Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/cR_nHMbuEJOLvrhk6TXx3AUolwI.roa
File: cR_nHMbuEJOLvrhk6TXx3AUolwI.roa (raw, json)
Hash identifier: GebAD7Dm4Ie78+dx1rpjQueLa+bGShE4p2nPGKa6j4c=
Subject key identifier: 71:1F:E7:1C:C6:EE:10:93:8B:BE:B8:64:E9:35:F1:DC:05:28:97:02
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01852F82E827FB0A78F4F8E3285F56365CB0
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/cR_nHMbuEJOLvrhk6TXx3AUolwI.roa
Signing time: Tue 20 Dec 2022 12:29:46 +0000
ROA not before: Tue 20 Dec 2022 12:29:46 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 0
IP address blocks: 87.121.124.0/23 maxlen: 24
164.40.185.0/24 maxlen: 24
185.218.137.0/24 maxlen: 24
185.252.176.0/24 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
194.48.248.0/24 maxlen: 24
185.219.126.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:2f:82:e8:27:fb:0a:78:f4:f8:e3:28:5f:56:36:5c:b0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Dec 20 12:29:46 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=711fe71cc6ee10938bbeb864e935f1dc05289702
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:32:ef:58:b3:76:0c:9d:a7:95:7f:a8:cf:4d:
28:c4:08:b1:c5:63:53:fd:c8:76:39:ef:89:9b:6e:
5a:4d:70:95:74:05:6f:10:a2:54:f9:7f:0a:a9:26:
c2:24:6e:0a:fe:43:2a:0b:42:24:49:59:cc:f6:1a:
22:8d:54:65:88:b0:34:c4:1b:9e:b3:f2:5b:d7:36:
40:b7:f8:2b:73:6c:57:1a:d7:d7:c8:86:d1:24:f4:
74:2f:82:c0:a8:8f:45:3c:16:e5:8e:73:62:c2:4f:
ea:f7:71:97:8d:25:8d:78:1a:71:18:38:6b:a6:3f:
87:88:15:1c:38:aa:17:60:e3:fd:5f:3e:7a:49:c2:
1e:29:63:29:af:ec:ef:d9:3e:25:72:45:b2:83:79:
bb:81:55:ea:7b:50:c9:7e:f1:c3:54:23:cc:76:a5:
a0:89:44:84:68:de:22:c7:17:63:c1:e5:37:39:57:
b5:21:a9:aa:56:98:10:cc:e6:bb:19:c1:69:c0:1b:
70:20:fa:e0:b0:37:d0:2f:97:b3:ff:a6:86:b9:e0:
a4:69:d5:77:46:11:8a:77:a1:f8:da:a5:5a:69:31:
8e:f9:8a:d4:31:58:ca:80:64:b8:8e:a3:09:9d:49:
6a:ae:67:7c:ac:c4:07:c5:77:5d:19:9d:10:48:e9:
a9:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:1F:E7:1C:C6:EE:10:93:8B:BE:B8:64:E9:35:F1:DC:05:28:97:02
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/cR_nHMbuEJOLvrhk6TXx3AUolwI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.121.124.0/23
94.154.161.0-94.154.163.255
164.40.185.0/24
185.218.137.0/24
185.219.126.0/24
185.252.176.0/24
194.48.248.0/24
Signature Algorithm: sha256WithRSAEncryption
50:7f:9f:27:fc:1d:42:58:ae:b1:50:39:3b:17:3c:5b:3a:d6:
27:3b:a3:8c:b8:e4:03:37:c3:c9:94:33:8b:db:da:7d:6b:38:
27:e1:1b:b8:eb:84:06:bd:ce:eb:e8:88:21:c3:3d:bf:df:d8:
f1:d5:37:16:c0:34:f2:6d:74:de:ff:f5:c4:86:7c:5e:ce:b9:
ec:00:5d:68:df:7f:fa:89:64:6d:d4:15:89:79:e1:ef:e3:6c:
4f:2f:9d:86:55:93:9e:dc:18:e7:7a:1b:cf:b5:6a:ef:c7:fd:
29:b6:52:cf:00:e2:d3:0f:9d:3c:34:0e:45:b5:2c:fe:3c:45:
5f:94:a1:9f:e7:39:6a:ab:64:8b:1d:39:8b:1d:a2:14:da:ee:
1f:03:c3:1f:8f:d3:7c:d7:fd:e4:25:7f:87:4c:f2:11:0c:c5:
10:59:81:73:94:e2:22:4f:54:51:53:51:0d:8c:7c:0e:d3:35:
7d:4b:b8:5d:da:28:5a:fb:53:ce:ed:21:92:e3:37:ce:c5:13:
2b:35:bc:ad:ab:f2:a2:d1:1b:05:70:66:a2:b1:f5:36:c3:e2:
84:27:ba:f9:00:5d:9d:e3:f4:22:1f:50:bb:28:1e:d9:58:c2:
b3:91:69:0a:b3:19:3d:b6:fa:a4:3b:cf:36:27:97:ab:22:72:
09:01:1a:24
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYUvgugn+wp49PjjKF9WNlywMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMjIwMTIyOTQ2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTFmZTcxY2M2ZWUxMDkzOGJiZWI4NjRlOTM1ZjFkYzA1Mjg5NzAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuTLvWLN2DJ2nlX+oz00oxAixxWNT
/ch2Oe+Jm25aTXCVdAVvEKJU+X8KqSbCJG4K/kMqC0IkSVnM9hoijVRliLA0xBue
s/Jb1zZAt/grc2xXGtfXyIbRJPR0L4LAqI9FPBbljnNiwk/q93GXjSWNeBpxGDhr
pj+HiBUcOKoXYOP9Xz56ScIeKWMpr+zv2T4lckWyg3m7gVXqe1DJfvHDVCPMdqWg
iUSEaN4ixxdjweU3OVe1IamqVpgQzOa7GcFpwBtwIPrgsDfQL5ez/6aGueCkadV3
RhGKd6H42qVaaTGO+YrUMVjKgGS4jqMJnUlqrmd8rMQHxXddGZ0QSOmp5wIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFHEf5xzG7hCTi764ZOk18dwFKJcCMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvY1JfbkhNYnVFSk9MdnJoazZUWHgzQVVvbHdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQBV3l8MAwD
BABemqEDBAJemqADBACkKLkDBAC52okDBAC5234DBAC5/LADBADCMPgwDQYJKoZI
hvcNAQELBQADggEBAFB/nyf8HUJYrrFQOTsXPFs61ic7o4y45AM3w8mUM4vb2n1r
OCfhG7jrhAa9zuvoiCHDPb/f2PHVNxbANPJtdN7/9cSGfF7OuewAXWjff/qJZG3U
FYl54e/jbE8vnYZVk57cGOd6G8+1au/H/Sm2Us8A4tMPnTw0DkW1LP48RV+UoZ/n
OWqrZIsdOYsdohTa7h8Dwx+P03zX/eQlf4dM8hEMxRBZgXOU4iJPVFFTUQ2MfA7T
NX1LuF3aKFr7U87tIZLjN87FEys1vK2r8qLRGwVwZqKx9TbD4oQnuvkAXZ3j9CIf
ULsoHtlYwrORaQqzGT22+qQ7zzYnl6sicgkBGiQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:38 2024 by rpki-client on console-ams.rpki-client.org