Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/EMhradkNJZSY3SMILNYjQ_qtw00.roa
File: EMhradkNJZSY3SMILNYjQ_qtw00.roa (raw, json)
Hash identifier: CcRxQbmS4kk0xRbPxoLoF/1r6uxQt1CtO+N4Fs7fHZc=
Subject key identifier: 10:C8:6B:69:D9:0D:25:94:98:DD:23:08:2C:D6:23:43:FA:AD:C3:4D
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01826DEE81435CD421B9E67CFB2F3AD26580
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/EMhradkNJZSY3SMILNYjQ_qtw00.roa
Signing time: Fri 05 Aug 2022 12:15:23 +0000
ROA not before: Fri 05 Aug 2022 12:15:23 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 8100
IP address blocks: 178.215.224.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
178.215.238.0/24 maxlen: 24
185.218.137.0/24 maxlen: 24
83.219.98.0/23 maxlen: 24
37.139.130.0/23 maxlen: 24
94.154.174.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:6d:ee:81:43:5c:d4:21:b9:e6:7c:fb:2f:3a:d2:65:80
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Aug 5 12:15:23 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=10c86b69d90d259498dd23082cd62343faadc34d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:1e:51:6b:13:9f:e1:53:b0:2c:ab:b1:53:7c:
17:00:45:fd:e9:d4:1c:29:ea:da:c6:00:25:ef:5c:
76:45:57:10:67:0d:cc:4e:7e:4a:4c:34:ac:a9:cb:
94:13:0c:51:f4:16:21:e3:0e:49:8d:06:06:d2:f8:
b3:bf:32:23:96:aa:a2:c3:ab:fd:fd:ba:ee:7b:ac:
c9:05:0a:b5:cb:5d:8e:27:43:db:56:66:73:e0:5b:
02:65:73:33:a0:74:54:07:7f:24:78:19:b6:11:cb:
3e:d5:ad:e5:b1:df:75:fa:25:f4:35:02:bc:41:4b:
26:d8:97:fd:a5:ed:ee:5f:d4:90:63:48:3d:5f:b6:
17:72:5b:c5:f0:06:70:83:8a:6c:0a:95:fc:70:74:
16:27:c7:60:73:47:7d:ce:62:31:29:08:af:e6:c0:
7d:b2:2b:74:ce:71:77:77:ad:19:20:0a:41:f3:c6:
47:5f:2a:77:5d:80:e1:4e:a2:c8:e6:b6:40:3a:8f:
4e:a9:1b:c4:c6:e0:27:b0:9e:c2:15:98:ee:b6:99:
82:1a:32:84:9b:e3:25:ac:98:84:09:65:49:5f:29:
c0:c6:47:d5:2f:d6:59:98:1a:ea:84:30:c1:49:34:
84:9b:dd:d7:2b:95:5d:30:85:09:3f:5b:86:ae:61:
20:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
10:C8:6B:69:D9:0D:25:94:98:DD:23:08:2C:D6:23:43:FA:AD:C3:4D
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/EMhradkNJZSY3SMILNYjQ_qtw00.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.130.0/23
83.219.98.0/23
84.54.48.0/24
94.154.174.0/23
178.215.224.0/24
178.215.238.0/24
185.218.137.0/24
Signature Algorithm: sha256WithRSAEncryption
48:eb:a7:da:87:84:74:d2:77:30:55:20:22:8f:24:c7:11:b3:
34:3c:d8:c1:38:7a:50:99:1c:bc:a7:10:5c:7c:c0:ee:7b:8c:
37:1b:f3:8d:8b:25:da:3d:a2:55:5f:81:33:e8:0f:4e:8a:90:
75:04:1c:a8:37:29:cf:01:3c:09:67:fb:54:16:46:0e:2b:a0:
ff:ff:c6:3c:99:f9:90:9e:e0:f7:ce:98:b7:cf:29:cd:08:03:
25:0c:cf:fb:8e:ac:d8:fb:f4:4b:29:04:d7:f9:5d:6f:37:e4:
bb:ec:cd:dd:1d:f2:ab:d1:69:3f:e4:9c:a0:01:d9:ae:26:7d:
db:1d:2f:ef:06:75:f2:8f:7b:3a:15:8d:e5:62:e5:b1:01:4f:
45:eb:5e:a9:91:67:51:76:b2:6f:20:b4:88:9e:ce:27:45:54:
eb:c4:3c:5f:e3:73:d6:38:26:4c:f7:9d:f1:e0:47:68:b7:cb:
b4:43:dc:e6:38:d1:fd:a0:06:b3:2f:4f:0b:2e:bf:20:40:48:
e3:b5:9f:20:f8:d4:fe:61:37:f4:a5:45:25:86:65:50:54:55:
33:df:65:5a:c0:bb:d5:52:1d:9a:2a:01:49:15:c8:84:dc:4f:
86:cc:3e:8f:e7:55:ea:f2:56:cd:94:e7:7f:b8:80:e6:e8:0a:
ef:eb:d3:4f
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYJt7oFDXNQhueZ8+y860mWAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIwODA1MTIxNTIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMGM4NmI2OWQ5MGQyNTk0OThkZDIzMDgyY2Q2MjM0M2ZhYWRjMzRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlh5RaxOf4VOwLKuxU3wXAEX96dQc
KeraxgAl71x2RVcQZw3MTn5KTDSsqcuUEwxR9BYh4w5JjQYG0vizvzIjlqqiw6v9
/brue6zJBQq1y12OJ0PbVmZz4FsCZXMzoHRUB38keBm2Ecs+1a3lsd91+iX0NQK8
QUsm2Jf9pe3uX9SQY0g9X7YXclvF8AZwg4psCpX8cHQWJ8dgc0d9zmIxKQiv5sB9
sit0znF3d60ZIApB88ZHXyp3XYDhTqLI5rZAOo9OqRvExuAnsJ7CFZjutpmCGjKE
m+MlrJiECWVJXynAxkfVL9ZZmBrqhDDBSTSEm93XK5VdMIUJP1uGrmEgNQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFBDIa2nZDSWUmN0jCCzWI0P6rcNNMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRU1ocmFka05KWlNZM1NNSUxOWWpRX3F0dzAwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBJYuCAwQB
U9tiAwQAVDYwAwQBXpquAwQAstfgAwQAstfuAwQAudqJMA0GCSqGSIb3DQEBCwUA
A4IBAQBI66fah4R00ncwVSAijyTHEbM0PNjBOHpQmRy8pxBcfMDue4w3G/ONiyXa
PaJVX4Ez6A9OipB1BByoNynPATwJZ/tUFkYOK6D//8Y8mfmQnuD3zpi3zynNCAMl
DM/7jqzY+/RLKQTX+V1vN+S77M3dHfKr0Wk/5JygAdmuJn3bHS/vBnXyj3s6FY3l
YuWxAU9F616pkWdRdrJvILSIns4nRVTrxDxf43PWOCZM953x4Edot8u0Q9zmONH9
oAazL08LLr8gQEjjtZ8g+NT+YTf0pUUlhmVQVFUz32VawLvVUh2aKgFJFciE3E+G
zD6P51Xq8lbNlOd/uIDm6Arv69NP
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:28 2024 by rpki-client on console-ams.rpki-client.org