Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hsxXFeR5gltasgvU7yL8BI9grbs.roa
File: hsxXFeR5gltasgvU7yL8BI9grbs.roa (raw, json)
Hash identifier: lNx2Ks/dQcxokb26lumbyhWHKkHODb3aOqPSH8lHeXU=
Subject key identifier: 86:CC:57:15:E4:79:82:5B:5A:B2:0B:D4:EF:22:FC:04:8F:60:AD:BB
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018437541E417D7B4FC62A9B4A7141A8F8FB
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hsxXFeR5gltasgvU7yL8BI9grbs.roa
Signing time: Wed 02 Nov 2022 07:52:50 +0000
ROA not before: Wed 02 Nov 2022 07:52:50 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 20454
IP address blocks: 81.161.237.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
94.156.234.0/23 maxlen: 24
185.222.160.0/22 maxlen: 24
93.123.81.0/24 maxlen: 24
94.156.160.0/23 maxlen: 24
185.252.176.0/24 maxlen: 24
94.156.182.0/23 maxlen: 24
193.37.40.0/23 maxlen: 24
194.48.250.0/23 maxlen: 24
194.55.184.0/24 maxlen: 24
194.59.30.0/23 maxlen: 24
87.120.84.0/24 maxlen: 24
94.103.124.0/23 maxlen: 24
194.180.36.0/24 maxlen: 24
87.121.58.0/24 maxlen: 24
83.219.98.0/23 maxlen: 24
82.115.210.0/23 maxlen: 24
87.120.5.0/24 maxlen: 24
176.125.252.0/22 maxlen: 24
94.154.174.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:37:54:1e:41:7d:7b:4f:c6:2a:9b:4a:71:41:a8:f8:fb
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Nov 2 07:52:50 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=86cc5715e479825b5ab20bd4ef22fc048f60adbb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:bd:00:db:37:6e:b7:f0:74:65:60:d2:0c:ae:
4a:f9:a9:c9:a3:73:c8:ed:00:7b:aa:b1:9d:a1:af:
11:5c:fe:1c:cb:76:34:e4:56:bb:9d:ac:6d:2a:c3:
57:bd:b3:45:27:65:68:e7:61:4f:44:74:86:34:c4:
84:4f:7d:cf:7a:b9:aa:89:b1:88:84:4d:96:14:d2:
45:fe:45:7a:66:5d:2a:dd:3c:55:1e:ad:5c:38:65:
ee:67:8d:26:1c:f8:1e:65:b7:81:31:ca:87:44:94:
92:8f:cc:fe:68:99:d2:71:7d:1b:f1:a8:94:99:d1:
cb:76:24:b2:d2:c7:16:2f:f9:9d:06:cf:b0:60:ea:
f3:0e:0a:9b:74:a4:ae:14:da:1c:c1:fd:fb:18:db:
8d:a8:6b:77:68:ae:e1:70:f5:a1:1e:21:ae:c2:12:
31:6a:6b:c5:ac:6a:7d:55:11:46:c6:78:46:27:e6:
6c:98:3e:fe:e0:4b:4a:15:cb:43:c9:de:29:08:9d:
d2:43:b9:bc:97:d1:a3:9e:65:f2:9a:f2:ac:1c:63:
60:98:7a:ce:ca:7e:e8:4d:06:3e:12:67:e1:11:21:
27:5c:84:03:d1:0b:60:70:16:c5:02:9c:87:0b:b6:
96:56:cd:1b:f6:c0:bd:6b:ff:4e:28:fd:83:de:30:
b4:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
86:CC:57:15:E4:79:82:5B:5A:B2:0B:D4:EF:22:FC:04:8F:60:AD:BB
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hsxXFeR5gltasgvU7yL8BI9grbs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.161.237.0/24
82.115.210.0/23
83.219.98.0/23
84.54.48.0/24
87.120.5.0/24
87.120.84.0/24
