Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/SMr56f8LFGX3MdqXXG2TDA3PkwM.roa
File: SMr56f8LFGX3MdqXXG2TDA3PkwM.roa (raw, json)
Hash identifier: IR8Iee+r1b3rgI+vgvXdyY0MSznlsD0s9GxDdXya1Cw=
Subject key identifier: 48:CA:F9:E9:FF:0B:14:65:F7:31:DA:97:5C:6D:93:0C:0D:CF:93:03
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018CC8DCDB1BE132FE101475523E4205B3AD
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/SMr56f8LFGX3MdqXXG2TDA3PkwM.roa
Signing time: Tue 02 Jan 2024 06:29:26 +0000
ROA not before: Tue 02 Jan 2024 06:29:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 31490
IP address blocks: 87.120.66.0/24 maxlen: 24
85.217.188.0/24 maxlen: 24
93.123.23.0/24 maxlen: 24
2a00:1728:20::/48 maxlen: 48
2a00:1728:20:100::/56 maxlen: 56
2a00:1728:33::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:dc:db:1b:e1:32:fe:10:14:75:52:3e:42:05:b3:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 2 06:29:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=48caf9e9ff0b1465f731da975c6d930c0dcf9303
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e4:34:aa:96:12:0f:86:be:ce:79:36:c6:5a:76:
c3:ef:64:40:81:a0:cd:8d:00:9c:50:4d:b1:96:8b:
b8:ed:57:bd:1a:90:a3:30:0b:83:69:d4:35:51:e5:
de:e9:f1:a4:f0:24:cb:52:fb:d0:0b:cd:9d:47:64:
ab:84:f5:7f:11:09:a5:03:2a:d8:f9:72:bc:a8:a7:
da:03:dc:4d:a6:89:f1:88:9c:f0:c8:3b:ce:87:d7:
e7:fd:8a:e4:78:da:76:96:42:47:bc:4e:ca:ad:24:
29:3e:f1:25:fa:55:79:a5:3a:d3:dc:67:7e:63:07:
ac:38:4a:7e:11:1c:97:db:01:ae:1b:d3:06:a2:0c:
3f:e7:1f:cd:2a:2f:00:2d:58:24:05:96:05:8d:db:
ef:5f:69:74:04:d0:1a:4a:1f:3a:50:ef:74:a3:ca:
5c:df:2d:fb:75:65:1b:d0:a9:18:46:10:86:f3:e3:
cc:ff:e1:73:95:8c:9f:ad:da:e4:23:52:4b:73:38:
19:b0:eb:a7:15:b1:a7:cd:46:b9:6e:61:67:61:97:
9d:31:dd:dc:88:e3:4a:96:09:3c:ab:10:2b:15:55:
e1:4f:a0:1e:11:0d:d7:9c:46:22:25:81:db:b4:c3:
7b:f4:a8:3c:6f:f9:5e:f4:7a:2e:2b:61:b6:a9:37:
28:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
48:CA:F9:E9:FF:0B:14:65:F7:31:DA:97:5C:6D:93:0C:0D:CF:93:03
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/SMr56f8LFGX3MdqXXG2TDA3PkwM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.217.188.0/24
87.120.66.0/24
93.123.23.0/24
IPv6:
2a00:1728:20::/48
2a00:1728:33::/48
Signature Algorithm: sha256WithRSAEncryption
04:f8:61:71:f7:48:43:ee:df:54:a4:b1:a1:87:f8:a3:6d:c6:
07:36:4b:f8:fc:11:b7:9e:0f:a7:f5:32:2d:e9:f5:34:cd:4d:
e0:73:42:b7:55:2e:22:0e:d6:b8:d9:27:10:36:10:c8:40:a7:
b4:b4:89:bc:97:a1:24:67:85:ee:14:7f:bb:bb:ce:55:dd:8b:
da:45:6e:8d:12:e3:96:95:2a:08:99:44:6d:cb:d5:40:de:b2:
0f:80:e1:4e:fe:a2:cb:60:c2:4b:17:e4:74:40:33:b3:e4:28:
2a:c9:93:d8:ec:88:cb:70:c0:49:2f:55:4a:98:a2:65:65:e4:
25:4a:9c:a6:cd:26:1e:02:1d:89:89:0b:f8:08:31:14:61:83:
55:9b:35:f3:9b:98:5f:b4:e3:36:ce:f7:f4:87:bd:fa:b5:69:
c2:f5:e1:8c:41:0c:93:07:fe:cf:9f:fb:9b:8c:b5:74:08:bd:
08:b0:6e:3a:50:32:ef:b2:3b:11:54:6b:c1:a4:7b:48:65:e7:
2a:8e:8a:20:33:b2:81:33:d1:3b:4c:ff:cd:9f:c8:6c:c5:5a:
ba:cb:63:c9:60:a0:41:39:d2:f8:95:82:eb:95:db:5c:d6:1d:
ee:03:e1:41:a3:93:5d:8c:22:78:b9:2d:c5:8d:fc:09:6e:75:
1c:6b:8c:dc
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYzI3Nsb4TL+EBR1Uj5CBbOtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAyMDYyOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OGNhZjllOWZmMGIxNDY1ZjczMWRhOTc1YzZkOTMwYzBkY2Y5MzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5DSqlhIPhr7OeTbGWnbD72RAgaDN
jQCcUE2xlou47Ve9GpCjMAuDadQ1UeXe6fGk8CTLUvvQC82dR2SrhPV/EQmlAyrY
+XK8qKfaA9xNponxiJzwyDvOh9fn/YrkeNp2lkJHvE7KrSQpPvEl+lV5pTrT3Gd+
YwesOEp+ERyX2wGuG9MGogw/5x/NKi8ALVgkBZYFjdvvX2l0BNAaSh86UO90o8pc
3y37dWUb0KkYRhCG8+PM/+FzlYyfrdrkI1JLczgZsOunFbGnzUa5bmFnYZedMd3c
iONKlgk8qxArFVXhT6AeEQ3XnEYiJYHbtMN79Kg8b/le9HouK2G2qTcoiQIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFEjK+en/CxRl9zHal1xtkwwNz5MDMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvU01yNTZmOExGR1gzTWRxWFhHMlREQTNQa3dNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAYBAIAATASAwQAVdm8AwQA
V3hCAwQAXXsXMBgEAgACMBIDBwAqABcoACADBwAqABcoADMwDQYJKoZIhvcNAQEL
BQADggEBAAT4YXH3SEPu31SksaGH+KNtxgc2S/j8EbeeD6f1Mi3p9TTNTeBzQrdV
LiIO1rjZJxA2EMhAp7S0ibyXoSRnhe4Uf7u7zlXdi9pFbo0S45aVKgiZRG3L1UDe
sg+A4U7+ostgwksX5HRAM7PkKCrJk9jsiMtwwEkvVUqYomVl5CVKnKbNJh4CHYmJ
C/gIMRRhg1WbNfObmF+04zbO9/SHvfq1acL14YxBDJMH/s+f+5uMtXQIvQiwbjpQ
Mu+yOxFUa8Gke0hl5yqOiiAzsoEz0TtM/82fyGzFWrrLY8lgoEE50viVguuV21zW
He4D4UGjk12MIni5LcWN/AludRxrjNw=
-----END CERTIFICATE-----
Generated at Thu Jul 18 09:18:59 2024 by rpki-client on console-fra.rpki-client.org