Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KNy3NwFqdw16b9mY4Wxl9vck80Y.roa
File: KNy3NwFqdw16b9mY4Wxl9vck80Y.roa (raw, json)
Hash identifier: JjFIPUTxX/yW5g3sxP4DB18ykd86uZyNcRKG6kxbHPo=
Subject key identifier: 28:DC:B7:37:01:6A:77:0D:7A:6F:D9:98:E1:6C:65:F6:F7:24:F3:46
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018CC8DD16B581F191E684B00DF094671A07
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KNy3NwFqdw16b9mY4Wxl9vck80Y.roa
Signing time: Tue 02 Jan 2024 06:29:41 +0000
ROA not before: Tue 02 Jan 2024 06:29:41 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 400377
IP address blocks: 185.216.69.0/24 maxlen: 24
87.120.84.0/24 maxlen: 24
93.123.84.0/24 maxlen: 24
147.78.103.0/24 maxlen: 24
185.226.173.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
95.214.24.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:dd:16:b5:81:f1:91:e6:84:b0:0d:f0:94:67:1a:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 2 06:29:41 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=28dcb737016a770d7a6fd998e16c65f6f724f346
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:d9:8b:46:66:13:04:df:12:54:e7:e5:5d:bb:
1f:eb:9b:25:fb:f0:e2:65:50:e4:44:ec:53:9b:89:
73:b6:49:94:6e:ec:ff:8a:48:d4:fe:93:72:26:55:
24:78:36:0c:c4:ef:cc:c8:f2:24:1f:66:bd:90:42:
f3:1c:be:47:9b:60:ba:be:47:38:f0:35:24:d6:c0:
e2:b7:fd:9b:ea:1c:45:76:f9:45:2c:4f:dc:07:14:
0f:47:7d:ff:bd:e8:a2:fb:f8:9e:71:1a:7a:12:ca:
97:44:f4:86:07:be:83:bc:e4:02:3e:d6:c5:b9:6e:
46:ff:5d:54:4c:cd:f1:d9:11:ce:84:c6:1a:63:60:
60:1b:a0:a6:2d:04:54:7d:fb:fd:e7:12:ef:33:53:
66:61:2e:aa:54:9e:73:ec:98:32:87:f0:53:11:ec:
98:12:82:6f:b4:1d:44:6f:c5:fc:33:da:7e:03:51:
c4:3c:4e:b3:57:91:58:ee:cc:fd:2f:05:5b:fe:1a:
c2:97:34:03:34:62:8d:08:2c:17:4d:25:ff:5c:67:
f3:03:c6:cc:a6:31:ed:1d:72:24:7f:db:94:4d:71:
2f:6e:14:58:fd:e9:04:4e:9c:83:1c:05:a8:aa:13:
3a:5a:b8:9d:8d:c2:37:07:52:82:c7:2f:00:e7:4e:
48:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
28:DC:B7:37:01:6A:77:0D:7A:6F:D9:98:E1:6C:65:F6:F7:24:F3:46
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KNy3NwFqdw16b9mY4Wxl9vck80Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.120.84.0/24
93.123.84.0/24
95.214.24.0/24
109.206.237.0/24
147.78.103.0/24
185.216.69.0/24
185.226.173.0/24
Signature Algorithm: sha256WithRSAEncryption
11:51:0c:5f:97:17:df:10:aa:ad:3c:7c:65:da:7c:16:85:fc:
ba:cb:52:20:bf:40:fe:da:ea:a4:43:05:34:e8:1e:a2:66:ac:
ae:6f:bb:77:00:a5:73:09:88:6d:e5:cb:f0:09:41:0f:76:9a:
af:8f:be:fc:dd:7d:e1:77:4f:15:40:de:42:18:eb:59:b2:45:
e9:5a:75:4a:47:eb:87:2b:f3:cd:4a:56:b5:0f:70:e8:f3:5a:
3d:eb:22:b6:55:0d:ae:67:27:98:37:19:90:5b:6c:b8:28:cb:
0d:65:28:fa:cd:1c:55:81:ca:49:a7:b7:9b:0d:af:1c:34:69:
23:f1:5c:d0:66:a6:0a:be:b1:7a:a3:a1:8f:e2:65:53:3a:01:
d6:03:fa:01:ae:83:71:53:5d:04:15:0c:19:1c:9d:61:0c:cc:
2d:a6:36:3d:a7:1a:d8:01:51:ff:8e:90:7c:bd:23:d8:03:ea:
1d:19:43:72:2e:05:bc:dd:9b:02:6f:69:fe:6a:2d:3f:b9:94:
02:c3:b6:51:33:0a:17:58:62:5f:ab:f5:d3:72:29:5d:ed:b9:
67:5f:4a:59:1d:63:55:ae:a1:b2:fb:79:4b:4c:ce:2d:33:fc:
56:bb:ce:a8:c2:5e:6d:aa:c1:66:ba:8d:d0:4b:47:3f:76:2d:
d8:95:83:ed
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYzI3Ra1gfGR5oSwDfCUZxoHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyOGRjYjczNzAxNmE3NzBkN2E2ZmQ5OThlMTZjNjVmNmY3MjRmMzQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9mLRmYTBN8SVOflXbsf65sl+/Di
ZVDkROxTm4lztkmUbuz/ikjU/pNyJlUkeDYMxO/MyPIkH2a9kELzHL5Hm2C6vkc4
8DUk1sDit/2b6hxFdvlFLE/cBxQPR33/veii+/iecRp6EsqXRPSGB76DvOQCPtbF
uW5G/11UTM3x2RHOhMYaY2BgG6CmLQRUffv95xLvM1NmYS6qVJ5z7Jgyh/BTEeyY
EoJvtB1Eb8X8M9p+A1HEPE6zV5FY7sz9LwVb/hrClzQDNGKNCCwXTSX/XGfzA8bM
pjHtHXIkf9uUTXEvbhRY/ekETpyDHAWoqhM6WridjcI3B1KCxy8A505IEwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFCjctzcBancNem/ZmOFsZfb3JPNGMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvS055M053RnFkdzE2YjltWTRXeGw5dmNrODBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAV3hUAwQA
XXtUAwQAX9YYAwQAbc7tAwQAk05nAwQAudhFAwQAueKtMA0GCSqGSIb3DQEBCwUA
A4IBAQARUQxflxffEKqtPHxl2nwWhfy6y1Igv0D+2uqkQwU06B6iZqyub7t3AKVz
CYht5cvwCUEPdpqvj7783X3hd08VQN5CGOtZskXpWnVKR+uHK/PNSla1D3Do81o9
6yK2VQ2uZyeYNxmQW2y4KMsNZSj6zRxVgcpJp7ebDa8cNGkj8VzQZqYKvrF6o6GP
4mVTOgHWA/oBroNxU10EFQwZHJ1hDMwtpjY9pxrYAVH/jpB8vSPYA+odGUNyLgW8
3ZsCb2n+ai0/uZQCw7ZRMwoXWGJfq/XTcild7blnX0pZHWNVrqGy+3lLTM4tM/xW
u86owl5tqsFmuo3QS0c/di3YlYPt
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:04 2024 by rpki-client on console-fra.rpki-client.org