Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VxaBb099TsTu8BbnFT7fMO96o0c.roa
File: VxaBb099TsTu8BbnFT7fMO96o0c.roa (raw, json)
Hash identifier: AQv5ylsodgkInnjb28siZGuAouc2lUgwOmrFJg4eS4s=
Subject key identifier: 57:16:81:6F:4F:7D:4E:C4:EE:F0:16:E7:15:3E:DF:30:EF:7A:A3:47
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0189626F0C42490A831CB0B908FBCE850371
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VxaBb099TsTu8BbnFT7fMO96o0c.roa
Signing time: Mon 17 Jul 2023 05:59:51 +0000
ROA not before: Mon 17 Jul 2023 05:59:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31420
IP address blocks: 87.121.171.0/24 maxlen: 24
87.121.172.0/22 maxlen: 22
87.121.170.0/24 maxlen: 24
87.121.169.0/24 maxlen: 24
87.121.168.0/21 maxlen: 24
87.121.172.0/24 maxlen: 24
87.121.175.0/24 maxlen: 24
87.121.174.0/24 maxlen: 24
87.121.173.0/24 maxlen: 24
94.156.64.0/24 maxlen: 24
94.156.66.0/24 maxlen: 24
94.156.70.0/24 maxlen: 24
94.156.67.0/24 maxlen: 24
94.156.71.0/24 maxlen: 24
94.156.68.0/24 maxlen: 24
94.156.65.0/24 maxlen: 24
94.156.69.0/24 maxlen: 24
94.156.74.0/24 maxlen: 24
94.156.75.0/24 maxlen: 24
94.156.72.0/24 maxlen: 24
94.156.73.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:62:6f:0c:42:49:0a:83:1c:b0:b9:08:fb:ce:85:03:71
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jul 17 05:59:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5716816f4f7d4ec4eef016e7153edf30ef7aa347
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:2d:42:5e:5b:f6:9f:8f:b3:38:15:24:5c:94:
9e:f4:68:64:44:6f:b5:b6:79:11:f2:f1:69:de:a8:
76:5f:6e:23:0f:57:dd:32:e4:ef:61:a5:f6:ef:62:
4c:1b:eb:a2:d6:59:26:38:2e:18:d9:5b:50:ef:a9:
88:5e:63:5f:cb:6b:51:0d:13:09:60:7c:cf:1c:18:
1b:b6:8d:11:72:52:f1:8b:62:7b:c9:0f:d4:00:50:
e1:4a:d1:b0:b5:f0:0e:d0:6e:8c:a2:55:c4:1f:f6:
e7:17:fb:32:0d:47:68:d0:1a:3d:db:30:32:02:7c:
c4:59:c1:41:a0:b6:05:16:90:b6:0d:3c:4e:8f:7f:
95:a5:7e:4b:53:fc:49:77:58:fd:c6:43:cd:c0:71:
e6:9b:b6:43:2f:11:aa:de:8a:f9:31:d6:48:8a:01:
ed:6d:1e:2c:de:22:f6:d3:f4:67:21:2a:2f:65:82:
25:d3:ec:f9:0d:ce:92:ff:72:be:9f:a3:05:84:ce:
cb:ab:4f:96:5e:9e:18:0e:18:5a:e3:c3:9f:96:3a:
d8:c5:d7:b9:e2:4c:ea:c9:6e:2f:47:57:12:b6:c6:
5a:87:17:fe:f2:fb:1c:fe:45:80:8a:76:4a:17:40:
72:a6:5c:4a:c5:11:74:aa:9b:2f:0a:7f:80:ee:3c:
58:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:16:81:6F:4F:7D:4E:C4:EE:F0:16:E7:15:3E:DF:30:EF:7A:A3:47
