Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/gwTdxmAr1njvtAO6FGcYFDeolQg.roa
File: gwTdxmAr1njvtAO6FGcYFDeolQg.roa (raw, json)
Hash identifier: dXroZUP7xhINu19tOeepwK5y5s+Jse2vR3MsB4IHPYQ=
Subject key identifier: 83:04:DD:C6:60:2B:D6:78:EF:B4:03:BA:14:67:18:14:37:A8:95:08
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0188DCB05A2AEFD8D4E537B7B6872C21BDDE
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/gwTdxmAr1njvtAO6FGcYFDeolQg.roa
Signing time: Wed 21 Jun 2023 06:42:04 +0000
ROA not before: Wed 21 Jun 2023 06:42:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207459
IP address blocks: 91.92.24.0/24 maxlen: 24
91.92.24.0/23 maxlen: 23
91.92.25.0/24 maxlen: 24
193.149.29.0/24 maxlen: 24
193.149.30.0/24 maxlen: 24
193.149.28.0/22 maxlen: 22
193.149.31.0/24 maxlen: 24
193.149.28.0/24 maxlen: 24
171.22.19.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
194.180.50.0/24 maxlen: 24
93.123.116.0/24 maxlen: 24
94.154.163.0/24 maxlen: 24
176.125.255.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:dc:b0:5a:2a:ef:d8:d4:e5:37:b7:b6:87:2c:21:bd:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jun 21 06:42:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8304ddc6602bd678efb403ba1467181437a89508
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:39:1b:06:54:0c:e5:98:fa:5e:8e:c0:df:67:
27:30:b7:2b:cb:40:e8:24:84:a2:d4:bb:7a:99:4d:
5a:6a:44:50:27:5f:c7:db:d1:5d:95:1e:5d:25:b6:
4d:95:19:02:a3:c1:9c:64:0c:21:3b:ce:97:2d:bb:
fe:08:13:5c:54:6e:ec:7c:c8:cb:12:5b:09:ba:cb:
79:07:dc:7e:53:f6:7e:f7:2d:42:aa:e0:48:ad:e2:
aa:bf:bd:b5:bc:3f:ef:2b:b4:47:0d:72:79:52:94:
16:85:60:a8:c8:7b:6c:18:d2:07:db:81:a5:a2:9b:
0a:06:0c:f4:a3:bf:44:90:f5:76:9d:a4:89:04:50:
8f:44:b6:dd:f1:ec:fa:80:2a:ce:4b:81:f9:a1:d6:
9a:61:e1:a6:80:3c:98:b7:f3:13:fa:92:39:01:f9:
8f:39:6f:b9:f0:7f:a3:68:f6:8e:6c:14:39:a4:c8:
67:ad:74:5a:20:90:e3:c7:6f:7b:63:8c:de:3b:cb:
95:4f:1f:9f:ea:d0:dd:00:7d:f7:6b:75:3d:0b:f3:
2f:00:cc:07:dc:64:2f:d6:75:37:cc:d1:71:5e:46:
cc:60:8b:76:23:c3:e6:b4:0b:ba:c5:29:b9:77:96:
d7:f6:ce:5b:b2:c6:04:4e:94:6b:7b:a6:7e:89:b6:
d0:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
83:04:DD:C6:60:2B:D6:78:EF:B4:03:BA:14:67:18:14:37:A8:95:08
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/gwTdxmAr1njvtAO6FGcYFDeolQg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
87.120.87.0/24
91.92.24.0/23
93.123.116.0/24
94.154.163.0/24
171.22.19.0/24
176.125.255.0/24
193.149.28.0/22
194.180.50.0/24
Signature Algorithm: sha256WithRSAEncryption
09:1b:62:cf:b1:81:64:2f:a4:5d:b7:fa:9f:82:9f:32:fd:b1:
61:41:60:ee:55:07:83:81:d5:f8:da:d4:41:b8:cf:3a:cb:1a:
da:4e:80:74:9d:36:5d:d2:25:22:f5:f2:90:9b:ff:9b:42:32:
a1:1a:53:f2:70:18:b9:a3:8b:30:66:f7:3f:e4:7e:ff:b0:35:
1b:32:85:05:a0:04:73:e6:c7:54:89:91:70:77:c7:94:ef:d8:
7b:4f:18:91:08:76:10:82:b6:d5:f4:e5:45:07:30:15:b2:bf:
e3:7d:52:aa:b0:fb:b3:19:eb:95:0d:4a:21:73:7e:90:15:29:
29:07:88:93:63:b9:a4:d2:e3:b8:de:d5:41:28:91:45:c3:58:
54:13:b1:ed:ef:0f:54:87:27:0b:ae:6c:64:93:57:c3:66:be:
6d:94:85:15:ca:98:08:4b:ff:77:30:69:65:f5:58:a8:c4:77:
a1:af:cc:ea:d0:d1:1f:a9:cf:01:ff:72:50:a3:60:f2:bf:ba:
de:b2:37:76:04:63:32:aa:48:57:10:8a:1f:f9:fb:27:db:db:
1b:65:04:95:18:3d:7e:6a:f6:45:f3:2d:1d:be:79:3e:7f:5b:
bd:16:be:2a:4a:e9:ca:d7:65:94:42:b7:74:d1:86:c0:59:88:
fb:95:45:23
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYjcsFoq79jU5Te3tocsIb3eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNjIxMDY0MjA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MzA0ZGRjNjYwMmJkNjc4ZWZiNDAzYmExNDY3MTgxNDM3YTg5NTA4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwTkbBlQM5Zj6Xo7A32cnMLcry0Do
JISi1Lt6mU1aakRQJ1/H29FdlR5dJbZNlRkCo8GcZAwhO86XLbv+CBNcVG7sfMjL
ElsJust5B9x+U/Z+9y1CquBIreKqv721vD/vK7RHDXJ5UpQWhWCoyHtsGNIH24Gl
opsKBgz0o79EkPV2naSJBFCPRLbd8ez6gCrOS4H5odaaYeGmgDyYt/MT+pI5AfmP
OW+58H+jaPaObBQ5pMhnrXRaIJDjx297Y4zeO8uVTx+f6tDdAH33a3U9C/MvAMwH
3GQv1nU3zNFxXkbMYIt2I8PmtAu6xSm5d5bX9s5bssYETpRre6Z+ibbQDQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFIME3cZgK9Z477QDuhRnGBQ3qJUIMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZ3dUZHhtQXIxbmp2dEFPNkZHY1lGRGVvbFFnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQAV3hXAwQB
W1wYAwQAXXt0AwQAXpqjAwQAqxYTAwQAsH3/AwQCwZUcAwQAwrQyMA0GCSqGSIb3
DQEBCwUAA4IBAQAJG2LPsYFkL6Rdt/qfgp8y/bFhQWDuVQeDgdX42tRBuM86yxra
ToB0nTZd0iUi9fKQm/+bQjKhGlPycBi5o4swZvc/5H7/sDUbMoUFoARz5sdUiZFw
d8eU79h7TxiRCHYQgrbV9OVFBzAVsr/jfVKqsPuzGeuVDUohc36QFSkpB4iTY7mk
0uO43tVBKJFFw1hUE7Ht7w9UhycLrmxkk1fDZr5tlIUVypgIS/93MGll9VioxHeh
r8zq0NEfqc8B/3JQo2Dyv7resjd2BGMyqkhXEIof+fsn29sbZQSVGD1+avZF8y0d
vnk+f1u9Fr4qSunK12WUQrd00YbAWYj7lUUj
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:16 2024 by rpki-client on console-fra.rpki-client.org