Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/W2cniaRkSpTzSWsvo6rKgv3o2N4.roa
File: W2cniaRkSpTzSWsvo6rKgv3o2N4.roa (raw, json)
Hash identifier: y+ta6+J8VJbDzLekal5Firs3iUoiz/zG9WpOgkwR4A0=
Subject key identifier: 5B:67:27:89:A4:64:4A:94:F3:49:6B:2F:A3:AA:CA:82:FD:E8:D8:DE
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01838E9983E695152B9F724A4DED0D1B9BE1
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/W2cniaRkSpTzSWsvo6rKgv3o2N4.roa
Signing time: Fri 30 Sep 2022 13:32:48 +0000
ROA not before: Fri 30 Sep 2022 13:32:48 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 50225
IP address blocks: 84.21.173.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
194.55.225.0/24 maxlen: 24
194.55.226.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
194.55.227.0/24 maxlen: 24
194.169.173.0/24 maxlen: 24
194.169.174.0/24 maxlen: 24
193.37.43.0/24 maxlen: 24
87.121.221.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:8e:99:83:e6:95:15:2b:9f:72:4a:4d:ed:0d:1b:9b:e1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Sep 30 13:32:48 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=5b672789a4644a94f3496b2fa3aaca82fde8d8de
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:3d:e2:0e:5e:1c:d7:5d:1e:4c:4e:e8:80:98:
31:c2:6c:ad:16:c0:58:74:e3:64:ed:e3:00:8e:96:
d1:3d:d4:fa:4b:7f:de:cb:e3:a3:cd:b0:2c:0a:cd:
b1:78:e2:5f:d6:0d:9e:df:a9:94:f1:7f:da:0c:ab:
5a:09:2b:9d:1e:e7:45:9d:53:ae:30:d1:13:80:96:
6d:9d:a4:64:81:30:ea:85:66:09:63:17:e1:be:77:
9e:7e:f2:13:55:cc:20:dd:00:00:8d:d5:cb:c2:a6:
e2:37:0c:e7:0e:07:34:f0:2b:1d:0c:9e:00:b5:50:
46:4f:c7:33:51:26:31:27:d2:fe:77:71:e8:45:2b:
88:55:db:d5:98:28:da:a9:e8:95:9f:19:f8:a9:0e:
cd:17:c3:f5:f8:05:65:d0:76:56:0d:a7:32:c7:20:
f2:e6:bd:55:2d:d7:75:40:74:98:76:52:98:71:e1:
4c:f9:dc:e7:e2:09:31:51:77:5b:eb:7c:71:1c:b7:
9c:4b:32:2d:35:ef:3f:05:77:88:78:bc:c3:c5:18:
7f:78:d7:69:7a:6d:98:d7:3d:f0:f8:21:a1:19:23:
3e:9d:82:eb:00:e8:34:61:0f:3e:8b:8a:b0:f2:66:
75:8d:76:f1:81:a9:87:80:43:1f:e5:09:fd:40:8b:
85:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:67:27:89:A4:64:4A:94:F3:49:6B:2F:A3:AA:CA:82:FD:E8:D8:DE
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/W2cniaRkSpTzSWsvo6rKgv3o2N4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.21.173.0/24
84.54.48.0/24
87.121.221.0/24
193.37.43.0/24
194.55.224.0/22
194.169.173.0-194.169.174.255
Signature Algorithm: sha256WithRSAEncryption
30:4e:4c:8b:85:60:8e:2d:a6:60:2e:44:3b:7c:ab:fa:4e:1e:
2e:6e:fe:87:22:e9:dc:10:b0:de:28:03:b4:d3:52:2e:b9:c7:
19:03:c0:0c:9d:f9:7b:65:24:f1:c2:10:d4:fb:50:98:77:c2:
35:a1:df:d3:f9:72:01:77:45:0d:d3:9b:15:e7:07:79:e7:ca:
e7:8b:26:31:f9:8b:b5:f9:de:58:ac:37:23:1b:8a:c9:99:e1:
47:cf:38:c7:4e:ae:95:de:dc:30:63:85:a4:e6:32:39:f5:24:
40:1a:89:05:e7:d8:77:94:97:ae:9c:ea:49:43:e1:9d:c9:4c:
9c:24:cc:bf:db:35:92:38:c5:89:e6:45:f7:b7:03:97:0f:61:
f0:cf:b7:c7:61:92:47:e6:f9:6c:8c:f3:8a:2d:32:00:40:01:
f0:8a:dc:c1:31:12:0d:e9:0c:7d:b9:57:13:0e:9c:a3:ef:00:
89:37:17:44:66:d7:ef:29:b0:c2:75:bc:f8:d3:8c:5b:a5:f7:
a0:da:74:6f:80:b7:06:fd:f1:d4:64:05:d6:0d:ed:b6:c7:d1:
1d:38:65:4e:a6:e6:10:25:ef:83:59:2b:4f:b2:78:1b:5e:89:
a5:4d:5b:03:31:91:22:10:04:c4:88:7f:8d:5e:69:0f:38:d1:
b9:bb:ef:88
-----BEGIN CERTIFICATE-----
MIIFIzCCBAugAwIBAgISAYOOmYPmlRUrn3JKTe0NG5vhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIwOTMwMTMzMjQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YjY3Mjc4OWE0NjQ0YTk0ZjM0OTZiMmZhM2FhY2E4MmZkZThkOGRlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqT3iDl4c110eTE7ogJgxwmytFsBY
dONk7eMAjpbRPdT6S3/ey+OjzbAsCs2xeOJf1g2e36mU8X/aDKtaCSudHudFnVOu
MNETgJZtnaRkgTDqhWYJYxfhvneefvITVcwg3QAAjdXLwqbiNwznDgc08CsdDJ4A
tVBGT8czUSYxJ9L+d3HoRSuIVdvVmCjaqeiVnxn4qQ7NF8P1+AVl0HZWDacyxyDy
5r1VLdd1QHSYdlKYceFM+dzn4gkxUXdb63xxHLecSzItNe8/BXeIeLzDxRh/eNdp
em2Y1z3w+CGhGSM+nYLrAOg0YQ8+i4qw8mZ1jXbxgamHgEMf5Qn9QIuFvwIDAQAB
o4ICLzCCAiswHQYDVR0OBBYEFFtnJ4mkZEqU80lrL6OqyoL96NjeMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVzJjbmlhUmtTcFR6U1dzdm82cktndjNvMk40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEUGCCsGAQUFBwEHAQH/BDYwNDAyBAIAATAsAwQAVBWtAwQA
VDYwAwQAV3ndAwQAwSUrAwQCwjfgMAwDBADCqa0DBADCqa4wDQYJKoZIhvcNAQEL
BQADggEBADBOTIuFYI4tpmAuRDt8q/pOHi5u/oci6dwQsN4oA7TTUi65xxkDwAyd
+XtlJPHCENT7UJh3wjWh39P5cgF3RQ3TmxXnB3nnyueLJjH5i7X53lisNyMbismZ
4UfPOMdOrpXe3DBjhaTmMjn1JEAaiQXn2HeUl66c6klD4Z3JTJwkzL/bNZI4xYnm
Rfe3A5cPYfDPt8dhkkfm+WyM84otMgBAAfCK3MExEg3pDH25VxMOnKPvAIk3F0Rm
1+8psMJ1vPjTjFul96DadG+Atwb98dRkBdYN7bbH0R04ZU6m5hAl74NZK0+yeBte
iaVNWwMxkSIQBMSIf41eaQ840bm774g=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:38 2023 by rpki-client on console-ams.rpki-client.org