Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1xN7uljFJFtBejOXIeBzyMjafLc.roa
File: 1xN7uljFJFtBejOXIeBzyMjafLc.roa (raw, json)
Hash identifier: kKRUUQUCgqdLz09skJ9EJeTvqihTBEEFszD0y2DUmYQ=
Subject key identifier: D7:13:7B:BA:58:C5:24:5B:41:7A:33:97:21:E0:73:C8:C8:DA:7C:B7
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018756A27A8EE562B10FB9A6C8453E7B9A03
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1xN7uljFJFtBejOXIeBzyMjafLc.roa
Signing time: Thu 06 Apr 2023 12:55:01 +0000
ROA not before: Thu 06 Apr 2023 12:55:01 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50225
IP address blocks: 81.161.230.0/24 maxlen: 24
94.156.234.0/24 maxlen: 24
178.215.226.0/24 maxlen: 24
185.222.162.0/24 maxlen: 24
45.9.156.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
94.156.160.0/24 maxlen: 24
193.42.34.0/24 maxlen: 24
193.47.63.0/24 maxlen: 24
193.47.60.0/24 maxlen: 24
45.139.104.0/24 maxlen: 24
45.129.84.0/24 maxlen: 24
176.125.253.0/24 maxlen: 24
45.129.86.0/24 maxlen: 24
176.125.252.0/24 maxlen: 24
94.154.162.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:56:a2:7a:8e:e5:62:b1:0f:b9:a6:c8:45:3e:7b:9a:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 6 12:55:01 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d7137bba58c5245b417a339721e073c8c8da7cb7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:96:fe:ac:26:6c:2f:e8:08:0a:8a:70:04:c6:
14:9a:9e:6c:d5:38:a5:de:a5:b2:8a:2a:57:17:82:
32:ef:55:e2:ea:a5:b7:2f:00:30:85:90:af:f7:63:
b4:96:b2:09:66:fc:48:7d:84:08:20:4b:7a:f6:67:
a8:2d:73:74:51:b0:b5:74:47:29:54:32:6b:d0:96:
8a:87:9f:ff:9a:01:d6:7a:8b:4a:23:9d:5f:2b:6b:
55:45:a6:b6:ef:82:1a:4a:6f:3e:30:a3:16:8c:59:
37:24:2d:c8:5a:a7:33:a7:09:29:02:9c:5e:ff:dd:
29:97:07:3a:85:03:96:7a:23:cc:bc:48:de:1e:fb:
e4:03:bb:d4:34:99:39:3b:f1:6a:49:05:02:fa:fe:
bd:3d:1b:9c:fc:2a:9a:25:90:bc:ad:4f:8c:82:41:
05:18:35:8d:4a:41:d6:66:ad:f9:bb:7f:21:84:11:
7e:b5:ef:2e:6c:ab:eb:f0:3e:2e:e5:4a:85:5d:04:
0b:2d:cf:d9:06:a2:b7:a4:20:3f:85:af:49:13:17:
2f:24:29:67:c6:7c:53:6e:1b:d5:09:0e:57:19:34:
9c:6e:ff:ab:9e:24:c2:fe:bc:d4:57:9e:10:6e:0f:
5b:17:d4:92:86:52:9f:cf:e6:e1:ae:3e:aa:99:0a:
70:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:13:7B:BA:58:C5:24:5B:41:7A:33:97:21:E0:73:C8:C8:DA:7C:B7
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1xN7uljFJFtBejOXIeBzyMjafLc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/24
45.12.255.0/24
45.66.228.0/24
45.129.84.0/24
45.129.86.0/24
45.139.104.0/24
