Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Eg9mg9reXgpwWBIARMopQxB5Z1c.roa
File: Eg9mg9reXgpwWBIARMopQxB5Z1c.roa (raw, json)
Hash identifier: uys7LMoBHLDLIxM//fhnceYlQ7T+nxbRAMSKnD4mu+I=
Subject key identifier: 12:0F:66:83:DA:DE:5E:0A:70:58:12:00:44:CA:29:43:10:79:67:57
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01869C44E3AEFB480B81586AC3A650993292
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Eg9mg9reXgpwWBIARMopQxB5Z1c.roa
Signing time: Wed 01 Mar 2023 08:23:25 +0000
ROA not before: Wed 01 Mar 2023 08:23:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209371
IP address blocks: 185.216.70.0/24 maxlen: 24
178.215.239.0/24 maxlen: 24
45.128.96.0/22 maxlen: 24
85.31.47.0/24 maxlen: 24
45.139.107.0/24 maxlen: 24
45.84.89.0/24 maxlen: 24
193.35.19.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:9c:44:e3:ae:fb:48:0b:81:58:6a:c3:a6:50:99:32:92
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 1 08:23:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=120f6683dade5e0a7058120044ca294310796757
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:cb:b3:3f:f4:dc:85:ce:cb:d7:20:fa:ff:59:
d0:f5:b2:69:a6:5e:d8:f8:26:93:1b:9f:73:72:2f:
7f:9a:d8:10:40:1b:2f:93:79:65:d9:b9:e5:33:7e:
e9:04:e1:ee:28:79:f7:4b:78:49:ee:bf:3c:23:58:
85:0c:0a:e0:af:1e:fa:eb:21:93:9a:ef:07:e4:a3:
ea:a5:84:4f:a5:93:39:87:56:06:e3:d2:65:8c:16:
52:4f:bd:2f:1d:b8:43:f5:2a:6c:3b:7a:0a:c2:a3:
2e:ac:d0:51:e0:a3:6d:3a:31:80:8c:2d:b4:74:06:
a9:08:92:1a:b1:0e:34:a3:f7:62:52:26:e2:22:f4:
78:bd:da:16:1c:cd:1e:75:d0:86:b4:60:9a:95:95:
d6:cb:8d:bc:d0:fe:88:a4:a8:7a:48:12:4f:93:17:
cd:6d:55:a4:40:60:ef:9c:4c:b8:cf:c7:f5:4d:03:
dc:a6:c2:bc:c6:40:f7:ed:1b:0a:73:ac:a2:5f:23:
d0:fd:fc:3b:94:a7:60:b1:ae:78:55:3c:0d:45:2c:
aa:f9:80:1c:81:b7:10:ed:0c:c7:8d:3c:ea:1f:45:
05:54:c5:d1:89:ae:b6:45:5a:90:f5:10:bd:ee:fb:
7d:ba:b3:f6:29:a6:40:2d:d2:1f:06:7a:11:da:36:
28:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
12:0F:66:83:DA:DE:5E:0A:70:58:12:00:44:CA:29:43:10:79:67:57
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Eg9mg9reXgpwWBIARMopQxB5Z1c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.84.89.0/24
45.128.96.0/22
45.139.107.0/24
85.31.47.0/24
178.215.239.0/24
185.216.70.0/24
193.35.19.0/24
Signature Algorithm: sha256WithRSAEncryption
89:c2:3b:c8:f4:32:1a:c0:f6:47:11:75:cc:e9:9e:90:f2:29:
5c:bf:e4:b4:ac:d4:d3:90:7c:63:24:77:d3:33:96:88:05:72:
e9:37:31:50:44:a3:49:b8:71:c9:63:f7:9a:df:fa:83:34:d0:
12:8a:34:e6:ff:68:e8:f0:63:d6:54:e2:73:a8:1e:4e:98:f9:
c9:8b:8d:e3:3d:ca:53:2b:7b:96:75:91:d4:60:4b:df:d9:bd:
0a:29:35:39:eb:fb:f4:dc:cb:8e:1d:1c:9a:ee:6c:66:b0:88:
11:36:2d:5f:d1:50:8a:88:eb:20:f1:85:6f:67:f4:3e:c9:51:
30:e9:0c:58:9b:d2:2f:ae:bb:ea:1f:68:0d:ff:b5:77:07:3c:
f4:cb:ca:9a:9b:1a:58:03:e9:e4:22:de:3f:a5:d0:37:9d:61:
28:cd:7f:bd:9c:1b:6c:64:ee:e9:02:aa:8a:55:41:db:3a:2a:
97:16:c7:a0:fb:c4:02:bf:88:ec:fe:1a:86:4d:1d:fd:42:2a:
83:28:ed:ff:d5:c3:f7:3f:55:c9:7d:2f:92:52:0c:40:dc:8e:
77:86:b5:14:c8:83:eb:1e:80:07:ac:3b:2e:8d:08:6d:1b:2e:
e5:98:59:4b:06:6e:34:1b:c0:27:4e:bb:2a:5c:87:b0:eb:06:
5c:62:79:b7
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYacROOu+0gLgVhqw6ZQmTKSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMzAxMDgyMzI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMjBmNjY4M2RhZGU1ZTBhNzA1ODEyMDA0NGNhMjk0MzEwNzk2NzU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgMuzP/Tchc7L1yD6/1nQ9bJppl7Y
+CaTG59zci9/mtgQQBsvk3ll2bnlM37pBOHuKHn3S3hJ7r88I1iFDArgrx766yGT
mu8H5KPqpYRPpZM5h1YG49JljBZST70vHbhD9SpsO3oKwqMurNBR4KNtOjGAjC20
dAapCJIasQ40o/diUibiIvR4vdoWHM0eddCGtGCalZXWy4280P6IpKh6SBJPkxfN
bVWkQGDvnEy4z8f1TQPcpsK8xkD37RsKc6yiXyPQ/fw7lKdgsa54VTwNRSyq+YAc
gbcQ7QzHjTzqH0UFVMXRia62RVqQ9RC97vt9urP2KaZALdIfBnoR2jYopQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFBIPZoPa3l4KcFgSAETKKUMQeWdXMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRWc5bWc5cmVYZ3B3V0JJQVJNb3BReEI1WjFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALVRZAwQC
LYBgAwQALYtrAwQAVR8vAwQAstfvAwQAudhGAwQAwSMTMA0GCSqGSIb3DQEBCwUA
A4IBAQCJwjvI9DIawPZHEXXM6Z6Q8ilcv+S0rNTTkHxjJHfTM5aIBXLpNzFQRKNJ
uHHJY/ea3/qDNNASijTm/2jo8GPWVOJzqB5OmPnJi43jPcpTK3uWdZHUYEvf2b0K
KTU56/v03MuOHRya7mxmsIgRNi1f0VCKiOsg8YVvZ/Q+yVEw6QxYm9IvrrvqH2gN
/7V3Bzz0y8qamxpYA+nkIt4/pdA3nWEozX+9nBtsZO7pAqqKVUHbOiqXFseg+8QC
v4js/hqGTR39QiqDKO3/1cP3P1XJfS+SUgxA3I53hrUUyIPrHoAHrDsujQhtGy7l
mFlLBm40G8AnTrsqXIew6wZcYnm3
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:28 2024 by rpki-client on console-ams.rpki-client.org