Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/P70hLpYTUdG1S4VOF3ohgxmZbMc.roa
File: P70hLpYTUdG1S4VOF3ohgxmZbMc.roa (raw, json)
Hash identifier: oJeLZ9QSFULpvZZgd/FSNeT9w/5ZHX195YZYzzw+t78=
Subject key identifier: 3F:BD:21:2E:96:13:51:D1:B5:4B:85:4E:17:7A:21:83:19:99:6C:C7
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01856D81D07C739049A60A03A0E068BB87FA
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/P70hLpYTUdG1S4VOF3ohgxmZbMc.roa
Signing time: Sun 01 Jan 2023 13:25:01 +0000
ROA not before: Sun 01 Jan 2023 13:25:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 87.121.124.0/23 maxlen: 24
164.40.185.0/24 maxlen: 24
185.218.137.0/24 maxlen: 24
185.252.176.0/24 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
194.48.248.0/24 maxlen: 24
185.219.126.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:81:d0:7c:73:90:49:a6:0a:03:a0:e0:68:bb:87:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 1 13:25:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3fbd212e961351d1b54b854e177a218319996cc7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:ee:ca:7a:f7:84:54:69:54:94:c6:f5:87:11:
1b:1d:24:d3:6e:1d:97:6c:2d:f7:35:7e:5e:57:95:
a8:00:ac:66:89:e0:30:32:49:f3:02:11:60:3c:a9:
43:82:bf:d9:d6:ce:90:99:a5:96:c7:4e:6f:48:24:
79:43:c7:5c:17:16:41:23:73:3e:30:13:ad:56:65:
dc:ce:59:38:dc:ad:b1:af:37:c5:dc:d6:83:4d:c7:
10:82:91:54:7c:5c:bf:61:7c:76:ac:06:34:a8:25:
fd:84:3d:b3:fc:82:41:93:77:e8:3d:d3:d1:4d:71:
ae:4b:7a:58:00:d2:14:11:fa:08:4e:06:96:9d:7b:
b2:07:4a:d2:34:60:22:91:fd:be:19:60:f1:d2:ca:
14:22:c0:8e:25:e4:71:a0:5b:33:a3:24:1e:1d:30:
a7:22:2a:ce:02:54:a5:f4:71:49:5d:6c:15:65:4e:
91:8f:5a:7b:0b:a3:c2:06:ec:67:1f:f3:4c:ae:ad:
45:c8:4d:57:d9:58:72:e5:0f:56:c1:29:62:dc:a5:
67:5c:9f:ba:11:07:02:c1:5c:f5:e0:3f:13:c2:99:
60:b1:97:82:ce:ac:01:71:5e:d5:74:9a:1c:e8:b9:
55:4c:0d:58:f6:c3:00:fa:87:b5:6f:70:20:9a:fc:
98:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:BD:21:2E:96:13:51:D1:B5:4B:85:4E:17:7A:21:83:19:99:6C:C7
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/P70hLpYTUdG1S4VOF3ohgxmZbMc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.121.124.0/23
94.154.161.0-94.154.163.255
164.40.185.0/24
185.218.137.0/24
185.219.126.0/24
185.252.176.0/24
194.48.248.0/24
Signature Algorithm: sha256WithRSAEncryption
b3:b1:de:57:d5:56:b5:e8:61:ba:d9:b6:a5:f6:96:4f:c9:92:
b5:17:4b:74:16:fd:92:42:3d:04:56:b7:8f:74:d8:f1:b3:76:
a2:81:8d:f7:fe:50:3f:06:81:5e:20:10:71:9a:59:e8:39:3c:
93:79:32:e7:c9:25:7d:0d:cd:fc:e0:20:87:2a:e0:b0:7c:ed:
71:26:1b:31:e9:a6:98:a5:0c:86:a2:7b:d7:48:eb:51:25:c4:
3d:8e:89:5d:cb:7d:bb:2c:43:b5:ee:35:6f:ce:f2:67:12:53:
c9:f7:56:20:61:e4:c3:45:20:12:8d:45:2e:ba:48:43:f2:97:
81:fc:13:8a:e7:f6:37:fd:68:09:96:5b:c4:a2:2c:d8:52:d7:
89:cb:69:f2:f8:8a:00:77:64:69:2a:b0:3f:9a:44:37:0f:59:
ed:01:f8:82:bb:cd:19:bf:72:2c:de:4d:50:61:8e:76:5e:87:
a8:31:1d:58:2f:50:de:38:57:e6:d9:0e:bc:fb:fc:57:4f:85:
b3:29:6e:e9:e3:34:7b:3b:ac:c2:df:65:c0:10:de:b2:ef:31:
9e:f1:3e:7e:58:de:5a:f0:f2:d9:30:20:9a:36:7d:6a:b9:58:
0b:e6:be:fd:7f:3f:8a:f3:47:f7:65:1e:b4:c5:ef:bc:45:b0:
3e:3c:f9:73
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYVtgdB8c5BJpgoDoOBou4f6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTAxMTMyNTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmJkMjEyZTk2MTM1MWQxYjU0Yjg1NGUxNzdhMjE4MzE5OTk2Y2M3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+7KeveEVGlUlMb1hxEbHSTTbh2X
bC33NX5eV5WoAKxmieAwMknzAhFgPKlDgr/Z1s6QmaWWx05vSCR5Q8dcFxZBI3M+
MBOtVmXczlk43K2xrzfF3NaDTccQgpFUfFy/YXx2rAY0qCX9hD2z/IJBk3foPdPR
TXGuS3pYANIUEfoITgaWnXuyB0rSNGAikf2+GWDx0soUIsCOJeRxoFszoyQeHTCn
IirOAlSl9HFJXWwVZU6Rj1p7C6PCBuxnH/NMrq1FyE1X2Vhy5Q9WwSli3KVnXJ+6
EQcCwVz14D8TwplgsZeCzqwBcV7VdJoc6LlVTA1Y9sMA+oe1b3AgmvyYowIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFD+9IS6WE1HRtUuFThd6IYMZmWzHMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUDcwaExwWVRVZEcxUzRWT0Yzb2hneG1aYk1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQBV3l8MAwD
BABemqEDBAJemqADBACkKLkDBAC52okDBAC5234DBAC5/LADBADCMPgwDQYJKoZI
hvcNAQELBQADggEBALOx3lfVVrXoYbrZtqX2lk/JkrUXS3QW/ZJCPQRWt4902PGz
dqKBjff+UD8GgV4gEHGaWeg5PJN5MufJJX0NzfzgIIcq4LB87XEmGzHpppilDIai
e9dI61ElxD2OiV3LfbssQ7XuNW/O8mcSU8n3ViBh5MNFIBKNRS66SEPyl4H8E4rn
9jf9aAmWW8SiLNhS14nLafL4igB3ZGkqsD+aRDcPWe0B+IK7zRm/cizeTVBhjnZe
h6gxHVgvUN44V+bZDrz7/FdPhbMpbunjNHs7rMLfZcAQ3rLvMZ7xPn5Y3lrw8tkw
IJo2fWq5WAvmvv1/P4rzR/dlHrTF77xFsD48+XM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:32 2024 by rpki-client on console-ams.rpki-client.org