Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1FHGqG3D_i1rPQ8dTLMixOZabUE.roa
File: 1FHGqG3D_i1rPQ8dTLMixOZabUE.roa (raw, json)
Hash identifier: UQDOPTKrcy7KcdgW4fMgthacQ864IW4jnO3GfG2KeIk=
Subject key identifier: D4:51:C6:A8:6D:C3:FE:2D:6B:3D:0F:1D:4C:B3:22:C4:E6:5A:6D:41
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018BADBD2DA08756AF38E751651FD67BEC26
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1FHGqG3D_i1rPQ8dTLMixOZabUE.roa
Signing time: Wed 08 Nov 2023 07:02:18 +0000
ROA not before: Wed 08 Nov 2023 07:02:18 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207459
IP address blocks: 84.54.49.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
193.149.29.0/24 maxlen: 24
193.149.30.0/24 maxlen: 24
94.156.176.0/24 maxlen: 24
193.149.28.0/22 maxlen: 22
193.149.31.0/24 maxlen: 24
193.149.28.0/24 maxlen: 24
45.84.90.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
185.226.175.0/24 maxlen: 24
212.115.41.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.51.0/24 maxlen: 24
45.8.93.0/24 maxlen: 24
194.49.86.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:ad:bd:2d:a0:87:56:af:38:e7:51:65:1f:d6:7b:ec:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Nov 8 07:02:18 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d451c6a86dc3fe2d6b3d0f1d4cb322c4e65a6d41
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:17:7d:fb:64:e8:ed:6d:ab:18:b4:24:a6:97:
28:03:c6:9a:b2:86:98:fa:48:b6:ed:62:29:07:74:
2a:db:5c:2f:ec:f3:b1:ff:ea:1f:02:f2:2a:75:19:
d0:d2:b2:92:4c:70:98:7a:4d:4e:9e:21:ab:1e:8c:
86:15:22:10:95:d4:14:aa:98:0f:ea:47:6b:05:36:
bc:be:ea:9d:ea:af:ca:a4:ac:1c:78:63:a2:83:2f:
a1:fc:24:a1:82:47:d5:05:42:a8:d5:95:ed:11:0e:
7c:58:6f:8e:e9:51:b3:c8:ab:0f:f9:77:6e:5d:e5:
c6:c2:30:e0:ab:86:06:4a:0b:1c:70:6e:34:a2:e1:
5d:e5:ed:25:ab:79:1d:8d:9b:c0:98:2f:9b:8a:45:
06:09:91:8b:66:7b:d5:0b:5f:df:41:7c:99:5d:80:
89:fa:a6:97:4a:41:45:3a:3d:b0:1b:7d:32:ce:da:
d5:95:b7:1a:51:1c:c7:09:1f:57:00:8d:b8:3f:10:
40:6a:c2:5d:d8:cb:4c:73:a8:d2:12:64:65:6b:be:
7c:b7:5d:ef:64:97:3c:16:56:c0:c8:40:04:b1:b6:
31:05:de:67:ae:85:7c:ca:0e:1e:a8:57:83:b3:83:
a4:02:e7:1b:b6:9b:f7:fc:74:26:3d:b4:0f:0a:73:
0a:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:51:C6:A8:6D:C3:FE:2D:6B:3D:0F:1D:4C:B3:22:C4:E6:5A:6D:41
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1FHGqG3D_i1rPQ8dTLMixOZabUE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.8.93.0/24
45.66.228.0/24
