Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hc-hS3w7ZxzAYpz7LMV63diATo0.roa
File: hc-hS3w7ZxzAYpz7LMV63diATo0.roa (raw, json)
Hash identifier: AinsBjt1XcCX6/mUif3iaH3S/i+9K2iyH3fFzajCDVo=
Subject key identifier: 85:CF:A1:4B:7C:3B:67:1C:C0:62:9C:FB:2C:C5:7A:DD:D8:80:4E:8D
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 1C5F78C4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hc-hS3w7ZxzAYpz7LMV63diATo0.roa
Signing time: Sat 01 Jan 2022 01:02:26 +0000
ROA not before: Sat 01 Jan 2022 01:02:26 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 34577
IP address blocks: 93.123.40.0/21 maxlen: 21
87.120.178.0/23 maxlen: 23
87.120.180.0/22 maxlen: 22
87.120.184.0/22 maxlen: 22
87.120.190.0/23 maxlen: 23
93.123.67.0/24 maxlen: 24
212.73.149.0/24 maxlen: 24
93.123.66.0/24 maxlen: 24
87.121.84.0/22 maxlen: 22
87.121.88.0/23 maxlen: 23
87.120.144.0/21 maxlen: 21
87.120.158.0/23 maxlen: 23
87.120.45.119/32 maxlen: 32
94.156.112.0/20 maxlen: 20
37.60.141.0/24 maxlen: 24
87.121.48.0/22 maxlen: 22
87.120.0.0/22 maxlen: 22
93.123.96.0/22 maxlen: 22
93.123.100.0/23 maxlen: 23
87.120.12.0/24 maxlen: 24
87.120.14.0/23 maxlen: 23
87.120.232.0/23 maxlen: 23
87.120.234.0/23 maxlen: 23
87.120.44.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 476018884 (0x1c5f78c4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 1 01:02:26 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=85cfa14b7c3b671cc0629cfb2cc57addd8804e8d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:63:6c:3c:18:87:8b:1f:5e:ca:a8:ba:5e:95:
a2:1a:f6:dd:8f:37:4b:c8:92:00:b6:da:af:67:ee:
11:c7:eb:e4:e2:27:13:90:52:f7:32:9b:e2:64:0e:
8f:b6:e0:11:86:54:f6:16:b5:b0:81:91:25:7d:7e:
e9:72:e8:aa:d9:be:c8:67:04:7a:9e:4a:7d:1f:a6:
02:11:ac:bb:f7:1b:32:b2:90:d5:da:a1:b3:d7:d2:
0d:9f:14:a1:8b:64:78:b5:f0:aa:fb:39:88:ce:09:
67:83:71:51:a8:a1:a6:68:9d:14:6a:15:17:94:65:
69:69:78:a9:bd:b3:62:74:77:af:0f:78:da:c3:53:
73:4f:f3:65:4d:88:ea:45:05:b2:c9:b6:8c:78:43:
e9:10:26:00:42:0b:02:6c:e8:9d:eb:16:2f:8d:0f:
e9:40:8a:55:3d:44:ff:ff:f4:51:21:fe:ec:c7:d3:
68:bd:75:9c:49:77:7f:b5:99:b3:38:72:df:32:82:
62:dd:e2:34:e5:cb:e0:5c:52:61:60:00:08:3e:c6:
d3:5d:1e:16:59:d5:12:8d:d6:9d:e5:2f:60:af:84:
86:4f:45:22:46:8d:5c:24:96:5f:fe:56:d9:41:2a:
7c:23:0a:35:1e:1e:31:80:b2:e2:e0:ed:30:ac:3a:
a2:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
85:CF:A1:4B:7C:3B:67:1C:C0:62:9C:FB:2C:C5:7A:DD:D8:80:4E:8D
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hc-hS3w7ZxzAYpz7LMV63diATo0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.60.141.0/24
87.120.0.0/22
87.120.12.0/24
87.120.14.0/23
