Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/eR5U3gQt_n5cEOkSuKam9l84qbg.roa
File: eR5U3gQt_n5cEOkSuKam9l84qbg.roa (raw, json)
Hash identifier: xE626P5CU3OGJ8j2BU5yDECF8Iuul2EbVLukAUhNLtU=
Subject key identifier: 79:1E:54:DE:04:2D:FE:7E:5C:10:E9:12:B8:A6:A6:F6:5F:38:A9:B8
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0183E65E717204BDE8EE90E589A0D8E5CFAC
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/eR5U3gQt_n5cEOkSuKam9l84qbg.roa
Signing time: Mon 17 Oct 2022 14:34:52 +0000
ROA not before: Mon 17 Oct 2022 14:34:52 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 0
IP address blocks: 87.121.124.0/23 maxlen: 24
164.40.185.0/24 maxlen: 24
80.76.49.0/24 maxlen: 24
185.218.139.0/24 maxlen: 24
185.218.137.0/24 maxlen: 24
193.222.98.0/24 maxlen: 24
185.252.176.0/24 maxlen: 24
176.125.252.0/22 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
194.48.248.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:e6:5e:71:72:04:bd:e8:ee:90:e5:89:a0:d8:e5:cf:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Oct 17 14:34:52 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=791e54de042dfe7e5c10e912b8a6a6f65f38a9b8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:45:cc:d4:47:c7:5b:e8:e7:b9:8b:51:23:d6:
8d:40:21:3d:87:a9:e1:fe:62:ca:fc:76:ba:12:5f:
53:10:68:3d:5c:08:69:a7:db:0e:af:c1:1d:f9:85:
ea:a4:ab:b5:bf:25:09:33:76:c1:56:c5:04:16:ee:
bc:6e:da:ff:ba:6f:87:41:75:5e:8f:e6:fc:2a:45:
e4:b9:d9:7f:87:57:e9:16:4e:04:0a:c3:fb:24:85:
0b:dc:b2:04:87:d7:15:6a:6f:21:38:57:1e:cc:e0:
e1:cd:e6:16:a0:90:2c:fa:95:70:16:0a:ee:19:cb:
fe:f6:32:b5:e1:6f:4f:5f:2c:ac:3d:8b:cd:5a:c7:
d7:87:4b:e5:6e:eb:86:0c:fd:39:cd:e8:2e:7c:ee:
5b:d1:fc:3e:26:25:b7:d8:7a:81:4f:17:61:1e:4e:
de:f2:8b:a3:cf:70:d2:78:e4:9f:5c:d7:4d:3c:a2:
78:1e:bb:31:8a:3d:15:ab:22:8f:8e:76:9d:01:e1:
5e:6a:51:80:18:6a:10:93:2c:e7:74:0c:77:e4:a5:
d7:40:19:77:15:48:04:43:b9:27:0a:56:5e:a6:73:
64:e6:5e:6d:fe:73:46:c8:83:a0:22:39:6b:92:56:
88:08:cc:14:01:23:09:59:82:67:4d:cd:21:6e:4d:
e1:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
79:1E:54:DE:04:2D:FE:7E:5C:10:E9:12:B8:A6:A6:F6:5F:38:A9:B8
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/eR5U3gQt_n5cEOkSuKam9l84qbg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
80.76.49.0/24
87.121.124.0/23
94.154.161.0-94.154.163.255
164.40.185.0/24
176.125.252.0/22
185.218.137.0/24
