Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/w7vsRnS_TYJlBqyt6kK1WtAMTqE.roa
File: w7vsRnS_TYJlBqyt6kK1WtAMTqE.roa (raw, json)
Hash identifier: HtK4JvdhRY4RtkflEW39gPtJFPiR+k/qODrRCpGBGRo=
Subject key identifier: C3:BB:EC:46:74:BF:4D:82:65:06:AC:AD:EA:42:B5:5A:D0:0C:4E:A1
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018CB0BE1DF4021985B0FC127D69F2085D28
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/w7vsRnS_TYJlBqyt6kK1WtAMTqE.roa
Signing time: Thu 28 Dec 2023 14:04:58 +0000
ROA not before: Thu 28 Dec 2023 14:04:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50738
IP address blocks: 87.121.124.0/23 maxlen: 24
171.22.31.0/24 maxlen: 24
81.161.239.0/24 maxlen: 24
91.200.192.0/22 maxlen: 24
94.156.248.0/24 maxlen: 24
87.121.162.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
171.22.17.0/24 maxlen: 24
171.22.18.0/24 maxlen: 24
79.110.61.0/24 maxlen: 24
45.129.84.0/24 maxlen: 24
94.154.172.0/24 maxlen: 24
193.35.19.0/24 maxlen: 24
37.139.130.0/24 maxlen: 24
193.25.216.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:b0:be:1d:f4:02:19:85:b0:fc:12:7d:69:f2:08:5d:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Dec 28 14:04:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c3bbec4674bf4d826506acadea42b55ad00c4ea1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:13:96:7c:5c:d2:63:48:93:9b:39:92:ce:97:
16:94:70:e3:a8:70:fd:6c:64:52:d9:42:fa:a5:e9:
10:24:f3:57:c7:0f:4f:62:54:58:3b:d2:4c:77:39:
78:a2:64:08:99:82:c7:51:1f:ba:c7:24:a9:29:25:
b2:d6:c1:8f:12:47:d5:50:84:46:05:a6:90:d9:33:
20:e4:8c:3e:d5:7f:a4:ac:9e:f3:21:80:94:5f:19:
ef:6d:9c:38:e4:a9:e0:af:00:33:87:44:f3:d5:72:
04:58:c5:03:09:37:80:96:71:4a:d4:7c:b4:b7:83:
b4:ba:a5:74:1e:34:69:4d:22:43:4d:6f:d7:6b:28:
00:74:74:00:53:dd:7c:62:c1:aa:19:46:de:77:34:
e3:fb:06:c7:52:f9:f8:04:95:41:e8:fe:74:42:d5:
29:20:9e:c6:59:52:ca:c1:1c:33:12:dc:99:68:49:
03:5d:64:80:5a:fa:98:bd:6a:0f:65:30:52:44:97:
05:64:bb:17:52:b4:1e:5f:32:6b:11:03:d5:90:2a:
5f:fd:03:b1:8c:07:d3:ca:00:47:c2:18:0c:86:6c:
55:8d:98:9b:cc:59:1b:e0:12:fe:40:54:49:ae:a4:
bb:b7:54:b4:53:5d:f6:f8:22:de:73:30:40:82:5b:
8d:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C3:BB:EC:46:74:BF:4D:82:65:06:AC:AD:EA:42:B5:5A:D0:0C:4E:A1
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/w7vsRnS_TYJlBqyt6kK1WtAMTqE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.130.0/24
45.129.84.0/24
45.141.158.0/24
79.110.61.0/24
81.161.239.0/24
