Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iruhiuWIS--lLJaerZVnOjsz-0E.roa
File: iruhiuWIS--lLJaerZVnOjsz-0E.roa (raw, json)
Hash identifier: Ea2K07xLhCQx244x+k9+qBNyy4xohcn+LlDFrr5fNk4=
Subject key identifier: 8A:BB:A1:8A:E5:88:4B:EF:A5:2C:96:9E:AD:95:67:3A:3B:33:FB:41
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018770A49D708AD796786C43144AF4324CE6
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iruhiuWIS--lLJaerZVnOjsz-0E.roa
Signing time: Tue 11 Apr 2023 14:07:28 +0000
ROA not before: Tue 11 Apr 2023 14:07:28 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 43260
IP address blocks: 91.92.24.0/23 maxlen: 24
93.123.74.0/23 maxlen: 24
87.121.46.0/23 maxlen: 24
37.221.120.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:70:a4:9d:70:8a:d7:96:78:6c:43:14:4a:f4:32:4c:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 11 14:07:28 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=8abba18ae5884befa52c969ead95673a3b33fb41
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:3e:47:49:69:e6:31:9d:91:3e:42:77:4f:3d:
3f:b1:fe:28:4b:c4:7a:f4:eb:84:25:46:fd:fb:21:
28:f0:f7:37:18:3d:4a:68:f6:35:4b:58:c1:8e:50:
cd:b7:77:c7:02:97:a9:95:5b:51:46:a1:a3:34:94:
0c:3d:a6:1b:44:6e:88:a3:bd:de:c8:80:29:13:b3:
b9:ea:2c:2a:b5:91:3a:a2:65:07:0c:f1:6a:cd:cc:
e9:78:db:a7:96:21:24:dd:7c:36:b0:04:6b:03:fc:
59:1e:88:38:47:bf:f4:f8:57:0e:bc:eb:e2:5d:b1:
51:26:f9:fa:f4:8d:72:e8:98:0f:44:7b:d4:c9:69:
fb:22:fb:c7:57:3a:cd:bd:be:e1:01:f6:81:7b:fc:
d3:5c:c0:f9:89:30:1b:0d:65:dd:65:ba:ca:6a:c8:
99:98:1e:8a:9f:45:0a:22:c5:bd:fd:50:1b:00:be:
af:f7:e6:31:58:d8:4c:5b:dd:d2:81:d8:26:d0:e8:
ab:f5:45:53:c8:bc:3b:ff:b9:03:72:2d:0c:63:0f:
6d:76:e1:a8:7e:2b:05:cb:e3:e7:77:3c:1f:8a:3a:
31:aa:a3:09:a3:47:21:57:4c:01:34:28:1a:d6:ca:
30:d4:0c:02:2c:ad:0b:56:9d:19:3b:bb:10:17:1c:
a2:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:BB:A1:8A:E5:88:4B:EF:A5:2C:96:9E:AD:95:67:3A:3B:33:FB:41
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iruhiuWIS--lLJaerZVnOjsz-0E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.221.120.0/22
87.121.46.0/23
91.92.24.0/23
93.123.74.0/23
Signature Algorithm: sha256WithRSAEncryption
43:00:d1:b5:4c:73:8e:65:b4:1b:07:d3:0e:86:93:32:f3:c7:
de:be:3a:c5:96:ef:f8:ec:f3:fa:33:5c:79:6a:1c:f4:75:03:
14:e5:2d:01:76:7f:3a:90:9c:c7:96:fb:34:6d:bb:c7:96:db:
a2:8c:50:e9:89:59:cd:79:05:aa:2a:a9:34:57:5a:e2:4e:c9:
1f:08:06:96:eb:ee:04:8d:3a:e6:27:34:d2:74:06:94:58:7f:
2a:3f:6e:fd:e8:bf:f0:a1:a0:a4:fc:d0:4e:ea:95:2e:74:df:
93:9e:0e:9f:b3:d6:9b:ad:0c:77:31:c0:a0:f4:b2:2d:c1:87:
6c:84:0a:f7:e9:c4:ec:cc:c7:cf:b0:f3:f1:ec:d7:37:71:16:
88:7a:b3:ba:2d:0f:fd:51:85:71:11:fd:1b:0c:67:96:96:ad:
1f:86:81:da:3c:a4:df:72:55:97:d4:82:3d:5a:9a:67:92:f1:
f9:01:cb:92:0e:e7:6f:a4:73:a3:bd:df:9a:e9:58:89:e6:9f:
b3:61:a4:a4:3c:06:98:a9:f5:56:48:d4:5b:2c:67:57:b3:7c:
b4:31:4e:d7:99:f1:ce:50:56:d0:76:35:7b:0c:18:cc:38:b3:
59:ee:54:71:66:29:2d:e0:1c:ea:4f:54:3e:e9:4d:57:b0:2b:
3c:3c:a4:57
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYdwpJ1witeWeGxDFEr0MkzmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDExMTQwNzI4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWJiYTE4YWU1ODg0YmVmYTUyYzk2OWVhZDk1NjczYTNiMzNmYjQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsD5HSWnmMZ2RPkJ3Tz0/sf4oS8R6
9OuEJUb9+yEo8Pc3GD1KaPY1S1jBjlDNt3fHApeplVtRRqGjNJQMPaYbRG6Io73e
yIApE7O56iwqtZE6omUHDPFqzczpeNunliEk3Xw2sARrA/xZHog4R7/0+FcOvOvi
XbFRJvn69I1y6JgPRHvUyWn7IvvHVzrNvb7hAfaBe/zTXMD5iTAbDWXdZbrKasiZ
mB6Kn0UKIsW9/VAbAL6v9+YxWNhMW93Sgdgm0Oir9UVTyLw7/7kDci0MYw9tduGo
fisFy+PndzwfijoxqqMJo0chV0wBNCga1sow1AwCLK0LVp0ZO7sQFxyi4QIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFIq7oYrliEvvpSyWnq2VZzo7M/tBMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaXJ1aGl1V0lTLS1sTEphZXJaVm5PanN6LTBFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCJd14AwQB
V3kuAwQBW1wYAwQBXXtKMA0GCSqGSIb3DQEBCwUAA4IBAQBDANG1THOOZbQbB9MO
hpMy88fevjrFlu/47PP6M1x5ahz0dQMU5S0Bdn86kJzHlvs0bbvHltuijFDpiVnN
eQWqKqk0V1riTskfCAaW6+4EjTrmJzTSdAaUWH8qP2796L/woaCk/NBO6pUudN+T
ng6fs9abrQx3McCg9LItwYdshAr36cTszMfPsPPx7Nc3cRaIerO6LQ/9UYVxEf0b
DGeWlq0fhoHaPKTfclWX1II9WppnkvH5AcuSDudvpHOjvd+a6ViJ5p+zYaSkPAaY
qfVWSNRbLGdXs3y0MU7XmfHOUFbQdjV7DBjMOLNZ7lRxZikt4BzqT1Q+6U1XsCs8
PKRX
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:41 2024 by rpki-client on console-ams.rpki-client.org