Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/akJ84ReWxNhaooRSXqwWx78k8aE.roa
File: akJ84ReWxNhaooRSXqwWx78k8aE.roa (raw, json)
Hash identifier: sh2LmaOYKERBNKTVY8hkiBBeEsgDOeCeYlcMRTvs2LY=
Subject key identifier: 6A:42:7C:E1:17:96:C4:D8:5A:A2:84:52:5E:AC:16:C7:BF:24:F1:A1
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01876ECC68629EC7FBE3B0A72273BE0CB35C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/akJ84ReWxNhaooRSXqwWx78k8aE.roa
Signing time: Tue 11 Apr 2023 05:31:42 +0000
ROA not before: Tue 11 Apr 2023 05:31:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 397423
IP address blocks: 178.215.224.0/24 maxlen: 24
79.110.61.0/24 maxlen: 24
94.103.127.0/24 maxlen: 24
92.249.51.0/24 maxlen: 24
92.249.48.0/24 maxlen: 24
193.25.216.0/24 maxlen: 24
109.206.238.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:6e:cc:68:62:9e:c7:fb:e3:b0:a7:22:73:be:0c:b3:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 11 05:31:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6a427ce11796c4d85aa284525eac16c7bf24f1a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d9:49:87:cc:70:1d:d2:84:aa:ee:0a:e8:b3:9a:
57:5c:8c:2e:a9:8d:31:2f:b3:05:06:d5:51:42:b6:
52:d9:f9:98:b5:de:fa:cc:21:ae:fb:55:de:42:86:
02:55:8b:fa:52:c5:42:ec:c8:d0:3a:46:e2:5b:79:
66:dd:ec:f6:37:ec:c7:15:ac:f4:c2:bb:5a:69:7d:
65:a8:78:64:a0:f0:d3:a4:fb:49:a7:ef:e4:78:15:
0d:9a:c9:49:06:b9:72:30:16:44:41:7c:45:21:ab:
00:ff:ea:14:94:4c:ba:6e:a7:e2:5e:c1:80:61:5f:
4f:fb:b7:d1:1a:4e:bf:55:fb:e9:7f:02:f1:71:14:
98:84:fb:98:0b:e1:9f:c7:5a:82:d7:ad:d5:f8:a1:
00:05:20:ec:16:cf:c3:49:46:eb:32:48:a7:f5:81:
b8:5b:e8:f4:28:a1:bc:f1:95:91:ab:32:7d:c2:4a:
1e:31:72:ed:b6:76:5b:cf:0a:73:aa:c6:46:48:37:
3a:c8:65:2c:09:37:aa:80:a0:20:a4:40:e9:88:09:
a7:ca:2c:42:61:bc:73:17:69:14:a0:bb:46:ee:44:
2f:85:4a:1e:c5:23:0f:54:5c:0a:40:ab:2b:b3:44:
46:f8:2e:b1:2b:da:ac:52:34:78:b9:45:d6:6d:bc:
89:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:42:7C:E1:17:96:C4:D8:5A:A2:84:52:5E:AC:16:C7:BF:24:F1:A1
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/akJ84ReWxNhaooRSXqwWx78k8aE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
79.110.61.0/24
92.249.48.0/24
92.249.51.0/24
94.103.127.0/24
109.206.238.0/24
178.215.224.0/24
193.25.216.0/24
Signature Algorithm: sha256WithRSAEncryption
04:49:38:18:08:16:20:7a:b1:aa:51:75:02:f5:f4:80:e6:36:
13:5e:0c:61:98:6d:b6:f1:3d:01:6c:e7:3b:3c:82:4b:2d:2b:
9d:77:c9:b4:85:e0:43:1d:24:74:a4:41:7e:fe:15:5e:f6:e4:
fd:8c:b1:24:a2:12:ae:a2:a1:92:0e:82:41:ab:25:cd:4d:c0:
94:31:96:d7:97:f5:12:6f:52:83:87:5a:f2:bd:b5:f9:a9:68:
43:2a:2d:78:ff:e3:b3:ab:c5:d7:11:ef:d3:71:e1:c5:4c:92:
83:ed:3d:5a:de:1a:26:96:8e:f8:93:20:21:19:ee:1e:3d:cc:
22:09:7b:0a:06:0b:40:d2:67:e3:d7:80:3e:e9:6f:d2:ad:25:
03:90:54:e6:d4:c5:9e:01:89:bc:88:25:08:ac:40:c3:56:cb:
fb:32:9a:3d:b2:72:32:5c:1d:db:65:ae:18:2e:19:63:5d:ce:
52:b0:b5:eb:ec:1a:bc:1f:12:64:84:a9:99:ed:44:a5:e5:44:
3a:c5:20:b1:10:2f:93:92:94:55:ee:83:cc:4d:ef:4a:00:66:
79:99:51:bd:db:6a:8a:cd:20:d7:b0:92:10:0d:42:fc:20:29:
ed:98:f1:ff:a9:2a:c5:51:33:53:88:4d:26:b7:2c:ec:9d:9d:
a3:ea:74:5e
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYduzGhinsf747CnInO+DLNcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDExMDUzMTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YTQyN2NlMTE3OTZjNGQ4NWFhMjg0NTI1ZWFjMTZjN2JmMjRmMWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2UmHzHAd0oSq7gros5pXXIwuqY0x
L7MFBtVRQrZS2fmYtd76zCGu+1XeQoYCVYv6UsVC7MjQOkbiW3lm3ez2N+zHFaz0
wrtaaX1lqHhkoPDTpPtJp+/keBUNmslJBrlyMBZEQXxFIasA/+oUlEy6bqfiXsGA
YV9P+7fRGk6/VfvpfwLxcRSYhPuYC+Gfx1qC163V+KEABSDsFs/DSUbrMkin9YG4
W+j0KKG88ZWRqzJ9wkoeMXLttnZbzwpzqsZGSDc6yGUsCTeqgKAgpEDpiAmnyixC
YbxzF2kUoLtG7kQvhUoexSMPVFwKQKsrs0RG+C6xK9qsUjR4uUXWbbyJiwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFGpCfOEXlsTYWqKEUl6sFse/JPGhMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvYWtKODRSZVd4Tmhhb29SU1hxd1d4NzhrOGFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAT249AwQA
XPkwAwQAXPkzAwQAXmd/AwQAbc7uAwQAstfgAwQAwRnYMA0GCSqGSIb3DQEBCwUA
A4IBAQAESTgYCBYgerGqUXUC9fSA5jYTXgxhmG228T0BbOc7PIJLLSudd8m0heBD
HSR0pEF+/hVe9uT9jLEkohKuoqGSDoJBqyXNTcCUMZbXl/USb1KDh1ryvbX5qWhD
Ki14/+Ozq8XXEe/TceHFTJKD7T1a3homlo74kyAhGe4ePcwiCXsKBgtA0mfj14A+
6W/SrSUDkFTm1MWeAYm8iCUIrEDDVsv7Mpo9snIyXB3bZa4YLhljXc5SsLXr7Bq8
HxJkhKmZ7USl5UQ6xSCxEC+TkpRV7oPMTe9KAGZ5mVG922qKzSDXsJIQDUL8ICnt
mPH/qSrFUTNTiE0mtyzsnZ2j6nRe
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:39 2023 by rpki-client on console-ams.rpki-client.org