Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/oI1DHaCJNzMijShB3fOpDSlN24U.roa
File: oI1DHaCJNzMijShB3fOpDSlN24U.roa (raw, json)
Hash identifier: PTUjlbF0KV8pEHRCleGx5dcZlIpyU6ZLIZyVZScQrHY=
Subject key identifier: A0:8D:43:1D:A0:89:37:33:22:8D:28:41:DD:F3:A9:0D:29:4D:DB:85
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0186931FE3A58BF2BAC3C4DFD442F096C8CC
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/oI1DHaCJNzMijShB3fOpDSlN24U.roa
Signing time: Mon 27 Feb 2023 13:46:26 +0000
ROA not before: Mon 27 Feb 2023 13:46:26 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 208485
IP address blocks: 81.161.238.0/23 maxlen: 24
87.121.44.0/22 maxlen: 24
82.115.210.0/23 maxlen: 24
193.37.40.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:93:1f:e3:a5:8b:f2:ba:c3:c4:df:d4:42:f0:96:c8:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 27 13:46:26 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a08d431da0893733228d2841ddf3a90d294ddb85
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:fb:3c:fe:58:ca:0c:40:a8:a5:07:9c:03:a4:
35:55:60:9b:ab:b9:27:d4:b3:8f:e0:88:fe:78:35:
24:94:fb:b8:df:2f:24:30:5c:9d:d3:db:97:66:5c:
c1:c4:e8:4e:31:c9:ba:28:55:59:ea:eb:8b:02:34:
eb:27:12:54:a9:61:a6:50:68:9c:e8:51:40:5d:40:
0f:d6:21:79:fc:7e:35:d2:cd:20:a4:2e:be:b1:ac:
26:18:25:b3:c0:59:49:14:1a:9a:e0:aa:eb:24:8b:
9b:13:ab:30:e0:dc:f0:c4:84:c7:cb:2c:3b:e4:6f:
67:95:f1:b0:e9:69:44:9d:7b:69:ed:03:dd:e1:a0:
89:c9:1c:53:9b:c5:6a:29:ef:21:93:09:8d:cc:b9:
6f:eb:42:a2:ff:d3:fa:e0:96:52:6d:df:5f:d1:5c:
50:82:8f:18:2e:25:5d:32:51:2a:ab:75:85:3c:78:
87:7f:51:17:a9:8c:66:39:14:a9:58:ed:73:35:14:
9d:ae:4c:a8:6b:f9:97:ed:0d:27:aa:67:3e:b1:94:
a9:88:58:7e:be:cd:a4:95:85:0a:bf:8a:13:95:bf:
22:f9:f7:e3:3d:f8:53:ad:aa:66:a2:fb:2d:0a:a8:
1b:f9:51:bf:6e:60:34:a2:d5:ca:12:55:db:0a:c0:
18:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:8D:43:1D:A0:89:37:33:22:8D:28:41:DD:F3:A9:0D:29:4D:DB:85
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/oI1DHaCJNzMijShB3fOpDSlN24U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.161.238.0/23
82.115.210.0/23
87.121.44.0/22
193.37.40.0/22
Signature Algorithm: sha256WithRSAEncryption
83:bb:a6:8a:05:b0:a6:cb:d2:a9:c1:b8:b5:ed:bb:4f:6d:57:
44:69:60:a2:8e:c6:09:46:25:d0:70:fe:2c:30:2c:44:dd:3f:
aa:24:7b:8c:ca:ab:2e:ae:99:12:3d:89:bc:ec:16:5d:49:82:
75:e1:83:28:41:0d:32:fe:13:90:8c:d0:a9:41:53:f8:78:e0:
a3:63:c2:1d:d6:de:72:71:1f:d8:3c:f9:b8:f9:3b:16:53:bc:
e0:93:22:a4:43:69:f5:68:3a:c7:40:a2:aa:65:af:9c:d1:ea:
3d:5b:9e:9c:f9:6b:d1:cc:48:a5:f5:c6:93:9a:46:4d:73:fc:
06:83:fd:54:d6:1e:c8:52:0e:4d:bb:51:62:67:d5:73:a8:1a:
60:8a:1d:c0:00:1b:22:7b:52:27:1e:12:1b:39:3d:d4:54:e7:
54:0c:9c:29:c6:2c:83:01:f9:59:92:4c:dc:80:4a:71:e9:58:
39:28:fc:fb:df:b9:23:78:c8:16:07:17:22:99:ab:f9:cf:4f:
72:22:2d:59:e9:b3:ca:82:7e:2d:b0:3b:72:bf:a6:ce:7d:03:
3b:b1:6d:ee:d0:42:ef:0a:d0:dd:14:0a:d1:5d:b0:2e:d3:3f:
4e:01:1c:f5:8c:19:6f:a2:6f:7c:08:f6:b7:03:bb:4c:b2:c9:
c7:a4:59:d6
-----BEGIN CERTIFICATE-----
MIIFDzCCA/egAwIBAgISAYaTH+Oli/K6w8Tf1ELwlsjMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMjI3MTM0NjI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDhkNDMxZGEwODkzNzMzMjI4ZDI4NDFkZGYzYTkwZDI5NGRkYjg1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk/s8/ljKDECopQecA6Q1VWCbq7kn
1LOP4Ij+eDUklPu43y8kMFyd09uXZlzBxOhOMcm6KFVZ6uuLAjTrJxJUqWGmUGic
6FFAXUAP1iF5/H410s0gpC6+sawmGCWzwFlJFBqa4KrrJIubE6sw4NzwxITHyyw7
5G9nlfGw6WlEnXtp7QPd4aCJyRxTm8VqKe8hkwmNzLlv60Ki/9P64JZSbd9f0VxQ
go8YLiVdMlEqq3WFPHiHf1EXqYxmORSpWO1zNRSdrkyoa/mX7Q0nqmc+sZSpiFh+
vs2klYUKv4oTlb8i+ffjPfhTrapmovstCqgb+VG/bmA0otXKElXbCsAY4wIDAQAB
o4ICGzCCAhcwHQYDVR0OBBYEFKCNQx2giTczIo0oQd3zqQ0pTduFMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvb0kxREhhQ0pOek1palNoQjNmT3BEU2xOMjRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDEGCCsGAQUFBwEHAQH/BCIwIDAeBAIAATAYAwQBUaHuAwQB
UnPSAwQCV3ksAwQCwSUoMA0GCSqGSIb3DQEBCwUAA4IBAQCDu6aKBbCmy9Kpwbi1
7btPbVdEaWCijsYJRiXQcP4sMCxE3T+qJHuMyqsurpkSPYm87BZdSYJ14YMoQQ0y
/hOQjNCpQVP4eOCjY8Id1t5ycR/YPPm4+TsWU7zgkyKkQ2n1aDrHQKKqZa+c0eo9
W56c+WvRzEil9caTmkZNc/wGg/1U1h7IUg5Nu1FiZ9VzqBpgih3AABsie1InHhIb
OT3UVOdUDJwpxiyDAflZkkzcgEpx6Vg5KPz737kjeMgWBxcimav5z09yIi1Z6bPK
gn4tsDtyv6bOfQM7sW3u0ELvCtDdFArRXbAu0z9OARz1jBlvom98CPa3A7tMssnH
pFnW
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:42 2023 by rpki-client on console-ams.rpki-client.org