Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MxBTjiN_2YuGgkmzpvipkD7Gqts.roa
File: MxBTjiN_2YuGgkmzpvipkD7Gqts.roa (raw, json)
Hash identifier: Ig9mTihiUBMpJMKr1zmzE4xfjgswX3yRVe2PtLO6s18=
Subject key identifier: 33:10:53:8E:23:7F:D9:8B:86:82:49:B3:A6:F8:A9:90:3E:C6:AA:DB
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018CC8DCD87F29CC1951AFCA09168D37F798
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MxBTjiN_2YuGgkmzpvipkD7Gqts.roa
Signing time: Tue 02 Jan 2024 06:29:25 +0000
ROA not before: Tue 02 Jan 2024 06:29:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 29030
IP address blocks: 94.156.20.0/22 maxlen: 22
87.121.152.0/21 maxlen: 21
31.13.200.0/21 maxlen: 21
94.156.244.0/24 maxlen: 24
87.121.65.0/24 maxlen: 24
94.156.197.0/24 maxlen: 24
94.156.196.0/24 maxlen: 24
94.156.199.0/24 maxlen: 24
94.156.195.0/24 maxlen: 24
94.156.198.0/24 maxlen: 24
94.156.194.0/24 maxlen: 24
94.156.208.0/21 maxlen: 21
94.156.212.0/22 maxlen: 24
87.121.24.0/22 maxlen: 24
31.13.242.0/23 maxlen: 23
87.121.8.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:dc:d8:7f:29:cc:19:51:af:ca:09:16:8d:37:f7:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 2 06:29:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3310538e237fd98b868249b3a6f8a9903ec6aadb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:31:7e:45:f8:c8:19:5e:fb:ce:1b:32:4a:86:
8b:69:c3:5a:76:42:71:29:3e:cd:69:ae:40:32:6d:
2f:f6:19:59:53:d6:7d:d4:7e:c6:6c:4d:d9:22:40:
11:5b:9f:e8:bc:ee:b4:bb:d3:36:55:a7:d3:ac:22:
27:d1:b6:fc:5c:65:81:d2:53:dd:d9:1d:28:f2:d4:
24:2d:00:3a:23:71:69:f6:a2:f0:15:d2:8f:18:42:
9a:24:c9:55:e2:b4:eb:8f:bd:59:74:8e:b3:36:b7:
cb:7c:95:90:93:de:fd:28:b9:1b:a5:58:26:22:0e:
1a:e0:8c:8c:f6:07:91:0f:65:4f:43:0b:3a:17:03:
b6:d8:e1:c2:bb:91:a5:a2:40:2e:44:16:b0:2e:7b:
3e:0b:8e:59:16:41:4f:d4:e2:9c:94:c6:44:89:c3:
dc:ea:89:53:e2:dd:4e:59:3b:c4:b8:ac:10:c3:8e:
8a:4c:d2:36:7d:0b:c3:f7:62:86:4e:9c:88:43:c4:
ab:f4:8f:3d:21:37:50:62:93:fd:d2:a4:79:33:9b:
b6:dd:31:64:2d:ff:f7:7d:f0:1e:3e:40:63:3b:5c:
77:f4:a8:cc:cd:8e:a2:5e:12:bf:f9:34:cf:5a:d9:
08:ba:25:23:74:e4:44:37:34:15:5c:fb:aa:d7:11:
92:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
33:10:53:8E:23:7F:D9:8B:86:82:49:B3:A6:F8:A9:90:3E:C6:AA:DB
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MxBTjiN_2YuGgkmzpvipkD7Gqts.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.13.200.0/21
