Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/y7MKMqauA6WfBzDYU6dCGOnJ8vQ.roa
File: y7MKMqauA6WfBzDYU6dCGOnJ8vQ.roa (raw, json)
Hash identifier: PGiyxx3VxX7NW1g7rkuYQ+YJ/kum4r5qCFy0GJu7eMk=
Subject key identifier: CB:B3:0A:32:A6:AE:03:A5:9F:07:30:D8:53:A7:42:18:E9:C9:F2:F4
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018828E7B84260ADC0461F26A5541F30BF9E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/y7MKMqauA6WfBzDYU6dCGOnJ8vQ.roa
Signing time: Wed 17 May 2023 08:50:54 +0000
ROA not before: Wed 17 May 2023 08:50:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207459
IP address blocks: 91.92.24.0/24 maxlen: 24
91.92.24.0/23 maxlen: 23
91.92.25.0/24 maxlen: 24
193.149.29.0/24 maxlen: 24
45.128.233.0/24 maxlen: 24
193.149.30.0/24 maxlen: 24
193.149.28.0/22 maxlen: 22
193.149.31.0/24 maxlen: 24
193.149.28.0/24 maxlen: 24
171.22.19.0/24 maxlen: 24
185.221.67.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
194.180.50.0/24 maxlen: 24
176.125.255.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:28:e7:b8:42:60:ad:c0:46:1f:26:a5:54:1f:30:bf:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 17 08:50:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cbb30a32a6ae03a59f0730d853a74218e9c9f2f4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:22:96:c3:6a:b9:71:0e:1f:97:b6:6c:c0:6a:
d3:05:8f:e1:04:c5:dc:b5:c2:a3:1b:b9:62:c9:6a:
ec:8a:a8:19:08:cb:39:a1:a0:6e:0e:0f:b3:2d:90:
f7:89:56:e3:58:a6:4f:e8:b3:bd:cf:51:f8:4b:6a:
08:49:ed:36:0f:01:5f:91:78:46:da:86:be:d6:85:
c1:09:30:2c:01:7e:11:88:dc:88:7c:ac:11:63:40:
32:5a:e0:71:3a:9e:5f:36:0f:8e:76:91:3f:ce:f4:
0c:71:ed:51:18:30:d5:a6:2f:9a:90:19:f2:84:dc:
58:d4:19:ef:a1:fd:b6:33:87:d0:4a:16:a8:c3:e3:
14:3f:3f:18:42:16:80:9f:1e:b8:f0:aa:0c:48:12:
cb:b9:45:75:0d:f2:e9:40:fc:4d:21:57:7f:e2:73:
36:4c:27:93:57:46:11:24:43:b7:ce:53:67:9b:b1:
8e:72:38:32:1f:6d:d6:00:0b:07:f8:e4:2d:c5:e8:
e1:20:f3:34:c5:be:bc:4f:8e:fe:b8:7c:1a:2e:f2:
26:26:2a:cc:7d:61:c6:3e:c0:12:d0:c8:dd:27:bd:
7e:0b:12:73:e9:ae:b5:70:39:8c:6d:e0:36:ce:41:
30:90:df:7a:93:8e:50:c2:77:23:df:7d:42:3a:61:
13:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CB:B3:0A:32:A6:AE:03:A5:9F:07:30:D8:53:A7:42:18:E9:C9:F2:F4
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/y7MKMqauA6WfBzDYU6dCGOnJ8vQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.128.233.0/24
87.120.87.0/24
91.92.24.0/23
171.22.19.0/24
176.125.255.0/24
185.221.67.0/24
193.149.28.0/22
194.180.50.0/24
Signature Algorithm: sha256WithRSAEncryption
4d:ee:db:e4:c0:0e:ad:7d:86:de:58:eb:a9:18:37:fa:91:e5:
98:34:88:46:d7:3f:52:c9:a7:18:f3:02:84:c5:7b:90:ca:4b:
b2:e4:2e:e6:a8:89:5d:cc:2a:7a:35:f9:38:9f:1b:2e:95:8e:
ed:d7:36:ee:89:d9:cd:fb:69:08:0a:06:70:b2:0a:1f:95:84:
e1:aa:51:47:54:8b:a6:ac:50:17:49:db:dc:27:d3:bf:29:63:
47:a8:fd:08:e7:5b:8f:67:6a:5e:c7:c4:a5:82:2c:6e:01:21:
88:d1:ed:62:7f:fc:54:c3:47:b9:0b:44:c4:84:47:a3:f3:0b:
48:d7:9d:a2:8c:72:dc:30:88:69:b6:3c:ab:48:e7:26:a4:7d:
45:e2:0f:52:47:ca:be:a5:ee:93:17:69:0e:72:81:5f:c0:d2:
ab:03:48:86:13:7b:ca:2d:ef:f9:78:5e:3e:2d:f7:e3:b6:d3:
e7:41:fd:b3:a4:88:99:14:25:c1:7f:a8:4d:74:90:88:f4:4b:
48:13:53:fb:c2:2e:fb:92:16:54:b2:6d:0e:6d:88:ba:75:7d:
df:ad:6a:37:1d:4f:ac:71:3c:b3:1f:86:97:d7:3e:48:d0:9f:
d8:8e:51:da:53:30:71:61:b4:9c:d7:59:21:fb:ff:f5:d2:14:
cd:80:fd:d9
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYgo57hCYK3ARh8mpVQfML+eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTE3MDg1MDU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYmIzMGEzMmE2YWUwM2E1OWYwNzMwZDg1M2E3NDIxOGU5YzlmMmY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApyKWw2q5cQ4fl7ZswGrTBY/hBMXc
tcKjG7liyWrsiqgZCMs5oaBuDg+zLZD3iVbjWKZP6LO9z1H4S2oISe02DwFfkXhG
2oa+1oXBCTAsAX4RiNyIfKwRY0AyWuBxOp5fNg+OdpE/zvQMce1RGDDVpi+akBny
hNxY1Bnvof22M4fQShaow+MUPz8YQhaAnx648KoMSBLLuUV1DfLpQPxNIVd/4nM2
TCeTV0YRJEO3zlNnm7GOcjgyH23WAAsH+OQtxejhIPM0xb68T47+uHwaLvImJirM
fWHGPsAS0MjdJ71+CxJz6a61cDmMbeA2zkEwkN96k45Qwncj331COmETAQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFMuzCjKmrgOlnwcw2FOnQhjpyfL0MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveTdNS01xYXVBNldmQnpEWVU2ZENHT25KOHZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALYDpAwQA
V3hXAwQBW1wYAwQAqxYTAwQAsH3/AwQAud1DAwQCwZUcAwQAwrQyMA0GCSqGSIb3
DQEBCwUAA4IBAQBN7tvkwA6tfYbeWOupGDf6keWYNIhG1z9SyacY8wKExXuQykuy
5C7mqIldzCp6Nfk4nxsulY7t1zbuidnN+2kICgZwsgoflYThqlFHVIumrFAXSdvc
J9O/KWNHqP0I51uPZ2pex8SlgixuASGI0e1if/xUw0e5C0TEhEej8wtI152ijHLc
MIhptjyrSOcmpH1F4g9SR8q+pe6TF2kOcoFfwNKrA0iGE3vKLe/5eF4+LffjttPn
Qf2zpIiZFCXBf6hNdJCI9EtIE1P7wi77khZUsm0ObYi6dX3frWo3HU+scTyzH4aX
1z5I0J/YjlHaUzBxYbSc11kh+//10hTNgP3Z
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:21 2024 by rpki-client on console-fra.rpki-client.org