Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/B7h1HPESycwmlt1BXsDqScIEhVQ.roa
File: B7h1HPESycwmlt1BXsDqScIEhVQ.roa (raw, json)
Hash identifier: gKijxmTxnf08qvlCagN3WpdEepbWKYlDuIj3j2yrgmU=
Subject key identifier: 07:B8:75:1C:F1:12:C9:CC:26:96:DD:41:5E:C0:EA:49:C2:04:85:54
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0188479EBC61668F4172EBDACE0CDBD2E91A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/B7h1HPESycwmlt1BXsDqScIEhVQ.roa
Signing time: Tue 23 May 2023 07:59:25 +0000
ROA not before: Tue 23 May 2023 07:59:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50225
IP address blocks: 85.209.132.0/24 maxlen: 24
83.143.112.0/24 maxlen: 24
83.143.113.0/24 maxlen: 24
185.222.163.0/24 maxlen: 24
87.121.69.0/24 maxlen: 24
193.42.34.0/24 maxlen: 24
193.47.63.0/24 maxlen: 24
94.156.78.0/24 maxlen: 24
176.125.252.0/24 maxlen: 24
193.47.60.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:47:9e:bc:61:66:8f:41:72:eb:da:ce:0c:db:d2:e9:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 23 07:59:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=07b8751cf112c9cc2696dd415ec0ea49c2048554
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:b1:43:99:0e:0c:bd:f7:14:88:c0:d0:f0:2e:
99:a8:04:6e:fb:82:91:03:21:35:de:ab:8e:1b:e6:
f3:b5:47:67:03:ac:f4:1f:0c:3f:d2:4c:d7:03:86:
d5:d4:a1:9f:c5:ab:3b:63:56:03:3c:a0:d0:92:85:
4b:67:8e:bb:a0:56:38:98:28:ba:81:48:51:0f:61:
cd:d3:36:eb:99:da:db:53:94:49:d4:31:37:8e:f6:
76:75:32:31:22:66:76:83:18:35:cd:17:71:92:a1:
db:dc:2a:84:cd:d2:0c:99:6b:8e:bb:87:31:70:3e:
b2:38:ed:bd:d3:e5:0b:ad:61:87:d1:db:e8:72:95:
64:a7:5d:03:6d:6e:c2:09:49:d0:67:69:35:51:0f:
59:9d:61:65:23:6c:24:c4:44:0c:88:e0:f7:46:1c:
0a:2c:e6:c6:9f:3b:e8:ba:9d:68:8d:8e:6e:c7:1e:
77:af:5e:72:7d:08:60:12:8f:54:c2:4c:99:dc:68:
fa:4c:0a:ac:69:a4:8f:26:79:ee:02:67:b5:27:af:
7e:c9:de:6a:9c:bc:37:7e:36:08:58:01:57:3c:ec:
14:12:e5:00:3d:de:cb:f8:be:3c:84:5f:ac:0d:19:
ba:9d:19:8d:95:94:be:bc:41:81:1e:43:a5:de:62:
86:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:B8:75:1C:F1:12:C9:CC:26:96:DD:41:5E:C0:EA:49:C2:04:85:54
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/B7h1HPESycwmlt1BXsDqScIEhVQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.143.112.0/23
85.209.132.0/24
87.121.69.0/24
87.121.105.0/24
94.156.78.0/24
176.125.252.0/24
185.222.163.0/24
193.42.34.0/24
193.47.60.0/24
193.47.63.0/24
Signature Algorithm: sha256WithRSAEncryption
9e:a6:6a:a2:b5:5c:d1:fa:a8:24:63:ae:98:1a:4c:67:52:77:
d6:41:66:43:8b:02:5b:bc:c4:f0:81:d1:23:9e:fe:ce:0a:cc:
7c:8b:ee:19:28:35:20:77:c8:00:71:98:15:e9:e5:6d:87:01:
30:73:2f:51:9d:1f:4a:bd:d8:5c:99:ff:05:73:8b:de:d6:01:
18:3b:e4:62:48:8b:c6:99:62:8c:db:99:89:2a:7a:cd:3a:31:
c0:c4:7c:d9:d4:41:aa:e0:e5:5a:b6:0d:7d:87:fd:1c:ff:0a:
8d:bf:15:d5:c8:84:ba:29:cc:ba:e7:03:32:22:94:79:bc:db:
8b:e9:f9:c9:40:de:18:52:a0:44:bf:69:f4:33:8c:99:b3:b8:
a0:2d:a7:d9:93:20:39:fd:fb:b3:83:16:ca:b2:9d:42:b0:5f:
8d:6b:6b:b7:9b:20:a2:c2:99:6c:8b:51:a3:18:71:51:17:2d:
4a:d2:86:ae:ff:ad:df:1c:4e:74:3f:bc:bf:95:a0:d8:9f:08:
ef:90:a6:f7:fb:1a:cb:71:9c:14:a7:27:06:41:ac:e3:d1:b0:
ac:1f:01:a7:04:90:8a:28:12:97:46:f5:ae:8d:4c:d1:9e:7f:
f7:b2:39:b1:d2:b8:47:17:6a:5e:8e:fd:fc:0e:9c:47:c7:d6:
4f:15:6e:dc
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYhHnrxhZo9Bcuvazgzb0ukaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTIzMDc1OTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2I4NzUxY2YxMTJjOWNjMjY5NmRkNDE1ZWMwZWE0OWMyMDQ4NTU0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm7FDmQ4MvfcUiMDQ8C6ZqARu+4KR
AyE13quOG+bztUdnA6z0Hww/0kzXA4bV1KGfxas7Y1YDPKDQkoVLZ467oFY4mCi6
gUhRD2HN0zbrmdrbU5RJ1DE3jvZ2dTIxImZ2gxg1zRdxkqHb3CqEzdIMmWuOu4cx
cD6yOO290+ULrWGH0dvocpVkp10DbW7CCUnQZ2k1UQ9ZnWFlI2wkxEQMiOD3RhwK
LObGnzvoup1ojY5uxx53r15yfQhgEo9UwkyZ3Gj6TAqsaaSPJnnuAme1J69+yd5q
nLw3fjYIWAFXPOwUEuUAPd7L+L48hF+sDRm6nRmNlZS+vEGBHkOl3mKGrQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFAe4dRzxEsnMJpbdQV7A6knCBIVUMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQjdoMUhQRVN5Y3dtbHQxQlhzRHFTY0lFaFZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQBU49wAwQA
VdGEAwQAV3lFAwQAV3lpAwQAXpxOAwQAsH38AwQAud6jAwQAwSoiAwQAwS88AwQA
wS8/MA0GCSqGSIb3DQEBCwUAA4IBAQCepmqitVzR+qgkY66YGkxnUnfWQWZDiwJb
vMTwgdEjnv7OCsx8i+4ZKDUgd8gAcZgV6eVthwEwcy9RnR9Kvdhcmf8Fc4ve1gEY
O+RiSIvGmWKM25mJKnrNOjHAxHzZ1EGq4OVatg19h/0c/wqNvxXVyIS6Kcy65wMy
IpR5vNuL6fnJQN4YUqBEv2n0M4yZs7igLafZkyA5/fuzgxbKsp1CsF+Na2u3myCi
wplsi1GjGHFRFy1K0oau/63fHE50P7y/laDYnwjvkKb3+xrLcZwUpycGQazj0bCs
HwGnBJCKKBKXRvWujUzRnn/3sjmx0rhHF2pejv38DpxHx9ZPFW7c
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:26 2024 by rpki-client on console-ams.rpki-client.org