Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yjMJ_AjsvHXrbJwhqNhhfunzQEs.roa
File: yjMJ_AjsvHXrbJwhqNhhfunzQEs.roa (raw, json)
Hash identifier: 1mGyG6II/kCm25g9b9lfuK2H5kfAvJCHQs/twkeJa/w=
Subject key identifier: CA:33:09:FC:08:EC:BC:75:EB:6C:9C:21:A8:D8:61:7E:E9:F3:40:4B
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 1D88B699
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yjMJ_AjsvHXrbJwhqNhhfunzQEs.roa
Signing time: Fri 18 Mar 2022 14:01:44 +0000
ROA not before: Fri 18 Mar 2022 14:01:44 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 1239
IP address blocks: 87.121.124.0/23 maxlen: 24
87.121.122.0/23 maxlen: 24
81.161.238.0/23 maxlen: 24
193.168.196.0/22 maxlen: 24
193.37.46.0/24 maxlen: 24
88.218.76.0/22 maxlen: 24
91.92.115.0/24 maxlen: 24
87.120.84.0/22 maxlen: 24
185.207.12.0/24 maxlen: 24
94.154.174.0/23 maxlen: 24
84.21.172.0/23 maxlen: 24
109.206.237.0/24 maxlen: 24
109.206.238.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 495498905 (0x1d88b699)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 18 14:01:44 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ca3309fc08ecbc75eb6c9c21a8d8617ee9f3404b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:0e:da:b4:a9:ed:68:44:89:1a:46:46:19:a7:
28:fc:08:b7:c0:e6:3a:8c:c8:27:49:c3:a6:06:df:
fb:6a:d1:30:83:c4:42:84:8c:b9:de:9b:e1:20:4c:
6c:00:63:67:15:fd:0c:9b:17:7b:a8:3b:ca:7b:3f:
73:1a:a1:c9:34:1b:86:00:67:ce:6b:22:f5:08:02:
f3:8d:87:58:fd:72:99:5e:b1:47:d6:00:da:45:7f:
1f:3c:90:ce:99:99:9d:59:0c:8a:f3:ec:e2:a7:5a:
14:e4:04:f3:f4:da:6f:e0:03:67:3e:77:d0:c9:86:
c3:a5:66:de:69:69:58:9a:be:d7:9d:ce:62:0f:8a:
5d:b7:ee:93:a3:bb:c6:91:68:01:1f:59:47:2c:fe:
8d:9c:73:8f:72:4b:e8:82:91:73:88:88:c4:f3:e4:
a8:49:2d:28:8c:2f:93:9d:a7:3c:77:30:37:40:dc:
ea:9d:4d:ad:d6:08:ff:12:b0:ec:28:9b:57:bd:ca:
95:dd:ed:db:47:0b:05:1b:79:87:6b:ab:31:d2:14:
1d:dd:a1:d6:f6:de:92:63:0c:db:e6:04:0b:f7:26:
93:5e:31:0f:47:a9:d1:1a:fb:29:45:31:1f:0b:00:
05:6c:fc:5a:78:fc:fd:77:c7:c2:83:f6:0f:58:44:
b2:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:33:09:FC:08:EC:BC:75:EB:6C:9C:21:A8:D8:61:7E:E9:F3:40:4B
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yjMJ_AjsvHXrbJwhqNhhfunzQEs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.161.238.0/23
84.21.172.0/23
87.120.84.0/22
87.121.122.0-87.121.125.255
88.218.76.0/22
91.92.115.0/24
94.154.174.0/23
109.206.237.0-109.206.238.255
185.207.12.0/24
193.37.46.0/24
193.168.196.0/22
Signature Algorithm: sha256WithRSAEncryption
