Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/k4YDVrmMGltyHdEvsyRlG-aglHk.roa
File: k4YDVrmMGltyHdEvsyRlG-aglHk.roa (raw, json)
Hash identifier: V0bQg2HrJ+Dw5VhRh9TZoC3QjtDvEabBatMR0snxiGg=
Subject key identifier: 93:86:03:56:B9:8C:1A:5B:72:1D:D1:2F:B3:24:65:1B:E6:A0:94:79
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018805C4E4AC2A35B6A4162AE4B889EF5BF4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/k4YDVrmMGltyHdEvsyRlG-aglHk.roa
Signing time: Wed 10 May 2023 13:06:09 +0000
ROA not before: Wed 10 May 2023 13:06:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1
IP address blocks: 81.161.231.0/24 maxlen: 24
164.40.185.0/24 maxlen: 24
45.139.100.0/22 maxlen: 24
185.221.64.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:05:c4:e4:ac:2a:35:b6:a4:16:2a:e4:b8:89:ef:5b:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 10 13:06:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=93860356b98c1a5b721dd12fb324651be6a09479
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:c0:57:95:01:e3:02:7c:56:29:08:41:18:aa:
3e:80:28:59:db:5c:48:d0:7d:c2:e6:ac:8e:92:dd:
e1:6d:49:d2:59:da:ac:0f:11:19:0b:ef:7d:e5:a8:
f6:48:68:d1:e0:db:00:ec:96:c9:ec:23:12:88:2e:
0a:53:e9:58:5d:45:c7:ae:9b:04:0a:fe:b6:da:13:
54:69:a7:58:41:fc:9a:f3:93:a2:cf:a5:c9:0e:f9:
43:e1:27:b5:40:29:e4:79:56:a8:5b:52:84:60:a9:
b9:95:aa:16:d2:f7:cf:3c:53:c9:1e:b1:cd:6c:b9:
9d:a2:7a:e2:22:ec:94:f5:04:f0:f9:22:43:2c:af:
1a:9d:5f:5a:60:df:ea:4e:5f:52:16:02:73:b4:ac:
ab:52:1e:ec:c2:79:80:f3:f1:7a:d0:10:91:ac:1f:
69:d1:60:cb:65:fc:13:89:a5:34:09:1a:18:de:68:
6f:dd:55:f5:5e:ee:15:8a:d5:02:e4:14:ba:10:cd:
10:7c:88:ef:e1:18:53:44:3a:59:43:c1:b1:79:47:
02:b0:fd:04:00:de:9d:94:e6:41:66:db:cb:66:8a:
c5:47:6e:ea:bc:15:fd:f9:12:63:36:57:78:4d:8f:
00:b9:71:78:f0:24:cd:74:84:f5:67:15:44:1f:63:
09:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
93:86:03:56:B9:8C:1A:5B:72:1D:D1:2F:B3:24:65:1B:E6:A0:94:79
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/k4YDVrmMGltyHdEvsyRlG-aglHk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.139.100.0/22
81.161.231.0/24
164.40.185.0/24
185.221.64.0/24
Signature Algorithm: sha256WithRSAEncryption
15:fa:0f:34:45:9a:74:31:ac:dc:de:24:d0:be:db:c8:ac:56:
fe:a1:7f:98:90:84:5e:95:84:31:e2:19:2d:1e:1f:a0:f0:ca:
55:01:a4:c3:34:cc:4a:62:91:e4:2a:4f:09:54:9f:34:b8:09:
c2:2b:2d:d0:a6:a2:6b:2a:d3:bc:8b:e5:45:cb:b1:85:cf:b4:
9c:0c:43:42:01:05:94:40:a8:ae:08:d3:70:1f:7a:db:6d:63:
83:17:38:4a:77:06:55:d3:f9:63:2a:f4:c9:49:01:3d:da:0b:
dc:37:a7:65:bc:bc:b2:8d:03:85:8e:66:5d:9d:1d:d6:ef:d6:
81:49:7b:0a:c0:17:1e:42:ba:c0:14:19:9c:e0:b2:2d:dc:8d:
a2:76:0a:49:ed:1a:69:c4:dc:38:df:a4:4b:8a:11:d3:a3:86:
d3:17:db:47:63:7c:3f:6e:00:b3:a5:f7:6e:16:40:87:8b:b2:
af:83:1c:e2:ed:f4:41:7f:45:b3:43:4b:5d:89:7b:1b:d6:c9:
f2:02:af:0b:d3:eb:cd:8b:d1:34:ad:e3:1b:0f:c0:bb:75:7c:
a8:e1:33:11:be:36:58:c9:2a:5f:d2:fe:4c:11:dd:8c:8b:af:
79:59:ce:89:59:0b:8a:f0:fd:c3:3d:11:e2:e6:b3:16:c2:66:
4d:67:0d:e9
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYgFxOSsKjW2pBYq5LiJ71v0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTEwMTMwNjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Mzg2MDM1NmI5OGMxYTViNzIxZGQxMmZiMzI0NjUxYmU2YTA5NDc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAksBXlQHjAnxWKQhBGKo+gChZ21xI
0H3C5qyOkt3hbUnSWdqsDxEZC+995aj2SGjR4NsA7JbJ7CMSiC4KU+lYXUXHrpsE
Cv622hNUaadYQfya85Oiz6XJDvlD4Se1QCnkeVaoW1KEYKm5laoW0vfPPFPJHrHN
bLmdonriIuyU9QTw+SJDLK8anV9aYN/qTl9SFgJztKyrUh7swnmA8/F60BCRrB9p
0WDLZfwTiaU0CRoY3mhv3VX1Xu4VitUC5BS6EM0QfIjv4RhTRDpZQ8GxeUcCsP0E
AN6dlOZBZtvLZorFR27qvBX9+RJjNld4TY8AuXF48CTNdIT1ZxVEH2MJ3wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFJOGA1a5jBpbch3RL7MkZRvmoJR5MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvazRZRFZybU1HbHR5SGRFdnN5UmxHLWFnbEhrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQCLYtkAwQA
UaHnAwQApCi5AwQAud1AMA0GCSqGSIb3DQEBCwUAA4IBAQAV+g80RZp0Mazc3iTQ
vtvIrFb+oX+YkIRelYQx4hktHh+g8MpVAaTDNMxKYpHkKk8JVJ80uAnCKy3QpqJr
KtO8i+VFy7GFz7ScDENCAQWUQKiuCNNwH3rbbWODFzhKdwZV0/ljKvTJSQE92gvc
N6dlvLyyjQOFjmZdnR3W79aBSXsKwBceQrrAFBmc4LIt3I2idgpJ7RppxNw436RL
ihHTo4bTF9tHY3w/bgCzpfduFkCHi7Kvgxzi7fRBf0WzQ0tdiXsb1snyAq8L0+vN
i9E0reMbD8C7dXyo4TMRvjZYySpf0v5MEd2Mi695Wc6JWQuK8P3DPRHi5rMWwmZN
Zw3p
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:41 2023 by rpki-client on console-ams.rpki-client.org