Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mOaXWe2lWl7enQSRgvE7eU4adAE.roa
File: mOaXWe2lWl7enQSRgvE7eU4adAE.roa (raw, json)
Hash identifier: M3dWWiVTR3Vkhjq35YNGy+j2FScasieqjXjFAxR+eCk=
Subject key identifier: 98:E6:97:59:ED:A5:5A:5E:DE:9D:04:91:82:F1:3B:79:4E:1A:74:01
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018810898D2A4FED720645F2D9E78D269B99
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mOaXWe2lWl7enQSRgvE7eU4adAE.roa
Signing time: Fri 12 May 2023 15:17:09 +0000
ROA not before: Fri 12 May 2023 15:17:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 199605
IP address blocks: 81.161.230.0/24 maxlen: 24
45.9.156.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
94.156.160.0/24 maxlen: 24
45.129.84.0/24 maxlen: 24
45.129.86.0/24 maxlen: 24
193.35.19.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:10:89:8d:2a:4f:ed:72:06:45:f2:d9:e7:8d:26:9b:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 12 15:17:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=98e69759eda55a5ede9d049182f13b794e1a7401
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:e1:2e:e6:77:d7:f5:e3:ea:c6:b7:08:c9:d3:
0d:b7:56:6a:c4:ff:0a:2f:2b:23:82:65:e3:94:ee:
9a:43:4b:d6:c9:9c:3d:06:93:58:b1:55:60:6a:40:
32:1a:af:85:fc:84:6a:d0:fb:80:40:7e:ba:04:43:
c0:5d:eb:42:35:4c:2c:57:6e:09:f6:46:e6:0f:b1:
f9:22:27:17:d5:15:a1:6b:ff:cd:05:d0:40:15:fb:
87:01:20:32:ab:cc:9d:9c:d8:3d:6d:20:59:8d:f1:
c2:48:d6:21:6e:05:ab:ec:6f:31:b3:56:b3:6b:b5:
25:6e:d5:1f:2d:b0:d1:ca:c1:a0:fb:a4:a1:32:62:
3f:74:1e:ac:bd:ba:7c:59:68:14:03:04:5e:36:12:
9d:42:84:b4:59:30:bb:f4:86:73:f7:6f:e4:5f:7f:
f6:73:c9:f0:04:1f:06:90:11:ce:4f:5b:b8:3f:01:
3d:dd:d7:7a:87:21:95:42:2b:c8:74:25:c2:98:43:
a8:ed:a6:ea:3e:9b:6a:c9:88:bc:9b:57:97:bf:e9:
f9:52:86:29:57:17:10:64:56:9e:05:21:e5:5e:fb:
fc:1f:a9:16:81:e1:8e:7f:d7:1b:c3:b6:85:92:e6:
0b:65:03:c7:4b:67:cc:30:35:f2:4e:53:e5:29:0b:
bc:b3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:E6:97:59:ED:A5:5A:5E:DE:9D:04:91:82:F1:3B:79:4E:1A:74:01
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mOaXWe2lWl7enQSRgvE7eU4adAE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/24
45.12.255.0/24
45.129.84.0/24
45.129.86.0/24
81.161.230.0/24
94.156.160.0/24
193.35.19.0/24
Signature Algorithm: sha256WithRSAEncryption
7a:5a:da:2a:7b:7e:cb:21:31:20:78:d4:22:64:e8:23:8c:13:
62:88:dd:5f:47:db:90:d5:7b:3f:3a:49:a5:d1:ce:d6:37:c6:
2b:1c:fa:43:4f:95:04:30:ed:1b:d2:c8:ee:54:92:54:2d:82:
ca:b3:1f:db:b8:53:ea:44:c1:df:26:17:a4:18:75:d2:a4:79:
90:7b:54:a9:48:6e:b8:74:a9:ad:a5:7c:2c:5c:24:2e:b1:07:
33:56:a7:58:3a:b8:89:45:e6:8f:07:0c:6f:77:24:96:78:12:
81:2e:ff:2c:ab:8e:7b:b4:fb:ba:f0:79:26:8f:79:1a:a9:da:
e6:da:8c:95:98:73:f8:04:a3:49:bf:77:7e:65:d1:bd:9d:3a:
bd:62:0a:48:de:fc:29:9a:b2:ce:94:10:c4:53:8a:b8:be:78:
75:89:f2:58:fe:85:0e:07:75:f1:92:04:2f:28:28:ed:e0:de:
6f:23:76:d8:13:e5:23:de:0d:93:18:b0:18:de:35:58:c7:f3:
34:03:88:0c:e1:91:c3:6a:8d:62:a0:84:49:12:e7:0a:04:ba:
30:81:ac:e9:ff:09:64:c5:28:19:8b:55:11:98:bd:b5:fe:a8:
59:57:3a:99:71:51:f4:75:fc:39:10:0f:16:86:ae:a0:a5:e0:
7c:b7:6f:5f
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYgQiY0qT+1yBkXy2eeNJpuZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTEyMTUxNzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGU2OTc1OWVkYTU1YTVlZGU5ZDA0OTE4MmYxM2I3OTRlMWE3NDAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmOEu5nfX9ePqxrcIydMNt1ZqxP8K
LysjgmXjlO6aQ0vWyZw9BpNYsVVgakAyGq+F/IRq0PuAQH66BEPAXetCNUwsV24J
9kbmD7H5IicX1RWha//NBdBAFfuHASAyq8ydnNg9bSBZjfHCSNYhbgWr7G8xs1az
a7UlbtUfLbDRysGg+6ShMmI/dB6svbp8WWgUAwReNhKdQoS0WTC79IZz92/kX3/2
c8nwBB8GkBHOT1u4PwE93dd6hyGVQivIdCXCmEOo7abqPptqyYi8m1eXv+n5UoYp
VxcQZFaeBSHlXvv8H6kWgeGOf9cbw7aFkuYLZQPHS2fMMDXyTlPlKQu8swIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFJjml1ntpVpe3p0EkYLxO3lOGnQBMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbU9hWFdlMmxXbDdlblFTUmd2RTdlVTRhZEFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQALQmcAwQA
LQz/AwQALYFUAwQALYFWAwQAUaHmAwQAXpygAwQAwSMTMA0GCSqGSIb3DQEBCwUA
A4IBAQB6Wtoqe37LITEgeNQiZOgjjBNiiN1fR9uQ1Xs/Okml0c7WN8YrHPpDT5UE
MO0b0sjuVJJULYLKsx/buFPqRMHfJhekGHXSpHmQe1SpSG64dKmtpXwsXCQusQcz
VqdYOriJReaPBwxvdySWeBKBLv8sq457tPu68Hkmj3kaqdrm2oyVmHP4BKNJv3d+
ZdG9nTq9YgpI3vwpmrLOlBDEU4q4vnh1ifJY/oUOB3XxkgQvKCjt4N5vI3bYE+Uj
3g2TGLAY3jVYx/M0A4gM4ZHDao1ioIRJEucKBLowgazp/wlkxSgZi1URmL21/qhZ
VzqZcVH0dfw5EA8Whq6gpeB8t29f
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:42 2024 by rpki-client on console-ams.rpki-client.org