Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ka8t1IhzE3kq67piaQJJvPH_cWY.roa
File: ka8t1IhzE3kq67piaQJJvPH_cWY.roa (raw, json)
Hash identifier: fD8wMmgg3AKWG6uwfkwcm8zbz873ExRA76dU6TiB420=
Subject key identifier: 91:AF:2D:D4:88:73:13:79:2A:EB:BA:62:69:02:49:BC:F1:FF:71:66
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 1C52874D
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ka8t1IhzE3kq67piaQJJvPH_cWY.roa
Signing time: Sat 01 Jan 2022 01:02:20 +0000
ROA not before: Sat 01 Jan 2022 01:02:20 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 22773
IP address blocks: 87.121.122.0/23 maxlen: 24
87.121.124.0/23 maxlen: 24
91.92.115.0/24 maxlen: 24
185.207.12.0/24 maxlen: 24
87.120.84.0/22 maxlen: 24
84.21.172.0/23 maxlen: 24
109.206.238.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 475170637 (0x1c52874d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 1 01:02:20 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=91af2dd4887313792aebba62690249bcf1ff7166
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:e1:b3:07:80:25:d3:55:52:18:23:8c:bd:8f:
fe:f8:d1:91:10:64:f6:f3:3f:7a:09:3f:df:ea:5d:
5f:4a:dc:07:af:8f:40:a5:71:7d:4e:5c:29:7d:7f:
8c:58:2b:b9:08:6b:dc:3d:de:3f:7f:b3:33:22:4b:
9c:08:47:a0:9f:c0:a0:7f:05:71:64:75:cf:d5:13:
a6:04:c3:36:a8:cf:64:ab:47:6b:eb:3d:06:af:a2:
46:66:9e:8a:72:88:c8:9f:79:36:0e:2e:14:d7:33:
d5:21:4c:83:d7:d6:88:3b:d6:02:b8:c9:52:07:9b:
f9:13:69:41:ee:37:7f:c9:d7:ae:2f:f1:e4:9f:86:
7d:9a:26:60:e3:a9:27:21:0f:33:05:2e:e2:92:41:
b4:03:c2:ba:d8:cc:ac:fe:c2:bb:18:6e:20:33:1e:
41:1a:a9:90:bd:52:b8:25:bf:c8:d4:3b:30:10:f2:
7f:b4:0d:b6:7f:e9:83:04:9c:52:b5:d9:df:44:4d:
8a:c0:53:4d:68:0f:a1:5e:38:c9:7a:07:be:a3:bd:
d8:54:ec:0e:f9:54:2e:78:d1:ba:42:06:65:ae:08:
a0:54:2c:f0:57:1a:87:42:9a:e1:9d:81:b3:24:2a:
56:54:d5:87:4f:07:e7:a3:9e:e1:1d:16:e0:d8:3e:
dd:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:AF:2D:D4:88:73:13:79:2A:EB:BA:62:69:02:49:BC:F1:FF:71:66
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ka8t1IhzE3kq67piaQJJvPH_cWY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.21.172.0/23
87.120.84.0/22
87.121.122.0-87.121.125.255
91.92.115.0/24
109.206.238.0/24
185.207.12.0/24
Signature Algorithm: sha256WithRSAEncryption
0b:67:a8:c2:57:e3:23:47:28:0a:95:af:8a:1b:6b:07:33:5c:
7c:b1:39:42:ce:89:b5:9d:af:77:25:6e:ae:36:c5:48:ee:c9:
b8:22:e7:36:65:e9:c2:f1:c5:1a:06:5b:f8:04:28:57:a2:4e:
19:08:f7:d7:dd:12:53:6c:74:fc:ea:fe:5f:c6:aa:b9:67:0e:
f3:52:52:dd:fc:8b:c7:03:35:54:a6:df:81:8c:98:2f:96:b0:
e5:24:6f:d2:d5:7f:e8:78:e8:84:73:1b:06:9b:fc:d4:1f:1a:
1e:08:62:01:f6:46:8b:f7:66:ce:11:f4:84:ee:1a:2d:c3:9f:
49:91:95:e3:6f:a9:4a:53:80:2b:fd:07:cb:66:94:69:1c:38:
74:44:3f:01:f5:6d:10:63:ef:0e:fa:96:45:cd:a5:1e:72:d8:
b8:b0:2c:7b:cd:19:c9:2c:fb:28:f7:07:52:2a:d4:72:10:d7:
12:02:19:78:a4:1b:22:9a:a3:9a:01:35:a4:12:f3:93:43:60:
e3:01:50:74:34:50:13:95:2f:4a:26:2c:c3:d2:fc:12:b3:c1:
b5:d7:6f:28:10:a1:ff:25:99:19:fb:c3:05:1f:8e:1a:3f:9f:
7c:e9:76:50:9b:1e:bb:9f:93:fa:66:af:7b:52:4c:e7:e8:41:
6a:30:c8:9b
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgIEHFKHTTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDEw
MTAxMDIyMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTFhZjJkZDQ4ODcz
MTM3OTJhZWJiYTYyNjkwMjQ5YmNmMWZmNzE2NjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKPhsweAJdNVUhgjjL2P/vjRkRBk9vM/egk/3+pdX0rcB6+P
QKVxfU5cKX1/jFgruQhr3D3eP3+zMyJLnAhHoJ/AoH8FcWR1z9UTpgTDNqjPZKtH
a+s9Bq+iRmaeinKIyJ95Ng4uFNcz1SFMg9fWiDvWArjJUgeb+RNpQe43f8nXri/x
5J+GfZomYOOpJyEPMwUu4pJBtAPCutjMrP7CuxhuIDMeQRqpkL1SuCW/yNQ7MBDy
f7QNtn/pgwScUrXZ30RNisBTTWgPoV44yXoHvqO92FTsDvlULnjRukIGZa4IoFQs
8Fcah0Ka4Z2BsyQqVlTVh08H56Oe4R0W4Ng+3ZcCAwEAAaOCAi8wggIrMB0GA1Ud
DgQWBBSRry3UiHMTeSrrumJpAkm88f9xZjAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L2thOHQxSWh6RTNrcTY3cGlhUUpKdlBIX2NXWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBF
BggrBgEFBQcBBwEB/wQ2MDQwMgQCAAEwLAMEAVQVrAMEAld4VDAMAwQBV3l6AwQB
V3l8AwQAW1xzAwQAbc7uAwQAuc8MMA0GCSqGSIb3DQEBCwUAA4IBAQALZ6jCV+Mj
RygKla+KG2sHM1x8sTlCzom1na93JW6uNsVI7sm4Iuc2ZenC8cUaBlv4BChXok4Z
CPfX3RJTbHT86v5fxqq5Zw7zUlLd/IvHAzVUpt+BjJgvlrDlJG/S1X/oeOiEcxsG
m/zUHxoeCGIB9kaL92bOEfSE7hotw59JkZXjb6lKU4Ar/QfLZpRpHDh0RD8B9W0Q
Y+8O+pZFzaUecti4sCx7zRnJLPso9wdSKtRyENcSAhl4pBsimqOaATWkEvOTQ2Dj
AVB0NFATlS9KJizD0vwSs8G1128oEKH/JZkZ+8MFH44aP5986XZQmx67n5P6Zq97
Ukzn6EFqMMib
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:41 2023 by rpki-client on console-ams.rpki-client.org