Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ksq60LKcYyJ_8NFWqVk67Vur6wU.roa
File: ksq60LKcYyJ_8NFWqVk67Vur6wU.roa (raw, json)
Hash identifier: YJsMhA5pfRKaLs5PYcRFhCZAbkOgvxt05U2k42qK1yU=
Subject key identifier: 92:CA:BA:D0:B2:9C:63:22:7F:F0:D1:56:A9:59:3A:ED:5B:AB:EB:05
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 1D15E39F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ksq60LKcYyJ_8NFWqVk67Vur6wU.roa
Signing time: Wed 09 Feb 2022 16:57:40 +0000
ROA not before: Wed 09 Feb 2022 16:57:40 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 29030
IP address blocks: 94.156.16.0/22 maxlen: 22
94.156.20.0/22 maxlen: 22
87.121.152.0/21 maxlen: 21
31.13.200.0/21 maxlen: 21
94.156.244.0/24 maxlen: 24
87.121.66.0/23 maxlen: 23
87.121.65.0/24 maxlen: 24
94.156.199.0/24 maxlen: 24
94.156.197.0/24 maxlen: 24
94.156.195.0/24 maxlen: 24
94.156.196.0/24 maxlen: 24
94.156.198.0/24 maxlen: 24
94.156.194.0/24 maxlen: 24
94.156.208.0/21 maxlen: 21
87.121.24.0/22 maxlen: 24
87.121.24.0/21 maxlen: 24
87.121.28.0/22 maxlen: 24
31.13.242.0/23 maxlen: 23
87.121.8.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 487973791 (0x1d15e39f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 9 16:57:40 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=92cabad0b29c63227ff0d156a9593aed5babeb05
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:e4:12:60:a0:86:eb:5e:03:2a:21:f2:f8:d8:
e5:5a:6b:47:ef:58:5e:ce:b9:0c:85:43:58:0a:e7:
c0:fe:7f:f7:28:e3:0a:85:42:ef:93:2b:b0:1f:b4:
c9:03:fc:0d:57:f3:73:e6:e6:88:44:1c:9b:da:af:
62:54:15:03:6e:2c:41:a0:1e:7a:f8:f3:77:e9:21:
31:53:2a:80:21:3e:dc:80:8d:01:0c:07:f4:6d:57:
b9:f6:92:15:a0:31:6d:d3:e7:f3:22:c9:37:59:67:
c1:7e:ba:73:d6:ea:f4:c5:01:96:95:2f:4b:92:8a:
88:af:98:b4:82:08:19:b9:b5:75:2b:43:8e:38:69:
ea:d3:1f:c6:1e:4d:4f:9c:a6:c8:cb:b6:b8:98:94:
97:17:eb:9c:ab:97:f5:ad:e4:b5:45:3c:1d:d9:f7:
69:66:71:17:a2:ef:46:fb:61:ee:1d:a2:c4:94:cc:
72:ff:6f:5a:bd:ea:6b:ca:e1:93:94:92:ba:e6:06:
bf:87:c2:35:0b:34:3a:ee:5d:97:bc:4b:99:89:e5:
c0:57:a1:e4:44:7b:46:64:2a:4c:ac:2b:4f:ab:c0:
25:25:e0:21:dc:fd:cd:0a:0c:7a:4c:bb:38:de:85:
3a:d5:14:f9:23:4c:d4:63:c4:c3:01:99:a3:ac:51:
d3:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:CA:BA:D0:B2:9C:63:22:7F:F0:D1:56:A9:59:3A:ED:5B:AB:EB:05
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ksq60LKcYyJ_8NFWqVk67Vur6wU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.13.200.0/21
31.13.242.0/23
87.121.8.0/21
