Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Ch55dbjK2K3TxKQIus90OIXuF24.roa
File: Ch55dbjK2K3TxKQIus90OIXuF24.roa (raw, json)
Hash identifier: 2oVtHSffaC7J1pdIfccBWITEvtRpnoZMzs9wzDP6gXQ=
Subject key identifier: 0A:1E:79:75:B8:CA:D8:AD:D3:C4:A4:08:BA:CF:74:38:85:EE:17:6E
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 1D5B1AE4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Ch55dbjK2K3TxKQIus90OIXuF24.roa
Signing time: Fri 04 Mar 2022 11:13:49 +0000
ROA not before: Fri 04 Mar 2022 11:13:49 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 397423
IP address blocks: 84.54.48.0/22 maxlen: 24
194.180.51.0/24 maxlen: 24
194.169.172.0/22 maxlen: 24
194.180.48.0/23 maxlen: 24
185.252.178.0/23 maxlen: 24
176.125.252.0/22 maxlen: 24
94.154.172.0/22 maxlen: 24
193.25.216.0/22 maxlen: 24
87.121.220.0/23 maxlen: 24
109.206.240.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 492509924 (0x1d5b1ae4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 4 11:13:49 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=0a1e7975b8cad8add3c4a408bacf743885ee176e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d0:96:8f:23:cd:80:47:3a:72:14:3f:7c:c5:8f:
31:6d:cc:cb:70:c7:72:60:1a:74:63:bf:ef:ea:98:
de:c8:ea:e4:e8:96:c5:bf:9c:ff:4b:ea:98:63:48:
dd:b6:0a:1f:6b:e6:10:73:03:7c:20:2a:36:58:56:
06:ad:a4:78:1d:87:ad:94:08:5c:57:9e:f6:b1:fc:
16:54:00:78:f3:76:f8:75:e5:c0:ab:6c:ef:3f:42:
24:81:11:cb:3f:69:08:5e:b9:1d:4f:fb:3f:0d:5e:
ef:5a:3c:6b:e5:45:49:e9:1f:25:fe:49:5e:c7:57:
39:bf:5c:b1:87:d1:7c:a0:7e:7e:1d:e1:22:09:35:
cd:01:8c:e0:df:78:75:e7:fd:e2:9a:e6:4c:d6:03:
50:3d:47:26:12:b6:7e:c4:74:95:af:62:5c:92:72:
bb:51:5c:3f:86:5a:15:a8:4a:a7:93:7d:2b:c6:f9:
ae:ed:fe:85:57:28:10:b5:ec:43:43:b0:de:2b:c8:
2f:26:1e:a8:9c:07:59:48:af:e9:78:8f:be:80:1e:
fd:42:d4:12:4a:d2:77:4d:99:58:1a:c3:ff:d0:37:
7c:3f:8b:47:f1:10:33:a0:d8:25:f4:2d:61:8b:5c:
6d:a4:e6:97:43:3b:03:61:19:25:20:fc:0c:2a:d4:
90:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:1E:79:75:B8:CA:D8:AD:D3:C4:A4:08:BA:CF:74:38:85:EE:17:6E
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Ch55dbjK2K3TxKQIus90OIXuF24.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.54.48.0/22
87.121.220.0/23
94.154.172.0/22
109.206.240.0/22
176.125.252.0/22
185.252.178.0/23
193.25.216.0/22
194.169.172.0/22
194.180.48.0/23
194.180.51.0/24
Signature Algorithm: sha256WithRSAEncryption
6e:ec:f5:10:17:99:fa:00:fc:87:0f:fa:83:a3:68:0b:38:2d:
9c:48:45:38:98:6c:5a:f9:8e:1c:cb:91:0e:7a:48:78:e0:10:
33:1a:a4:80:24:80:fa:14:b9:7b:71:df:bd:6c:fa:53:65:5d:
74:c2:76:72:07:31:66:ab:f8:77:0a:3d:1a:c6:1f:ae:b6:e3:
7c:c8:f1:01:b6:00:52:25:38:89:06:1a:58:9b:f8:30:ef:75:
a2:e1:b3:4e:ac:cd:6e:2c:55:01:a1:fc:0f:96:bf:69:23:d5:
88:55:7a:86:e3:3a:c0:74:80:e2:59:18:1f:a3:78:5f:5f:22:
8f:65:f5:dc:9c:bb:a7:be:da:35:ed:09:e5:42:87:d8:1f:73:
c3:b8:a8:49:e6:89:4b:37:80:fa:5b:15:3b:57:26:22:2d:ff:
d0:92:73:9e:01:69:b5:91:93:ea:d4:26:e9:4c:d8:b3:4a:28:
8a:72:12:25:65:a5:ed:dc:e5:d2:2b:8b:0c:df:95:38:33:06:
38:da:b7:4d:1f:ef:67:ed:41:44:1b:52:82:0e:af:81:f4:56:
bb:74:cd:be:56:37:c8:d2:b0:7e:c1:89:d5:90:9b:d2:bf:d2:
32:98:b7:2d:f9:9a:ba:a1:cb:f9:5f:a6:fe:95:c8:f7:62:9d:
34:c7:e5:8c
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgIEHVsa5DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDMw
NDExMTM0OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMGExZTc5NzViOGNh
ZDhhZGQzYzRhNDA4YmFjZjc0Mzg4NWVlMTc2ZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANCWjyPNgEc6chQ/fMWPMW3My3DHcmAadGO/7+qY3sjq5OiW
xb+c/0vqmGNI3bYKH2vmEHMDfCAqNlhWBq2keB2HrZQIXFee9rH8FlQAePN2+HXl
wKts7z9CJIERyz9pCF65HU/7Pw1e71o8a+VFSekfJf5JXsdXOb9csYfRfKB+fh3h
Igk1zQGM4N94def94prmTNYDUD1HJhK2fsR0la9iXJJyu1FcP4ZaFahKp5N9K8b5
ru3+hVcoELXsQ0Ow3ivILyYeqJwHWUiv6XiPvoAe/ULUEkrSd02ZWBrD/9A3fD+L
R/EQM6DYJfQtYYtcbaTml0M7A2EZJSD8DCrUkEkCAwEAAaOCAj8wggI7MB0GA1Ud
DgQWBBQKHnl1uMrYrdPEpAi6z3Q4he4XbjAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L0NoNTVkYmpLMkszVHhLUUl1czkwT0lYdUYyNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBV
BggrBgEFBQcBBwEB/wRGMEQwQgQCAAEwPAMEAlQ2MAMEAVd53AMEAl6arAMEAm3O
8AMEArB9/AMEAbn8sgMEAsEZ2AMEAsKprAMEAcK0MAMEAMK0MzANBgkqhkiG9w0B
AQsFAAOCAQEAbuz1EBeZ+gD8hw/6g6NoCzgtnEhFOJhsWvmOHMuRDnpIeOAQMxqk
gCSA+hS5e3HfvWz6U2VddMJ2cgcxZqv4dwo9GsYfrrbjfMjxAbYAUiU4iQYaWJv4
MO91ouGzTqzNbixVAaH8D5a/aSPViFV6huM6wHSA4lkYH6N4X18ij2X13Jy7p77a
Ne0J5UKH2B9zw7ioSeaJSzeA+lsVO1cmIi3/0JJzngFptZGT6tQm6UzYs0ooinIS
JWWl7dzl0iuLDN+VODMGONq3TR/vZ+1BRBtSgg6vgfRWu3TNvlY3yNKwfsGJ1ZCb
0r/SMpi3LfmauqHL+V+m/pXI92KdNMfljA==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:33 2023 by rpki-client on console-ams.rpki-client.org