Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-bFQhHLwnPq59INBedG5PDmBGRE.roa
File: 1-bFQhHLwnPq59INBedG5PDmBGRE.roa (raw, json)
Hash identifier: ayterW6BIMDnx4QON1ax9IkK78CefkbBkE8lBgprmBo=
Subject key identifier: F9:B1:50:84:72:F0:9C:FA:B9:F4:83:41:79:D1:B9:3C:39:81:19:11
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018529D07C289DCFD71DA9425A7D8B29778F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-bFQhHLwnPq59INBedG5PDmBGRE.roa
Signing time: Mon 19 Dec 2022 09:56:47 +0000
ROA not before: Mon 19 Dec 2022 09:56:47 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 209371
IP address blocks: 194.55.224.0/24 maxlen: 24
194.55.225.0/24 maxlen: 24
178.215.225.0/24 maxlen: 24
178.215.227.0/24 maxlen: 24
178.215.239.0/24 maxlen: 24
45.128.96.0/22 maxlen: 24
80.76.48.0/24 maxlen: 24
85.31.47.0/24 maxlen: 24
85.31.45.0/24 maxlen: 24
45.84.89.0/24 maxlen: 24
185.216.70.0/24 maxlen: 24
185.216.69.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
45.139.107.0/24 maxlen: 24
193.35.19.0/24 maxlen: 24
94.154.172.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:29:d0:7c:28:9d:cf:d7:1d:a9:42:5a:7d:8b:29:77:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Dec 19 09:56:47 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=f9b1508472f09cfab9f4834179d1b93c39811911
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:c0:52:d3:af:50:89:0b:92:13:27:b5:f5:70:
36:d6:df:6b:49:e6:3e:41:0f:40:c1:bf:dc:d2:0d:
3f:fd:ad:a7:a6:4b:92:69:4b:0f:b3:83:fc:8a:99:
79:59:36:a5:25:75:94:0d:9a:8a:1d:8e:87:04:05:
92:f0:80:02:dd:30:a4:11:07:a0:e8:9b:2e:d4:89:
35:ee:ee:ba:58:d4:6c:fd:f4:40:13:0f:85:0f:ae:
5e:64:59:3f:47:c5:18:62:7e:07:2b:52:0d:62:39:
4c:e7:fc:0e:22:86:be:9c:97:b1:48:81:79:42:ad:
c7:93:5b:ab:08:e5:7a:75:f2:c9:89:a3:c3:88:61:
d1:cb:ee:0b:4b:6b:40:d2:0d:c5:69:73:9a:12:79:
80:8f:ed:ef:a3:38:6f:9d:f3:84:0e:77:ae:cf:56:
25:af:10:90:e2:88:84:79:4b:36:90:aa:62:79:fd:
bf:a6:c0:30:b6:3c:bb:42:a4:ef:ef:29:f4:4a:00:
40:65:68:2f:db:92:aa:75:0d:61:63:9d:04:1c:8d:
4e:98:10:f2:71:7e:7a:e7:86:3c:08:96:c2:2b:f4:
a7:72:1e:67:9a:44:b1:dd:94:3a:ef:35:70:aa:f2:
cc:2e:4e:64:3e:df:54:9d:7b:81:d0:20:53:74:94:
a7:2d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:B1:50:84:72:F0:9C:FA:B9:F4:83:41:79:D1:B9:3C:39:81:19:11
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1-bFQhHLwnPq59INBedG5PDmBGRE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.84.89.0/24
45.128.96.0/22
45.139.107.0/24
80.76.48.0/24
85.31.45.0/24
85.31.47.0/24
87.120.87.0/24
94.154.172.0/24
178.215.225.0/24
178.215.227.0/24
