Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zIv71sw00JjKpORYOAV69NRGWrY.roa
File: zIv71sw00JjKpORYOAV69NRGWrY.roa (raw, json)
Hash identifier: t4VFR2wMOIgGTSdDkIwsrIYhtbht4MIhpJx9a8jH6A8=
Subject key identifier: CC:8B:FB:D6:CC:34:D0:98:CA:A4:E4:58:38:05:7A:F4:D4:46:5A:B6
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0185CE4C8881A6B4D6D04E08A92AF34299BC
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zIv71sw00JjKpORYOAV69NRGWrY.roa
Signing time: Fri 20 Jan 2023 08:30:00 +0000
ROA not before: Fri 20 Jan 2023 08:30:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 20454
IP address blocks: 81.161.237.0/24 maxlen: 24
87.121.58.0/24 maxlen: 24
93.123.81.0/24 maxlen: 24
87.120.5.0/24 maxlen: 24
94.156.182.0/23 maxlen: 24
94.154.174.0/23 maxlen: 24
194.59.30.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:ce:4c:88:81:a6:b4:d6:d0:4e:08:a9:2a:f3:42:99:bc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 20 08:30:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cc8bfbd6cc34d098caa4e45838057af4d4465ab6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:b3:cb:0b:95:f9:0c:71:ea:82:0e:a1:eb:52:
d4:3f:88:fe:1f:a8:c1:ef:d1:32:5c:a9:a2:09:be:
32:27:fe:96:69:c6:30:56:7f:90:1b:00:07:77:df:
27:1c:29:6a:aa:1d:83:fc:08:b0:af:19:ab:c7:8c:
97:bd:9e:e0:2e:54:67:0e:c7:ac:2c:9d:d8:9c:4f:
b6:6b:3f:e1:82:96:49:4c:78:4e:8a:90:6c:2d:8d:
50:a1:82:ee:da:e4:b8:d3:a6:9b:35:58:ae:f8:28:
4f:2c:da:a8:1c:6e:23:14:f3:7e:c0:a8:c8:e4:55:
53:64:d2:90:5b:0f:56:6e:f7:67:ae:ac:48:57:c0:
3b:8e:7d:f2:a5:29:11:94:60:29:7d:60:cb:73:36:
69:9b:0a:d3:69:69:38:75:7f:5f:fc:ca:fd:69:5d:
92:f0:b1:9e:4f:38:b9:ca:3e:ba:3f:7c:52:cb:7d:
f3:5e:2f:54:36:d7:7c:4d:16:d3:59:e5:1d:c9:0c:
60:b3:01:04:e1:89:cd:a3:b1:3a:76:df:2c:3b:5a:
e5:af:9d:df:19:09:4c:19:2a:03:54:ca:5f:d7:ed:
20:a2:4f:91:46:ac:fc:b8:f8:e9:b5:0a:22:89:6a:
4f:de:51:fd:31:39:11:43:d1:bd:c9:41:f4:cc:7e:
7f:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:8B:FB:D6:CC:34:D0:98:CA:A4:E4:58:38:05:7A:F4:D4:46:5A:B6
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zIv71sw00JjKpORYOAV69NRGWrY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
81.161.237.0/24
87.120.5.0/24
87.121.58.0/24
93.123.81.0/24
94.154.174.0/23
94.156.182.0/23
194.59.30.0/23
Signature Algorithm: sha256WithRSAEncryption
2a:ae:da:0b:a2:91:c1:51:7e:5e:eb:97:6b:9b:36:b8:d4:45:
6d:f8:f8:8b:7a:04:8a:0b:77:ff:43:dd:8b:95:b1:b2:14:aa:
78:fe:21:db:fb:80:c3:92:d7:4c:10:31:e9:28:45:6e:70:b2:
8e:98:fd:cd:d6:22:2e:0e:4a:b9:6a:49:da:02:71:1a:28:de:
b2:66:8f:54:a7:61:d1:b7:f3:cb:4e:ea:26:85:2a:a0:70:bc:
54:20:c7:84:d3:a1:ac:58:9d:8c:15:4d:26:b5:e6:88:b6:54:
52:84:6e:63:83:18:02:50:7e:b5:e9:96:52:1a:05:01:f3:e1:
d2:49:3b:57:86:ea:4e:fe:b8:1f:11:49:7c:96:b3:7b:b2:15:
1e:ef:43:4b:6e:f7:ac:a6:f9:fe:f6:4b:72:1f:5d:5e:07:53:
5e:ac:ea:de:4f:a6:df:59:fd:08:27:1b:d3:38:b2:3f:8c:c8:
36:c9:b1:14:21:b8:51:8c:26:c9:8e:77:41:79:fb:a4:c1:86:
cb:7d:a0:a4:08:3c:50:59:91:6b:0e:fd:29:27:f7:2c:97:af:
6f:27:5b:45:44:f6:d0:16:a1:b4:42:f0:f9:54:a5:5c:4b:d8:
65:7c:86:1e:63:0d:88:d7:5a:84:4f:63:cc:7f:fe:5d:6e:a5:
e4:4c:bd:81
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYXOTIiBprTW0E4IqSrzQpm8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTIwMDgzMDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYzhiZmJkNmNjMzRkMDk4Y2FhNGU0NTgzODA1N2FmNGQ0NDY1YWI2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlLPLC5X5DHHqgg6h61LUP4j+H6jB
79EyXKmiCb4yJ/6WacYwVn+QGwAHd98nHClqqh2D/Aiwrxmrx4yXvZ7gLlRnDses
LJ3YnE+2az/hgpZJTHhOipBsLY1QoYLu2uS406abNViu+ChPLNqoHG4jFPN+wKjI
5FVTZNKQWw9WbvdnrqxIV8A7jn3ypSkRlGApfWDLczZpmwrTaWk4dX9f/Mr9aV2S
8LGeTzi5yj66P3xSy33zXi9UNtd8TRbTWeUdyQxgswEE4YnNo7E6dt8sO1rlr53f
GQlMGSoDVMpf1+0gok+RRqz8uPjptQoiiWpP3lH9MTkRQ9G9yUH0zH5/EQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFMyL+9bMNNCYyqTkWDgFevTURlq2MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvekl2NzFzdzAwSmpLcE9SWU9BVjY5TlJHV3JZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAUaHtAwQA
V3gFAwQAV3k6AwQAXXtRAwQBXpquAwQBXpy2AwQBwjseMA0GCSqGSIb3DQEBCwUA
A4IBAQAqrtoLopHBUX5e65drmza41EVt+PiLegSKC3f/Q92LlbGyFKp4/iHb+4DD
ktdMEDHpKEVucLKOmP3N1iIuDkq5aknaAnEaKN6yZo9Up2HRt/PLTuomhSqgcLxU
IMeE06GsWJ2MFU0mteaItlRShG5jgxgCUH616ZZSGgUB8+HSSTtXhupO/rgfEUl8
lrN7shUe70NLbvespvn+9ktyH11eB1NerOreT6bfWf0IJxvTOLI/jMg2ybEUIbhR
jCbJjndBefukwYbLfaCkCDxQWZFrDv0pJ/csl69vJ1tFRPbQFqG0QvD5VKVcS9hl
fIYeYw2I11qET2PMf/5dbqXkTL2B
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:22 2024 by rpki-client on console-fra.rpki-client.org