Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JMzdU7CJDtshDbDBuFKrViqkFl8.roa
File: JMzdU7CJDtshDbDBuFKrViqkFl8.roa (raw, json)
Hash identifier: XkLmPdlhz+45qkSHceJk8+HtY386a6MXYXYARph2wVQ=
Subject key identifier: 24:CC:DD:53:B0:89:0E:DB:21:0D:B0:C1:B8:52:AB:56:2A:A4:16:5F
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0183B2A0AC9AD7B7AD6DAE15B139FA414AC4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JMzdU7CJDtshDbDBuFKrViqkFl8.roa
Signing time: Fri 07 Oct 2022 13:26:57 +0000
ROA not before: Fri 07 Oct 2022 13:26:57 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 50225
IP address blocks: 84.21.173.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
194.55.225.0/24 maxlen: 24
194.55.226.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
194.55.227.0/24 maxlen: 24
194.169.173.0/24 maxlen: 24
83.219.96.0/24 maxlen: 24
194.169.174.0/24 maxlen: 24
193.37.43.0/24 maxlen: 24
94.154.162.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:b2:a0:ac:9a:d7:b7:ad:6d:ae:15:b1:39:fa:41:4a:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Oct 7 13:26:57 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=24ccdd53b0890edb210db0c1b852ab562aa4165f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:a9:20:6e:ea:e6:1a:23:40:47:41:b4:53:4a:
fa:1a:e6:e2:2b:48:71:2e:19:2a:4d:02:58:c8:4d:
19:5d:9a:24:f1:5d:db:6a:8d:f0:a8:e5:b9:9e:da:
fe:87:3e:e8:ab:5a:de:9b:8e:01:20:07:e9:4b:ac:
28:20:fc:96:31:3e:c1:35:47:9d:88:69:1f:54:aa:
bc:da:24:4c:44:0e:a6:9e:5d:58:47:2d:ef:28:f7:
8e:cc:fa:e9:09:44:97:d1:f3:1a:e0:d7:37:5b:65:
5a:be:63:ba:8b:4e:fc:47:c8:c6:63:9f:a8:93:88:
ba:cd:2b:3e:01:c5:c7:a7:da:ad:8f:21:cf:0a:db:
2a:f8:a0:bd:32:04:d9:b4:71:e7:88:c8:f9:9a:9f:
a5:d7:7f:65:41:96:41:3e:ea:66:87:07:fb:f9:65:
37:a6:f9:6c:27:49:18:90:ff:bb:96:b5:8c:24:a0:
1e:90:f3:24:ec:f7:86:92:ec:98:ba:c3:34:70:87:
1c:cf:81:ee:37:25:68:a3:f6:26:78:fd:e5:2a:9f:
31:6c:80:35:b7:27:8a:55:05:2d:23:77:9a:9b:87:
92:47:79:32:49:21:07:ac:d2:75:71:a8:95:20:64:
7c:a5:2b:10:11:c6:5d:fa:f4:89:e6:35:4b:36:d8:
15:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:CC:DD:53:B0:89:0E:DB:21:0D:B0:C1:B8:52:AB:56:2A:A4:16:5F
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JMzdU7CJDtshDbDBuFKrViqkFl8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.219.96.0/24
84.21.173.0/24
84.54.48.0/24
94.154.162.0/24
193.37.43.0/24
194.55.224.0/22
194.169.173.0-194.169.174.255
Signature Algorithm: sha256WithRSAEncryption
62:e7:bd:11:25:37:59:83:0d:bf:fa:7b:f4:7c:5c:ff:a6:18:
4c:03:a8:fe:9e:32:6e:89:33:c1:5b:59:c3:8c:14:02:ec:29:
36:81:6a:76:5b:9b:2d:5d:c2:18:3a:63:49:6f:3b:b5:a8:60:
62:24:9e:74:4b:50:1e:7a:f4:25:57:bf:72:f0:90:b9:9d:78:
0c:0f:0b:71:07:a9:98:b1:b5:cd:61:25:40:b6:8a:a1:3c:c9:
77:77:4d:72:97:a2:8c:3e:ea:89:10:03:13:0e:1a:8f:25:5a:
f5:33:b5:f1:62:dd:39:c8:83:20:bb:b2:bd:54:b3:8c:1a:8f:
49:c6:65:a0:84:1c:31:95:f9:1f:e4:06:40:81:c0:2f:17:40:
8d:62:41:95:9c:b9:21:6d:8c:cf:77:f2:39:77:4a:0d:52:23:
d4:b5:e4:91:78:b4:e7:e1:15:90:62:b9:08:d4:f8:28:1f:77:
c6:8a:e2:82:a9:5a:3e:d2:c8:5d:52:ae:4f:fb:76:5b:26:3f:
38:47:29:f6:6e:f4:b3:21:82:37:53:9e:d7:a6:f6:3e:63:7d:
d4:16:18:b4:8a:75:1a:1a:8d:d1:e7:2b:76:7a:24:25:46:b3:
2e:10:5d:d4:40:0e:8e:c8:e1:b2:d0:c9:77:bb:10:75:2d:eb:
94:f8:cb:2b
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYOyoKya17etba4VsTn6QUrEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMDA3MTMyNjU3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGNjZGQ1M2IwODkwZWRiMjEwZGIwYzFiODUyYWI1NjJhYTQxNjVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvKkgburmGiNAR0G0U0r6GubiK0hx
LhkqTQJYyE0ZXZok8V3bao3wqOW5ntr+hz7oq1rem44BIAfpS6woIPyWMT7BNUed
iGkfVKq82iRMRA6mnl1YRy3vKPeOzPrpCUSX0fMa4Nc3W2VavmO6i078R8jGY5+o
k4i6zSs+AcXHp9qtjyHPCtsq+KC9MgTZtHHniMj5mp+l139lQZZBPupmhwf7+WU3
pvlsJ0kYkP+7lrWMJKAekPMk7PeGkuyYusM0cIccz4HuNyVoo/YmeP3lKp8xbIA1
tyeKVQUtI3eam4eSR3kySSEHrNJ1caiVIGR8pSsQEcZd+vSJ5jVLNtgViQIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFCTM3VOwiQ7bIQ2wwbhSq1YqpBZfMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSk16ZFU3Q0pEdHNoRGJEQnVGS3JWaXFrRmw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQAU9tgAwQA
VBWtAwQAVDYwAwQAXpqiAwQAwSUrAwQCwjfgMAwDBADCqa0DBADCqa4wDQYJKoZI
hvcNAQELBQADggEBAGLnvRElN1mDDb/6e/R8XP+mGEwDqP6eMm6JM8FbWcOMFALs
KTaBanZbmy1dwhg6Y0lvO7WoYGIknnRLUB569CVXv3LwkLmdeAwPC3EHqZixtc1h
JUC2iqE8yXd3TXKXoow+6okQAxMOGo8lWvUztfFi3TnIgyC7sr1Us4waj0nGZaCE
HDGV+R/kBkCBwC8XQI1iQZWcuSFtjM938jl3Sg1SI9S15JF4tOfhFZBiuQjU+Cgf
d8aK4oKpWj7SyF1Srk/7dlsmPzhHKfZu9LMhgjdTntem9j5jfdQWGLSKdRoajdHn
K3Z6JCVGsy4QXdRADo7I4bLQyXe7EHUt65T4yys=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:35 2023 by rpki-client on console-ams.rpki-client.org