Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/dXyG9G-OT70vZALz70koqtGad8k.roa
File: dXyG9G-OT70vZALz70koqtGad8k.roa (raw, json)
Hash identifier: cCiArrmPgPcTe+iFZxxNi5pdknhSeL58cLX5dsaFuNc=
Subject key identifier: 75:7C:86:F4:6F:8E:4F:BD:2F:64:02:F3:EF:49:28:AA:D1:9A:77:C9
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 1DD0F8C0
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/dXyG9G-OT70vZALz70koqtGad8k.roa
Signing time: Fri 08 Apr 2022 13:11:59 +0000
ROA not before: Fri 08 Apr 2022 13:11:59 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 22653
IP address blocks: 31.169.124.0/24 maxlen: 24
31.169.125.0/24 maxlen: 24
31.169.126.0/24 maxlen: 24
31.169.127.0/24 maxlen: 24
194.55.226.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
194.55.225.0/24 maxlen: 24
194.55.227.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
178.215.238.0/24 maxlen: 24
178.215.239.0/24 maxlen: 24
178.215.237.0/24 maxlen: 24
85.31.44.0/24 maxlen: 24
85.31.46.0/24 maxlen: 24
85.31.45.0/24 maxlen: 24
85.31.47.0/24 maxlen: 24
79.110.60.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
79.110.61.0/24 maxlen: 24
79.110.63.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 500234432 (0x1dd0f8c0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 8 13:11:59 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=757c86f46f8e4fbd2f6402f3ef4928aad19a77c9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:2b:72:15:d3:d3:f2:46:ee:7b:e7:67:3d:08:
27:b6:7a:ad:b8:e2:ed:e8:9f:b8:b0:f4:8b:ab:77:
71:3c:f4:10:67:aa:89:74:20:81:3e:b9:95:91:18:
78:3b:97:ad:aa:4d:58:e7:ce:b0:40:13:69:6b:c9:
c4:0f:7a:26:72:42:9c:03:a7:e6:b6:03:d7:14:f6:
43:c1:9d:e0:0e:fb:33:d7:54:64:1d:7a:1d:db:20:
ad:08:2d:d9:c2:de:7e:f3:08:32:48:5d:21:da:db:
94:45:f1:ed:44:32:6b:50:36:fd:0e:39:c8:ab:4d:
0e:17:1a:83:39:17:e4:35:48:05:cf:47:62:2c:16:
9b:82:ff:01:89:bd:4c:ae:00:d6:a6:23:1f:bd:b9:
fa:aa:7a:d9:fa:a3:c3:2f:e9:12:99:3a:2d:da:14:
32:08:4e:0d:c8:00:1c:c7:04:4c:19:6d:5c:46:4e:
20:e4:44:74:15:5f:ce:b2:7f:48:92:eb:ee:cc:b5:
19:d2:de:27:c4:c5:71:24:7c:50:a1:5a:30:49:55:
f3:81:da:a0:ab:23:b2:d4:07:4a:1f:b7:74:cf:f8:
7a:d3:e3:7b:ed:2e:28:81:53:3e:dd:d9:36:5c:86:
63:92:66:90:4d:17:58:bf:00:a3:d0:07:b4:83:b4:
a5:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
75:7C:86:F4:6F:8E:4F:BD:2F:64:02:F3:EF:49:28:AA:D1:9A:77:C9
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/dXyG9G-OT70vZALz70koqtGad8k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.169.124.0/22
79.110.60.0/22
85.31.44.0/22
178.215.236.0/22
194.55.224.0/22
Signature Algorithm: sha256WithRSAEncryption
68:b2:54:90:9a:91:0f:07:07:7b:9b:42:62:82:86:68:23:89:
a1:1e:06:03:d8:25:51:07:f5:74:81:43:57:54:e7:60:58:cf:
8b:d4:5e:36:bc:57:c7:7a:9e:f5:28:86:8d:bc:7e:23:5b:99:
5c:df:3a:e7:d7:e0:58:29:8f:da:c8:00:72:00:4d:58:07:ca:
09:dc:5e:a2:ca:e5:83:e9:2c:fd:28:0d:b4:94:25:b4:14:98:
21:d1:3c:32:79:83:f2:0b:f2:bb:fd:a1:9b:05:f1:67:b6:16:
85:b4:2f:5f:86:ba:95:67:ac:2d:13:8f:25:3b:e5:81:70:60:
8e:31:ed:1a:47:a5:2e:42:3e:ab:61:0d:f3:f7:4a:85:18:b4:
e3:2a:c7:fa:09:60:eb:39:75:33:9c:a9:d0:d0:1f:94:7e:4a:
44:88:d6:4e:c8:8f:03:f4:24:0e:a7:bf:22:c9:5b:e6:02:8c:
53:ff:9b:f4:a4:8e:68:60:b2:a4:24:14:0a:4e:80:6d:fe:63:
2a:10:f8:f5:96:ca:1d:d2:ac:f9:55:3b:7b:9d:da:13:24:bc:
02:6b:47:db:a7:6c:5d:6d:ff:a0:14:59:0b:43:a4:64:05:0c:
83:86:de:c2:8a:ac:97:c3:9a:f4:9b:c3:a0:70:78:8f:f9:83:
f7:73:c2:c2
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIEHdD4wDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDQw
ODEzMTE1OVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNzU3Yzg2ZjQ2Zjhl
NGZiZDJmNjQwMmYzZWY0OTI4YWFkMTlhNzdjOTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOMrchXT0/JG7nvnZz0IJ7Z6rbji7eifuLD0i6t3cTz0EGeq
iXQggT65lZEYeDuXrapNWOfOsEATaWvJxA96JnJCnAOn5rYD1xT2Q8Gd4A77M9dU
ZB16HdsgrQgt2cLefvMIMkhdIdrblEXx7UQya1A2/Q45yKtNDhcagzkX5DVIBc9H
YiwWm4L/AYm9TK4A1qYjH725+qp62fqjwy/pEpk6LdoUMghODcgAHMcETBltXEZO
IOREdBVfzrJ/SJLr7sy1GdLeJ8TFcSR8UKFaMElV84HaoKsjstQHSh+3dM/4etPj
e+0uKIFTPt3ZNlyGY5JmkE0XWL8Ao9AHtIO0paUCAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBR1fIb0b45PvS9kAvPvSSiq0Zp3yTAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L2RYeUc5Ry1PVDcwdlpBTHo3MGtvcXRHYWQ4ay5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEAh+pfAMEAk9uPAMEAlUfLAMEArLX
7AMEAsI34DANBgkqhkiG9w0BAQsFAAOCAQEAaLJUkJqRDwcHe5tCYoKGaCOJoR4G
A9glUQf1dIFDV1TnYFjPi9ReNrxXx3qe9SiGjbx+I1uZXN8659fgWCmP2sgAcgBN
WAfKCdxeosrlg+ks/SgNtJQltBSYIdE8MnmD8gvyu/2hmwXxZ7YWhbQvX4a6lWes
LROPJTvlgXBgjjHtGkelLkI+q2EN8/dKhRi04yrH+glg6zl1M5yp0NAflH5KRIjW
TsiPA/QkDqe/Islb5gKMU/+b9KSOaGCypCQUCk6Abf5jKhD49ZbKHdKs+VU7e53a
EyS8AmtH26dsXW3/oBRZC0OkZAUMg4bewoqsl8Oa9JvDoHB4j/mD93PCwg==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:39 2023 by rpki-client on console-ams.rpki-client.org