Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3b3qo8VXzL7-QUy0F3itGbn4vzM.roa
File: 3b3qo8VXzL7-QUy0F3itGbn4vzM.roa (raw, json)
Hash identifier: RBqO/Kg2ILIYhBDipSaqavNetE5wbcrS6NUrw9ZjMzo=
Subject key identifier: DD:BD:EA:A3:C5:57:CC:BE:FE:41:4C:B4:17:78:AD:19:B9:F8:BF:33
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018E3223EF09CB5903B4769462467B8CD028
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3b3qo8VXzL7-QUy0F3itGbn4vzM.roa
Signing time: Tue 12 Mar 2024 10:09:59 +0000
ROA not before: Tue 12 Mar 2024 10:09:59 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 2.59.255.0/24 maxlen: 24
45.129.86.0/23 maxlen: 24
45.151.89.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.221.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.10.0/24 maxlen: 24
94.156.72.0/23 maxlen: 24
94.156.239.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
185.252.176.0/24 maxlen: 24
185.254.37.0/24 maxlen: 24
193.37.41.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:32:23:ef:09:cb:59:03:b4:76:94:62:46:7b:8c:d0:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 12 10:09:59 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ddbdeaa3c557ccbefe414cb41778ad19b9f8bf33
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:38:6b:7c:c4:2a:09:2e:cb:61:e6:ff:4c:ba:
36:58:09:6d:1d:f6:0c:3b:41:25:4d:e6:fe:e0:af:
f5:e4:c4:d7:ba:28:5d:1e:a8:5f:ec:95:72:62:51:
b6:f8:59:d3:a2:c7:d0:26:f9:57:6d:28:ff:dd:3c:
2c:9f:c4:bb:a7:ef:41:1f:ea:ab:61:d2:72:39:64:
38:3f:26:24:1c:0e:b4:ef:ab:a6:46:a6:2a:fa:cd:
d8:79:06:83:c7:5f:ca:9c:17:ef:4e:d7:8d:41:8c:
b2:2e:b4:c4:11:b4:7a:11:3a:62:75:ad:db:34:41:
da:6e:30:a7:8d:d2:9d:75:f0:61:48:cd:bd:aa:5c:
c8:8a:d7:6c:df:66:63:2e:bb:96:53:d0:83:39:0b:
12:dc:b4:4c:30:8f:6a:6a:42:4a:b6:8d:d1:c3:4d:
f9:08:02:ad:b1:a3:cd:47:36:a0:67:d9:a0:e9:35:
f1:bd:0f:68:2c:37:4d:1c:85:10:60:b3:a4:0a:d7:
2f:08:80:bc:70:ec:91:89:25:cc:15:c7:34:b5:51:
a7:e1:11:2e:8e:b1:45:33:fd:b0:6d:1e:cd:57:e3:
45:bb:37:97:bc:1b:ba:07:01:48:35:ee:e5:5f:68:
ed:46:a1:ae:eb:67:44:5b:0f:e3:f2:8a:ce:c1:b2:
f6:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:BD:EA:A3:C5:57:CC:BE:FE:41:4C:B4:17:78:AD:19:B9:F8:BF:33
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3b3qo8VXzL7-QUy0F3itGbn4vzM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.255.0/24
45.129.86.0/23
45.151.89.0/24
87.120.87.0/24
87.121.45.0/24
87.121.221.0/24
92.119.196.0/23
94.154.160.0/22
94.156.10.0/24
94.156.72.0/23
94.156.239.0/24
147.78.102.0/24
171.22.72.0/22
