Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/da/19d3cd-6610-43f0-83eb-70a1af51dfbe/1/Su35bYqVyDGRmsQ3jtGztWzeEQE.roa
File: Su35bYqVyDGRmsQ3jtGztWzeEQE.roa (raw, json)
Hash identifier: iYKEShTlcsDwD71000qSFDcgSWWfml9952vvYVSa0DA=
Subject key identifier: 4A:ED:F9:6D:8A:95:C8:31:91:9A:C4:37:8E:D1:B3:B5:6C:DE:11:01
Certificate issuer: /CN=09e2af08cf6e12e2304fb3bdec64cfbcedaa8522
Certificate serial: 02BB341D
Authority key identifier: 09:E2:AF:08:CF:6E:12:E2:30:4F:B3:BD:EC:64:CF:BC:ED:AA:85:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CeKvCM9uEuIwT7O97GTPvO2qhSI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/da/19d3cd-6610-43f0-83eb-70a1af51dfbe/1/Su35bYqVyDGRmsQ3jtGztWzeEQE.roa
Signing time: Fri 29 Apr 2022 11:29:01 +0000
ROA not before: Fri 29 Apr 2022 11:29:01 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 204139
IP address blocks: 185.129.22.0/23 maxlen: 23
185.129.20.0/23 maxlen: 23
185.122.124.0/23 maxlen: 23
185.122.128.0/23 maxlen: 23
185.122.126.0/23 maxlen: 23
185.113.182.0/24 maxlen: 24
185.113.180.0/23 maxlen: 23
185.113.183.0/24 maxlen: 24
185.123.240.0/23 maxlen: 23
185.123.242.0/23 maxlen: 23
185.128.178.0/23 maxlen: 23
185.128.176.0/23 maxlen: 23
185.124.56.0/23 maxlen: 23
185.124.58.0/23 maxlen: 23
185.124.62.0/23 maxlen: 23
185.124.60.0/23 maxlen: 23
185.116.174.0/24 maxlen: 24
185.128.132.0/23 maxlen: 23
185.128.134.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 45823005 (0x2bb341d)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=09e2af08cf6e12e2304fb3bdec64cfbcedaa8522
Validity
Not Before: Apr 29 11:29:01 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=4aedf96d8a95c831919ac4378ed1b3b56cde1101
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:f3:aa:96:5b:7e:0b:27:ef:b3:d9:a1:b9:a2:
3b:35:49:86:31:e6:83:91:46:ac:22:fd:a4:92:c6:
a9:7b:2c:98:94:5a:a1:1e:f8:1f:d3:b5:81:b4:37:
89:58:d4:9f:9a:de:9d:db:61:12:e5:65:0c:f1:08:
21:bb:dc:25:bf:58:cb:7a:70:5a:97:a8:17:96:f6:
0b:90:91:eb:f5:53:5d:72:c8:06:75:cf:4a:2e:2a:
62:45:3e:3f:67:1a:22:e4:13:57:7c:8c:67:c2:8b:
57:bd:98:e6:be:b7:68:fb:3d:4a:dd:1f:09:e8:53:
ba:2f:03:f6:72:58:d8:19:87:ff:5f:fa:c4:ea:c1:
dc:58:fa:46:11:e8:c5:6b:0c:37:45:f9:76:1c:09:
1d:39:55:a7:bc:3b:c5:65:ca:ae:d3:89:41:4b:8e:
26:1a:40:da:16:b3:2f:3c:34:b3:9f:7c:05:b6:00:
61:3b:56:07:63:cf:63:6b:50:d3:a8:13:53:86:58:
29:45:00:ca:bc:14:8f:a2:96:0b:d5:aa:6e:67:37:
85:52:8e:50:e3:d8:b7:19:0b:b4:c3:03:2b:71:0e:
3a:d0:61:ca:4f:fc:60:34:f2:26:72:ae:72:cb:f3:
dd:a9:eb:12:60:9d:09:55:b3:48:0f:3c:8a:a3:af:
b9:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:ED:F9:6D:8A:95:C8:31:91:9A:C4:37:8E:D1:B3:B5:6C:DE:11:01
X509v3 Authority Key Identifier:
keyid:09:E2:AF:08:CF:6E:12:E2:30:4F:B3:BD:EC:64:CF:BC:ED:AA:85:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CeKvCM9uEuIwT7O97GTPvO2qhSI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/da/19d3cd-6610-43f0-83eb-70a1af51dfbe/1/Su35bYqVyDGRmsQ3jtGztWzeEQE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/da/19d3cd-6610-43f0-83eb-70a1af51dfbe/1/CeKvCM9uEuIwT7O97GTPvO2qhSI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
