Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tRf53nGxJu_ce4qx45o6a7Y6dUE.roa
File: tRf53nGxJu_ce4qx45o6a7Y6dUE.roa (raw, json)
Hash identifier: o6IYZcy3NZVjRHr18FynMErexE7NwGu81zwZp85SVAQ=
Subject key identifier: B5:17:F9:DE:71:B1:26:EF:DC:7B:8A:B1:E3:9A:3A:6B:B6:3A:75:41
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0183E6118BFDFD0A81DEBA34A2DEFDC48648
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tRf53nGxJu_ce4qx45o6a7Y6dUE.roa
Signing time: Mon 17 Oct 2022 13:10:53 +0000
ROA not before: Mon 17 Oct 2022 13:10:53 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 8866
IP address blocks: 94.156.234.0/23 maxlen: 24
94.156.236.0/22 maxlen: 24
93.123.88.0/21 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:e6:11:8b:fd:fd:0a:81:de:ba:34:a2:de:fd:c4:86:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Oct 17 13:10:53 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b517f9de71b126efdc7b8ab1e39a3a6bb63a7541
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:da:91:57:a8:9e:b0:74:a4:57:fc:7a:19:9f:
34:b0:7b:01:89:b2:96:3a:48:d5:88:3d:90:22:d8:
da:b8:39:48:b1:fb:2d:49:26:98:1f:14:31:d3:f5:
df:5e:b4:82:fe:6e:08:62:e4:d3:5f:79:e2:3d:34:
98:ab:33:09:be:3d:3b:b8:7b:29:95:31:31:0b:6b:
73:8a:d4:6b:06:0b:e8:3e:42:56:5a:6c:1c:df:c1:
00:87:11:43:48:24:72:49:9e:01:41:22:af:b5:f1:
4f:2c:3d:d7:32:96:54:cb:d4:e3:c2:f2:51:4e:70:
16:97:87:28:d3:33:b9:11:82:55:25:1a:a3:1f:ba:
25:65:37:a4:8a:a0:a3:37:15:cf:90:a8:38:c8:1d:
41:d5:31:a0:1d:75:46:54:bc:0b:41:c4:d1:e3:41:
31:31:05:13:dc:ea:b9:e4:85:49:9f:8b:96:2f:16:
32:e4:e6:b6:39:34:6b:b9:71:98:2b:86:6f:87:37:
2f:15:1b:5b:e3:2b:95:07:e3:02:31:3d:43:26:7c:
2b:60:2c:bc:cb:53:5b:27:49:c9:27:4f:dc:1d:07:
c8:a7:f0:56:ce:d7:42:25:ab:3a:07:da:bb:e9:13:
03:1f:25:03:c8:e4:5b:93:f0:e8:26:f1:8b:97:39:
cc:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B5:17:F9:DE:71:B1:26:EF:DC:7B:8A:B1:E3:9A:3A:6B:B6:3A:75:41
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/tRf53nGxJu_ce4qx45o6a7Y6dUE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
93.123.88.0/21
94.156.234.0-94.156.239.255
Signature Algorithm: sha256WithRSAEncryption
97:8c:e3:06:e0:88:99:90:cc:2e:73:63:65:e8:dd:d9:85:e6:
52:a2:c2:42:f9:cf:69:97:20:0b:1b:00:d4:e7:80:f7:96:5e:
70:81:df:5a:d4:ee:af:77:26:ad:d9:c6:7a:e0:4a:a4:1a:02:
eb:94:c1:09:e1:72:94:37:ee:e9:13:54:d6:c4:48:eb:76:9d:
cc:a4:4d:9f:77:ee:31:64:8a:89:a1:fa:5a:a3:e1:d1:04:5d:
b7:73:4b:c9:dc:d4:03:ed:ea:3d:94:e3:ee:32:f2:8a:6d:f0:
f5:35:6b:0f:01:93:9d:d7:af:84:e3:0d:b3:f8:ab:c8:66:96:
8e:2c:9e:26:c6:0e:aa:13:5d:a5:56:66:af:bf:02:ce:c7:f6:
c1:19:88:7d:98:f2:b8:85:c5:b5:7e:b9:2f:29:39:7d:42:c0:
00:e1:ed:54:97:39:89:d8:fa:88:5b:9e:a1:06:98:bc:cf:37:
c2:b9:21:36:97:5f:2e:f7:08:6b:4e:b4:79:e7:33:03:c0:98:
a0:be:19:16:ca:35:54:a4:84:2e:b0:aa:ad:e5:f6:6d:08:fe:
90:dc:fc:54:ff:21:77:33:b7:9e:d7:dc:ce:cb:c0:01:2a:66:
30:29:3c:f5:3d:f4:32:59:0d:e8:6b:2f:8d:8e:35:13:ac:cb:
3e:6b:fe:06
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYPmEYv9/QqB3ro0ot79xIZIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMDE3MTMxMDUzWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNTE3ZjlkZTcxYjEyNmVmZGM3YjhhYjFlMzlhM2E2YmI2M2E3NTQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA09qRV6iesHSkV/x6GZ80sHsBibKW
OkjViD2QItjauDlIsfstSSaYHxQx0/XfXrSC/m4IYuTTX3niPTSYqzMJvj07uHsp
lTExC2tzitRrBgvoPkJWWmwc38EAhxFDSCRySZ4BQSKvtfFPLD3XMpZUy9TjwvJR
TnAWl4co0zO5EYJVJRqjH7olZTekiqCjNxXPkKg4yB1B1TGgHXVGVLwLQcTR40Ex
MQUT3Oq55IVJn4uWLxYy5Oa2OTRruXGYK4ZvhzcvFRtb4yuVB+MCMT1DJnwrYCy8
y1NbJ0nJJ0/cHQfIp/BWztdCJas6B9q76RMDHyUDyORbk/DoJvGLlznMpwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFLUX+d5xsSbv3HuKseOaOmu2OnVBMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdFJmNTNuR3hKdV9jZTRxeDQ1bzZhN1k2ZFVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAATAUAwQDXXtYMAwD
BAFenOoDBARenOAwDQYJKoZIhvcNAQELBQADggEBAJeM4wbgiJmQzC5zY2Xo3dmF
5lKiwkL5z2mXIAsbANTngPeWXnCB31rU7q93Jq3ZxnrgSqQaAuuUwQnhcpQ37ukT
VNbESOt2ncykTZ937jFkiomh+lqj4dEEXbdzS8nc1APt6j2U4+4y8opt8PU1aw8B
k53Xr4TjDbP4q8hmlo4snibGDqoTXaVWZq+/As7H9sEZiH2Y8riFxbV+uS8pOX1C
wADh7VSXOYnY+ohbnqEGmLzPN8K5ITaXXy73CGtOtHnnMwPAmKC+GRbKNVSkhC6w
qq3l9m0I/pDc/FT/IXczt57X3M7LwAEqZjApPPU99DJZDehrL42ONROsyz5r/gY=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:43 2023 by rpki-client on console-ams.rpki-client.org