Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Op7qX61DW9VLnVd1MUkahIgfumU.roa
File: Op7qX61DW9VLnVd1MUkahIgfumU.roa (raw, json)
Hash identifier: HQOplCl3nSM4QMbFi/SEodnVed3mJWY3pdJxrce7gM4=
Subject key identifier: 3A:9E:EA:5F:AD:43:5B:D5:4B:9D:57:75:31:49:1A:84:88:1F:BA:65
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 1D192FD4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Op7qX61DW9VLnVd1MUkahIgfumU.roa
Signing time: Thu 10 Feb 2022 09:51:34 +0000
ROA not before: Thu 10 Feb 2022 09:51:34 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 29030
IP address blocks: 94.156.16.0/22 maxlen: 22
94.156.20.0/22 maxlen: 22
87.121.152.0/21 maxlen: 21
31.13.200.0/21 maxlen: 21
94.156.244.0/24 maxlen: 24
87.121.66.0/23 maxlen: 23
87.121.65.0/24 maxlen: 24
94.156.199.0/24 maxlen: 24
94.156.197.0/24 maxlen: 24
94.156.195.0/24 maxlen: 24
94.156.196.0/24 maxlen: 24
94.156.198.0/24 maxlen: 24
94.156.194.0/24 maxlen: 24
94.156.208.0/21 maxlen: 21
87.121.24.0/22 maxlen: 24
31.13.242.0/23 maxlen: 23
87.121.8.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 488189908 (0x1d192fd4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 10 09:51:34 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3a9eea5fad435bd54b9d577531491a84881fba65
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:77:30:61:bd:09:f1:07:7b:71:66:c0:a7:b4:
39:63:fa:17:6a:ae:81:2c:6d:5f:d3:4b:d7:bb:0c:
54:1a:e9:37:a0:43:a0:00:c1:f5:69:95:b8:b7:ea:
a5:51:aa:59:ba:c8:7c:3e:5a:43:a4:e9:f1:89:10:
fd:28:e0:b3:4c:89:97:42:f3:5c:3a:8f:e3:8a:82:
bb:3f:9f:fc:b0:f1:e2:9b:66:3d:1a:75:d3:d6:d3:
96:48:93:27:8c:79:e6:8b:71:2e:bc:64:af:f3:67:
45:56:fd:f9:f7:40:d5:4d:9b:d5:4f:e2:6c:dd:d2:
68:66:a9:28:81:84:d1:1f:c9:19:10:93:c1:17:ac:
23:1b:a0:2a:a7:9d:1b:44:a4:7a:b9:2d:34:05:52:
ff:f5:74:d2:43:41:42:c0:80:02:56:3a:90:79:c1:
e5:8e:08:93:9d:51:7b:f3:47:29:74:64:24:62:f7:
26:a5:0a:52:71:eb:24:71:a2:c4:4b:14:67:30:64:
f5:82:15:65:0e:c1:df:9e:db:14:c8:0f:f0:9d:95:
00:18:63:ac:f8:fe:27:f4:c0:f4:6b:e6:8c:cc:a9:
9b:f0:8f:89:27:ed:91:28:45:d5:53:4d:b6:4f:9e:
f4:21:33:0c:7b:92:e9:77:f4:a8:fd:8d:d1:9b:30:
7f:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:9E:EA:5F:AD:43:5B:D5:4B:9D:57:75:31:49:1A:84:88:1F:BA:65
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Op7qX61DW9VLnVd1MUkahIgfumU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.13.200.0/21
31.13.242.0/23
87.121.8.0/21
87.121.24.0/22
