Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Xv0NMtETKcgNAtS23C_U7vrEWDc.roa
File: Xv0NMtETKcgNAtS23C_U7vrEWDc.roa (raw, json)
Hash identifier: /e9UmQL0gKd1leO7+ytH/BbcvV4aNqYEJjb1q6y+5oI=
Subject key identifier: 5E:FD:0D:32:D1:13:29:C8:0D:02:D4:B6:DC:2F:D4:EE:FA:C4:58:37
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01864FC4EE06F6DB4D96A02CBF08F1616BF7
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Xv0NMtETKcgNAtS23C_U7vrEWDc.roa
Signing time: Tue 14 Feb 2023 11:52:31 +0000
ROA not before: Tue 14 Feb 2023 11:52:31 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3214
IP address blocks: 212.87.223.0/24 maxlen: 24
212.87.221.0/24 maxlen: 24
212.87.222.0/24 maxlen: 24
212.87.220.0/24 maxlen: 24
92.119.124.0/22 maxlen: 24
87.120.218.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:4f:c4:ee:06:f6:db:4d:96:a0:2c:bf:08:f1:61:6b:f7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 14 11:52:31 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5efd0d32d11329c80d02d4b6dc2fd4eefac45837
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:42:81:20:f1:d4:0d:6c:fc:73:1a:9e:7c:e8:
ec:1c:9a:57:58:8a:48:bb:ed:6f:fb:36:1b:65:38:
9c:c3:96:52:d4:bc:8e:b6:e3:79:a0:a9:56:40:34:
14:46:df:02:b6:61:a9:1b:da:32:5c:d5:a5:75:58:
ad:79:0c:5a:f3:86:af:32:0c:26:c4:b3:1f:dd:cf:
7c:f1:93:a7:08:58:ba:5d:80:99:8c:5e:cd:9c:ba:
f7:13:77:87:35:49:fb:7c:f3:95:00:47:55:2b:99:
c9:19:bd:6e:96:f0:ce:b4:c3:06:c2:56:88:c3:7e:
82:1c:39:5e:1b:f4:b4:23:e3:a6:86:a7:3b:90:71:
99:ee:28:03:44:3b:f6:a9:58:3d:a3:77:fb:dd:30:
d9:e7:57:36:1f:8d:33:41:87:d3:d0:8f:e8:34:cb:
55:0c:fe:a1:d4:85:c6:13:98:a4:f3:0d:00:74:98:
b7:00:d4:fe:99:78:d8:ab:6f:24:c9:d2:60:4b:29:
cc:84:f8:b5:59:ba:eb:fe:01:80:f5:1f:74:c1:a4:
16:83:06:38:c6:11:03:27:a9:ba:7b:f9:fe:6d:20:
cd:0e:91:8d:a6:d2:18:9e:8d:aa:d6:25:fb:cb:fc:
c4:a8:81:54:6c:85:44:25:4e:2a:7a:d1:b9:eb:0b:
89:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:FD:0D:32:D1:13:29:C8:0D:02:D4:B6:DC:2F:D4:EE:FA:C4:58:37
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Xv0NMtETKcgNAtS23C_U7vrEWDc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.120.218.0/24
92.119.124.0/22
212.87.220.0/22
Signature Algorithm: sha256WithRSAEncryption
0a:83:4d:b4:0d:d4:b2:04:7d:03:5b:f7:a6:8a:d6:54:53:a1:
22:70:4c:8b:d9:df:b8:88:e9:b9:a3:ec:1f:5e:5f:4b:9c:f8:
23:98:b0:44:3a:7b:45:1f:37:ea:aa:e8:c0:22:8b:a7:4c:f9:
10:4c:16:eb:03:cc:56:73:e3:ac:a8:7f:9a:4c:99:94:02:3e:
c1:ca:0d:97:a0:7b:5a:84:87:04:9d:dd:d9:83:1e:5b:ab:ed:
66:f1:fb:67:2a:37:50:15:9f:64:6b:7b:20:48:b1:36:67:ae:
01:fe:89:7b:a0:86:42:bc:18:86:fc:d6:0f:ea:ad:db:dc:ff:
33:ea:9d:f6:25:de:32:ea:a4:b4:5d:4f:a8:e3:10:10:61:cc:
01:74:7a:82:2c:d6:b1:7d:69:8f:d9:09:b0:cd:e8:b3:c7:73:
c7:3b:fa:cc:96:d4:69:13:d1:9c:b6:9a:38:dc:5e:65:05:80:
56:2e:ba:75:0e:e1:c5:81:b6:dd:29:94:a4:fb:9a:91:d7:0f:
2c:fc:ea:9d:21:d9:b3:51:80:c5:ce:70:5f:12:83:a0:79:70:
70:04:74:83:04:eb:16:c7:2a:f2:20:e8:f2:39:03:c0:cf:d3:
7f:f3:6a:fe:e8:30:a0:5c:22:b5:26:b6:60:a1:ec:e2:dd:07:
6a:11:18:84
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYZPxO4G9ttNlqAsvwjxYWv3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMjE0MTE1MjMxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZWZkMGQzMmQxMTMyOWM4MGQwMmQ0YjZkYzJmZDRlZWZhYzQ1ODM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhUKBIPHUDWz8cxqefOjsHJpXWIpI
u+1v+zYbZTicw5ZS1LyOtuN5oKlWQDQURt8CtmGpG9oyXNWldViteQxa84avMgwm
xLMf3c988ZOnCFi6XYCZjF7NnLr3E3eHNUn7fPOVAEdVK5nJGb1ulvDOtMMGwlaI
w36CHDleG/S0I+Omhqc7kHGZ7igDRDv2qVg9o3f73TDZ51c2H40zQYfT0I/oNMtV
DP6h1IXGE5ik8w0AdJi3ANT+mXjYq28kydJgSynMhPi1Wbrr/gGA9R90waQWgwY4
xhEDJ6m6e/n+bSDNDpGNptIYno2q1iX7y/zEqIFUbIVEJU4qetG56wuJQwIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFF79DTLREynIDQLUttwv1O76xFg3MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWHYwTk10RVRLY2dOQXRTMjNDX1U3dnJFV0RjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAV3jaAwQC
XHd8AwQC1FfcMA0GCSqGSIb3DQEBCwUAA4IBAQAKg020DdSyBH0DW/emitZUU6Ei
cEyL2d+4iOm5o+wfXl9LnPgjmLBEOntFHzfqqujAIounTPkQTBbrA8xWc+OsqH+a
TJmUAj7Byg2XoHtahIcEnd3Zgx5bq+1m8ftnKjdQFZ9ka3sgSLE2Z64B/ol7oIZC
vBiG/NYP6q3b3P8z6p32Jd4y6qS0XU+o4xAQYcwBdHqCLNaxfWmP2Qmwzeizx3PH
O/rMltRpE9Gctpo43F5lBYBWLrp1DuHFgbbdKZSk+5qR1w8s/OqdIdmzUYDFznBf
EoOgeXBwBHSDBOsWxyryIOjyOQPAz9N/82r+6DCgXCK1JrZgoezi3QdqERiE
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:35 2024 by rpki-client on console-ams.rpki-client.org