185.218.139.0/24
185.252.176.0/24
193.222.98.0/24
194.48.248.0/24
Signature Algorithm: sha256WithRSAEncryption
16:9d:f4:b5:b5:5a:6c:68:d8:6c:e2:40:b6:7d:1f:0c:d4:d9:
ac:c8:5d:48:4d:4f:85:2c:44:3b:ad:dc:4b:fa:7c:8f:1a:f2:
ac:36:0b:e6:ed:d9:7d:d6:33:f1:ba:55:6e:97:b1:b1:91:3f:
e8:30:42:35:31:6d:45:db:03:ea:56:92:bd:c2:df:b0:03:ba:
cf:6b:4e:ed:65:d5:c5:5f:ff:77:5c:54:a3:63:7b:77:c0:15:
7b:50:bc:fb:7a:c4:ce:7b:c4:c8:2b:72:74:42:f0:da:3f:ff:
eb:e2:e9:06:97:ab:41:8f:41:ce:b1:1c:d0:4c:c2:ee:eb:1f:
6a:bf:42:65:95:d5:8a:d8:f2:b2:b3:78:4c:46:97:37:f6:41:
7c:23:20:dc:6d:b2:85:20:f9:78:07:3c:e8:33:a7:89:8e:fb:
d8:45:8e:e3:0b:98:c0:59:45:53:3d:7a:da:86:19:19:8f:c9:
d9:39:d3:32:41:ef:08:be:29:60:f7:49:01:59:fc:e0:6d:36:
90:70:99:a6:f2:54:4e:20:b6:92:49:80:37:4e:e3:21:e8:56:
7a:72:bd:02:f6:3a:7c:bc:5c:6d:93:86:74:f3:05:21:97:5d:
6f:0a:28:44:8c:4f:1e:17:83:83:9d:dc:1b:24:36:3a:c3:ed:
c1:e7:21:16
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgISAYPmXnFyBL3o7pDliaDY5c+sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMDE3MTQzNDUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3OTFlNTRkZTA0MmRmZTdlNWMxMGU5MTJiOGE2YTZmNjVmMzhhOWI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkkXM1EfHW+jnuYtRI9aNQCE9h6nh
/mLK/Ha6El9TEGg9XAhpp9sOr8Ed+YXqpKu1vyUJM3bBVsUEFu68btr/um+HQXVe
j+b8KkXkudl/h1fpFk4ECsP7JIUL3LIEh9cVam8hOFcezODhzeYWoJAs+pVwFgru
Gcv+9jK14W9PXyysPYvNWsfXh0vlbuuGDP05zegufO5b0fw+JiW32HqBTxdhHk7e
8oujz3DSeOSfXNdNPKJ4Hrsxij0VqyKPjnadAeFealGAGGoQkyzndAx35KXXQBl3
FUgEQ7knClZepnNk5l5t/nNGyIOgIjlrklaICMwUASMJWYJnTc0hbk3hEQIDAQAB
o4ICRzCCAkMwHQYDVR0OBBYEFHkeVN4ELf5+XBDpErimpvZfOKm4MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZVI1VTNnUXRfbjVjRU9rU3VLYW05bDg0cWJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMF0GCCsGAQUFBwEHAQH/BE4wTDBKBAIAATBEAwQAUEwxAwQB
V3l8MAwDBABemqEDBAJemqADBACkKLkDBAKwffwDBAC52okDBAC52osDBAC5/LAD
BADB3mIDBADCMPgwDQYJKoZIhvcNAQELBQADggEBABad9LW1Wmxo2GziQLZ9HwzU
2azIXUhNT4UsRDut3Ev6fI8a8qw2C+bt2X3WM/G6VW6XsbGRP+gwQjUxbUXbA+pW
kr3C37ADus9rTu1l1cVf/3dcVKNje3fAFXtQvPt6xM57xMgrcnRC8No//+vi6QaX
q0GPQc6xHNBMwu7rH2q/QmWV1YrY8rKzeExGlzf2QXwjINxtsoUg+XgHPOgzp4mO
+9hFjuMLmMBZRVM9etqGGRmPydk50zJB7wi+KWD3SQFZ/OBtNpBwmabyVE4gtpJJ
gDdO4yHoVnpyvQL2Ony8XG2ThnTzBSGXXW8KKESMTx4Xg4Od3BskNjrD7cHnIRY=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:40 2023 by rpki-client on console-ams.rpki-client.org