178.215.239.0/24
185.216.69.0-185.216.70.255
193.35.19.0/24
194.55.224.0/23
Signature Algorithm: sha256WithRSAEncryption
8b:49:49:91:0a:f2:51:0a:a9:6b:5a:4c:8d:42:e7:fa:ed:e8:
fc:d2:83:00:bf:26:17:3d:48:66:06:2a:d4:2f:fc:4d:4d:ce:
e1:4c:9c:00:70:85:6b:d5:ba:3f:85:07:82:38:00:26:c1:b0:
a3:9b:8b:d1:98:18:bf:f3:b4:4a:8e:d1:62:66:ef:61:1a:b2:
3a:6f:e0:09:68:6b:b3:82:14:87:48:8a:61:ce:7e:1d:f9:14:
bb:7e:e6:81:e0:8d:fa:cd:1f:70:5b:1c:87:21:e6:9a:c5:f2:
9a:f9:d3:20:92:9c:b3:56:d2:67:05:2b:b9:16:73:5e:e3:2a:
78:5d:95:a1:8d:3f:d1:e7:dc:b3:9b:a0:3d:b0:d2:aa:0b:2f:
60:99:d2:54:cb:ae:5a:39:6a:c9:cb:3e:5d:54:88:0b:d7:4e:
d5:19:49:3d:f1:88:77:9a:84:c3:5c:5b:c1:91:5a:03:dd:84:
2b:6a:49:06:58:d9:ba:2f:c3:5f:f0:c8:98:0e:83:8b:53:c5:
a6:8c:3e:86:20:c4:3b:83:79:31:17:6b:52:c5:89:e0:f2:79:
14:0e:f1:70:1d:a8:9d:7e:04:ea:9f:31:12:a4:c5:6a:9c:3a:
59:74:58:13:a2:0f:1f:9a:b2:cf:e5:89:a4:aa:b8:25:c7:e3:
73:c7:50:e5
-----BEGIN CERTIFICATE-----
MIIFVDCCBDygAwIBAgISAYUp0Hwonc/XHalCWn2LKXePMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMjE5MDk1NjQ3WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWIxNTA4NDcyZjA5Y2ZhYjlmNDgzNDE3OWQxYjkzYzM5ODExOTExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk8BS069QiQuSEye19XA21t9rSeY+
QQ9Awb/c0g0//a2npkuSaUsPs4P8ipl5WTalJXWUDZqKHY6HBAWS8IAC3TCkEQeg
6Jsu1Ik17u66WNRs/fRAEw+FD65eZFk/R8UYYn4HK1INYjlM5/wOIoa+nJexSIF5
Qq3Hk1urCOV6dfLJiaPDiGHRy+4LS2tA0g3FaXOaEnmAj+3vozhvnfOEDneuz1Yl
rxCQ4oiEeUs2kKpief2/psAwtjy7QqTv7yn0SgBAZWgv25KqdQ1hY50EHI1OmBDy
cX5654Y8CJbCK/Snch5nmkSx3ZQ67zVwqvLMLk5kPt9UnXuB0CBTdJSnLQIDAQAB
o4ICYDCCAlwwHQYDVR0OBBYEFPmxUIRy8Jz6ufSDQXnRuTw5gRkRMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMS1iRlFoSEx3blBxNTlJTkJlZEc1UERtQkdSRS5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMDMvOTEzYTNhLWY1NTAtNDZmMC1hY2M3LWNkM2NhNTk3NTcx
Mi8xL0lzU3NQanhEMXcwRk5KeUJXNnJkT0sxM1hwMC5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjB1BggrBgEFBQcBBwEB/wRmMGQwYgQCAAEwXAMEAC1UWQME
Ai2AYAMEAC2LawMEAFBMMAMEAFUfLQMEAFUfLwMEAFd4VwMEAF6arAMEALLX4QME
ALLX4wMEALLX7zAMAwQAudhFAwQAudhGAwQAwSMTAwQBwjfgMA0GCSqGSIb3DQEB
CwUAA4IBAQCLSUmRCvJRCqlrWkyNQuf67ej80oMAvyYXPUhmBirUL/xNTc7hTJwA
cIVr1bo/hQeCOAAmwbCjm4vRmBi/87RKjtFiZu9hGrI6b+AJaGuzghSHSIphzn4d
+RS7fuaB4I36zR9wWxyHIeaaxfKa+dMgkpyzVtJnBSu5FnNe4yp4XZWhjT/R59yz
m6A9sNKqCy9gmdJUy65aOWrJyz5dVIgL107VGUk98Yh3moTDXFvBkVoD3YQrakkG
WNm6L8Nf8MiYDoOLU8WmjD6GIMQ7g3kxF2tSxYng8nkUDvFwHaidfgTqnzESpMVq
nDpZdFgTog8fmrLP5Ymkqrglx+Nzx1Dl
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:30 2023 by rpki-client on console-ams.rpki-client.org