87.121.65.0-87.121.67.255
87.121.152.0/21
94.156.16.0/21
94.156.194.0-94.156.199.255
94.156.208.0/21
94.156.244.0/24
Signature Algorithm: sha256WithRSAEncryption
72:72:42:e1:37:cf:c1:a4:73:60:84:9a:40:44:93:94:2b:e4:
63:38:11:df:87:ec:f9:62:33:96:85:00:73:5a:78:92:bd:c3:
d5:6d:f7:de:c0:28:ce:40:b4:6e:f8:17:4e:9d:0a:7b:82:dd:
59:ef:fc:53:ce:43:ba:35:ce:b6:c3:f6:c5:67:3c:82:12:47:
30:a4:62:cf:d9:81:d0:36:84:4f:a2:dc:5c:0f:79:2a:a3:3c:
a3:34:cd:3e:2b:79:ac:96:0d:05:08:b5:85:f7:92:84:16:cb:
93:fc:eb:ff:dd:4e:fa:b2:63:41:00:bc:8d:03:d7:5c:7e:96:
f4:1b:64:be:55:e0:cf:ee:10:89:15:32:64:d1:bb:8c:e3:00:
cf:ca:67:6c:d1:0c:44:4a:c7:15:01:f4:73:a8:9c:1d:e7:ab:
5d:18:16:f6:3c:f0:07:34:ce:39:b0:29:2b:c8:7e:e9:2e:dc:
57:4f:ff:41:2d:a4:d5:d2:b0:35:47:8b:4e:23:b3:8b:1d:76:
db:0d:e7:32:67:ae:69:58:d5:f0:83:57:f9:84:91:a6:5d:e2:
e8:4b:f8:57:f0:c0:a2:75:77:d0:44:6f:e7:af:00:96:e5:8e:
a2:c0:df:8e:40:36:14:24:bd:74:81:86:b0:48:7f:9b:82:14:
bd:bf:15:81
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIEHRkv1DANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDIx
MDA5NTEzNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoM2E5ZWVhNWZhZDQz
NWJkNTRiOWQ1Nzc1MzE0OTFhODQ4ODFmYmE2NTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJV3MGG9CfEHe3FmwKe0OWP6F2qugSxtX9NL17sMVBrpN6BD
oADB9WmVuLfqpVGqWbrIfD5aQ6Tp8YkQ/Sjgs0yJl0LzXDqP44qCuz+f/LDx4ptm
PRp109bTlkiTJ4x55otxLrxkr/NnRVb9+fdA1U2b1U/ibN3SaGapKIGE0R/JGRCT
wResIxugKqedG0SkerktNAVS//V00kNBQsCAAlY6kHnB5Y4Ik51Re/NHKXRkJGL3
JqUKUnHrJHGixEsUZzBk9YIVZQ7B357bFMgP8J2VABhjrPj+J/TA9GvmjMypm/CP
iSftkShF1VNNtk+e9CEzDHuS6Xf0qP2N0ZswfxUCAwEAAaOCAk8wggJLMB0GA1Ud
DgQWBBQ6nupfrUNb1UudV3UxSRqEiB+6ZTAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L09wN3FYNjFEVzlWTG5WZDFNVWthaElnZnVtVS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBl
BggrBgEFBQcBBwEB/wRWMFQwUgQCAAEwTAMEAx8NyAMEAR8N8gMEA1d5CAMEAld5
GDAMAwQAV3lBAwQCV3lAAwQDV3mYAwQDXpwQMAwDBAFenMIDBANenMADBANenNAD
BABenPQwDQYJKoZIhvcNAQELBQADggEBAHJyQuE3z8Gkc2CEmkBEk5Qr5GM4Ed+H
7PliM5aFAHNaeJK9w9Vt997AKM5AtG74F06dCnuC3Vnv/FPOQ7o1zrbD9sVnPIIS
RzCkYs/ZgdA2hE+i3FwPeSqjPKM0zT4reayWDQUItYX3koQWy5P86//dTvqyY0EA
vI0D11x+lvQbZL5V4M/uEIkVMmTRu4zjAM/KZ2zRDERKxxUB9HOonB3nq10YFvY8
8Ac0zjmwKSvIfuku3FdP/0EtpNXSsDVHi04js4sddtsN5zJnrmlY1fCDV/mEkaZd
4uhL+FfwwKJ1d9BEb+evAJbljqLA345ANhQkvXSBhrBIf5uCFL2/FYE=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:42:42 2023 by rpki-client on console-fra.rpki-client.org