Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JSqGV684SYVhC2_orchL3oW0Xdo.roa
File: JSqGV684SYVhC2_orchL3oW0Xdo.roa (raw, json)
Hash identifier: LtZn71UivVT1z6bv4ZPsDHadp4DakpiTP8h1qTE/0Rw=
Subject key identifier: 25:2A:86:57:AF:38:49:85:61:0B:6F:E8:AD:C8:4B:DE:85:B4:5D:DA
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0188BE4886709B2DFC5F509C98587D78BDCD
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JSqGV684SYVhC2_orchL3oW0Xdo.roa
Signing time: Thu 15 Jun 2023 09:00:04 +0000
ROA not before: Thu 15 Jun 2023 09:00:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50225
IP address blocks: 85.209.132.0/24 maxlen: 24
83.143.112.0/24 maxlen: 24
85.217.145.0/24 maxlen: 24
83.143.113.0/24 maxlen: 24
185.222.163.0/24 maxlen: 24
45.128.99.0/24 maxlen: 24
87.121.69.0/24 maxlen: 24
193.42.34.0/24 maxlen: 24
193.47.63.0/24 maxlen: 24
176.125.252.0/24 maxlen: 24
193.47.60.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:be:48:86:70:9b:2d:fc:5f:50:9c:98:58:7d:78:bd:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jun 15 09:00:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=252a8657af384985610b6fe8adc84bde85b45dda
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:50:ed:f3:96:7b:d7:37:12:8a:05:c9:ab:14:
7f:30:69:c4:29:48:3a:92:f5:ae:de:62:dd:ae:97:
d4:f1:4a:95:82:40:48:9c:77:91:50:b0:37:0c:f6:
30:f1:0b:83:59:78:d9:29:c2:00:08:be:aa:7b:37:
59:87:51:30:89:fc:4e:cd:bf:c1:b5:09:d5:c8:91:
1d:d3:de:bd:fd:1c:83:a1:e7:47:63:f7:f8:f8:9e:
c1:83:65:23:c4:c3:8b:30:24:6d:c3:f8:9f:58:a2:
3a:73:1a:4e:7e:2a:2c:1c:71:c0:3a:9c:14:6a:2b:
a7:2c:59:7b:d3:d0:b8:55:24:0c:34:49:47:56:62:
37:97:1c:7b:4c:cb:71:d7:b4:92:58:1d:37:0b:fb:
f7:a3:16:f4:f1:12:82:a4:15:92:a4:c1:ff:10:eb:
b8:bd:fa:19:9a:da:98:b8:da:54:a8:27:b5:e2:47:
44:0d:91:7d:54:b7:89:28:d3:2c:b7:1d:30:07:47:
9e:fc:59:f6:e2:5f:87:36:22:18:1b:0a:ee:d6:34:
6c:11:0c:ba:e9:e0:f8:c4:f2:b7:f0:6f:65:49:7c:
6b:82:79:37:85:4c:c7:30:7b:0e:36:47:bb:4d:01:
ad:2f:ed:d0:d9:8a:dd:3d:15:64:df:18:0e:04:0f:
36:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:2A:86:57:AF:38:49:85:61:0B:6F:E8:AD:C8:4B:DE:85:B4:5D:DA
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JSqGV684SYVhC2_orchL3oW0Xdo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.128.99.0/24
83.143.112.0/23
85.209.132.0/24
85.217.145.0/24
87.121.69.0/24
176.125.252.0/24
185.222.163.0/24
193.42.34.0/24
193.47.60.0/24
193.47.63.0/24
Signature Algorithm: sha256WithRSAEncryption
75:95:3e:58:26:2a:ef:e9:7b:1f:97:8a:73:66:99:53:92:b1:
d0:c9:ac:6f:b3:fe:a1:5c:f2:57:5d:16:3d:9b:4a:6c:3e:3e:
91:04:40:6c:d8:72:ae:43:a3:13:a6:77:67:a3:85:47:dc:04:
53:ed:d6:e1:a3:6a:77:a6:eb:bb:ea:ba:3f:d3:1f:4a:eb:86:
5e:75:24:d3:9b:00:e5:96:45:f8:a1:c9:df:4d:8d:95:7e:15:
d5:fe:df:44:d5:6d:e9:9a:63:7c:24:09:77:67:b1:74:d0:07:
92:d8:c0:01:c3:68:c2:58:f6:7e:7f:9e:7c:2a:f3:9a:e6:5b:
11:10:5c:b8:d9:a8:b8:6d:8e:9e:51:15:30:8f:7b:80:0a:4b:
55:14:c7:87:90:1c:fd:31:e0:00:0d:48:98:ef:41:71:f2:67:
c9:76:ad:90:28:40:35:c2:d0:4c:e6:15:42:0f:54:e9:a0:3f:
f9:e3:dd:63:32:28:64:8b:7a:48:c0:53:12:66:88:8b:cc:0c:
f2:4d:32:33:d0:0f:bf:18:b0:2f:3e:3a:2d:2d:80:f9:99:d5:
50:f8:ac:4d:05:a3:21:11:6b:4d:2c:1d:0d:d5:53:58:d9:7e:
2a:70:24:37:88:02:3d:62:ef:b7:ae:7c:80:75:31:7b:0a:4a:
46:63:e0:eb
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYi+SIZwmy38X1CcmFh9eL3NMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNjE1MDkwMDA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNTJhODY1N2FmMzg0OTg1NjEwYjZmZThhZGM4NGJkZTg1YjQ1ZGRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1lDt85Z71zcSigXJqxR/MGnEKUg6
kvWu3mLdrpfU8UqVgkBInHeRULA3DPYw8QuDWXjZKcIACL6qezdZh1EwifxOzb/B
tQnVyJEd0969/RyDoedHY/f4+J7Bg2UjxMOLMCRtw/ifWKI6cxpOfiosHHHAOpwU
aiunLFl709C4VSQMNElHVmI3lxx7TMtx17SSWB03C/v3oxb08RKCpBWSpMH/EOu4
vfoZmtqYuNpUqCe14kdEDZF9VLeJKNMstx0wB0ee/Fn24l+HNiIYGwru1jRsEQy6
6eD4xPK38G9lSXxrgnk3hUzHMHsONke7TQGtL+3Q2YrdPRVk3xgOBA82HwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFCUqhlevOEmFYQtv6K3IS96FtF3aMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSlNxR1Y2ODRTWVZoQzJfb3JjaEwzb1cwWGRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALYBjAwQB
U49wAwQAVdGEAwQAVdmRAwQAV3lFAwQAsH38AwQAud6jAwQAwSoiAwQAwS88AwQA
wS8/MA0GCSqGSIb3DQEBCwUAA4IBAQB1lT5YJirv6Xsfl4pzZplTkrHQyaxvs/6h
XPJXXRY9m0psPj6RBEBs2HKuQ6MTpndno4VH3ART7dbho2p3puu76ro/0x9K64Ze
dSTTmwDllkX4ocnfTY2VfhXV/t9E1W3pmmN8JAl3Z7F00AeS2MABw2jCWPZ+f558
KvOa5lsREFy42ai4bY6eURUwj3uACktVFMeHkBz9MeAADUiY70Fx8mfJdq2QKEA1
wtBM5hVCD1TpoD/5491jMihki3pIwFMSZoiLzAzyTTIz0A+/GLAvPjotLYD5mdVQ
+KxNBaMhEWtNLB0N1VNY2X4qcCQ3iAI9Yu+3rnyAdTF7CkpGY+Dr
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:30 2024 by rpki-client on console-ams.rpki-client.org