Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QFyIkEKZVSZt6hpIJJOiqFo_BUg.roa
File: QFyIkEKZVSZt6hpIJJOiqFo_BUg.roa (raw, json)
Hash identifier: 61lX7sxEQrz3iejqQ/AeBKdz5iaZuQk+9tZFJuiNoJg=
Subject key identifier: 40:5C:88:90:42:99:55:26:6D:EA:1A:48:24:93:A2:A8:5A:3F:05:48
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 1E563850
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QFyIkEKZVSZt6hpIJJOiqFo_BUg.roa
Signing time: Tue 10 May 2022 14:09:53 +0000
ROA not before: Tue 10 May 2022 14:09:53 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 397423
IP address blocks: 84.54.48.0/22 maxlen: 24
194.180.48.0/23 maxlen: 24
176.125.252.0/22 maxlen: 24
193.25.216.0/22 maxlen: 24
87.121.220.0/23 maxlen: 24
109.206.240.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 508966992 (0x1e563850)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 10 14:09:53 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=405c8890429955266dea1a482493a2a85a3f0548
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:dd:c0:c7:58:f0:f4:76:98:4d:ec:22:0c:71:
74:24:3d:21:85:dd:9e:c6:b6:ce:21:88:b7:7b:26:
6b:c9:90:d9:20:61:59:1b:61:f7:a8:95:27:a7:49:
69:b8:4d:99:62:55:5a:65:50:f0:aa:12:45:db:d5:
c8:3e:80:07:bd:c2:98:a7:64:49:4d:19:c4:2e:f9:
a9:4b:67:0f:78:81:ca:70:4c:9e:72:b9:ee:36:93:
eb:b0:a9:9c:3e:e3:0c:90:52:6c:74:62:79:5e:91:
59:4e:c5:01:1b:cc:31:65:04:7f:5b:71:00:81:42:
2c:eb:c5:94:0f:99:2e:c2:22:43:05:c8:31:3b:ae:
12:ed:c7:13:e9:8d:10:58:80:2e:af:95:25:86:8b:
4b:f6:84:f4:17:9a:6e:7e:96:a5:b3:8c:5f:eb:fb:
fb:43:1e:30:7f:4e:5d:5a:33:28:55:0b:26:b6:3d:
43:ca:35:39:d7:7a:a0:9d:f0:92:33:12:cd:29:c1:
db:ed:8a:e0:33:e1:66:58:3f:c6:80:73:3a:44:68:
98:bb:f0:2b:98:a1:20:0b:21:54:96:b3:fd:56:73:
7e:b9:bd:1f:87:ef:39:de:73:5a:a7:36:dc:ef:86:
49:42:8d:8f:db:34:ca:aa:b8:7b:6d:e7:13:64:cf:
91:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
40:5C:88:90:42:99:55:26:6D:EA:1A:48:24:93:A2:A8:5A:3F:05:48
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QFyIkEKZVSZt6hpIJJOiqFo_BUg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.54.48.0/22
87.121.220.0/23
109.206.240.0/22
176.125.252.0/22
193.25.216.0/22
194.180.48.0/23
Signature Algorithm: sha256WithRSAEncryption
4e:4f:37:a6:ae:e3:dd:e0:98:26:39:13:99:3b:ba:3b:52:ba:
5d:55:27:28:22:06:9b:4b:2d:05:87:28:20:bb:a9:63:6b:04:
ca:ac:ab:96:29:f6:2f:96:34:cb:ad:f7:25:23:f0:8b:c9:02:
a7:ab:bc:16:fc:5b:19:29:e4:af:a1:9a:08:e5:70:e6:de:d8:
ca:d5:3b:85:9f:09:ea:ea:32:f4:10:cd:f4:3c:6a:5a:0e:82:
95:b3:e1:26:9f:c5:e5:29:d5:07:c1:5f:e3:4b:58:df:06:49:
7b:ee:ba:8a:d5:50:37:56:a1:e9:0e:ba:27:46:e9:ae:c1:a2:
aa:fd:6c:0c:41:78:c6:10:4f:44:62:81:62:5d:96:38:5f:8b:
63:1e:e3:ca:3f:61:eb:dc:75:d6:93:40:0f:9b:ad:89:d7:4b:
a4:54:cf:18:23:58:0d:a7:de:0a:5b:3e:cc:17:e0:17:3e:6c:
5f:69:14:d3:d1:d8:92:7e:9a:6b:1d:4f:58:03:ba:47:02:65:
af:2a:64:09:f0:b0:ff:d3:0e:13:9a:06:5a:a1:81:6b:bb:7d:
31:ac:98:c6:31:a3:64:1c:3d:ce:0a:12:58:91:7d:44:89:50:
57:4b:65:0b:84:3b:5e:d1:8a:9d:c7:61:40:2c:9b:33:37:7c:
7c:10:d2:e2
-----BEGIN CERTIFICATE-----
MIIFDTCCA/WgAwIBAgIEHlY4UDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDUx
MDE0MDk1M1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNDA1Yzg4OTA0Mjk5
NTUyNjZkZWExYTQ4MjQ5M2EyYTg1YTNmMDU0ODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKzdwMdY8PR2mE3sIgxxdCQ9IYXdnsa2ziGIt3sma8mQ2SBh
WRth96iVJ6dJabhNmWJVWmVQ8KoSRdvVyD6AB73CmKdkSU0ZxC75qUtnD3iBynBM
nnK57jaT67CpnD7jDJBSbHRieV6RWU7FARvMMWUEf1txAIFCLOvFlA+ZLsIiQwXI
MTuuEu3HE+mNEFiALq+VJYaLS/aE9Beabn6WpbOMX+v7+0MeMH9OXVozKFULJrY9
Q8o1Odd6oJ3wkjMSzSnB2+2K4DPhZlg/xoBzOkRomLvwK5ihIAshVJaz/VZzfrm9
H4fvOd5zWqc23O+GSUKNj9s0yqq4e23nE2TPkXECAwEAAaOCAicwggIjMB0GA1Ud
DgQWBBRAXIiQQplVJm3qGkgkk6KoWj8FSDAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L1FGeUlrRUtaVlNadDZocElKSk9pcUZvX0JVZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA9
BggrBgEFBQcBBwEB/wQuMCwwKgQCAAEwJAMEAlQ2MAMEAVd53AMEAm3O8AMEArB9
/AMEAsEZ2AMEAcK0MDANBgkqhkiG9w0BAQsFAAOCAQEATk83pq7j3eCYJjkTmTu6
O1K6XVUnKCIGm0stBYcoILupY2sEyqyrlin2L5Y0y633JSPwi8kCp6u8FvxbGSnk
r6GaCOVw5t7YytU7hZ8J6uoy9BDN9DxqWg6ClbPhJp/F5SnVB8Ff40tY3wZJe+66
itVQN1ah6Q66J0bprsGiqv1sDEF4xhBPRGKBYl2WOF+LYx7jyj9h69x11pNAD5ut
iddLpFTPGCNYDafeCls+zBfgFz5sX2kU09HYkn6aax1PWAO6RwJlrypkCfCw/9MO
E5oGWqGBa7t9MayYxjGjZBw9zgoSWJF9RIlQV0tlC4Q7XtGKncdhQCybMzd8fBDS
4g==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:36 2023 by rpki-client on console-ams.rpki-client.org