185.113.180.0/22
185.116.174.0/24
185.122.124.0-185.122.129.255
185.123.240.0/22
185.124.56.0/21
185.128.132.0/22
185.128.176.0/22
185.129.20.0/22
Signature Algorithm: sha256WithRSAEncryption
0f:fe:a5:4f:8c:16:10:44:ab:5f:8b:85:39:55:37:55:51:33:
2b:17:4c:49:a7:2a:db:52:b1:9b:88:fc:43:d2:71:aa:85:0a:
31:1a:31:07:a8:53:1b:09:76:fc:e4:7f:0f:da:2a:81:e8:5b:
42:ab:26:51:d7:a2:6d:2d:24:95:9a:a1:56:01:95:e4:d0:ea:
23:5c:11:aa:d7:c9:57:e6:a4:5b:25:a2:26:f9:59:9d:a6:23:
e5:85:86:1b:73:24:23:20:0f:84:73:36:86:2a:98:13:52:5d:
a8:36:42:ca:2e:65:8f:e4:ff:97:ce:d9:c7:83:95:67:7c:70:
23:c4:ac:e2:2a:e6:50:39:f5:9b:7d:c2:04:7f:08:0f:06:a0:
53:2f:f0:a2:2a:30:df:e5:e7:2b:0a:54:e0:5e:c4:52:bf:a5:
2e:89:9a:1f:ec:14:6f:8b:4c:6d:79:06:5b:5a:1f:c3:2d:4d:
e4:bb:b3:b2:9b:6c:1c:35:79:62:35:4b:7f:84:8a:4c:6a:35:
5f:93:4f:9f:69:b0:68:77:c8:a2:5d:0a:3e:a6:16:b8:34:14:
c4:ea:74:29:c8:83:5e:e2:76:6c:8c:a6:73:88:84:13:c7:a8:
d6:10:6d:6d:8c:07:7e:d2:59:e8:16:f2:19:2c:cb:f9:30:9b:
08:26:76:f0
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgIEArs0HTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
OWUyYWYwOGNmNmUxMmUyMzA0ZmIzYmRlYzY0Y2ZiY2VkYWE4NTIyMB4XDTIyMDQy
OTExMjkwMVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGFlZGY5NmQ4YTk1
YzgzMTkxOWFjNDM3OGVkMWIzYjU2Y2RlMTEwMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAIvzqpZbfgsn77PZobmiOzVJhjHmg5FGrCL9pJLGqXssmJRa
oR74H9O1gbQ3iVjUn5rendthEuVlDPEIIbvcJb9Yy3pwWpeoF5b2C5CR6/VTXXLI
BnXPSi4qYkU+P2caIuQTV3yMZ8KLV72Y5r63aPs9St0fCehTui8D9nJY2BmH/1/6
xOrB3Fj6RhHoxWsMN0X5dhwJHTlVp7w7xWXKrtOJQUuOJhpA2hazLzw0s598BbYA
YTtWB2PPY2tQ06gTU4ZYKUUAyrwUj6KWC9Wqbmc3hVKOUOPYtxkLtMMDK3EOOtBh
yk/8YDTyJnKucsvz3anrEmCdCVWzSA88iqOvuTsCAwEAAaOCAjswggI3MB0GA1Ud
DgQWBBRK7fltipXIMZGaxDeO0bO1bN4RATAfBgNVHSMEGDAWgBQJ4q8Iz24S4jBP
s73sZM+87aqFIjAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0NlS3ZDTTl1RXVJd1Q3Tzk3R1RQdk8ycWhTSS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGEvMTlkM2NkLTY2MTAtNDNmMC04M2ViLTcwYTFhZjUxZGZiZS8x
L1N1MzViWXFWeURHUm1zUTNqdEd6dFd6ZUVRRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGEv
MTlkM2NkLTY2MTAtNDNmMC04M2ViLTcwYTFhZjUxZGZiZS8xL0NlS3ZDTTl1RXVJ
d1Q3Tzk3R1RQdk8ycWhTSS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjBR
BggrBgEFBQcBBwEB/wRCMEAwPgQCAAEwOAMEArlxtAMEALl0rjAMAwQCuXp8AwQB
uXqAAwQCuXvwAwQDuXw4AwQCuYCEAwQCuYCwAwQCuYEUMA0GCSqGSIb3DQEBCwUA
A4IBAQAP/qVPjBYQRKtfi4U5VTdVUTMrF0xJpyrbUrGbiPxD0nGqhQoxGjEHqFMb
CXb85H8P2iqB6FtCqyZR16JtLSSVmqFWAZXk0OojXBGq18lX5qRbJaIm+VmdpiPl
hYYbcyQjIA+EczaGKpgTUl2oNkLKLmWP5P+XztnHg5VnfHAjxKziKuZQOfWbfcIE
fwgPBqBTL/CiKjDf5ecrClTgXsRSv6UuiZof7BRvi0xteQZbWh/DLU3ku7Oym2wc
NXliNUt/hIpMajVfk0+fabBod8iiXQo+pha4NBTE6nQpyINe4nZsjKZziIQTx6jW
EG1tjAd+0lnoFvIZLMv5MJsIJnbw
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:04:50 2023 by rpki-client on console-fra.rpki-client.org