Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZO7mY9dqRfP8P9wMjxgKHuoNonM.roa
File: ZO7mY9dqRfP8P9wMjxgKHuoNonM.roa (raw, json)
Hash identifier: W73Xz5mVqzNLa0mbUhm2vop/f/oIRoMjqZ9xH+IcccM=
Subject key identifier: 64:EE:E6:63:D7:6A:45:F3:FC:3F:DC:0C:8F:18:0A:1E:EA:0D:A2:73
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018899C089E303D8B28B6DA81A9A872F225C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZO7mY9dqRfP8P9wMjxgKHuoNonM.roa
Signing time: Thu 08 Jun 2023 06:45:12 +0000
ROA not before: Thu 08 Jun 2023 06:45:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50225
IP address blocks: 85.209.132.0/24 maxlen: 24
83.143.112.0/24 maxlen: 24
83.143.113.0/24 maxlen: 24
185.222.163.0/24 maxlen: 24
87.121.69.0/24 maxlen: 24
193.42.34.0/24 maxlen: 24
193.47.63.0/24 maxlen: 24
176.125.252.0/24 maxlen: 24
193.47.60.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:99:c0:89:e3:03:d8:b2:8b:6d:a8:1a:9a:87:2f:22:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jun 8 06:45:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=64eee663d76a45f3fc3fdc0c8f180a1eea0da273
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:01:35:ee:a8:ff:40:b5:d2:b2:44:a4:6b:f6:
39:ad:8a:90:30:ce:85:ea:8f:df:38:86:b6:3a:75:
d8:97:3f:f0:96:4d:e1:6a:cd:7b:70:cb:c9:c9:0a:
af:69:34:8a:4d:b2:54:05:bf:31:f3:dc:a4:93:8d:
d7:1e:e6:3d:a5:ec:d3:77:90:46:e9:33:b9:ad:57:
a0:ab:79:05:ac:8a:f8:16:f1:1b:64:2e:35:e2:90:
a0:5a:53:f9:9a:89:33:43:72:95:a1:a1:ea:82:6f:
52:23:24:7b:b4:b0:29:1f:9e:bf:c5:35:3b:60:23:
27:55:d1:b2:95:d9:fe:1f:1f:fd:83:d8:51:39:5a:
43:3f:ac:06:79:76:ac:4a:ef:eb:8c:2a:a6:e4:52:
1d:55:b3:22:d2:fd:75:03:03:4d:08:54:d9:38:6b:
32:b4:eb:4f:3c:27:f1:42:9e:a0:27:b6:f2:70:25:
aa:a1:01:8f:d2:50:f9:98:37:f3:5e:19:52:54:93:
1e:a6:ff:57:14:b0:07:c5:85:31:0a:40:3f:9e:49:
ed:9e:28:4d:a4:8d:c7:16:b6:89:4d:df:8b:74:be:
91:ff:24:78:55:10:a1:30:02:9c:09:e1:1a:5e:24:
b1:da:0f:15:1a:d8:9c:3f:ce:ee:13:30:c1:8f:16:
e2:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:EE:E6:63:D7:6A:45:F3:FC:3F:DC:0C:8F:18:0A:1E:EA:0D:A2:73
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZO7mY9dqRfP8P9wMjxgKHuoNonM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.143.112.0/23
85.209.132.0/24
87.121.69.0/24
176.125.252.0/24
185.222.163.0/24
193.42.34.0/24
193.47.60.0/24
193.47.63.0/24
Signature Algorithm: sha256WithRSAEncryption
3f:84:f4:f5:e7:c4:9b:8a:9e:c8:db:4c:c4:90:ae:5c:f6:46:
f9:01:1b:22:bd:d4:74:65:e0:76:39:aa:f2:51:b6:f0:13:96:
c1:2b:ad:c2:ff:0a:25:f1:35:c4:70:e5:12:4b:3b:47:fc:ee:
dc:64:f9:27:a3:4e:0e:78:e1:34:fa:17:55:05:87:b2:ff:7b:
83:18:04:df:e5:06:80:56:51:c6:82:c1:af:8f:7a:fa:71:a4:
dc:79:8d:73:a1:48:7a:05:a2:79:27:28:b8:07:45:59:86:bb:
0e:a1:c1:8b:22:5e:4e:f6:ee:1a:bd:c7:1a:05:39:d6:c4:f5:
dc:c4:cd:1b:9b:b3:dd:fe:8e:89:5c:fc:b5:57:31:3f:8a:c0:
2b:b9:23:1d:12:2a:3f:cb:bd:75:44:5c:db:4c:ae:82:90:67:
30:da:04:68:96:c5:22:d1:45:0f:22:9f:f3:12:36:ec:33:3d:
ce:32:9c:92:c4:34:4a:99:f2:9a:90:1c:3d:c7:9d:44:98:d4:
e8:68:9b:67:0d:c9:9d:76:3b:58:95:c9:e9:72:13:60:83:83:
21:31:86:78:61:08:dc:b7:64:13:bf:0e:b7:64:12:ce:03:7b:
f7:f3:dd:3d:08:97:f4:53:37:02:e1:0c:c0:8b:0b:ac:c1:90:
e8:f5:a3:d1
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYiZwInjA9iyi22oGpqHLyJcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNjA4MDY0NTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NGVlZTY2M2Q3NmE0NWYzZmMzZmRjMGM4ZjE4MGExZWVhMGRhMjczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQE17qj/QLXSskSka/Y5rYqQMM6F
6o/fOIa2OnXYlz/wlk3has17cMvJyQqvaTSKTbJUBb8x89ykk43XHuY9pezTd5BG
6TO5rVegq3kFrIr4FvEbZC414pCgWlP5mokzQ3KVoaHqgm9SIyR7tLApH56/xTU7
YCMnVdGyldn+Hx/9g9hROVpDP6wGeXasSu/rjCqm5FIdVbMi0v11AwNNCFTZOGsy
tOtPPCfxQp6gJ7bycCWqoQGP0lD5mDfzXhlSVJMepv9XFLAHxYUxCkA/nkntnihN
pI3HFraJTd+LdL6R/yR4VRChMAKcCeEaXiSx2g8VGticP87uEzDBjxbiRwIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFGTu5mPXakXz/D/cDI8YCh7qDaJzMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWk83bVk5ZHFSZlA4UDl3TWp4Z0tIdW9Ob25NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBU49wAwQA
VdGEAwQAV3lFAwQAsH38AwQAud6jAwQAwSoiAwQAwS88AwQAwS8/MA0GCSqGSIb3
DQEBCwUAA4IBAQA/hPT158Sbip7I20zEkK5c9kb5ARsivdR0ZeB2OaryUbbwE5bB
K63C/wol8TXEcOUSSztH/O7cZPkno04OeOE0+hdVBYey/3uDGATf5QaAVlHGgsGv
j3r6caTceY1zoUh6BaJ5Jyi4B0VZhrsOocGLIl5O9u4avccaBTnWxPXcxM0bm7Pd
/o6JXPy1VzE/isAruSMdEio/y711RFzbTK6CkGcw2gRolsUi0UUPIp/zEjbsMz3O
MpySxDRKmfKakBw9x51EmNToaJtnDcmddjtYlcnpchNgg4MhMYZ4YQjct2QTvw63
ZBLOA3v38909CJf0UzcC4QzAiwuswZDo9aPR
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:13 2024 by rpki-client on console-fra.rpki-client.org