87.120.44.0/23
87.120.144.0/21
87.120.158.0/23
87.120.178.0-87.120.187.255
87.120.190.0/23
87.120.232.0/22
87.121.48.0/22
87.121.84.0-87.121.89.255
93.123.40.0/21
93.123.66.0/23
93.123.96.0-93.123.101.255
94.156.112.0/20
212.73.149.0/24
Signature Algorithm: sha256WithRSAEncryption
57:54:dc:a2:ab:57:f2:cf:53:6c:f3:6b:77:7a:68:40:3b:a7:
bb:ed:c1:f9:ae:60:13:05:af:bd:b2:41:32:b7:16:bd:4b:74:
9c:a1:48:2d:89:02:e0:ca:ec:c8:97:4f:17:85:d3:c0:37:df:
37:17:f4:3b:d0:a1:6e:ee:94:14:ea:a9:d5:3a:5e:3a:97:51:
24:c0:30:6d:29:30:b6:47:1b:6c:f5:16:7b:2a:a1:83:f9:10:
b3:2f:a8:3c:92:e9:2b:5e:74:74:1a:fc:9e:09:d1:3e:ba:e1:
5b:35:1d:d0:76:45:49:09:4c:83:3e:39:da:0c:4b:f2:f1:d4:
9d:d1:99:9f:0b:9f:66:09:72:cf:b1:a2:c3:f1:4b:c3:c6:b4:
07:6d:a9:7c:43:6c:d8:d2:b4:e1:b7:a3:6b:75:3e:68:21:32:
a0:ab:14:44:1f:ca:ee:ea:fb:a4:a9:5f:30:c5:b4:36:06:07:
fe:e4:ab:ce:26:ec:53:c3:c8:60:ce:97:e3:8f:e7:da:12:f7:
36:10:cc:dd:e0:a0:5a:30:8c:b5:0c:69:40:6d:92:f7:32:70:
4e:3b:72:9d:93:33:46:c6:4d:1c:ea:f5:ba:ca:7b:c0:0e:c7:
a0:1d:60:09:ba:65:bf:1b:e9:e7:06:c4:6a:f2:a7:65:a4:5b:
e6:99:01:98
-----BEGIN CERTIFICATE-----
MIIFazCCBFOgAwIBAgIEHF94xDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDEw
MTAxMDIyNloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoODVjZmExNGI3YzNi
NjcxY2MwNjI5Y2ZiMmNjNTdhZGRkODgwNGU4ZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANVjbDwYh4sfXsqoul6Vohr23Y83S8iSALbar2fuEcfr5OIn
E5BS9zKb4mQOj7bgEYZU9ha1sIGRJX1+6XLoqtm+yGcEep5KfR+mAhGsu/cbMrKQ
1dqhs9fSDZ8UoYtkeLXwqvs5iM4JZ4NxUaihpmidFGoVF5RlaWl4qb2zYnR3rw94
2sNTc0/zZU2I6kUFssm2jHhD6RAmAEILAmzonesWL40P6UCKVT1E///0USH+7MfT
aL11nEl3f7WZszhy3zKCYt3iNOXL4FxSYWAACD7G010eFlnVEo3WneUvYK+Ehk9F
IkaNXCSWX/5W2UEqfCMKNR4eMYCy4uDtMKw6onUCAwEAAaOCAoUwggKBMB0GA1Ud
DgQWBBSFz6FLfDtnHMBinPssxXrd2IBOjTAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L2hjLWhTM3c3Wnh6QVlwejdMTVY2M2RpQVRvMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
mgYIKwYBBQUHAQcBAf8EgYowgYcwgYQEAgABMH4DBAAlPI0DBAJXeAADBABXeAwD
BAFXeA4DBAFXeCwDBANXeJADBAFXeJ4wDAMEAVd4sgMEAld4uAMEAVd4vgMEAld4
6AMEAld5MDAMAwQCV3lUAwQBV3lYAwQDXXsoAwQBXXtCMAwDBAVde2ADBAFde2QD
BARenHADBADUSZUwDQYJKoZIhvcNAQELBQADggEBAFdU3KKrV/LPU2zza3d6aEA7
p7vtwfmuYBMFr72yQTK3Fr1LdJyhSC2JAuDK7MiXTxeF08A33zcX9DvQoW7ulBTq
qdU6XjqXUSTAMG0pMLZHG2z1FnsqoYP5ELMvqDyS6StedHQa/J4J0T664Vs1HdB2
RUkJTIM+OdoMS/Lx1J3RmZ8Ln2YJcs+xosPxS8PGtAdtqXxDbNjStOG3o2t1Pmgh
MqCrFEQfyu7q+6SpXzDFtDYGB/7kq84m7FPDyGDOl+OP59oS9zYQzN3goFowjLUM
aUBtkvcycE47cp2TM0bGTRzq9brKe8AOx6AdYAm6Zb8b6ecGxGryp2WkW+aZAZg=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:40 2023 by rpki-client on console-ams.rpki-client.org