Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/W5TrEw8ETPAeBXxphFB5KM4fY1M.roa
File: W5TrEw8ETPAeBXxphFB5KM4fY1M.roa (raw, json)
Hash identifier: 9RBhHRqIu2LXt6bwRnvhFnuYA3FS8Zb9AUOWjlj8++k=
Subject key identifier: 5B:94:EB:13:0F:04:4C:F0:1E:05:7C:69:84:50:79:28:CE:1F:63:53
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018756D3A0E878367C9421E9C2C489FB7921
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/W5TrEw8ETPAeBXxphFB5KM4fY1M.roa
Signing time: Thu 06 Apr 2023 13:48:42 +0000
ROA not before: Thu 06 Apr 2023 13:48:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 87.121.124.0/23 maxlen: 24
91.92.24.0/23 maxlen: 24
93.123.74.0/23 maxlen: 24
87.121.46.0/23 maxlen: 24
87.120.88.0/23 maxlen: 24
87.121.56.0/23 maxlen: 24
37.221.120.0/22 maxlen: 24
82.115.210.0/23 maxlen: 24
87.121.100.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:56:d3:a0:e8:78:36:7c:94:21:e9:c2:c4:89:fb:79:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 6 13:48:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5b94eb130f044cf01e057c6984507928ce1f6353
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:98:5a:99:3a:ea:b1:b7:17:27:63:6d:78:22:
bf:fe:1d:2c:46:38:db:54:e6:13:75:d8:fa:3e:9c:
e6:d8:66:29:75:5e:b0:d2:ee:1b:e1:04:2a:aa:53:
48:1f:b2:65:a9:61:c8:e2:be:bb:66:98:bc:74:99:
00:8b:f5:72:f8:ce:00:e7:13:9a:33:19:22:46:1a:
12:58:96:f7:59:1a:2e:37:31:39:40:a1:d8:83:05:
b2:40:f0:f1:d4:dd:98:65:74:52:9d:51:ef:a1:85:
3f:93:5e:dc:1b:b5:08:e5:f8:26:b1:a5:47:98:3a:
1f:f3:38:ec:0d:38:a9:48:4e:14:85:20:a9:3f:27:
15:f8:79:43:94:1c:2f:af:f7:e9:b1:fd:87:f8:d9:
40:b7:ca:75:6b:74:e1:33:d2:da:c2:13:61:9e:94:
63:8f:f2:f3:9c:3b:5e:95:a7:95:ea:fb:f7:9a:48:
55:17:8f:d4:08:a5:87:00:e3:90:18:a7:74:98:08:
73:8c:3f:b6:3e:58:bb:1b:ad:39:8c:7d:3e:3a:05:
f2:f1:91:4f:48:7b:e7:cf:d5:59:7c:b4:db:ca:38:
7b:bb:dc:5d:c7:62:d5:05:0e:4b:f9:22:fa:88:65:
09:24:d5:1f:e6:72:8f:20:de:d6:56:84:f0:47:f4:
01:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5B:94:EB:13:0F:04:4C:F0:1E:05:7C:69:84:50:79:28:CE:1F:63:53
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/W5TrEw8ETPAeBXxphFB5KM4fY1M.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.221.120.0/22
82.115.210.0/23
87.120.88.0/23
87.121.46.0/23
87.121.56.0/23
87.121.100.0/23
87.121.124.0/23
91.92.24.0/23
93.123.74.0/23
Signature Algorithm: sha256WithRSAEncryption
a6:d0:24:8d:71:cc:bc:a9:be:be:2b:88:1c:c9:d8:26:c2:e7:
fa:0d:a8:76:b6:1c:4d:1c:c6:39:82:b8:6a:f4:8b:40:95:be:
f5:b8:80:e0:97:4e:4c:6b:44:3d:c8:3f:d0:a1:f1:ad:de:07:
c1:de:62:bd:27:bb:36:08:fd:a5:3f:c0:18:2c:92:c6:7c:ab:
81:2f:90:ae:7b:b2:9b:3f:df:18:30:a8:1f:67:45:ed:af:da:
db:5f:0f:4f:5e:d4:89:94:52:98:cd:02:26:aa:36:94:d2:e7:
1a:83:70:3f:68:ad:db:c0:76:60:84:ff:79:39:4b:38:2d:74:
58:6e:87:ae:76:3d:47:dd:fe:e6:d2:af:58:ea:81:2a:90:ac:
8c:4d:68:66:0d:58:70:82:82:2d:af:87:47:6a:72:02:df:a0:
1a:6c:bf:c2:a8:d1:87:ee:be:53:40:54:3b:6a:f6:ac:6f:d2:
e4:e7:a1:b6:9f:31:f6:03:60:47:aa:82:22:dd:fd:d7:ca:4c:
37:40:1a:03:02:8d:01:85:12:19:82:33:4c:8d:70:cb:ec:0a:
22:07:f9:88:52:35:40:c1:ff:eb:13:b4:fb:ae:9d:f0:8d:8c:
7a:40:0a:97:64:23:35:1e:00:a6:6b:ec:8a:4e:75:f9:11:57:
42:52:52:6b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYdW06DoeDZ8lCHpwsSJ+3khMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDA2MTM0ODQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Yjk0ZWIxMzBmMDQ0Y2YwMWUwNTdjNjk4NDUwNzkyOGNlMWY2MzUzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqJhamTrqsbcXJ2NteCK//h0sRjjb
VOYTddj6Ppzm2GYpdV6w0u4b4QQqqlNIH7JlqWHI4r67Zpi8dJkAi/Vy+M4A5xOa
MxkiRhoSWJb3WRouNzE5QKHYgwWyQPDx1N2YZXRSnVHvoYU/k17cG7UI5fgmsaVH
mDof8zjsDTipSE4UhSCpPycV+HlDlBwvr/fpsf2H+NlAt8p1a3ThM9LawhNhnpRj
j/LznDtelaeV6vv3mkhVF4/UCKWHAOOQGKd0mAhzjD+2Pli7G605jH0+OgXy8ZFP
SHvnz9VZfLTbyjh7u9xdx2LVBQ5L+SL6iGUJJNUf5nKPIN7WVoTwR/QBYwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFFuU6xMPBEzwHgV8aYRQeSjOH2NTMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVzVUckV3OEVUUEFlQlh4cGhGQjVLTTRmWTFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQCJd14AwQB
UnPSAwQBV3hYAwQBV3kuAwQBV3k4AwQBV3lkAwQBV3l8AwQBW1wYAwQBXXtKMA0G
CSqGSIb3DQEBCwUAA4IBAQCm0CSNccy8qb6+K4gcydgmwuf6Dah2thxNHMY5grhq
9ItAlb71uIDgl05Ma0Q9yD/QofGt3gfB3mK9J7s2CP2lP8AYLJLGfKuBL5Cue7Kb
P98YMKgfZ0Xtr9rbXw9PXtSJlFKYzQImqjaU0ucag3A/aK3bwHZghP95OUs4LXRY
boeudj1H3f7m0q9Y6oEqkKyMTWhmDVhwgoItr4dHanIC36AabL/CqNGH7r5TQFQ7
avasb9Lk56G2nzH2A2BHqoIi3f3Xykw3QBoDAo0BhRIZgjNMjXDL7AoiB/mIUjVA
wf/rE7T7rp3wjYx6QAqXZCM1HgCma+yKTnX5EVdCUlJr
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:35 2024 by rpki-client on console-ams.rpki-client.org