Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/78CkGR0FKP-wcC_FVIO-4gCsjmo.roa
File: 78CkGR0FKP-wcC_FVIO-4gCsjmo.roa (raw, json)
Hash identifier: BeeiDRm+hrTSg1DCV3A5VK298ZOOc9XLBJYW2Wc3wMc=
Subject key identifier: EF:C0:A4:19:1D:05:28:FF:B0:70:2F:C5:54:83:BE:E2:00:AC:8E:6A
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018AEFCB6A120DEA18B20B458C57C73FF2B6
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/78CkGR0FKP-wcC_FVIO-4gCsjmo.roa
Signing time: Mon 02 Oct 2023 09:50:00 +0000
ROA not before: Mon 02 Oct 2023 09:50:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207459
IP address blocks: 84.54.49.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
193.149.29.0/24 maxlen: 24
193.149.30.0/24 maxlen: 24
193.149.28.0/22 maxlen: 22
193.149.31.0/24 maxlen: 24
193.149.28.0/24 maxlen: 24
194.49.86.0/24 maxlen: 24
94.154.163.0/24 maxlen: 24
176.125.255.0/24 maxlen: 24
185.226.175.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:ef:cb:6a:12:0d:ea:18:b2:0b:45:8c:57:c7:3f:f2:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Oct 2 09:50:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=efc0a4191d0528ffb0702fc55483bee200ac8e6a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:f8:13:79:08:02:4c:7a:f6:34:ca:e8:42:b1:
2e:bc:35:68:64:ea:86:cd:bf:ab:43:1f:9a:4e:87:
a4:e7:59:67:8d:fb:cb:22:80:1e:c7:09:06:77:11:
bb:e5:f7:33:5c:48:da:b0:41:90:f6:a8:c1:d6:43:
73:c3:29:16:ba:cd:76:5b:90:18:d1:35:44:ad:7d:
dd:01:c4:6f:55:8f:1b:b3:9d:95:18:1b:8f:48:e1:
3b:d2:34:80:bd:5d:1c:38:30:57:df:b2:3d:74:b7:
a4:d3:b3:a0:55:85:91:2f:09:96:eb:db:41:9a:d1:
19:cc:63:3d:14:18:f9:7f:f4:8e:d9:3f:2e:7b:d9:
ea:00:c1:62:0f:00:d1:fa:e2:56:fc:da:b6:ad:a7:
fb:77:9b:3e:40:a1:92:4a:d7:30:6a:de:09:d6:8f:
4a:67:ff:ef:c2:46:ec:17:33:1f:b9:77:0e:8c:48:
22:e6:89:8e:ad:13:2f:3e:58:dd:f4:40:a7:e8:66:
a3:52:c4:38:ec:00:ac:fa:c4:1b:ad:c7:34:5f:82:
ac:03:f3:a7:b9:39:cc:eb:98:31:21:2c:1c:9b:a0:
29:f5:ec:7d:de:fb:bb:d4:57:84:7d:4e:ae:1d:c5:
47:2f:6e:8a:5c:d4:03:68:50:dc:59:eb:15:af:ad:
ad:61
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:C0:A4:19:1D:05:28:FF:B0:70:2F:C5:54:83:BE:E2:00:AC:8E:6A
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/78CkGR0FKP-wcC_FVIO-4gCsjmo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.90.0/24
84.54.49.0/24
87.120.87.0/24
94.154.163.0/24
176.125.255.0/24
185.226.175.0/24
193.149.28.0/22
194.49.86.0/24
Signature Algorithm: sha256WithRSAEncryption
75:93:7b:27:6b:d5:a8:ae:d3:7c:c7:32:27:7b:b2:ec:aa:88:
1c:1d:2e:a9:7c:5c:ed:b1:dd:73:cc:14:32:7d:dc:6a:d9:ba:
ea:5c:69:4b:05:e9:c7:1a:56:25:21:b7:c0:5f:84:b1:c7:7d:
a9:ab:81:d6:78:f1:69:87:47:11:bb:09:20:44:a8:58:af:79:
5c:31:e8:3b:e5:ba:a3:ef:7d:7b:d0:27:b9:c5:73:9c:95:56:
de:cb:58:56:8d:6c:fe:9f:e2:f7:a1:e9:0c:b8:56:0c:31:e7:
d4:5f:3a:ec:56:fb:27:b8:8d:24:84:49:f6:4c:ae:4a:2e:d6:
ac:cc:dd:99:ca:ab:21:75:b9:c6:80:cc:39:2f:4e:58:59:1d:
39:1a:c8:94:8b:35:c1:da:d3:81:24:bf:65:94:54:c8:84:2f:
bc:46:0b:90:a3:ac:82:eb:ea:d3:7e:19:9d:91:eb:68:c3:2e:
c0:b4:6b:4b:33:97:1f:b8:3d:40:39:7b:ab:4d:07:db:53:65:
9d:78:3d:bd:ac:21:7d:8c:e0:aa:fb:b0:6b:63:4b:7d:b1:b9:
cd:ea:23:4b:06:b8:b2:d5:13:e4:18:90:6b:d1:36:00:20:23:
8b:d5:06:8e:ef:2e:bf:d7:b5:99:b7:c7:95:fd:b1:44:69:46:
0b:8f:77:1a
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYrvy2oSDeoYsgtFjFfHP/K2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMDAyMDk1MDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZmMwYTQxOTFkMDUyOGZmYjA3MDJmYzU1NDgzYmVlMjAwYWM4ZTZhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnPgTeQgCTHr2NMroQrEuvDVoZOqG
zb+rQx+aToek51lnjfvLIoAexwkGdxG75fczXEjasEGQ9qjB1kNzwykWus12W5AY
0TVErX3dAcRvVY8bs52VGBuPSOE70jSAvV0cODBX37I9dLek07OgVYWRLwmW69tB
mtEZzGM9FBj5f/SO2T8ue9nqAMFiDwDR+uJW/Nq2raf7d5s+QKGSStcwat4J1o9K
Z//vwkbsFzMfuXcOjEgi5omOrRMvPljd9ECn6GajUsQ47ACs+sQbrcc0X4KsA/On
uTnM65gxISwcm6Ap9ex93vu71FeEfU6uHcVHL26KXNQDaFDcWesVr62tYQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFO/ApBkdBSj/sHAvxVSDvuIArI5qMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNzhDa0dSMEZLUC13Y0NfRlZJTy00Z0Nzam1vLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALZdaAwQA
VDYxAwQAV3hXAwQAXpqjAwQAsH3/AwQAueKvAwQCwZUcAwQAwjFWMA0GCSqGSIb3
DQEBCwUAA4IBAQB1k3sna9WortN8xzIne7LsqogcHS6pfFztsd1zzBQyfdxq2brq
XGlLBenHGlYlIbfAX4Sxx32pq4HWePFph0cRuwkgRKhYr3lcMeg75bqj73170Ce5
xXOclVbey1hWjWz+n+L3oekMuFYMMefUXzrsVvsnuI0khEn2TK5KLtaszN2Zyqsh
dbnGgMw5L05YWR05GsiUizXB2tOBJL9llFTIhC+8RguQo6yC6+rTfhmdketowy7A
tGtLM5cfuD1AOXurTQfbU2WdeD29rCF9jOCq+7BrY0t9sbnN6iNLBriy1RPkGJBr
0TYAICOL1QaO7y6/17WZt8eV/bFEaUYLj3ca
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:16:59 2024 by rpki-client on console-fra.rpki-client.org