Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OhIiEyprbE0Ti6bi3bv8pW1xTjM.roa
File: OhIiEyprbE0Ti6bi3bv8pW1xTjM.roa (raw, json)
Hash identifier: jclMI7KsbWx6ZX9gdgMG1xMagYwMsGJRdkcRdQhcHkk=
Subject key identifier: 3A:12:22:13:2A:6B:6C:4D:13:8B:A6:E2:DD:BB:FC:A5:6D:71:4E:33
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018AA87ABBEEBEA48EBEC6F5ADC025074A1C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OhIiEyprbE0Ti6bi3bv8pW1xTjM.roa
Signing time: Mon 18 Sep 2023 13:28:50 +0000
ROA not before: Mon 18 Sep 2023 13:28:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49217
IP address blocks: 212.115.41.0/24 maxlen: 24
45.84.222.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
45.88.89.0/24 maxlen: 24
178.215.237.0/24 maxlen: 24
193.42.34.0/24 maxlen: 24
94.156.176.0/24 maxlen: 24
87.120.33.0/24 maxlen: 24
194.48.249.0/24 maxlen: 24
185.226.173.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:a8:7a:bb:ee:be:a4:8e:be:c6:f5:ad:c0:25:07:4a:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Sep 18 13:28:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3a1222132a6b6c4d138ba6e2ddbbfca56d714e33
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:90:1d:18:85:a7:ac:06:72:da:0c:d3:4d:3c:
a4:77:6a:40:79:59:62:7a:42:fd:2e:d0:31:06:af:
3c:3f:b7:38:cc:f7:1e:b8:d7:3f:68:c3:b5:a3:96:
dd:c9:77:4f:9e:17:af:dd:6e:b4:2b:4b:7f:0a:2e:
24:a8:f0:a5:49:2d:8b:71:2d:c9:06:41:27:28:2b:
99:40:8c:3e:43:99:21:4f:9c:85:0e:ea:40:22:74:
44:3d:2d:2c:21:09:c7:93:e9:d3:5a:9c:08:4c:c8:
05:dd:ee:23:16:e3:7e:fe:38:c0:91:a5:69:c7:64:
91:73:f1:6a:4f:48:56:b8:41:30:93:8d:e2:56:5c:
c1:ae:3e:60:3c:89:47:9c:51:fb:62:b7:80:96:57:
09:b3:2e:5e:26:19:1d:43:a3:4e:52:b4:dd:cd:28:
8b:f5:d3:86:a5:9d:42:52:05:5e:3e:34:67:1a:fc:
ee:cf:c0:2d:ad:26:69:9e:55:18:01:64:2f:da:6d:
ea:31:27:23:c9:e8:f3:ba:20:db:2e:73:f3:28:ef:
87:13:87:43:f0:a6:7a:0f:93:20:39:20:33:9b:ce:
24:36:77:78:07:ca:51:e3:e4:7d:f2:f3:70:2b:d5:
23:16:16:3d:bc:8e:5b:2e:86:4f:c1:e2:b8:fa:79:
4d:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:12:22:13:2A:6B:6C:4D:13:8B:A6:E2:DD:BB:FC:A5:6D:71:4E:33
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OhIiEyprbE0Ti6bi3bv8pW1xTjM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.84.222.0/24
45.88.89.0/24
79.110.50.0/24
87.120.33.0/24
94.156.176.0/24
178.215.237.0/24
185.226.173.0/24
193.42.34.0/24
194.48.249.0/24
212.115.41.0/24
Signature Algorithm: sha256WithRSAEncryption
41:4f:e7:ff:e3:89:5a:ca:3d:2f:d6:ed:a2:3f:e0:3b:59:91:
74:17:20:97:c1:56:89:fd:a6:5b:5f:00:17:0c:c9:0b:e8:38:
f8:9e:f3:0e:74:26:04:75:9f:c8:31:02:a8:11:e5:80:33:fa:
79:0b:8c:ca:3d:6d:4a:e3:c8:d4:17:f5:68:7d:97:61:22:0f:
0d:4a:05:80:54:b1:6f:23:6b:fb:b9:c2:cb:e2:36:5a:b9:54:
d0:40:d3:54:ac:40:2f:37:14:63:d0:43:36:8c:43:e1:61:6d:
e2:dc:ad:06:f3:5a:59:d2:b9:dc:37:45:bf:d4:f3:1d:2c:c0:
e3:dd:e7:ec:3b:45:a8:94:4b:a6:1f:8b:ca:39:44:28:17:02:
af:c0:2b:84:cd:10:85:92:a7:ce:6c:c2:0f:fc:8d:aa:d0:06:
10:8c:cc:d9:4a:3f:6b:65:2f:81:89:8f:c3:00:d9:8b:40:3e:
71:00:6c:92:3b:d3:64:2d:3e:8f:e5:46:ca:b1:d9:13:98:96:
84:df:83:69:da:a6:cc:5f:1c:67:fe:0b:dd:6c:56:92:a9:0b:
b1:42:8a:9e:1b:52:f0:64:9c:eb:0e:1d:e2:c9:24:d0:6f:fa:
77:73:e4:66:fd:18:04:b1:0f:bb:c9:72:c5:8d:e7:39:6f:22:
61:d6:09:a1
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYqoervuvqSOvsb1rcAlB0ocMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTE4MTMyODUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTEyMjIxMzJhNmI2YzRkMTM4YmE2ZTJkZGJiZmNhNTZkNzE0ZTMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg5AdGIWnrAZy2gzTTTykd2pAeVli
ekL9LtAxBq88P7c4zPceuNc/aMO1o5bdyXdPnhev3W60K0t/Ci4kqPClSS2LcS3J
BkEnKCuZQIw+Q5khT5yFDupAInREPS0sIQnHk+nTWpwITMgF3e4jFuN+/jjAkaVp
x2SRc/FqT0hWuEEwk43iVlzBrj5gPIlHnFH7YreAllcJsy5eJhkdQ6NOUrTdzSiL
9dOGpZ1CUgVePjRnGvzuz8AtrSZpnlUYAWQv2m3qMScjyejzuiDbLnPzKO+HE4dD
8KZ6D5MgOSAzm84kNnd4B8pR4+R98vNwK9UjFhY9vI5bLoZPweK4+nlNMQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFDoSIhMqa2xNE4um4t27/KVtcU4zMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvT2hJaUV5cHJiRTBUaTZiaTNidjhwVzF4VGpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALVTeAwQA
LVhZAwQAT24yAwQAV3ghAwQAXpywAwQAstftAwQAueKtAwQAwSoiAwQAwjD5AwQA
1HMpMA0GCSqGSIb3DQEBCwUAA4IBAQBBT+f/44layj0v1u2iP+A7WZF0FyCXwVaJ
/aZbXwAXDMkL6Dj4nvMOdCYEdZ/IMQKoEeWAM/p5C4zKPW1K48jUF/VofZdhIg8N
SgWAVLFvI2v7ucLL4jZauVTQQNNUrEAvNxRj0EM2jEPhYW3i3K0G81pZ0rncN0W/
1PMdLMDj3efsO0WolEumH4vKOUQoFwKvwCuEzRCFkqfObMIP/I2q0AYQjMzZSj9r
ZS+BiY/DANmLQD5xAGySO9NkLT6P5UbKsdkTmJaE34Np2qbMXxxn/gvdbFaSqQux
QoqeG1LwZJzrDh3iySTQb/p3c+Rm/RgEsQ+7yXLFjec5byJh1gmh
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:32 2024 by rpki-client on console-ams.rpki-client.org