Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xJ3QVoeKEla3kkS59Ti6maEBKrg.roa
File: xJ3QVoeKEla3kkS59Ti6maEBKrg.roa (raw, json)
Hash identifier: /hKpVzz40eC84F/mbl0YvEt3SociYrIQA0GGB+N9o38=
Subject key identifier: C4:9D:D0:56:87:8A:12:56:B7:92:44:B9:F5:38:BA:99:A1:01:2A:B8
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 1CC7BD60
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xJ3QVoeKEla3kkS59Ti6maEBKrg.roa
Signing time: Tue 18 Jan 2022 11:51:45 +0000
ROA not before: Tue 18 Jan 2022 11:51:45 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 61317
IP address blocks: 185.221.66.0/24 maxlen: 24
94.156.14.0/24 maxlen: 24
85.217.145.0/24 maxlen: 24
92.249.48.0/24 maxlen: 24
109.206.239.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 482852192 (0x1cc7bd60)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 18 11:51:45 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=c49dd056878a1256b79244b9f538ba99a1012ab8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:3c:1c:a6:36:0a:39:ae:60:c4:34:3d:16:61:
be:c4:f7:17:01:7c:4a:c5:c0:4d:45:32:07:9d:9b:
09:e4:95:d7:96:ea:2d:1f:7c:34:54:53:54:ec:f7:
7e:d2:2c:b0:39:e7:9d:46:2d:90:d0:19:f9:48:8c:
ad:2f:bf:79:0d:47:05:ae:fa:37:d6:4a:76:28:4a:
d2:32:83:cf:4d:c7:6c:33:28:4b:ce:86:dd:51:98:
c1:cb:e7:df:70:54:ce:8c:f3:b0:36:42:f9:61:8f:
1e:32:39:a6:46:36:8d:cd:13:79:bf:0c:e1:00:33:
85:68:66:00:44:d9:3b:5f:e0:3f:f8:5e:5d:fa:f4:
40:cc:bb:80:ed:4d:4b:52:fe:f8:e1:1a:f0:f1:c8:
1c:91:fc:51:38:b6:30:62:d0:68:ac:81:72:9c:c8:
e1:c9:ab:97:42:d8:82:d2:6c:5a:d0:ee:f5:45:b9:
d8:e5:60:1e:2f:da:ce:cb:d5:d3:92:15:85:5d:f9:
08:5e:9f:84:88:b1:02:2e:fe:d8:15:ef:33:2e:f8:
bf:42:b0:64:8b:e4:1c:39:10:00:38:7f:d1:2c:ad:
e6:d6:c6:ef:4d:39:3c:f8:55:81:b6:62:7d:47:d2:
51:3f:05:ee:34:c3:0b:d7:30:fd:67:b2:b4:a3:b8:
4e:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:9D:D0:56:87:8A:12:56:B7:92:44:B9:F5:38:BA:99:A1:01:2A:B8
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xJ3QVoeKEla3kkS59Ti6maEBKrg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.217.145.0/24
92.249.48.0/24
94.156.14.0/24
109.206.239.0/24
185.221.66.0/24
Signature Algorithm: sha256WithRSAEncryption
31:79:98:e2:84:33:51:62:12:8f:2a:ed:44:12:1d:ae:ca:1a:
b9:2d:c8:a9:38:4d:73:33:c4:c7:23:7e:47:d4:b5:e2:a3:7f:
e2:7a:6c:94:b7:49:c7:e5:51:ab:79:44:58:e6:6f:f0:3e:e1:
51:a6:48:6d:f2:b8:8f:57:a9:a2:bf:34:b4:ef:18:a3:ba:65:
c3:32:5c:45:16:af:23:85:ae:e4:45:8a:38:65:f1:09:0a:8f:
3e:e8:f4:e8:c0:c0:0e:89:0a:27:00:ba:12:1a:93:c1:65:ff:
00:3a:04:4b:f4:4c:6d:82:04:f2:ce:98:95:d8:74:7e:6b:b2:
fb:d1:85:46:bd:16:21:bc:ea:fb:03:4a:a7:49:bd:38:3b:e6:
bc:1d:41:4b:2a:7e:0e:3b:59:7c:8e:12:17:e6:00:6a:2b:1d:
33:7f:7b:12:fb:02:31:59:31:78:75:42:80:a2:35:5f:c6:72:
4f:f4:b6:bf:e7:b1:ef:8f:17:63:03:a0:c5:bf:d1:e6:19:67:
25:4d:08:8a:54:fc:29:2f:eb:29:81:40:95:9a:3f:94:31:3b:
a7:27:2b:fb:f3:36:63:a6:54:2e:b3:7b:9b:d9:21:48:ef:85:
60:76:82:3f:08:d6:39:72:04:ac:f8:a9:9b:04:9a:06:e1:f3:
33:f2:2e:59
-----BEGIN CERTIFICATE-----
MIIFBzCCA++gAwIBAgIEHMe9YDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDEx
ODExNTE0NVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYzQ5ZGQwNTY4Nzhh
MTI1NmI3OTI0NGI5ZjUzOGJhOTlhMTAxMmFiODCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAI08HKY2CjmuYMQ0PRZhvsT3FwF8SsXATUUyB52bCeSV15bq
LR98NFRTVOz3ftIssDnnnUYtkNAZ+UiMrS+/eQ1HBa76N9ZKdihK0jKDz03HbDMo
S86G3VGYwcvn33BUzozzsDZC+WGPHjI5pkY2jc0Teb8M4QAzhWhmAETZO1/gP/he
Xfr0QMy7gO1NS1L++OEa8PHIHJH8UTi2MGLQaKyBcpzI4cmrl0LYgtJsWtDu9UW5
2OVgHi/azsvV05IVhV35CF6fhIixAi7+2BXvMy74v0KwZIvkHDkQADh/0Syt5tbG
7005PPhVgbZifUfSUT8F7jTDC9cw/WeytKO4TkcCAwEAAaOCAiEwggIdMB0GA1Ud
DgQWBBTEndBWh4oSVreSRLn1OLqZoQEquDAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L3hKM1FWb2VLRWxhM2trUzU5VGk2bWFFQktyZy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjA3
BggrBgEFBQcBBwEB/wQoMCYwJAQCAAEwHgMEAFXZkQMEAFz5MAMEAF6cDgMEAG3O
7wMEALndQjANBgkqhkiG9w0BAQsFAAOCAQEAMXmY4oQzUWISjyrtRBIdrsoauS3I
qThNczPExyN+R9S14qN/4npslLdJx+VRq3lEWOZv8D7hUaZIbfK4j1epor80tO8Y
o7plwzJcRRavI4Wu5EWKOGXxCQqPPuj06MDADokKJwC6EhqTwWX/ADoES/RMbYIE
8s6Yldh0fmuy+9GFRr0WIbzq+wNKp0m9ODvmvB1BSyp+DjtZfI4SF+YAaisdM397
EvsCMVkxeHVCgKI1X8ZyT/S2v+ex748XYwOgxb/R5hlnJU0IilT8KS/rKYFAlZo/
lDE7pycr+/M2Y6ZULrN7m9khSO+FYHaCPwjWOXIErPipmwSaBuHzM/IuWQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:21 2024 by rpki-client on console-fra.rpki-client.org