Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Xw2qJAGYfSmu0vU4tVZWH0UnoAk.roa
File: Xw2qJAGYfSmu0vU4tVZWH0UnoAk.roa (raw, json)
Hash identifier: AOxRA1LRcyAHbSdnyG9IcorkUV9onzJPr4uobVwlj3U=
Subject key identifier: 5F:0D:AA:24:01:98:7D:29:AE:D2:F5:38:B5:56:56:1F:45:27:A0:09
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0187EB3CF194E075251ACE87636A6BB82955
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Xw2qJAGYfSmu0vU4tVZWH0UnoAk.roa
Signing time: Fri 05 May 2023 09:27:32 +0000
ROA not before: Fri 05 May 2023 09:27:32 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50225
IP address blocks: 94.156.234.0/24 maxlen: 24
87.121.69.0/24 maxlen: 24
193.42.34.0/24 maxlen: 24
193.47.63.0/24 maxlen: 24
94.156.78.0/24 maxlen: 24
176.125.253.0/24 maxlen: 24
176.125.252.0/24 maxlen: 24
193.47.60.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:eb:3c:f1:94:e0:75:25:1a:ce:87:63:6a:6b:b8:29:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 5 09:27:32 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5f0daa2401987d29aed2f538b556561f4527a009
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:ff:05:e2:2f:6c:cc:78:f3:68:35:54:a2:d8:
7f:ef:81:34:4d:1f:d6:ed:20:f9:f0:24:99:3d:a1:
cf:60:60:ea:a0:ba:dd:b9:c3:40:cd:1a:5c:05:58:
01:f0:7a:2d:4c:0c:fc:a6:26:ff:37:2d:08:eb:aa:
b0:71:dd:fa:d3:ef:d6:46:8b:28:ed:7d:55:6c:b8:
d2:e4:49:94:2b:82:90:35:da:67:b3:e7:1d:d7:67:
de:37:5f:fb:cc:07:7e:2d:66:f4:32:06:0e:00:2c:
bd:d2:35:c3:05:47:5c:ec:c3:89:6e:cc:cb:de:d4:
86:5d:a4:f7:a6:72:a7:df:a6:5f:3d:7d:0c:af:fc:
a6:0b:5e:de:8b:8c:53:7c:5f:aa:a2:38:95:e4:2f:
c7:cb:f1:00:7f:63:a7:87:23:93:c9:51:5d:ce:fe:
a8:94:6a:7b:f2:04:cb:57:95:70:39:5a:c5:73:7e:
28:26:db:15:aa:53:25:cb:4d:17:72:14:90:13:1b:
b2:80:75:ee:22:75:a4:8c:cc:05:b9:9a:bb:12:1e:
1c:04:6c:8c:12:ed:4e:20:d6:54:5a:a0:04:30:68:
a9:d5:d2:12:f3:37:e6:0b:96:9e:9c:d7:05:60:e4:
d8:c5:3a:83:b8:e5:fe:10:aa:5e:47:80:a4:fb:88:
ed:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5F:0D:AA:24:01:98:7D:29:AE:D2:F5:38:B5:56:56:1F:45:27:A0:09
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Xw2qJAGYfSmu0vU4tVZWH0UnoAk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.121.69.0/24
87.121.105.0/24
94.156.78.0/24
94.156.234.0/24
176.125.252.0/23
193.42.34.0/24
193.47.60.0/24
193.47.63.0/24
Signature Algorithm: sha256WithRSAEncryption
2a:37:dc:bc:62:63:1e:a8:e7:05:6e:de:7a:b8:33:6a:5b:7f:
d7:36:2c:6f:ca:27:41:21:d0:e2:57:05:bb:d6:fd:5f:3e:df:
02:7c:3d:3e:46:3e:b5:8d:ad:83:8b:9c:78:c9:81:45:3c:03:
91:20:28:a9:6f:38:b2:9f:3e:fb:b4:28:04:e6:44:40:01:8b:
59:9f:80:53:09:bb:76:a1:ac:55:16:8d:86:f1:80:ff:40:00:
61:79:a2:f5:87:c5:49:1c:07:55:68:da:5f:a7:b2:4a:b5:ea:
1f:f5:5b:9f:c4:4d:fd:fc:e0:73:ba:c1:38:a6:8b:d4:5c:c9:
34:6c:27:d2:9b:6a:70:db:ed:0b:c3:50:43:6d:67:20:be:fb:
20:a5:fd:ca:27:79:91:c3:3e:75:07:57:d0:aa:31:90:8a:1d:
ae:ad:be:ec:dc:db:30:9b:df:86:f0:47:48:3a:57:eb:04:ec:
cc:14:01:39:d2:93:0a:bf:3f:7a:2e:f8:9a:d5:8f:62:03:b4:
5b:fe:ff:4f:21:75:fd:a9:49:0a:1f:32:ac:f4:a5:29:a0:68:
b9:61:9e:4b:9b:57:bf:e1:56:46:1d:46:74:90:95:72:d3:a8:
b4:95:9d:fa:86:28:36:a2:62:f5:ed:19:a4:c6:10:19:b0:72:
9e:1f:3e:da
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYfrPPGU4HUlGs6HY2pruClVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTA1MDkyNzMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZjBkYWEyNDAxOTg3ZDI5YWVkMmY1MzhiNTU2NTYxZjQ1MjdhMDA5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlf8F4i9szHjzaDVUoth/74E0TR/W
7SD58CSZPaHPYGDqoLrducNAzRpcBVgB8HotTAz8pib/Ny0I66qwcd360+/WRoso
7X1VbLjS5EmUK4KQNdpns+cd12feN1/7zAd+LWb0MgYOACy90jXDBUdc7MOJbszL
3tSGXaT3pnKn36ZfPX0Mr/ymC17ei4xTfF+qojiV5C/Hy/EAf2OnhyOTyVFdzv6o
lGp78gTLV5VwOVrFc34oJtsVqlMly00XchSQExuygHXuInWkjMwFuZq7Eh4cBGyM
Eu1OINZUWqAEMGip1dIS8zfmC5aenNcFYOTYxTqDuOX+EKpeR4Ck+4jtuQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFF8NqiQBmH0prtL1OLVWVh9FJ6AJMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWHcycUpBR1lmU211MHZVNHRWWldIMFVub0FrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAV3lFAwQA
V3lpAwQAXpxOAwQAXpzqAwQBsH38AwQAwSoiAwQAwS88AwQAwS8/MA0GCSqGSIb3
DQEBCwUAA4IBAQAqN9y8YmMeqOcFbt56uDNqW3/XNixvyidBIdDiVwW71v1fPt8C
fD0+Rj61ja2Di5x4yYFFPAORICipbziynz77tCgE5kRAAYtZn4BTCbt2oaxVFo2G
8YD/QABheaL1h8VJHAdVaNpfp7JKteof9VufxE39/OBzusE4povUXMk0bCfSm2pw
2+0Lw1BDbWcgvvsgpf3KJ3mRwz51B1fQqjGQih2urb7s3Nswm9+G8EdIOlfrBOzM
FAE50pMKvz96Lvia1Y9iA7Rb/v9PIXX9qUkKHzKs9KUpoGi5YZ5Lm1e/4VZGHUZ0
kJVy06i0lZ36hig2omL17RmkxhAZsHKeHz7a
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:38 2023 by rpki-client on console-ams.rpki-client.org