Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IerRfvfoCGWJof7tx6vfEgh-Lf0.roa
File: IerRfvfoCGWJof7tx6vfEgh-Lf0.roa (raw, json)
Hash identifier: 80DPBqkTf/6lSpo2tdoOVZnLZeWflF1078/qu+VyjbA=
Subject key identifier: 21:EA:D1:7E:F7:E8:08:65:89:A1:FE:ED:C7:AB:DF:12:08:7E:2D:FD
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018809DD2B172C0B10FE06CFF5F9A9189B14
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IerRfvfoCGWJof7tx6vfEgh-Lf0.roa
Signing time: Thu 11 May 2023 08:11:09 +0000
ROA not before: Thu 11 May 2023 08:11:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1
IP address blocks: 81.161.231.0/24 maxlen: 24
31.13.198.0/24 maxlen: 24
164.40.185.0/24 maxlen: 24
45.139.100.0/22 maxlen: 24
185.221.64.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:09:dd:2b:17:2c:0b:10:fe:06:cf:f5:f9:a9:18:9b:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 11 08:11:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=21ead17ef7e8086589a1feedc7abdf12087e2dfd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:93:ee:25:df:df:29:bc:db:77:e2:f7:18:ed:
a7:b5:ee:a2:59:05:d9:8f:cd:c7:e7:1f:f4:95:fa:
74:70:2a:bb:21:a8:62:10:38:25:b4:46:77:cb:24:
89:6a:e5:63:51:89:5a:11:4b:ef:2d:0e:8d:74:dc:
d8:cc:93:35:80:09:7a:df:f5:f5:31:14:fa:de:bd:
ee:25:34:80:ee:3c:ed:88:b7:84:9b:b9:46:a6:77:
38:0f:fb:4f:7e:22:72:2b:41:95:6f:b1:b4:d2:9c:
cc:61:e6:3f:70:f3:36:c9:fd:f7:9e:1f:fe:f2:36:
af:27:4e:fa:a8:89:9b:58:2b:35:cb:10:a8:90:b5:
27:5a:88:78:2c:2d:54:02:64:da:bc:3f:b0:71:3f:
de:9b:1b:dd:ad:81:50:66:f6:10:e1:d3:78:c3:29:
3d:e7:ac:4f:32:7b:23:99:a1:f9:b2:a8:27:03:4f:
e8:0b:22:35:46:bc:d0:cb:9f:36:5a:08:d0:44:19:
09:1a:3a:73:56:85:42:df:d0:e3:21:9f:b4:9f:cc:
54:cd:d6:d9:af:0e:5d:e2:2b:d3:3d:7d:41:2e:7d:
83:83:3c:af:36:2f:58:4f:56:21:19:91:5d:e0:4d:
97:f0:47:27:5f:49:36:fd:83:c0:b8:47:4b:46:e4:
da:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
21:EA:D1:7E:F7:E8:08:65:89:A1:FE:ED:C7:AB:DF:12:08:7E:2D:FD
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IerRfvfoCGWJof7tx6vfEgh-Lf0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.13.198.0/24
45.139.100.0/22
81.161.231.0/24
164.40.185.0/24
185.221.64.0/24
Signature Algorithm: sha256WithRSAEncryption
43:0a:d6:d0:ce:3d:38:66:cf:6a:9a:62:b5:c4:44:72:de:b5:
19:a2:c9:1b:79:34:ea:ea:15:aa:04:c2:ed:e1:83:de:02:a9:
53:1a:44:93:4b:cb:e4:b3:04:72:60:37:cc:d9:8c:73:7c:f1:
f8:b3:80:e2:43:e4:82:7b:c4:09:99:ee:6c:9e:2a:73:89:4e:
64:df:2e:39:96:2a:b7:0b:63:b9:63:c2:3a:92:b0:7c:02:a1:
6d:d5:97:30:b8:36:79:54:9b:38:4b:54:c7:4b:c0:fe:22:cf:
da:d7:25:6c:fb:0f:89:fb:77:89:17:42:82:77:3d:58:b3:68:
96:85:cb:1c:77:81:32:b7:e5:3e:60:bc:bf:2f:0c:50:2f:8e:
ba:ed:2c:f0:61:1d:20:23:67:05:e2:c5:be:53:1f:ba:07:99:
ac:2b:74:69:bc:b2:f8:00:7e:33:32:67:00:47:ff:25:bf:0c:
7c:46:9d:32:80:37:5b:f9:db:8f:68:00:ed:1d:d4:a7:f2:f2:
f6:45:da:3e:2d:ff:d1:5a:f5:90:d0:05:5a:ce:41:9b:f0:e6:
25:52:e0:8e:97:1f:16:f4:aa:c6:12:ba:4e:02:ce:f1:cd:f6:
9f:eb:75:4e:ef:f5:b8:3d:36:cb:88:c2:e4:e1:c3:83:6e:c0:
2c:42:21:70
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAYgJ3SsXLAsQ/gbP9fmpGJsUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTExMDgxMTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMWVhZDE3ZWY3ZTgwODY1ODlhMWZlZWRjN2FiZGYxMjA4N2UyZGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkpPuJd/fKbzbd+L3GO2nte6iWQXZ
j83H5x/0lfp0cCq7IahiEDgltEZ3yySJauVjUYlaEUvvLQ6NdNzYzJM1gAl63/X1
MRT63r3uJTSA7jztiLeEm7lGpnc4D/tPfiJyK0GVb7G00pzMYeY/cPM2yf33nh/+
8javJ076qImbWCs1yxCokLUnWoh4LC1UAmTavD+wcT/emxvdrYFQZvYQ4dN4wyk9
56xPMnsjmaH5sqgnA0/oCyI1RrzQy582WgjQRBkJGjpzVoVC39DjIZ+0n8xUzdbZ
rw5d4ivTPX1BLn2DgzyvNi9YT1YhGZFd4E2X8EcnX0k2/YPAuEdLRuTaCQIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFCHq0X736AhliaH+7cer3xIIfi39MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSWVyUmZ2Zm9DR1dKb2Y3dHg2dmZFZ2gtTGYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQAHw3GAwQC
LYtkAwQAUaHnAwQApCi5AwQAud1AMA0GCSqGSIb3DQEBCwUAA4IBAQBDCtbQzj04
Zs9qmmK1xERy3rUZoskbeTTq6hWqBMLt4YPeAqlTGkSTS8vkswRyYDfM2YxzfPH4
s4DiQ+SCe8QJme5snipziU5k3y45liq3C2O5Y8I6krB8AqFt1ZcwuDZ5VJs4S1TH
S8D+Is/a1yVs+w+J+3eJF0KCdz1Ys2iWhcscd4Eyt+U+YLy/LwxQL4667SzwYR0g
I2cF4sW+Ux+6B5msK3RpvLL4AH4zMmcAR/8lvwx8Rp0ygDdb+duPaADtHdSn8vL2
Rdo+Lf/RWvWQ0AVazkGb8OYlUuCOlx8W9KrGErpOAs7xzfaf63VO7/W4PTbLiMLk
4cODbsAsQiFw
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:29 2024 by rpki-client on console-ams.rpki-client.org