58:49:9d:1d:d0:cd:38:21:bc:49:21:13:b2:2b:c7:95:0f:3b:
5d:69:03:c2:d3:8c:df:55:50:4f:a6:b8:3e:8b:12:78:99:02:
0d:bf:f2:f4:3b:ce:33:a2:9f:10:46:98:f0:ca:47:35:3a:1e:
64:fd:27:eb:e9:91:c8:6b:38:44:3a:0a:a7:2e:d7:14:95:48:
1b:2d:3b:85:14:31:c5:47:2e:a7:b0:3b:a3:5f:2c:6a:ac:60:
c5:bc:8f:69:0d:27:9a:79:2c:66:e9:de:ff:b7:86:5a:4c:b4:
3d:66:15:07:be:b5:ec:68:62:c2:56:00:c3:01:25:d8:e4:71:
46:7b:e4:40:d6:24:04:62:05:8f:e0:b9:59:7e:df:a8:a9:87:
1e:5a:d7:2b:4a:bc:f8:ad:42:c8:40:22:e3:cf:5c:cf:9e:1d:
ec:06:93:f1:00:25:d1:4e:47:7e:e0:b7:a2:23:68:74:d2:9e:
a0:b6:21:6c:0a:02:54:2a:46:6b:83:f5:06:df:81:fa:4d:3f:
98:a5:84:6f:33:41:98:62:ed:ed:6d:cd:64:de:eb:89:df:ed:
32:7e:49:41:0c:20:6d:e9:f6:2c:db:4d:88:b8:f4:b8:98:6e:
45:2f:17:aa:c3:5a:7a:60:20:ca:5b:2a:85:99:1a:7c:d6:6a:
6f:70:88:0e
-----BEGIN CERTIFICATE-----
MIIFOzCCBCOgAwIBAgIEHYi2mTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
MmM0YWMzZTNjNDNkNzBkMDUzNDljODE1YmFhZGQzOGFkNzc1ZTlkMB4XDTIyMDMx
ODE0MDE0NFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoY2EzMzA5ZmMwOGVj
YmM3NWViNmM5YzIxYThkODYxN2VlOWYzNDA0YjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAJsO2rSp7WhEiRpGRhmnKPwIt8DmOozIJ0nDpgbf+2rRMIPE
QoSMud6b4SBMbABjZxX9DJsXe6g7yns/cxqhyTQbhgBnzmsi9QgC842HWP1ymV6x
R9YA2kV/HzyQzpmZnVkMivPs4qdaFOQE8/Tab+ADZz530MmGw6Vm3mlpWJq+153O
Yg+KXbfuk6O7xpFoAR9ZRyz+jZxzj3JL6IKRc4iIxPPkqEktKIwvk52nPHcwN0Dc
6p1NrdYI/xKw7CibV73Kld3t20cLBRt5h2urMdIUHd2h1vbekmMM2+YEC/cmk14x
D0ep0Rr7KUUxHwsABWz8Wnj8/XfHwoP2D1hEssUCAwEAAaOCAlUwggJRMB0GA1Ud
DgQWBBTKMwn8COy8detsnCGo2GF+6fNASzAfBgNVHSMEGDAWgBQixKw+PEPXDQU0
nIFbqt04rXdenTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8x
L3lqTUpfQWpzdkhYcmJKd2hxTmhoZnVuelFFcy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMDMv
OTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcxMi8xL0lzU3NQanhEMXcw
Rk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBr
BggrBgEFBQcBBwEB/wRcMFowWAQCAAEwUgMEAVGh7gMEAVQVrAMEAld4VDAMAwQB
V3l6AwQBV3l8AwQCWNpMAwQAW1xzAwQBXpquMAwDBABtzu0DBABtzu4DBAC5zwwD
BADBJS4DBALBqMQwDQYJKoZIhvcNAQELBQADggEBAFhJnR3QzTghvEkhE7Irx5UP
O11pA8LTjN9VUE+muD6LEniZAg2/8vQ7zjOinxBGmPDKRzU6HmT9J+vpkchrOEQ6
Cqcu1xSVSBstO4UUMcVHLqewO6NfLGqsYMW8j2kNJ5p5LGbp3v+3hlpMtD1mFQe+
texoYsJWAMMBJdjkcUZ75EDWJARiBY/guVl+36iphx5a1ytKvPitQshAIuPPXM+e
HewGk/EAJdFOR37gt6IjaHTSnqC2IWwKAlQqRmuD9QbfgfpNP5ilhG8zQZhi7e1t
zWTe64nf7TJ+SUEMIG3p9izbTYi49LiYbkUvF6rDWnpgIMpbKoWZGnzWam9wiA4=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:44 2023 by rpki-client on console-ams.rpki-client.org