87.121.124.0/23
87.121.162.0/24
91.200.192.0/22
94.154.172.0/24
94.156.248.0/24
171.22.17.0-171.22.18.255
171.22.31.0/24
193.25.216.0/24
193.35.19.0/24
Signature Algorithm: sha256WithRSAEncryption
6b:e2:87:b7:7d:5a:7f:99:04:89:32:5d:2a:27:f2:ee:42:21:
57:9f:1e:91:18:b3:cd:05:47:a9:d5:33:d8:89:53:e5:62:62:
67:5c:f0:3d:61:2f:07:b4:3d:6f:0b:e6:5f:23:51:8c:78:f6:
7e:9c:b0:6e:1f:ee:77:f3:6b:f0:6f:e9:20:30:54:31:6b:d0:
05:8c:11:37:3f:2e:af:6a:ef:d1:ec:c6:87:51:66:01:07:e6:
81:68:c7:dd:a0:9b:32:7b:97:c5:48:e5:e5:01:4e:60:cf:ca:
e8:67:2e:6d:68:a5:40:8b:c1:56:7a:17:2b:47:bb:cb:4b:23:
b0:8f:72:d2:d4:b0:7b:d3:1c:8f:ce:6a:04:03:3d:d4:9a:6b:
b7:02:a0:4b:73:89:54:51:ad:a6:ce:ae:57:92:7f:7c:c3:c9:
fe:33:7a:fd:8c:14:36:d1:39:01:af:f6:d3:52:ee:69:49:f0:
66:64:1e:89:d5:75:3e:42:2d:bc:66:30:04:d6:0c:6e:06:28:
4b:b9:1f:0d:1e:08:15:d2:dd:1d:88:3c:c4:53:87:73:69:7b:
ea:07:1f:3e:75:12:b7:11:20:33:72:f5:d3:d5:b3:6a:2c:18:
3f:15:d0:e4:5b:d8:4d:62:04:c4:59:8b:b5:ab:93:6a:43:65:
89:1b:15:a1
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYywvh30AhmFsPwSfWnyCF0oMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMjI4MTQwNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjM2JiZWM0Njc0YmY0ZDgyNjUwNmFjYWRlYTQyYjU1YWQwMGM0ZWExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjxOWfFzSY0iTmzmSzpcWlHDjqHD9
bGRS2UL6pekQJPNXxw9PYlRYO9JMdzl4omQImYLHUR+6xySpKSWy1sGPEkfVUIRG
BaaQ2TMg5Iw+1X+krJ7zIYCUXxnvbZw45KngrwAzh0Tz1XIEWMUDCTeAlnFK1Hy0
t4O0uqV0HjRpTSJDTW/XaygAdHQAU918YsGqGUbedzTj+wbHUvn4BJVB6P50QtUp
IJ7GWVLKwRwzEtyZaEkDXWSAWvqYvWoPZTBSRJcFZLsXUrQeXzJrEQPVkCpf/QOx
jAfTygBHwhgMhmxVjZibzFkb4BL+QFRJrqS7t1S0U132+CLeczBAgluNBwIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFMO77EZ0v02CZQasrepCtVrQDE6hMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdzd2c1JuU19UWUpsQnF5dDZrSzFXdEFNVHFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQAJYuCAwQA
LYFUAwQALY2eAwQAT249AwQAUaHvAwQBV3l8AwQAV3miAwQCW8jAAwQAXpqsAwQA
Xpz4MAwDBACrFhEDBACrFhIDBACrFh8DBADBGdgDBADBIxMwDQYJKoZIhvcNAQEL
BQADggEBAGvih7d9Wn+ZBIkyXSon8u5CIVefHpEYs80FR6nVM9iJU+ViYmdc8D1h
Lwe0PW8L5l8jUYx49n6csG4f7nfza/Bv6SAwVDFr0AWMETc/Lq9q79HsxodRZgEH
5oFox92gmzJ7l8VI5eUBTmDPyuhnLm1opUCLwVZ6FytHu8tLI7CPctLUsHvTHI/O
agQDPdSaa7cCoEtziVRRrabOrleSf3zDyf4zev2MFDbROQGv9tNS7mlJ8GZkHonV
dT5CLbxmMATWDG4GKEu5Hw0eCBXS3R2IPMRTh3Npe+oHHz51ErcRIDNy9dPVs2os
GD8V0ORb2E1iBMRZi7Wrk2pDZYkbFaE=
-----END CERTIFICATE-----
Generated at Thu May 15 19:27:55 2025 by rpki-client