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.252.176.0/24
185.254.37.0/24
193.37.41.0/24
194.55.224.0/24
Signature Algorithm: sha256WithRSAEncryption
01:4c:6a:e8:e5:2c:06:15:e6:be:29:d1:d8:8e:6c:cc:55:10:
d1:de:71:a5:c2:1a:b6:5a:84:a3:ce:4e:3f:59:35:66:d7:1b:
e4:db:03:f8:3a:8e:53:ca:ed:7b:92:72:43:7f:b1:07:ce:93:
a4:ed:51:6e:1b:7a:89:65:16:29:07:69:a5:c5:94:b4:e9:c0:
54:7e:17:7a:e7:bc:f5:a4:42:3e:7a:84:bb:ed:f3:58:c4:fc:
05:3c:03:c7:e7:9d:be:d3:31:cc:88:e0:97:fb:28:07:f0:d1:
e6:5a:96:c2:f5:51:cf:02:8a:48:28:31:4f:7f:df:53:da:e4:
11:63:18:39:42:55:e3:06:70:5b:a9:ab:ee:7a:48:ca:9b:63:
c7:c0:0d:03:6b:85:c0:e4:c5:ed:89:5e:da:ed:e9:9d:40:fe:
64:31:68:d7:20:09:93:42:48:bd:87:4d:57:37:13:4e:b6:77:
c5:22:da:75:d8:a4:86:eb:95:ce:82:63:ae:9e:91:c9:2b:cc:
fe:53:18:92:4a:80:66:2c:6f:25:d9:e6:81:17:f5:6d:ef:ef:
a9:03:d0:62:f2:dd:b2:f6:f0:02:9f:4f:0c:e2:40:64:1b:68:
d9:36:3d:20:51:9b:80:be:40:16:ef:18:fd:a0:ec:e9:19:0b:
a9:95:e1:41
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAY4yI+8Jy1kDtHaUYkZ7jNAoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMzEyMTAwOTU5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZGJkZWFhM2M1NTdjY2JlZmU0MTRjYjQxNzc4YWQxOWI5ZjhiZjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAojhrfMQqCS7LYeb/TLo2WAltHfYM
O0ElTeb+4K/15MTXuihdHqhf7JVyYlG2+FnTosfQJvlXbSj/3Twsn8S7p+9BH+qr
YdJyOWQ4PyYkHA6076umRqYq+s3YeQaDx1/KnBfvTteNQYyyLrTEEbR6ETpida3b
NEHabjCnjdKddfBhSM29qlzIitds32ZjLruWU9CDOQsS3LRMMI9qakJKto3Rw035
CAKtsaPNRzagZ9mg6TXxvQ9oLDdNHIUQYLOkCtcvCIC8cOyRiSXMFcc0tVGn4REu
jrFFM/2wbR7NV+NFuzeXvBu6BwFINe7lX2jtRqGu62dEWw/j8orOwbL22wIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFN296qPFV8y+/kFMtBd4rRm5+L8zMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvM2IzcW84Vlh6TDctUVV5MEYzaXRHYm40dnpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzCBhAQCAAEwfgMEAAI7
/wMEAS2BVgMEAC2XWQMEAFd4VwMEAFd5LQMEAFd53QMEAVx3xAMEAl6aoAMEAF6c
CgMEAV6cSAMEAF6c7wMEAJNOZgMEAqsWSAMEALLX4AMEALLX7AMEArnYVAMEArna
VAMEALn8sAMEALn+JQMEAMElKQMEAMI34DANBgkqhkiG9w0BAQsFAAOCAQEAAUxq
6OUsBhXmvinR2I5szFUQ0d5xpcIatlqEo85OP1k1Ztcb5NsD+DqOU8rte5JyQ3+x
B86TpO1Rbht6iWUWKQdppcWUtOnAVH4Xeue89aRCPnqEu+3zWMT8BTwDx+edvtMx
zIjgl/soB/DR5lqWwvVRzwKKSCgxT3/fU9rkEWMYOUJV4wZwW6mr7npIyptjx8AN
A2uFwOTF7Yle2u3pnUD+ZDFo1yAJk0JIvYdNVzcTTrZ3xSLaddikhuuVzoJjrp6R
ySvM/lMYkkqAZixvJdnmgRf1be/vqQPQYvLdsvbwAp9PDOJAZBto2TY9IFGbgL5A
Fu8Y/aDs6RkLqZXhQQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:57 2024 by rpki-client on console-fra.rpki-client.org