45.84.90.0/24
45.151.90.0/24
79.110.50.0/23
84.54.49.0/24
87.121.105.0/24
94.156.176.0/24
185.226.175.0/24
193.149.28.0/22
194.49.86.0/24
212.115.41.0/24
Signature Algorithm: sha256WithRSAEncryption
3b:a7:92:8e:03:7f:ed:88:24:9d:cc:26:fd:b4:d6:dc:c4:3e:
2b:cd:72:71:c3:8b:28:1f:31:96:59:03:b1:3e:14:a9:bc:76:
f4:f9:e2:49:76:70:c6:3d:81:4a:73:03:a0:46:7b:91:f8:4a:
be:16:b0:da:55:38:c6:59:6a:31:3e:61:ae:a9:b3:be:c5:78:
b7:f1:48:a6:72:d2:62:51:45:fb:86:50:b3:bf:9d:01:1e:c4:
b5:c9:38:4f:f3:44:27:b1:7a:c1:a8:10:35:5e:0e:b4:40:8b:
33:16:98:d9:3b:fa:e1:b7:f2:86:db:b9:0e:f9:d8:9b:05:72:
55:f0:eb:d1:17:49:10:05:ab:fc:a3:6a:3a:de:80:30:f7:2f:
fd:ff:83:c9:67:40:4b:0f:6e:d8:4d:dc:fe:62:fb:1e:53:d8:
ed:e5:0b:a4:21:df:b7:d9:0d:27:3a:ad:d5:69:3e:b3:de:6c:
81:04:a5:66:1d:ac:a2:a1:c0:94:be:e5:ea:8a:08:12:c8:38:
65:2a:03:03:ff:4c:25:dc:e6:33:8a:d7:62:92:6f:88:b5:57:
4e:4a:d6:79:29:ed:04:b2:7c:f4:13:0e:29:c7:71:d2:59:34:
a0:3a:8f:8b:91:49:42:31:7f:bb:2c:16:c5:6d:8a:f0:64:ec:
a7:36:be:2f
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYutvS2gh1avOOdRZR/We+wmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMTA4MDcwMjE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDUxYzZhODZkYzNmZTJkNmIzZDBmMWQ0Y2IzMjJjNGU2NWE2ZDQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhd9+2To7W2rGLQkppcoA8aasoaY
+ki27WIpB3Qq21wv7POx/+ofAvIqdRnQ0rKSTHCYek1OniGrHoyGFSIQldQUqpgP
6kdrBTa8vuqd6q/KpKwceGOigy+h/CShgkfVBUKo1ZXtEQ58WG+O6VGzyKsP+Xdu
XeXGwjDgq4YGSgsccG40ouFd5e0lq3kdjZvAmC+bikUGCZGLZnvVC1/fQXyZXYCJ
+qaXSkFFOj2wG30yztrVlbcaURzHCR9XAI24PxBAasJd2MtMc6jSEmRla758t13v
ZJc8FlbAyEAEsbYxBd5nroV8yg4eqFeDs4OkAucbtpv3/HQmPbQPCnMKtQIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFNRRxqhtw/4taz0PHUyzIsTmWm1BMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMUZIR3FHM0RfaTFyUFE4ZFRMTWl4T1phYlVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQALQhdAwQA
LULkAwQALVRaAwQALZdaAwQBT24yAwQAVDYxAwQAV3lpAwQAXpywAwQAueKvAwQC
wZUcAwQAwjFWAwQA1HMpMA0GCSqGSIb3DQEBCwUAA4IBAQA7p5KOA3/tiCSdzCb9
tNbcxD4rzXJxw4soHzGWWQOxPhSpvHb0+eJJdnDGPYFKcwOgRnuR+Eq+FrDaVTjG
WWoxPmGuqbO+xXi38UimctJiUUX7hlCzv50BHsS1yThP80QnsXrBqBA1Xg60QIsz
FpjZO/rht/KG27kO+dibBXJV8OvRF0kQBav8o2o63oAw9y/9/4PJZ0BLD27YTdz+
YvseU9jt5QukId+32Q0nOq3VaT6z3myBBKVmHayiocCUvuXqiggSyDhlKgMD/0wl
3OYzitdikm+ItVdOStZ5Ke0Esnz0Ew4px3HSWTSgOo+LkUlCMX+7LBbFbYrwZOyn
Nr4v
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:56 2024 by rpki-client on console-fra.rpki-client.org