Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kAiYhGEfn-T-Ti5d8I1CM_vsJ1E.roa
File: kAiYhGEfn-T-Ti5d8I1CM_vsJ1E.roa (raw, json)
Hash identifier: 7bsP1THSSd1IuaVzfVpNEpZ9ElMj4wASi2kWpZaZ1rQ=
Subject key identifier: 90:08:98:84:61:1F:9F:E4:FE:4E:2E:5D:F0:8D:42:33:FB:EC:27:51
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0181DC87EA4FF568777F1A912FACBD0C406B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kAiYhGEfn-T-Ti5d8I1CM_vsJ1E.roa
Signing time: Fri 08 Jul 2022 06:38:23 +0000
ROA not before: Fri 08 Jul 2022 06:38:23 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 38337
IP address blocks: 109.206.243.0/24 maxlen: 24
92.249.51.0/24 maxlen: 24
185.225.75.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:81:dc:87:ea:4f:f5:68:77:7f:1a:91:2f:ac:bd:0c:40:6b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jul 8 06:38:23 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=90089884611f9fe4fe4e2e5df08d4233fbec2751
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:77:91:f5:ac:84:99:ab:e6:5a:05:9f:bc:e2:
67:4c:b9:9c:8f:22:37:0e:7d:35:07:72:ba:8f:ac:
3d:3c:4f:e1:7d:df:1e:2d:50:e3:2a:5e:11:33:06:
2d:22:9e:b3:27:40:03:f4:7f:8b:cb:04:7e:ec:ab:
17:21:bc:3f:0a:1c:12:08:f8:7f:1a:7d:96:3a:de:
36:42:0d:8e:7e:f8:07:b2:08:2c:55:31:fb:59:5a:
33:e5:d8:ad:59:f1:1f:06:54:50:4c:b4:00:e1:38:
6c:13:be:04:1b:17:0e:69:88:4d:10:85:44:b0:f8:
4b:01:8d:35:4e:d5:85:80:14:a5:f5:13:04:a4:cf:
ce:ec:da:c1:5a:cf:ac:6f:8a:62:a7:c0:2f:4e:d0:
39:95:70:2e:68:3c:7b:58:a3:47:fd:cb:1c:ce:37:
66:d3:dd:86:63:ee:ec:7c:13:bf:70:01:5d:ef:fb:
55:27:40:d9:cf:9b:bb:01:1f:28:4c:f9:5f:e8:3e:
2d:91:1b:fa:61:54:bc:14:86:2a:b5:e8:d2:1e:5d:
c4:01:bf:d8:80:11:02:cd:af:c7:28:ca:3c:23:f6:
21:49:db:54:b9:9a:56:7a:d7:46:67:fb:23:dc:b6:
16:90:3e:2a:1a:9d:bd:b9:7c:23:aa:ea:9c:9a:a2:
be:7d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:08:98:84:61:1F:9F:E4:FE:4E:2E:5D:F0:8D:42:33:FB:EC:27:51
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kAiYhGEfn-T-Ti5d8I1CM_vsJ1E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
92.249.51.0/24
109.206.243.0/24
185.225.75.0/24
Signature Algorithm: sha256WithRSAEncryption
19:f6:40:5a:62:30:10:fd:fa:58:ce:42:fc:7c:e0:b2:dd:61:
2f:9c:ec:39:6a:7a:ce:40:bf:b7:96:c5:7a:ec:7f:1d:ce:0e:
f8:7f:97:d1:6d:76:28:e7:09:2d:51:50:07:b8:b2:1e:30:f7:
41:a3:d4:a7:bf:e6:24:b1:2d:32:14:78:94:c9:a9:fc:0c:0d:
5c:12:4f:31:28:25:4e:86:8c:52:4e:4f:f3:6b:67:d2:07:2e:
4b:98:c2:97:5f:fe:70:20:70:f7:8b:d4:fe:53:b7:96:43:b5:
c9:a3:af:db:5d:c4:5f:24:3f:7e:ff:f3:75:14:4c:a0:49:29:
d1:f2:b7:28:fd:91:03:be:95:32:1b:0e:c8:76:de:1f:e6:04:
08:47:ca:42:d3:5a:cb:08:06:c2:16:1e:8d:ef:49:b1:2a:fb:
64:7d:3d:6d:a4:b8:61:95:33:46:4f:e7:f2:5b:f1:3c:70:f3:
72:f6:d6:4b:88:99:28:03:32:08:6a:d8:10:7b:0f:0f:19:92:
5d:86:af:99:42:be:c2:c8:bd:04:8d:69:4e:72:0f:8c:bf:e5:
bc:95:6d:01:8f:af:8e:38:66:b0:98:cb:d7:2b:6f:bf:15:39:
a3:ea:0d:8c:59:21:7d:2f:79:91:63:40:1a:56:e0:e1:75:d0:
22:6f:9a:d0
-----BEGIN CERTIFICATE-----
MIIFCTCCA/GgAwIBAgISAYHch+pP9Wh3fxqRL6y9DEBrMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIwNzA4MDYzODIzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDA4OTg4NDYxMWY5ZmU0ZmU0ZTJlNWRmMDhkNDIzM2ZiZWMyNzUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjXeR9ayEmavmWgWfvOJnTLmcjyI3
Dn01B3K6j6w9PE/hfd8eLVDjKl4RMwYtIp6zJ0AD9H+LywR+7KsXIbw/ChwSCPh/
Gn2WOt42Qg2OfvgHsggsVTH7WVoz5ditWfEfBlRQTLQA4ThsE74EGxcOaYhNEIVE
sPhLAY01TtWFgBSl9RMEpM/O7NrBWs+sb4pip8AvTtA5lXAuaDx7WKNH/csczjdm
092GY+7sfBO/cAFd7/tVJ0DZz5u7AR8oTPlf6D4tkRv6YVS8FIYqtejSHl3EAb/Y
gBECza/HKMo8I/YhSdtUuZpWetdGZ/sj3LYWkD4qGp29uXwjquqcmqK+fQIDAQAB
o4ICFTCCAhEwHQYDVR0OBBYEFJAImIRhH5/k/k4uXfCNQjP77CdRMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEva0FpWWhHRWZuLVQtVGk1ZDhJMUNNX3ZzSjFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMCsGCCsGAQUFBwEHAQH/BBwwGjAYBAIAATASAwQAXPkzAwQA
bc7zAwQAueFLMA0GCSqGSIb3DQEBCwUAA4IBAQAZ9kBaYjAQ/fpYzkL8fOCy3WEv
nOw5anrOQL+3lsV67H8dzg74f5fRbXYo5wktUVAHuLIeMPdBo9Snv+YksS0yFHiU
yan8DA1cEk8xKCVOhoxSTk/za2fSBy5LmMKXX/5wIHD3i9T+U7eWQ7XJo6/bXcRf
JD9+//N1FEygSSnR8rco/ZEDvpUyGw7Idt4f5gQIR8pC01rLCAbCFh6N70mxKvtk
fT1tpLhhlTNGT+fyW/E8cPNy9tZLiJkoAzIIatgQew8PGZJdhq+ZQr7CyL0EjWlO
cg+Mv+W8lW0Bj6+OOGawmMvXK2+/FTmj6g2MWSF9L3mRY0AaVuDhddAib5rQ
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:41 2023 by rpki-client on console-ams.rpki-client.org