Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/45XaMUZghqancZsQI9IjJJAH4Gs.roa
File: 45XaMUZghqancZsQI9IjJJAH4Gs.roa (raw, json)
Hash identifier: aZVF0B7Fp/8YFP3vzYK1WCLPeh5wdSE7SO3G7lfS5ZI=
Subject key identifier: E3:95:DA:31:46:60:86:A6:A7:71:9B:10:23:D2:23:24:90:07:E0:6B
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018857416BEFE9C4253D7E22A8BA5D6D273F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/45XaMUZghqancZsQI9IjJJAH4Gs.roa
Signing time: Fri 26 May 2023 08:51:25 +0000
ROA not before: Fri 26 May 2023 08:51:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.218.84.0/22 maxlen: 24
94.156.239.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
185.216.70.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
94.103.126.0/24 maxlen: 24
185.218.137.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
185.219.126.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:57:41:6b:ef:e9:c4:25:3d:7e:22:a8:ba:5d:6d:27:3f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 26 08:51:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e395da31466086a6a7719b1023d223249007e06b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:cb:2e:cd:68:4f:7e:ca:37:fa:f2:d8:f5:4a:
6e:e0:61:fc:35:38:45:09:7e:ae:3c:fd:c0:4f:39:
0b:14:47:4c:cc:b1:91:f3:a1:e4:23:29:8b:bf:93:
82:27:5a:1b:6e:9d:85:ae:e5:42:65:68:a4:c9:12:
58:14:f5:fa:fd:44:9b:fb:64:ff:bd:60:71:3c:97:
fb:0e:96:57:20:1b:03:0e:cc:76:0e:e1:a9:1e:77:
6e:ad:7d:db:d5:0f:d6:e9:50:2d:f1:37:44:5a:1e:
c2:57:d5:92:d4:c8:23:56:2c:0a:b2:e5:87:2d:15:
f3:ad:6b:5a:e0:18:9b:c4:56:33:97:9c:80:84:13:
6b:4e:cc:d8:ff:92:86:33:d4:4e:cd:be:d0:bd:a2:
88:77:19:94:b6:fa:f2:f1:15:fd:03:58:40:bc:c5:
61:90:58:fc:66:03:8e:80:64:a9:2f:3d:d5:0b:3c:
62:f8:b5:e8:11:59:e7:55:bc:07:63:5c:04:2b:35:
8e:38:df:ea:84:51:ee:0c:f1:32:f2:82:e6:80:3c:
8b:9b:cb:f4:02:35:4b:cb:16:d7:56:57:bf:cd:0a:
45:76:19:b2:06:e7:aa:f3:4c:83:08:98:13:1a:71:
6d:98:75:54:4e:54:fe:d8:af:7d:b0:a2:5b:58:5c:
0a:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E3:95:DA:31:46:60:86:A6:A7:71:9B:10:23:D2:23:24:90:07:E0:6B
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/45XaMUZghqancZsQI9IjJJAH4Gs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.89.0/24
92.119.196.0/23
94.103.126.0/24
94.154.161.0-94.154.163.255
94.156.239.0/24
147.78.100.0-147.78.102.255
171.22.72.0/22
178.215.236.0/24
185.216.70.0/24
185.216.84.0/22
185.218.84.0/22
185.218.137.0/24
185.219.126.0/24
Signature Algorithm: sha256WithRSAEncryption
87:ca:8e:9d:e0:11:62:ac:43:53:34:05:12:67:3d:31:18:77:
ed:52:a8:56:75:0c:00:ee:fb:1a:4e:12:84:52:58:5c:51:1c:
f5:b3:f9:5c:70:dc:4b:6f:dd:d4:89:60:24:05:2e:95:6a:91:
92:f9:13:5a:9e:a8:0f:a7:e5:f9:93:d4:de:43:9f:96:a7:1e:
fc:f9:7b:45:d2:0b:97:1f:d3:3a:a1:77:68:f3:71:0c:17:a0:
81:06:2e:1a:37:0d:ba:57:f0:96:0b:9e:fe:5b:43:06:d2:61:
c2:f1:3b:ee:5a:07:9f:fd:ab:96:95:21:05:ce:67:2e:e2:af:
e2:e4:ed:24:bc:70:a5:1d:aa:72:85:9f:89:be:a1:9a:4f:32:
ca:1b:9b:b8:a3:f1:21:04:6a:13:20:05:47:4e:82:12:5b:e4:
b4:8d:75:d7:2a:56:29:54:ca:42:b8:42:e3:25:95:5f:a9:74:
6d:a3:01:69:cb:b8:dc:12:a3:b8:7d:f2:be:e4:93:1b:64:92:
cb:b5:ad:0e:67:5d:0c:02:5b:88:ba:cc:d3:8f:b3:d5:d2:9b:
89:a1:bd:2b:e7:75:6f:b1:64:df:4d:68:7d:cf:5d:8f:2b:27:
70:ce:b6:46:92:58:57:66:de:a6:75:3e:b9:87:5f:f8:0b:37:
e5:c1:0a:42
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAYhXQWvv6cQlPX4iqLpdbSc/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTI2MDg1MTI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMzk1ZGEzMTQ2NjA4NmE2YTc3MTliMTAyM2QyMjMyNDkwMDdlMDZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMsuzWhPfso3+vLY9Upu4GH8NThF
CX6uPP3ATzkLFEdMzLGR86HkIymLv5OCJ1obbp2FruVCZWikyRJYFPX6/USb+2T/
vWBxPJf7DpZXIBsDDsx2DuGpHndurX3b1Q/W6VAt8TdEWh7CV9WS1MgjViwKsuWH
LRXzrWta4BibxFYzl5yAhBNrTszY/5KGM9ROzb7QvaKIdxmUtvry8RX9A1hAvMVh
kFj8ZgOOgGSpLz3VCzxi+LXoEVnnVbwHY1wEKzWOON/qhFHuDPEy8oLmgDyLm8v0
AjVLyxbXVle/zQpFdhmyBueq80yDCJgTGnFtmHVUTlT+2K99sKJbWFwKjQIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFOOV2jFGYIamp3GbECPSIySQB+BrMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNDVYYU1VWmdocWFuY1pzUUk5SWpKSkFINEdzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjBkBAIAATBeAwQALZdZAwQB
XHfEAwQAXmd+MAwDBABemqEDBAJemqADBABenO8wDAMEApNOZAMEAJNOZgMEAqsW
SAMEALLX7AMEALnYRgMEArnYVAMEArnaVAMEALnaiQMEALnbfjANBgkqhkiG9w0B
AQsFAAOCAQEAh8qOneARYqxDUzQFEmc9MRh37VKoVnUMAO77Gk4ShFJYXFEc9bP5
XHDcS2/d1IlgJAUulWqRkvkTWp6oD6fl+ZPU3kOflqce/Pl7RdILlx/TOqF3aPNx
DBeggQYuGjcNulfwlgue/ltDBtJhwvE77loHn/2rlpUhBc5nLuKv4uTtJLxwpR2q
coWfib6hmk8yyhubuKPxIQRqEyAFR06CElvktI111ypWKVTKQrhC4yWVX6l0baMB
acu43BKjuH3yvuSTG2SSy7WtDmddDAJbiLrM04+z1dKbiaG9K+d1b7Fk301ofc9d
jysncM62RpJYV2bepnU+uYdf+As35cEKQg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:23 2024 by rpki-client on console-ams.rpki-client.org