Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iTcXYJeyAkmoQJfuICupozVVw2c.roa
File: iTcXYJeyAkmoQJfuICupozVVw2c.roa (raw, json)
Hash identifier: 3VVc6Jiw8st7MnNuI7n+eELcmLHdD36IC3jkf0qMGpM=
Subject key identifier: 89:37:17:60:97:B2:02:49:A8:40:97:EE:20:2B:A9:A3:35:55:C3:67
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0189CE642F6D670787316AB6584B76A47683
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iTcXYJeyAkmoQJfuICupozVVw2c.roa
Signing time: Mon 07 Aug 2023 05:06:59 +0000
ROA not before: Mon 07 Aug 2023 05:06:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 22653
IP address blocks: 185.221.66.0/24 maxlen: 24
85.217.128.0/24 maxlen: 24
164.40.186.0/23 maxlen: 24
164.40.184.0/24 maxlen: 24
185.225.72.0/24 maxlen: 24
193.37.46.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:ce:64:2f:6d:67:07:87:31:6a:b6:58:4b:76:a4:76:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Aug 7 05:06:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8937176097b20249a84097ee202ba9a33555c367
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:3f:18:e5:46:31:98:c9:75:46:69:11:24:88:
fd:2b:aa:68:09:2d:7e:d9:4a:d4:b9:46:25:c4:3f:
31:aa:ec:7b:b5:4f:5b:09:9f:82:bf:e5:ab:a5:00:
b0:9e:32:45:48:3d:9b:2c:83:a9:4f:3a:de:b5:73:
e1:9d:d8:06:5e:b9:01:8e:29:75:47:20:29:b8:3f:
4f:39:8f:50:b8:93:23:5d:f5:0e:6a:bb:95:eb:92:
cc:85:1b:4a:06:73:f2:50:4e:b8:b4:be:38:7d:cd:
de:c0:35:e6:0c:80:76:fd:0c:db:31:3a:59:87:c4:
4b:24:ec:2a:cc:e4:d9:2d:06:a7:7c:f3:48:c4:79:
b3:2c:8b:86:43:1b:0a:c1:90:0e:31:7d:7e:55:18:
8c:50:e1:5c:8f:b3:1c:4e:0b:73:d5:ce:78:0f:88:
39:47:ae:a0:bb:7b:f8:32:23:52:0b:64:ec:b8:6e:
3b:30:29:5a:da:b2:69:e6:5d:d6:9c:da:72:c2:0b:
ba:31:5c:25:79:49:88:1c:54:b4:c5:cb:f9:77:8e:
90:ba:2d:27:89:6d:64:76:3a:33:b9:36:d9:ca:77:
9e:e1:e6:4f:22:be:90:08:ca:78:e4:65:5b:bd:2e:
02:e5:86:24:fc:77:bc:86:11:94:22:16:38:01:b2:
c9:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:37:17:60:97:B2:02:49:A8:40:97:EE:20:2B:A9:A3:35:55:C3:67
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iTcXYJeyAkmoQJfuICupozVVw2c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.217.128.0/24
164.40.184.0/24
164.40.186.0/23
185.221.66.0/24
185.225.72.0/24
193.37.46.0/24
Signature Algorithm: sha256WithRSAEncryption
28:92:d0:4b:02:5e:2b:ff:ab:e0:54:d9:84:e9:b1:84:3b:41:
44:2c:35:ec:29:71:00:6d:90:da:1c:65:84:d9:1b:9c:e8:64:
1b:35:a0:ae:82:36:4b:b4:36:ae:1f:2b:9d:0a:91:d1:f0:92:
00:cf:5e:32:fe:78:89:36:0a:0d:a1:39:99:ff:7b:b8:b5:26:
29:ca:9d:8e:c2:55:a3:0a:d8:d3:48:b3:17:ac:ea:cc:8d:6b:
5b:c4:75:6d:ac:db:b0:91:c2:77:b8:92:86:36:17:60:ac:97:
13:e6:1b:6b:72:34:22:4f:21:fe:ee:22:84:f9:10:b6:c0:47:
31:c6:f0:9c:ac:39:73:68:c8:80:47:16:15:f1:bb:7e:7e:78:
9a:20:57:d2:0b:91:a0:69:6c:0b:2c:be:8e:b5:70:33:03:55:
ee:6f:e9:9b:cc:99:3b:2c:5d:2e:03:d7:d4:18:50:e9:31:2c:
2e:59:70:1a:2d:67:ca:30:6b:3b:dc:3b:26:27:e0:c7:d2:fb:
2d:42:90:27:83:f2:6f:5c:70:5f:e3:6c:27:54:cb:ea:25:d3:
46:a0:05:a7:f9:39:6d:3e:2b:2e:de:2d:b7:84:f2:c1:e9:cc:
9a:2f:1a:71:d3:12:76:e0:eb:d6:3c:92:6b:27:73:1b:2a:6d:
70:6a:c0:83
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAYnOZC9tZweHMWq2WEt2pHaDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwODA3MDUwNjU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTM3MTc2MDk3YjIwMjQ5YTg0MDk3ZWUyMDJiYTlhMzM1NTVjMzY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApT8Y5UYxmMl1RmkRJIj9K6poCS1+
2UrUuUYlxD8xqux7tU9bCZ+Cv+WrpQCwnjJFSD2bLIOpTzretXPhndgGXrkBjil1
RyApuD9POY9QuJMjXfUOaruV65LMhRtKBnPyUE64tL44fc3ewDXmDIB2/QzbMTpZ
h8RLJOwqzOTZLQanfPNIxHmzLIuGQxsKwZAOMX1+VRiMUOFcj7McTgtz1c54D4g5
R66gu3v4MiNSC2TsuG47MCla2rJp5l3WnNpywgu6MVwleUmIHFS0xcv5d46Qui0n
iW1kdjozuTbZynee4eZPIr6QCMp45GVbvS4C5YYk/He8hhGUIhY4AbLJswIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFIk3F2CXsgJJqECX7iArqaM1VcNnMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaVRjWFlKZXlBa21vUUpmdUlDdXBvelZWdzJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQAVdmAAwQA
pCi4AwQBpCi6AwQAud1CAwQAueFIAwQAwSUuMA0GCSqGSIb3DQEBCwUAA4IBAQAo
ktBLAl4r/6vgVNmE6bGEO0FELDXsKXEAbZDaHGWE2Ruc6GQbNaCugjZLtDauHyud
CpHR8JIAz14y/niJNgoNoTmZ/3u4tSYpyp2OwlWjCtjTSLMXrOrMjWtbxHVtrNuw
kcJ3uJKGNhdgrJcT5htrcjQiTyH+7iKE+RC2wEcxxvCcrDlzaMiARxYV8bt+fnia
IFfSC5GgaWwLLL6OtXAzA1Xub+mbzJk7LF0uA9fUGFDpMSwuWXAaLWfKMGs73Dsm
J+DH0vstQpAng/JvXHBf42wnVMvqJdNGoAWn+TltPisu3i23hPLB6cyaLxpx0xJ2
4OvWPJJrJ3MbKm1wasCD
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:17 2024 by rpki-client on console-fra.rpki-client.org