:82:c7:80:a0:f7:51:24:03:4a:4e:c0:6a:52:a7:74:
1a:58:36:66:4f:d1:b4:ac:32:ed:c7:58:dd:3b:91:0f:a0:c8:
2f:5f:e9:b2:80:21:c2:40:fd:a1:2c:e5:89:fe:82:e1:98:e0:
20:26:e0:ba:ba:2c:2c:a6:29:dc:6b:9f:36:41:19:b1:1a:47:
9b:51:b8:fd:6c:10:72:ae:00:18:34:63:4b:ba:59:1d:ff:10:
b5:33:a2:ac:30:05:49:9e:6b:e0:18:86:01:94:de:02:80:a3:
9b:35:01:ce:a3:0a:7d:41:7a:4f:53:55:d3:d7:af:7f:7e:cc:
34:1f:7e:da:93:06:3c:c2:3d:b4:d4:ec:4a:91:9c:5c:c4:a2:
c5:e2:87:41
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYgezz7K6XegL0N6QfyvvKzKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTE1MDk0NzU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGViZGYzYmMwYjBlNzUxYzRiNDlkMjI3NTMzOGMwMjllZTlmMGFlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpdLXeOHDdO0zcme7M089EIfzNgJ
DRbBV2lDSfcap3MMRcFB+gJ2u6gdAw8zm7CIctQ3DHywTHxnL5vp5nnpCISUZM+k
mWTTTOGop9BGDdicz1r9Cs/vAaY9ZDW3epskoFtlSzmhlP/L5fbOnAolUpw2iwyl
K1gCBKyvBLIRDe2SUVohCelrf3gsHb8LOtxm2a0yVtRjWmvIhcS4EN9r/jyx6oC2
qfnYvYLsEYK5RzeM2SmtIRlZ9KfDz592cscSYsC1ESU+BCYFurF3Sb0/goCmQsrQ
tIjPyhJOXfzgl0jRbZ49p3LeYW4mPMDRWp/bQGq9iK2rGap5FojKMgnIYwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFPTr3zvAsOdRxLSdInUzjAKe6fCuMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvOU92Zk84Q3c1MUhFdEowaWRUT01BcDdwOEs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAVBWtAwQA
V3k7AwQAW1wVMA0GCSqGSIb3DQEBCwUAA4IBAQCbebg2kMN3NyOwTgCTx0g/YjLN
eYt4+mNaG9MfrnWoIwkIG24F39UbFaSUXCFHAg41s/GUbtHdudoA9/HHt8hzMX6l
DTVqNsIYfR8WpxcsI4c7inF0yaXof/68D1LtaZKRTl9KbDh4gBUtkRcFq2OCx4Cg
91EkA0pOwGpSp3QaWDZmT9G0rDLtx1jdO5EPoMgvX+mygCHCQP2hLOWJ/oLhmOAg
JuC6uiwspinca582QRmxGkebUbj9bBByrgAYNGNLulkd/xC1M6KsMAVJnmvgGIYB
lN4CgKObNQHOowp9QXpPU1XT169/fsw0H37akwY8wj201OxKkZxcxKLF4odB
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:26 2024 by rpki-client on console-ams.rpki-client.org