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VxaBb099TsTu8BbnFT7fMO96o0c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.121.168.0/21
94.156.64.0-94.156.75.255
Signature Algorithm: sha256WithRSAEncryption
06:b3:28:03:f4:91:bb:d3:b2:69:c4:5c:a3:db:8a:29:93:dc:
61:6b:7a:5d:cb:ad:c3:fa:a6:fc:d7:f2:16:ec:53:fb:3d:5a:
25:4e:af:57:49:99:dc:c7:49:8f:4e:9e:48:30:4d:9a:16:47:
33:a9:5b:02:5c:7f:f0:d5:48:01:3f:99:fe:59:17:79:71:4d:
e8:ee:f6:cf:55:50:d5:92:22:ff:95:c2:6b:eb:d9:27:ba:e2:
84:4b:6f:1e:40:6f:d7:84:d0:e0:b6:10:78:c3:f5:18:da:bf:
a8:41:5f:98:c5:29:9d:a1:cd:0e:d4:6a:b2:e1:21:fc:c3:2d:
b0:da:bd:85:2e:1a:b3:d6:72:76:ff:73:76:bb:44:d8:cc:bb:
d1:43:d8:a7:c0:4d:4b:a0:3b:be:35:d5:67:c3:66:70:ee:c3:
80:f8:5e:e6:de:46:0e:4f:96:24:d6:e2:8f:8a:57:ae:cc:48:
df:16:fc:88:02:f1:56:73:87:77:0e:6c:db:86:07:9a:b1:91:
33:1a:82:e1:8f:0a:64:d4:4f:54:30:50:ab:96:ee:48:2b:d3:
21:92:cc:ee:dc:31:7e:2f:2e:40:3a:97:52:5e:60:64:b4:13:
13:bc:eb:f9:af:a9:9b:a0:54:e5:98:99:8c:df:7f:c7:2e:ba:
ce:d0:6e:5f
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYlibwxCSQqDHLC5CPvOhQNxMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzE3MDU1OTUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzE2ODE2ZjRmN2Q0ZWM0ZWVmMDE2ZTcxNTNlZGYzMGVmN2FhMzQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAji1CXlv2n4+zOBUkXJSe9GhkRG+1
tnkR8vFp3qh2X24jD1fdMuTvYaX272JMG+ui1lkmOC4Y2VtQ76mIXmNfy2tRDRMJ
YHzPHBgbto0RclLxi2J7yQ/UAFDhStGwtfAO0G6MolXEH/bnF/syDUdo0Bo92zAy
AnzEWcFBoLYFFpC2DTxOj3+VpX5LU/xJd1j9xkPNwHHmm7ZDLxGq3or5MdZIigHt
bR4s3iL20/RnISovZYIl0+z5Dc6S/3K+n6MFhM7Lq0+WXp4YDhha48OfljrYxde5
4kzqyW4vR1cStsZahxf+8vsc/kWAinZKF0ByplxKxRF0qpsvCn+A7jxYVwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFFcWgW9PfU7E7vAW5xU+3zDveqNHMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVnhhQmIwOTlUc1R1OEJibkZUN2ZNTzk2bzBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQDV3moMAwD
BAZenEADBAJenEgwDQYJKoZIhvcNAQELBQADggEBAAazKAP0kbvTsmnEXKPbiimT
3GFrel3LrcP6pvzX8hbsU/s9WiVOr1dJmdzHSY9OnkgwTZoWRzOpWwJcf/DVSAE/
mf5ZF3lxTeju9s9VUNWSIv+Vwmvr2Se64oRLbx5Ab9eE0OC2EHjD9Rjav6hBX5jF
KZ2hzQ7UarLhIfzDLbDavYUuGrPWcnb/c3a7RNjMu9FD2KfATUugO7411WfDZnDu
w4D4XubeRg5PliTW4o+KV67MSN8W/IgC8VZzh3cObNuGB5qxkTMaguGPCmTUT1Qw
UKuW7kgr0yGSzO7cMX4vLkA6l1JeYGS0ExO86/mvqZugVOWYmYzff8cuus7Qbl8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:35 2024 by rpki-client on console-ams.rpki-client.org