81.161.230.0/24
94.154.162.0/24
94.156.160.0/24
94.156.234.0/24
176.125.252.0/23
178.215.226.0/24
185.222.162.0/24
193.42.34.0/24
193.47.60.0/24
193.47.63.0/24
Signature Algorithm: sha256WithRSAEncryption
76:1c:99:e4:f2:0f:20:2d:8f:5a:3c:d4:bb:bb:02:49:e4:63:
95:17:47:92:e7:69:3a:c7:8e:68:28:43:03:b1:ae:06:2b:99:
ab:8a:a4:6a:8c:b5:97:99:e2:e2:2a:85:59:58:a0:2e:8b:cf:
a6:fd:d2:13:67:33:23:f1:a4:9c:c4:8e:bb:ba:1f:e6:ac:d8:
cf:6c:98:93:54:12:e4:bb:ef:94:c5:1a:d2:12:6b:99:2b:34:
e8:e1:59:7a:40:4b:a4:26:00:33:de:59:70:56:64:d1:ff:c0:
d6:73:f4:3d:70:fb:b7:e5:11:82:2c:56:87:89:3a:20:01:e7:
f5:04:15:f5:2a:f3:0c:79:a1:e3:0c:40:72:f5:cf:22:4e:e7:
19:3a:72:d4:85:4b:30:f7:0a:20:db:6f:04:6b:9c:41:d5:96:
e3:8d:10:83:c8:7c:f1:a5:db:e3:15:28:1f:dc:ee:00:33:13:
f8:ac:43:ce:a1:b6:9d:a6:79:b4:fb:69:3d:db:29:dd:eb:80:
07:9f:14:ba:f7:10:d6:02:9e:57:37:53:d3:18:21:69:a9:57:
26:f6:58:d8:d1:ef:25:ae:12:e0:2d:77:d4:5a:2d:af:20:06:
5a:1b:e7:5b:84:0d:e2:70:db:9d:b4:32:7c:14:ac:0f:32:70:
23:1d:8c:4f
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAYdWonqO5WKxD7mmyEU+e5oDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDA2MTI1NTAxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNzEzN2JiYTU4YzUyNDViNDE3YTMzOTcyMWUwNzNjOGM4ZGE3Y2I3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkJb+rCZsL+gICopwBMYUmp5s1Til
3qWyiipXF4Iy71Xi6qW3LwAwhZCv92O0lrIJZvxIfYQIIEt69meoLXN0UbC1dEcp
VDJr0JaKh5//mgHWeotKI51fK2tVRaa274IaSm8+MKMWjFk3JC3IWqczpwkpApxe
/90plwc6hQOWeiPMvEjeHvvkA7vUNJk5O/FqSQUC+v69PRuc/CqaJZC8rU+MgkEF
GDWNSkHWZq35u38hhBF+te8ubKvr8D4u5UqFXQQLLc/ZBqK3pCA/ha9JExcvJCln
xnxTbhvVCQ5XGTScbv+rniTC/rzUV54Qbg9bF9SShlKfz+bhrj6qmQpwjQIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFNcTe7pYxSRbQXozlyHgc8jI2ny3MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMXhON3VsakZKRnRCZWpPWEllQnp5TWphZkxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQALQmcAwQA
LQz/AwQALULkAwQALYFUAwQALYFWAwQALYtoAwQAUaHmAwQAXpqiAwQAXpygAwQA
XpzqAwQBsH38AwQAstfiAwQAud6iAwQAwSoiAwQAwS88AwQAwS8/MA0GCSqGSIb3
DQEBCwUAA4IBAQB2HJnk8g8gLY9aPNS7uwJJ5GOVF0eS52k6x45oKEMDsa4GK5mr
iqRqjLWXmeLiKoVZWKAui8+m/dITZzMj8aScxI67uh/mrNjPbJiTVBLku++UxRrS
EmuZKzTo4Vl6QEukJgAz3llwVmTR/8DWc/Q9cPu35RGCLFaHiTogAef1BBX1KvMM
eaHjDEBy9c8iTucZOnLUhUsw9wog228Ea5xB1ZbjjRCDyHzxpdvjFSgf3O4AMxP4
rEPOobadpnm0+2k92ynd64AHnxS69xDWAp5XN1PTGCFpqVcm9ljY0e8lrhLgLXfU
Wi2vIAZaG+dbhA3icNudtDJ8FKwPMnAjHYxP
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:31 2023 by rpki-client on console-ams.rpki-client.org