31.13.242.0/23
87.121.8.0/21
87.121.24.0/22
87.121.65.0/24
87.121.152.0/21
94.156.20.0/22
94.156.194.0-94.156.199.255
94.156.208.0/21
94.156.244.0/24
Signature Algorithm: sha256WithRSAEncryption
0f:11:48:55:f9:c3:7b:c4:45:8b:7e:ff:86:c2:6f:48:7c:e1:
6c:e8:1b:3d:ba:63:ae:fc:42:9e:5f:00:ab:53:db:f1:b3:19:
35:ce:34:65:3d:cd:c6:fb:e5:b7:ae:77:48:59:d1:3f:18:cd:
2a:bb:4a:05:14:c6:22:7f:67:2d:f2:52:fb:09:c8:36:30:14:
ae:28:31:34:56:bc:cb:83:a0:8e:f7:a8:53:ee:40:bc:ed:48:
0a:13:41:ed:d8:aa:65:84:6c:4b:36:14:32:4f:0e:cd:b4:83:
4a:53:60:09:02:59:09:ec:2a:83:9f:f0:25:9b:5d:28:f5:c6:
be:a5:f0:18:3f:f4:4e:cc:f2:06:8c:bd:1f:46:2d:f5:55:97:
8e:a9:ba:d9:82:cc:fd:32:13:b8:d5:d7:93:bd:1c:c4:8f:8b:
88:28:55:ee:fa:93:14:b8:b6:1b:b7:f0:38:f9:cf:67:26:d5:
a5:a7:7e:d9:1b:56:ac:3f:15:2a:6c:78:4a:da:d9:22:95:ee:
f5:ba:14:a2:a5:5e:02:36:07:ee:b4:cc:0f:90:49:d8:00:f7:
1a:f5:48:49:db:65:2f:6c:84:54:94:7f:ae:63:da:78:46:af:
c0:a5:ce:b7:b9:c9:7f:66:4d:68:79:21:69:f7:d6:c0:c5:6c:
d1:9b:ed:07
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYzI3Nh/KcwZUa/KCRaNN/eYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMzEwNTM4ZTIzN2ZkOThiODY4MjQ5YjNhNmY4YTk5MDNlYzZhYWRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgTF+RfjIGV77zhsySoaLacNadkJx
KT7Naa5AMm0v9hlZU9Z91H7GbE3ZIkARW5/ovO60u9M2VafTrCIn0bb8XGWB0lPd
2R0o8tQkLQA6I3Fp9qLwFdKPGEKaJMlV4rTrj71ZdI6zNrfLfJWQk979KLkbpVgm
Ig4a4IyM9geRD2VPQws6FwO22OHCu5GlokAuRBawLns+C45ZFkFP1OKclMZEicPc
6olT4t1OWTvEuKwQw46KTNI2fQvD92KGTpyIQ8Sr9I89ITdQYpP90qR5M5u23TFk
Lf/3ffAePkBjO1x39KjMzY6iXhK/+TTPWtkIuiUjdORENzQVXPuq1xGSJwIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFDMQU44jf9mLhoJJs6b4qZA+xqrbMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTXhCVGppTl8yWXVHZ2ttenB2aXBrRDdHcXRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQDHw3IAwQB
Hw3yAwQDV3kIAwQCV3kYAwQAV3lBAwQDV3mYAwQCXpwUMAwDBAFenMIDBANenMAD
BANenNADBABenPQwDQYJKoZIhvcNAQELBQADggEBAA8RSFX5w3vERYt+/4bCb0h8
4WzoGz26Y678Qp5fAKtT2/GzGTXONGU9zcb75beud0hZ0T8YzSq7SgUUxiJ/Zy3y
UvsJyDYwFK4oMTRWvMuDoI73qFPuQLztSAoTQe3YqmWEbEs2FDJPDs20g0pTYAkC
WQnsKoOf8CWbXSj1xr6l8Bg/9E7M8gaMvR9GLfVVl46putmCzP0yE7jV15O9HMSP
i4goVe76kxS4thu38Dj5z2cm1aWnftkbVqw/FSpseEra2SKV7vW6FKKlXgI2B+60
zA+QSdgA9xr1SEnbZS9shFSUf65j2nhGr8Clzre5yX9mTWh5IWn31sDFbNGb7Qc=
-----END CERTIFICATE-----
Generated at Fri Jul 12 09:31:03 2024 by rpki-client on console-ams.rpki-client.org