87.121.24.0/21
87.121.65.0-87.121.67.255
87.121.152.0/21
94.156.16.0/21
94.156.194.0-94.156.199.255
94.156.208.0/21
94.156.244.0/24
Signature Algorithm: sha256WithRSAEncryption
88:8d:fe:81:9f:4c:70:e2:d8:82:1d:61:9b:0a:26:fb:67:28:
d3:e3:f2:32:5b:8b:94:e5:63:90:fd:e0:a5:85:19:25:74:0a:
ae:26:35:07:47:8d:21:e2:cf:1f:c8:a7:65:3d:d0:00:e9:67:
b1:ce:cb:c7:35:f7:91:b8:30:49:b6:61:74:06:6c:3d:94:ad:
ea:24:04:27:b6:78:c5:cd:5b:80:b5:db:2c:e0:c5:80:e5:9f:
76:05:9d:b5:7a:97:52:c3:b3:a7:18:fc:20:77:e3:0e:92:25:
5e:b3:83:ec:cd:24:d9:95:a1:5f:67:62:68:ba:f5:4c:64:60:
df:ad:2b:c6:bd:06:31:de:be:20:61:68:18:31:32:0f:42:f7:
66:3b:e1:58:e0:38:65:5a:3b:d8:87:ba:35:28:8e:78:91:d0:
09:ad:9e:98:9b:48:a9:42:80:01:5c:3d:3b:f4:27:51:a8:a1:
38:d0:39:9a:98:99:3d:e2:7a:bd:f5:d7:ce:aa:81:ba:69:50:
12:38:5e:eb:57:5b:2d:78:5a:a6:e4:6e:4e:8a:95:e6:ae:ac:
0a:e0:b1:99:21:f0:d6:27:19:13:97:5e:3e:16:09:8c:de:19:
11:4c:cb:3e:7a:6e:ab:cf:05:37:e8:d3:d5:7c:e9:d2:ce:6d:
11:7a:74:b7
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgIEHRXjnzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDIw
OTE2NTc0MFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTJjYWJhZDBiMjlj
NjMyMjdmZjBkMTU2YTk1OTNhZWQ1YmFiZWIwNTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJ/kEmCghuteAyoh8vjY5VprR+9YXs65DIVDWArnwP5/9yjj
CoVC75MrsB+0yQP8DVfzc+bmiEQcm9qvYlQVA24sQaAeevjzd+khMVMqgCE+3ICN
AQwH9G1XufaSFaAxbdPn8yLJN1lnwX66c9bq9MUBlpUvS5KKiK+YtIIIGbm1dStD
jjhp6tMfxh5NT5ymyMu2uJiUlxfrnKuX9a3ktUU8Hdn3aWZxF6LvRvth7h2ixJTM
cv9vWr3qa8rhk5SSuuYGv4fCNQs0Ou5dl7xLmYnlwFeh5ER7RmQqTKwrT6vAJSXg
Idz9zQoMeky7ON6FOtUU+SNM1GPEwwGZo6xR00ECAwEAAaOCAk8wggJLMB0GA1Ud
DgQWBBSSyrrQspxjIn/w0VapWTrtW6vrBTAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L2tzcTYwTEtjWXlKXzhORldxVms2N1Z1cjZ3VS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBl
BggrBgEFBQcBBwEB/wRWMFQwUgQCAAEwTAMEAx8NyAMEAR8N8gMEA1d5CAMEA1d5
GDAMAwQAV3lBAwQCV3lAAwQDV3mYAwQDXpwQMAwDBAFenMIDBANenMADBANenNAD
BABenPQwDQYJKoZIhvcNAQELBQADggEBAIiN/oGfTHDi2IIdYZsKJvtnKNPj8jJb
i5TlY5D94KWFGSV0Cq4mNQdHjSHizx/Ip2U90ADpZ7HOy8c195G4MEm2YXQGbD2U
reokBCe2eMXNW4C12yzgxYDln3YFnbV6l1LDs6cY/CB34w6SJV6zg+zNJNmVoV9n
Ymi69UxkYN+tK8a9BjHeviBhaBgxMg9C92Y74VjgOGVaO9iHujUojniR0Amtnpib
SKlCgAFcPTv0J1GooTjQOZqYmT3ier31186qgbppUBI4XutXWy14Wqbkbk6Kleau
rArgsZkh8NYnGROXXj4WCYzeGRFMyz56bqvPBTfo09V86dLObRF6dLc=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:41 2023 by rpki-client on console-ams.rpki-client.org