Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_BVdTStIY7CMPE5GypbEfp8YKho.roa
File: _BVdTStIY7CMPE5GypbEfp8YKho.roa (raw, json)
Hash identifier: HDTeHFvRHWZnAxW92K9saumFGDShcjYbqmJnCiH0sWI=
Subject key identifier: FC:15:5D:4D:2B:48:63:B0:8C:3C:4E:46:CA:96:C4:7E:9F:18:2A:1A
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01877AD525F8F87FAF8F080E393F147E4F68
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_BVdTStIY7CMPE5GypbEfp8YKho.roa
Signing time: Thu 13 Apr 2023 13:36:41 +0000
ROA not before: Thu 13 Apr 2023 13:36:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1
IP address blocks: 193.168.196.0/22 maxlen: 24
45.91.193.0/24 maxlen: 24
45.139.100.0/22 maxlen: 24
88.218.76.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:7a:d5:25:f8:f8:7f:af:8f:08:0e:39:3f:14:7e:4f:68
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 13 13:36:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=fc155d4d2b4863b08c3c4e46ca96c47e9f182a1a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:7c:24:81:a4:0d:52:af:17:85:31:53:65:48:
5e:67:c4:af:cf:a7:90:e9:bb:35:44:8a:a4:1a:5b:
7a:7d:10:ca:e2:99:6a:56:a1:e1:e7:1e:00:5c:61:
ab:cc:db:71:13:73:e4:36:1d:75:73:2e:36:7b:12:
b2:0f:2a:cf:65:c0:08:54:fb:93:70:4e:1a:30:a2:
41:94:cb:be:41:0c:b7:77:d3:18:d9:2a:94:5a:c1:
69:00:0f:4d:44:ce:ff:66:e1:40:37:31:12:7a:da:
9c:d8:1a:76:f7:b0:62:99:6c:5f:be:ce:da:71:75:
5d:1e:61:32:15:51:50:f9:e2:ac:fe:72:b6:b3:53:
e9:70:11:a6:00:74:9c:aa:dc:25:d3:df:ce:ca:62:
f0:2e:94:a4:cb:e5:59:65:13:b9:99:61:19:ac:8f:
56:ee:03:f7:f1:8c:18:fc:7f:47:6a:05:03:e0:0c:
fa:b0:3a:a7:66:d8:10:4a:ad:58:6b:53:6a:20:b9:
e8:03:be:b9:41:97:22:5b:bd:10:2d:e0:fa:cb:f4:
ab:f3:b5:3b:66:98:36:38:02:43:8e:80:c8:be:bc:
48:e4:60:5e:c6:57:2c:26:f7:0a:c2:b3:cd:d0:af:
4b:85:65:b5:0b:dd:d7:af:8f:cc:96:d8:e0:99:a1:
6c:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:15:5D:4D:2B:48:63:B0:8C:3C:4E:46:CA:96:C4:7E:9F:18:2A:1A
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_BVdTStIY7CMPE5GypbEfp8YKho.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.91.193.0/24
45.139.100.0/22
88.218.76.0/22
193.168.196.0/22
Signature Algorithm: sha256WithRSAEncryption
4d:5d:7c:cc:2e:c8:68:92:5d:86:a7:06:96:bf:2e:4d:5c:e3:
8c:7d:7e:14:7f:58:a8:8c:f1:07:81:56:e6:59:9c:e2:c6:7b:
e4:5d:d2:c8:94:c6:45:68:59:ba:ee:0c:2c:a7:63:a1:d3:7e:
22:ec:71:9e:10:43:7c:98:dc:45:27:9b:83:33:c2:46:38:2b:
e1:c1:9b:92:4d:b5:42:4c:da:2d:f6:fb:cb:6e:3f:76:89:0e:
b6:23:ec:e4:8f:9a:de:4e:85:bc:49:5b:29:18:c4:5e:09:73:
83:1a:63:0c:bb:47:c4:9a:df:aa:40:7e:6a:e0:0b:41:db:2e:
30:a8:d6:1b:de:c5:35:07:31:5a:26:38:4b:0c:26:79:ea:8a:
36:63:69:24:78:be:aa:c2:e7:fa:ad:64:59:3a:ca:a5:26:ef:
fa:a8:e9:c6:1f:a5:ed:d2:76:dd:e0:4a:37:95:3e:c5:75:ad:
56:db:27:6e:4f:46:d2:1d:35:d8:7b:ea:47:59:de:89:c6:d5:
09:19:65:cc:76:6f:81:3a:ae:24:09:ba:f8:fd:1b:88:3e:19:
5c:65:49:f7:86:40:e9:27:33:e3:29:59:bd:14:dd:5a:37:83:
66:8b:40:22:da:35:08:54:67:ad:55:e6:35:92:11:03:39:54:
39:fd:76:23
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYd61SX4+H+vjwgOOT8Ufk9oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDEzMTMzNjQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmYzE1NWQ0ZDJiNDg2M2IwOGMzYzRlNDZjYTk2YzQ3ZTlmMTgyYTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs3wkgaQNUq8XhTFTZUheZ8Svz6eQ
6bs1RIqkGlt6fRDK4plqVqHh5x4AXGGrzNtxE3PkNh11cy42exKyDyrPZcAIVPuT
cE4aMKJBlMu+QQy3d9MY2SqUWsFpAA9NRM7/ZuFANzESetqc2Bp297BimWxfvs7a
cXVdHmEyFVFQ+eKs/nK2s1PpcBGmAHScqtwl09/OymLwLpSky+VZZRO5mWEZrI9W
7gP38YwY/H9HagUD4Az6sDqnZtgQSq1Ya1NqILnoA765QZciW70QLeD6y/Sr87U7
Zpg2OAJDjoDIvrxI5GBexlcsJvcKwrPN0K9LhWW1C93Xr4/MltjgmaFstwIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFPwVXU0rSGOwjDxORsqWxH6fGCoaMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvX0JWZFRTdElZN0NNUEU1R3lwYkVmcDhZS2hvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQALVvBAwQC
LYtkAwQCWNpMAwQCwajEMA0GCSqGSIb3DQEBCwUAA4IBAQBNXXzMLshokl2GpwaW
vy5NXOOMfX4Uf1iojPEHgVbmWZzixnvkXdLIlMZFaFm67gwsp2Oh034i7HGeEEN8
mNxFJ5uDM8JGOCvhwZuSTbVCTNot9vvLbj92iQ62I+zkj5reToW8SVspGMReCXOD
GmMMu0fEmt+qQH5q4AtB2y4wqNYb3sU1BzFaJjhLDCZ56oo2Y2kkeL6qwuf6rWRZ
OsqlJu/6qOnGH6Xt0nbd4Eo3lT7Fda1W2yduT0bSHTXYe+pHWd6JxtUJGWXMdm+B
Oq4kCbr4/RuIPhlcZUn3hkDpJzPjKVm9FN1aN4Nmi0Ai2jUIVGetVeY1khEDOVQ5
/XYj
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:38 2023 by rpki-client on console-ams.rpki-client.org