Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/dTwGdw77lgkwF83AeRL7RtwmS4w.roa
File: dTwGdw77lgkwF83AeRL7RtwmS4w.roa (raw, json)
Hash identifier: r3P0T6AarmnRMGAQaNCpryOJUWmdSkiEP4aivUGuJ/M=
Subject key identifier: 75:3C:06:77:0E:FB:96:09:30:17:CD:C0:79:12:FB:46:DC:26:4B:8C
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018CB0D15745BC21430861FDBB5626C62A39
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/dTwGdw77lgkwF83AeRL7RtwmS4w.roa
Signing time: Thu 28 Dec 2023 14:25:58 +0000
ROA not before: Thu 28 Dec 2023 14:25:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50738
IP address blocks: 87.121.124.0/23 maxlen: 24
171.22.31.0/24 maxlen: 24
81.161.239.0/24 maxlen: 24
91.200.192.0/22 maxlen: 24
94.156.248.0/24 maxlen: 24
87.121.162.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
171.22.17.0/24 maxlen: 24
171.22.18.0/24 maxlen: 24
79.110.61.0/24 maxlen: 24
45.129.84.0/24 maxlen: 24
193.35.19.0/24 maxlen: 24
37.139.130.0/24 maxlen: 24
193.25.216.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:b0:d1:57:45:bc:21:43:08:61:fd:bb:56:26:c6:2a:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Dec 28 14:25:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=753c06770efb96093017cdc07912fb46dc264b8c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:19:89:6f:ae:10:99:4e:7c:27:70:4a:72:78:
de:bc:2f:c5:e7:29:96:c2:18:d5:88:f0:72:4b:fd:
f2:54:a1:51:36:af:ac:14:4d:70:85:e3:0c:68:16:
64:2a:6f:bf:db:41:80:c9:9c:2a:15:c0:21:56:43:
0e:d1:8a:f1:09:16:6c:b4:f9:31:36:f6:84:14:e2:
34:24:a0:c1:2d:31:b6:13:73:87:33:a6:d4:61:da:
c0:7f:b5:89:b2:94:ce:1e:cf:35:6d:5e:d2:36:72:
d9:16:23:7b:fc:89:29:8c:57:72:5f:61:51:68:49:
57:7e:6d:9c:db:ed:86:a6:9c:fa:3d:36:80:61:a0:
e7:ca:87:22:95:7e:92:fa:89:4e:a8:24:33:77:8c:
21:79:35:d3:ec:a3:0d:ea:57:8d:d5:02:80:fb:01:
61:05:53:8b:a6:72:07:72:30:ea:27:40:4c:12:b8:
f4:2e:be:16:c6:e5:ab:46:56:0c:b1:74:da:95:ce:
37:7d:1c:e2:d8:c9:c7:92:2a:56:38:9f:64:3b:24:
81:c2:27:37:76:27:2d:aa:35:23:10:19:f7:0b:e3:
03:70:77:ee:0e:eb:75:42:23:32:f2:1b:33:26:8c:
b9:38:21:a7:42:22:53:5f:e0:69:76:ba:ad:cf:47:
25:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:3C:06:77:0E:FB:96:09:30:17:CD:C0:79:12:FB:46:DC:26:4B:8C
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/dTwGdw77lgkwF83AeRL7RtwmS4w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.130.0/24
45.129.84.0/24
45.141.158.0/24
79.110.61.0/24
81.161.239.0/24
87.121.124.0/23
