Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/7psgad9mUUo1s0TCkrz6FvKypQI.roa
File: 7psgad9mUUo1s0TCkrz6FvKypQI.roa (raw, json)
Hash identifier: OLVB+A6JmNn5tofQi/5coIH+qG/DNxU1J87tUJWeOxc=
Subject key identifier: EE:9B:20:69:DF:66:51:4A:35:B3:44:C2:92:BC:FA:16:F2:B2:A5:02
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018DCC7753BB3015BAB8ABBD39ED6044326A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/7psgad9mUUo1s0TCkrz6FvKypQI.roa
Signing time: Wed 21 Feb 2024 16:19:48 +0000
ROA not before: Wed 21 Feb 2024 16:19:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 204843
IP address blocks: 37.221.120.0/24 maxlen: 24
37.221.121.0/24 maxlen: 24
37.221.122.0/24 maxlen: 24
37.221.123.0/24 maxlen: 24
45.144.153.0/24 maxlen: 24
94.156.11.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
193.149.2.0/24 maxlen: 24
193.149.3.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:cc:77:53:bb:30:15:ba:b8:ab:bd:39:ed:60:44:32:6a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 21 16:19:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ee9b2069df66514a35b344c292bcfa16f2b2a502
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:06:20:89:69:27:19:7c:0d:ed:19:9e:53:d5:
9f:db:3d:cd:84:9a:ab:cc:ef:38:d2:26:fb:f7:e6:
5c:c6:36:3d:13:b9:23:14:fd:ca:7d:ee:9a:75:04:
07:fd:e7:a8:bb:80:4a:f5:f2:cf:8d:d0:79:dd:35:
72:a9:c7:98:57:cb:29:3d:86:0c:99:32:27:e9:05:
29:7b:23:b3:ba:b9:20:c6:0f:5c:24:6a:ea:aa:ed:
c2:0a:17:38:fe:79:a8:fa:97:e4:eb:ac:a5:ef:23:
e3:a2:53:47:e3:07:8d:ed:3a:8c:ea:e5:a3:41:36:
05:6b:7e:c1:08:10:77:c9:9e:8e:61:be:cd:71:d5:
52:51:54:99:43:64:6f:9f:65:ab:75:eb:9a:f6:1b:
54:9c:37:d0:e7:cc:cc:83:4d:2e:c8:cb:50:be:55:
c0:80:96:99:32:6e:ec:5b:c1:06:8f:4c:79:b6:ec:
23:92:60:78:00:56:65:51:cf:76:e0:6e:5b:7d:d8:
9d:c0:0d:c2:29:6f:18:1c:06:cc:4b:df:1c:7f:db:
6a:11:13:bc:9c:18:44:59:e2:e8:a5:fe:2d:55:a2:
f5:7a:95:7a:26:41:b8:2a:4b:80:3a:d8:95:ee:07:
94:14:4e:e3:65:8e:3d:92:a6:21:56:78:3d:13:4e:
0a:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EE:9B:20:69:DF:66:51:4A:35:B3:44:C2:92:BC:FA:16:F2:B2:A5:02
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/7psgad9mUUo1s0TCkrz6FvKypQI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.221.120.0/22
45.144.153.0/24
94.156.11.0/24
141.98.1.0/24
193.149.2.0/23
Signature Algorithm: sha256WithRSAEncryption
07:eb:95:28:12:d0:a9:43:bd:8e:68:42:05:2a:73:3e:32:0e:
4a:4e:8b:ed:80:d2:47:0d:01:92:9b:7b:15:6d:3b:5c:05:d3:
69:72:45:ed:3d:63:49:f2:4a:d3:bd:72:58:5b:d4:67:f3:b2:
ae:0c:97:7e:20:18:d1:29:60:12:db:81:1e:ec:bf:89:2e:16:
0e:57:2e:bf:2d:71:28:1e:25:73:66:d1:58:e7:a2:6d:96:a1:
a8:4a:23:80:05:c6:b6:c0:00:cb:90:30:4f:a4:76:9e:e1:64:
56:58:72:37:49:c8:79:3a:a7:0d:cc:0b:41:17:04:50:ba:3d:
23:07:63:0b:44:7e:1b:52:38:d4:9b:11:ee:bc:5d:3f:c7:56:
8b:ea:42:1a:9d:d9:18:7d:74:ad:b7:6a:07:c3:da:79:4a:20:
70:25:ba:7b:bb:43:dd:b1:b4:ec:82:fa:9b:7c:87:b5:ed:b3:
35:ca:f9:68:5d:91:30:18:ec:8b:1e:d6:a3:32:85:dd:15:05:
15:27:2e:b1:f0:a4:4c:18:aa:40:a7:b9:eb:33:76:26:7d:bd:
13:d8:4a:42:98:b9:22:8b:24:b2:70:28:72:8f:b3:e8:a0:63:
ae:df:4b:02:e2:bf:86:85:88:b2:43:72:ac:3e:38:31:34:ad:
09:fd:b1:db
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY3Md1O7MBW6uKu9Oe1gRDJqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjIxMTYxOTQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTliMjA2OWRmNjY1MTRhMzViMzQ0YzI5MmJjZmExNmYyYjJhNTAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoQYgiWknGXwN7RmeU9Wf2z3NhJqr
zO840ib79+ZcxjY9E7kjFP3Kfe6adQQH/eeou4BK9fLPjdB53TVyqceYV8spPYYM
mTIn6QUpeyOzurkgxg9cJGrqqu3CChc4/nmo+pfk66yl7yPjolNH4weN7TqM6uWj
QTYFa37BCBB3yZ6OYb7NcdVSUVSZQ2Rvn2Wrdeua9htUnDfQ58zMg00uyMtQvlXA
gJaZMm7sW8EGj0x5tuwjkmB4AFZlUc924G5bfdidwA3CKW8YHAbMS98cf9tqERO8
nBhEWeLopf4tVaL1epV6JkG4KkuAOtiV7geUFE7jZY49kqYhVng9E04KuwIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFO6bIGnfZlFKNbNEwpK8+hbysqUCMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvN3BzZ2FkOW1VVW8xczBUQ2tyejZGdkt5cFFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQCJd14AwQA
LZCZAwQAXpwLAwQAjWIBAwQBwZUCMA0GCSqGSIb3DQEBCwUAA4IBAQAH65UoEtCp
Q72OaEIFKnM+Mg5KTovtgNJHDQGSm3sVbTtcBdNpckXtPWNJ8krTvXJYW9Rn87Ku
DJd+IBjRKWAS24Ee7L+JLhYOVy6/LXEoHiVzZtFY56JtlqGoSiOABca2wADLkDBP
pHae4WRWWHI3Sch5OqcNzAtBFwRQuj0jB2MLRH4bUjjUmxHuvF0/x1aL6kIandkY
fXStt2oHw9p5SiBwJbp7u0PdsbTsgvqbfIe17bM1yvloXZEwGOyLHtajMoXdFQUV
Jy6x8KRMGKpAp7nrM3Ymfb0T2EpCmLkiiySycChyj7PooGOu30sC4r+GhYiyQ3Ks
PjgxNK0J/bHb
-----END CERTIFICATE-----
Generated at Tue May 13 18:03:56 2025 by rpki-client