Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TvxUr1JWVjedHx9rinMW6RACWLs.roa
File: TvxUr1JWVjedHx9rinMW6RACWLs.roa (raw, json)
Hash identifier: ncQil97TNB0rafPK+0dehs/YJrsB4JuFIHlFILWLuL0=
Subject key identifier: 4E:FC:54:AF:52:56:56:37:9D:1F:1F:6B:8A:73:16:E9:10:02:58:BB
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018C57B4417975E3B76AEC41A76C652A3B1C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TvxUr1JWVjedHx9rinMW6RACWLs.roa
Signing time: Mon 11 Dec 2023 07:08:00 +0000
ROA not before: Mon 11 Dec 2023 07:08:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200105
IP address blocks: 87.121.124.0/23 maxlen: 24
91.200.192.0/22 maxlen: 24
45.129.84.0/24 maxlen: 24
45.129.86.0/24 maxlen: 24
147.78.100.0/23 maxlen: 24
94.154.172.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:57:b4:41:79:75:e3:b7:6a:ec:41:a7:6c:65:2a:3b:1c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Dec 11 07:08:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4efc54af525656379d1f1f6b8a7316e9100258bb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:04:ff:e3:e9:0c:ea:b7:cc:3c:bd:c6:fd:18:
82:70:3b:88:c5:e3:90:e0:03:5f:40:e1:b2:b8:a4:
eb:c0:d3:81:4a:8d:c5:3c:eb:e8:f4:f6:c9:31:49:
ce:c5:97:40:f9:19:42:75:fd:e3:43:ad:66:ee:12:
9c:24:df:9d:03:0c:7f:93:6e:96:2c:25:e1:b6:67:
25:4c:b8:2b:71:f3:aa:01:73:76:98:ee:7f:5e:aa:
d0:94:83:85:ba:a9:b7:92:22:0e:4d:cf:8f:3c:c9:
2f:88:98:72:4d:bd:cf:fd:ec:ec:ca:be:48:14:d9:
1d:4f:15:69:b6:22:2b:53:31:bb:59:ad:53:a5:aa:
95:a5:f9:27:28:c9:23:d0:0d:ab:69:71:03:76:32:
c5:de:d3:b5:f2:e4:d9:d7:85:2e:5d:5f:9c:40:ea:
41:c8:7c:25:33:4e:bc:0b:c7:eb:49:b5:3c:4d:b8:
49:bf:f6:a1:b0:b6:d2:c2:f3:da:ed:d1:73:11:06:
a8:72:a6:5c:80:1f:8f:21:f4:c0:e7:9d:36:1f:e9:
50:e1:6a:63:9b:3b:1e:ef:0b:e6:10:a3:0e:59:24:
59:5c:5b:e0:9a:ee:b0:a8:d1:35:6a:7e:53:88:1e:
d2:0c:a6:8e:1d:58:2d:b9:23:0f:9b:2e:ef:1a:20:
eb:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:FC:54:AF:52:56:56:37:9D:1F:1F:6B:8A:73:16:E9:10:02:58:BB
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TvxUr1JWVjedHx9rinMW6RACWLs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.129.84.0/24
45.129.86.0/24
87.121.124.0/23
91.200.192.0/22
94.154.172.0/24
147.78.100.0/23
Signature Algorithm: sha256WithRSAEncryption
17:e4:01:ad:d5:a4:84:fa:ea:7c:cd:d5:b0:23:0e:e4:dc:0b:
bb:2a:b8:d5:a0:b7:4b:ce:74:e2:ed:1b:0b:be:9f:e4:db:4c:
ae:cd:38:0e:f2:71:e1:12:77:8e:db:c9:dd:be:57:47:93:36:
ad:6b:d5:1c:d4:e1:2f:48:9b:5c:a3:a4:b0:62:6c:e2:e8:f7:
5e:b2:1c:e3:b0:f1:48:3c:bc:e0:60:e0:2b:0f:ef:99:aa:64:
09:8b:2a:f1:b6:8a:3d:e0:83:3b:86:c5:a1:52:5d:fe:a9:bf:
b9:88:a7:0c:32:72:65:e1:06:48:56:20:7f:c0:20:68:07:5b:
24:02:37:0e:03:f3:40:55:fb:39:6a:73:8c:85:de:25:99:33:
b7:8a:9f:ac:bb:bf:d9:b3:b0:f2:50:bb:fd:97:49:83:a0:2e:
64:fc:0c:12:d8:6a:db:c0:34:53:1c:3d:a6:63:1d:98:b0:fa:
a5:c8:1c:15:b7:fb:7b:04:b7:4d:e5:28:5b:76:3b:a3:29:af:
07:c9:fe:55:37:24:d4:ce:09:91:6e:92:ec:21:4d:5d:57:aa:
06:60:a9:37:f7:eb:cd:9b:f2:7b:0c:60:bd:7e:29:c4:cf:65:
4e:0d:08:58:95:5e:9c:a3:c6:0d:bd:c9:79:bb:9e:29:62:6a:
d5:d3:d2:ac
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYxXtEF5deO3auxBp2xlKjscMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMjExMDcwODAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWZjNTRhZjUyNTY1NjM3OWQxZjFmNmI4YTczMTZlOTEwMDI1OGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApQT/4+kM6rfMPL3G/RiCcDuIxeOQ
4ANfQOGyuKTrwNOBSo3FPOvo9PbJMUnOxZdA+RlCdf3jQ61m7hKcJN+dAwx/k26W
LCXhtmclTLgrcfOqAXN2mO5/XqrQlIOFuqm3kiIOTc+PPMkviJhyTb3P/ezsyr5I
FNkdTxVptiIrUzG7Wa1TpaqVpfknKMkj0A2raXEDdjLF3tO18uTZ14UuXV+cQOpB
yHwlM068C8frSbU8TbhJv/ahsLbSwvPa7dFzEQaocqZcgB+PIfTA5502H+lQ4Wpj
mzse7wvmEKMOWSRZXFvgmu6wqNE1an5TiB7SDKaOHVgtuSMPmy7vGiDrNQIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFE78VK9SVlY3nR8fa4pzFukQAli7MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVHZ4VXIxSldWamVkSHg5cmluTVc2UkFDV0xzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQALYFUAwQA
LYFWAwQBV3l8AwQCW8jAAwQAXpqsAwQBk05kMA0GCSqGSIb3DQEBCwUAA4IBAQAX
5AGt1aSE+up8zdWwIw7k3Au7KrjVoLdLznTi7RsLvp/k20yuzTgO8nHhEneO28nd
vldHkzata9Uc1OEvSJtco6SwYmzi6PdeshzjsPFIPLzgYOArD++ZqmQJiyrxtoo9
4IM7hsWhUl3+qb+5iKcMMnJl4QZIViB/wCBoB1skAjcOA/NAVfs5anOMhd4lmTO3
ip+su7/Zs7DyULv9l0mDoC5k/AwS2GrbwDRTHD2mYx2YsPqlyBwVt/t7BLdN5Shb
djujKa8Hyf5VNyTUzgmRbpLsIU1dV6oGYKk39+vNm/J7DGC9finEz2VODQhYlV6c
o8YNvcl5u54pYmrV09Ks
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:08 2024 by rpki-client on console-fra.rpki-client.org