87.121.162.0/24
91.200.192.0/22
94.156.248.0/24
171.22.17.0-171.22.18.255
171.22.31.0/24
193.25.216.0/24
193.35.19.0/24
Signature Algorithm: sha256WithRSAEncryption
40:4d:13:f0:c7:72:21:7d:36:78:8d:60:30:ee:8e:ae:71:38:
fa:65:47:09:a5:e8:1f:94:10:61:f2:e7:12:d2:6a:39:b5:eb:
86:00:78:3b:5e:62:7e:7e:8f:fd:87:36:f2:2b:53:9c:8a:35:
55:1b:4f:f6:46:a4:d0:f7:ed:f2:a9:0f:3d:bf:2a:0e:85:ef:
44:57:c0:80:25:0c:c0:8e:60:eb:56:43:fb:40:ec:ac:6d:bc:
5d:15:6c:69:b7:88:65:ab:b2:6a:7d:91:e2:ac:5a:29:20:9e:
9e:4f:32:99:31:ff:28:ca:e5:5e:0d:41:7d:76:a5:1d:d9:36:
57:75:b1:6b:1b:54:70:fa:ca:b4:b4:0b:81:54:10:d8:18:14:
e3:6a:3b:33:60:c7:00:22:3c:70:0c:b6:e7:b7:37:3a:0d:59:
f8:b7:02:6d:d3:51:f4:f0:b6:44:a4:65:6d:0a:8e:80:2f:c2:
4f:db:f1:3f:1d:c8:bc:29:26:c0:4e:6b:84:50:14:c6:5a:25:
97:35:1a:5b:c2:5d:b3:f6:23:68:9a:e1:b5:8e:a9:b2:98:6d:
ee:9e:a1:42:af:ae:2c:cc:03:dc:71:0c:72:f0:72:a3:cc:d9:
fe:05:d8:24:7b:ef:d6:10:51:cc:68:b8:2f:bc:29:35:5c:d7:
d5:3f:bc:16
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYyw0VdFvCFDCGH9u1Ymxio5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMjI4MTQyNTU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NTNjMDY3NzBlZmI5NjA5MzAxN2NkYzA3OTEyZmI0NmRjMjY0YjhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjhmJb64QmU58J3BKcnjevC/F5ymW
whjViPByS/3yVKFRNq+sFE1wheMMaBZkKm+/20GAyZwqFcAhVkMO0YrxCRZstPkx
NvaEFOI0JKDBLTG2E3OHM6bUYdrAf7WJspTOHs81bV7SNnLZFiN7/IkpjFdyX2FR
aElXfm2c2+2Gppz6PTaAYaDnyocilX6S+olOqCQzd4wheTXT7KMN6leN1QKA+wFh
BVOLpnIHcjDqJ0BMErj0Lr4WxuWrRlYMsXTalc43fRzi2MnHkipWOJ9kOySBwic3
dictqjUjEBn3C+MDcHfuDut1QiMy8hszJoy5OCGnQiJTX+Bpdrqtz0clcQIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFHU8BncO+5YJMBfNwHkS+0bcJkuMMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZFR3R2R3NzdsZ2t3RjgzQWVSTDdSdHdtUzR3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQAJYuCAwQA
LYFUAwQALY2eAwQAT249AwQAUaHvAwQBV3l8AwQAV3miAwQCW8jAAwQAXpz4MAwD
BACrFhEDBACrFhIDBACrFh8DBADBGdgDBADBIxMwDQYJKoZIhvcNAQELBQADggEB
AEBNE/DHciF9NniNYDDujq5xOPplRwml6B+UEGHy5xLSajm164YAeDteYn5+j/2H
NvIrU5yKNVUbT/ZGpND37fKpDz2/Kg6F70RXwIAlDMCOYOtWQ/tA7KxtvF0VbGm3
iGWrsmp9keKsWikgnp5PMpkx/yjK5V4NQX12pR3ZNld1sWsbVHD6yrS0C4FUENgY
FONqOzNgxwAiPHAMtue3NzoNWfi3Am3TUfTwtkSkZW0KjoAvwk/b8T8dyLwpJsBO
a4RQFMZaJZc1GlvCXbP2I2ia4bWOqbKYbe6eoUKvrizMA9xxDHLwcqPM2f4F2CR7
79YQUcxouC+8KTVc19U/vBY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:15 2024 by rpki-client on console-fra.rpki-client.org