87.121.58.0/24
93.123.81.0/24
94.103.124.0/23
94.154.174.0/23
94.156.160.0/23
94.156.182.0/23
94.156.234.0/23
176.125.252.0/22
185.222.160.0/22
185.252.176.0/24
193.37.40.0/23
194.48.250.0/23
194.55.184.0/24
194.59.30.0/23
194.180.36.0/24
Signature Algorithm: sha256WithRSAEncryption
72:c7:4f:87:f8:92:c9:6b:77:fe:54:26:e8:84:21:83:8b:b5:
38:07:94:91:69:fc:bc:d0:a7:e9:9b:33:a0:f2:d2:16:83:f4:
be:34:55:32:60:cf:31:21:40:55:b9:17:c2:d6:ef:28:4c:35:
de:77:62:a7:cd:70:28:93:b0:b9:13:c5:57:a1:a5:fb:6c:2e:
db:b0:2a:c2:e8:d3:d3:8a:ad:68:2d:4c:f8:91:38:e3:91:d6:
a9:b9:c3:ac:83:bf:88:c3:54:89:74:51:eb:2c:10:9e:65:5f:
7d:05:4a:81:47:7a:55:5d:8e:60:6c:ef:6a:15:66:96:f9:44:
7e:85:ca:b9:c1:87:ba:2e:8d:34:66:0c:f0:9c:22:f4:9a:61:
8e:c5:3d:a1:50:02:f6:dd:60:e8:de:3a:5f:83:67:4f:88:a2:
fe:11:1e:4b:a8:1c:38:d4:3e:1d:da:82:79:e3:b5:f6:2b:06:
b5:45:49:fa:ce:47:2e:ac:11:a1:e8:78:ea:50:f2:89:e8:f0:
a3:b3:05:a3:88:5e:6b:e0:70:41:c8:5f:a6:c7:2a:4f:9b:41:
c4:e0:3d:64:72:6e:45:82:e2:bf:0d:dc:6c:be:5b:17:fd:cd:
36:40:b0:ac:e1:7e:13:1c:7a:04:ff:9f:a2:f8:2f:38:bf:03:
7a:b5:43:ea
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAYQ3VB5BfXtPxiqbSnFBqPj7MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMTAyMDc1MjUwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmNjNTcxNWU0Nzk4MjViNWFiMjBiZDRlZjIyZmMwNDhmNjBhZGJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqb0A2zdut/B0ZWDSDK5K+anJo3PI
7QB7qrGdoa8RXP4cy3Y05Fa7naxtKsNXvbNFJ2Vo52FPRHSGNMSET33PermqibGI
hE2WFNJF/kV6Zl0q3TxVHq1cOGXuZ40mHPgeZbeBMcqHRJSSj8z+aJnScX0b8aiU
mdHLdiSy0scWL/mdBs+wYOrzDgqbdKSuFNocwf37GNuNqGt3aK7hcPWhHiGuwhIx
amvFrGp9VRFGxnhGJ+ZsmD7+4EtKFctDyd4pCJ3SQ7m8l9GjnmXymvKsHGNgmHrO
yn7oTQY+EmfhESEnXIQD0QtgcBbFApyHC7aWVs0b9sC9a/9OKP2D3jC00QIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFIbMVxXkeYJbWrIL1O8i/ASPYK27MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaHN4WEZlUjVnbHRhc2d2VTd5TDhCSTlncmJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzCBhAQCAAEwfgMEAFGh
7QMEAVJz0gMEAVPbYgMEAFQ2MAMEAFd4BQMEAFd4VAMEAFd5OgMEAF17UQMEAV5n
fAMEAV6argMEAV6coAMEAV6ctgMEAV6c6gMEArB9/AMEArneoAMEALn8sAMEAcEl
KAMEAcIw+gMEAMI3uAMEAcI7HgMEAMK0JDANBgkqhkiG9w0BAQsFAAOCAQEAcsdP
h/iSyWt3/lQm6IQhg4u1OAeUkWn8vNCn6ZszoPLSFoP0vjRVMmDPMSFAVbkXwtbv
KEw13ndip81wKJOwuRPFV6Gl+2wu27AqwujT04qtaC1M+JE445HWqbnDrIO/iMNU
iXRR6ywQnmVffQVKgUd6VV2OYGzvahVmlvlEfoXKucGHui6NNGYM8Jwi9JphjsU9
oVAC9t1g6N46X4NnT4ii/hEeS6gcONQ+HdqCeeO19isGtUVJ+s5HLqwRoeh46lDy
iejwo7MFo4hea+BwQchfpscqT5tBxOA9ZHJuRYLivw3cbL5bF/3NNkCwrOF+Exx6
BP+fovgvOL8DerVD6g==
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:40 2023 by rpki-client on console-ams.rpki-client.org