Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/7YSoAOLwUkD8a2KZI4WcTULHZS4.roa
File: 7YSoAOLwUkD8a2KZI4WcTULHZS4.roa (raw, json)
Hash identifier: 7arxNrM+2DwHl+ZIFw6ppYhPS1915aIKn/CnC46Vsxo=
Subject key identifier: ED:84:A8:00:E2:F0:52:40:FC:6B:62:99:23:85:9C:4D:42:C7:65:2E
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018E62171CF771D89EF0F6EF6BEFB84D3D06
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/7YSoAOLwUkD8a2KZI4WcTULHZS4.roa
Signing time: Thu 21 Mar 2024 17:37:45 +0000
ROA not before: Thu 21 Mar 2024 17:37:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 2.59.255.0/24 maxlen: 24
45.9.156.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.221.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.72.0/23 maxlen: 24
94.156.239.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
185.252.176.0/24 maxlen: 24
185.254.37.0/24 maxlen: 24
193.37.41.0/24 maxlen: 24
194.48.250.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
194.169.172.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:62:17:1c:f7:71:d8:9e:f0:f6:ef:6b:ef:b8:4d:3d:06
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 21 17:37:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ed84a800e2f05240fc6b629923859c4d42c7652e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:a0:1a:75:25:7e:c8:dd:fa:fa:d9:25:9c:66:
b0:fb:23:1c:3b:76:6c:5f:9e:51:2f:1d:07:90:f2:
6a:cb:9a:93:9c:89:b4:c8:14:27:87:15:c5:5d:26:
b4:8d:6f:22:9a:a2:5c:97:54:e4:fe:f4:e8:a6:12:
1f:4e:22:cf:03:59:b1:fd:db:92:cd:8f:22:11:6b:
6c:64:fa:84:28:fc:e2:b7:e7:55:49:2b:60:df:4d:
98:49:27:91:83:7d:d6:3c:e8:51:fe:40:8d:cf:45:
04:0d:ca:19:d1:b3:61:e0:2a:46:44:70:47:f6:2f:
f2:e3:7d:23:a7:82:aa:92:04:55:21:82:ce:e1:e1:
5a:32:7e:48:52:94:0a:2e:b9:1e:87:04:a6:f8:35:
33:99:7e:76:69:97:54:24:30:03:d1:d6:05:ef:f4:
58:36:27:29:7e:11:a9:9e:d5:57:e3:ed:da:62:63:
83:2f:da:b4:15:a7:1f:68:9c:88:ad:26:67:0a:49:
a7:24:74:e1:fc:28:cb:69:c9:7f:48:d4:ec:c0:6d:
e3:e0:52:13:8b:11:8e:2a:d8:98:c0:16:34:6e:cd:
50:64:fa:28:07:4f:db:11:e8:3e:d8:7c:81:01:a1:
1c:26:6a:d7:02:5e:4c:44:b2:3e:c5:8f:6a:bc:b9:
7d:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
ED:84:A8:00:E2:F0:52:40:FC:6B:62:99:23:85:9C:4D:42:C7:65:2E
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/7YSoAOLwUkD8a2KZI4WcTULHZS4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.255.0/24
45.9.156.0/24
45.151.89.0/24
87.120.87.0/24
87.121.45.0/24
87.121.221.0/24
92.119.196.0/23
94.154.160.0/22
94.156.72.0/23
94.156.239.0/24
147.78.102.0/24
171.22.72.0/22
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.252.176.0/24
185.254.37.0/24
193.37.41.0/24
194.48.250.0/24
194.55.186.0/24
194.55.224.0/24
194.169.172.0/24
Signature Algorithm: sha256WithRSAEncryption
9e:b8:6e:59:de:c6:cb:b6:70:9c:74:d9:45:79:7b:dd:59:3e:
7e:a7:18:6c:ee:b5:5f:ed:28:58:f6:43:ff:07:81:2e:01:77:
43:b6:b0:10:05:09:3e:49:a3:de:87:2a:1a:d3:46:ca:7e:eb:
05:96:85:4c:57:63:d4:c3:af:56:5d:8b:34:42:23:a7:91:41:
03:5e:ae:df:e5:0d:72:5a:eb:c5:47:33:01:72:75:d7:6b:f9:
79:5f:94:75:61:52:63:bc:13:7d:eb:93:5d:3e:f5:78:0f:b2:
71:ef:ef:5f:24:4c:b3:29:fd:66:4d:4a:a1:a4:e3:4b:1e:41:
75:a3:a1:30:1c:ab:a5:62:e8:c8:18:4a:3e:9a:9d:00:72:3a:
b7:97:53:17:98:d2:8a:cd:e8:03:c8:de:a9:8b:82:66:f2:ea:
80:9f:2b:e9:c7:c3:58:05:05:67:29:cb:93:09:9e:98:bd:5f:
28:8d:e0:7e:9f:21:6f:45:e8:ff:fc:f9:21:58:f6:1f:22:2a:
ca:f0:ae:f6:34:d6:35:6a:81:aa:4b:f0:6a:e3:40:92:47:1d:
91:41:bc:1a:5b:ef:33:13:f5:56:dd:35:f9:ea:5b:e3:73:cb:
1a:08:92:77:1d:5d:f2:e1:19:66:79:12:37:97:6e:9d:63:61:
d1:f3:9d:47
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgISAY5iFxz3cdie8Pbva++4TT0GMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMzIxMTczNzQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZDg0YTgwMGUyZjA1MjQwZmM2YjYyOTkyMzg1OWM0ZDQyYzc2NTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkaAadSV+yN36+tklnGaw+yMcO3Zs
X55RLx0HkPJqy5qTnIm0yBQnhxXFXSa0jW8imqJcl1Tk/vTophIfTiLPA1mx/duS
zY8iEWtsZPqEKPzit+dVSStg302YSSeRg33WPOhR/kCNz0UEDcoZ0bNh4CpGRHBH
9i/y430jp4KqkgRVIYLO4eFaMn5IUpQKLrkehwSm+DUzmX52aZdUJDAD0dYF7/RY
NicpfhGpntVX4+3aYmODL9q0FacfaJyIrSZnCkmnJHTh/CjLacl/SNTswG3j4FIT
ixGOKtiYwBY0bs1QZPooB0/bEeg+2HyBAaEcJmrXAl5MRLI+xY9qvLl9GQIDAQAB
o4ICkjCCAo4wHQYDVR0OBBYEFO2EqADi8FJA/GtimSOFnE1Cx2UuMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvN1lTb0FPTHdVa0Q4YTJLWkk0V2NUVUxIWlM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGnBggrBgEFBQcBBwEB/wSBlzCBlDCBkQQCAAEwgYoDBAAC
O/8DBAAtCZwDBAAtl1kDBABXeFcDBABXeS0DBABXed0DBAFcd8QDBAJemqADBAFe
nEgDBABenO8DBACTTmYDBAKrFkgDBACy1+ADBACy1+wDBAK52FQDBAK52lQDBAC5
/LADBAC5/iUDBADBJSkDBADCMPoDBADCN7oDBADCN+ADBADCqawwDQYJKoZIhvcN
AQELBQADggEBAJ64blnexsu2cJx02UV5e91ZPn6nGGzutV/tKFj2Q/8HgS4Bd0O2
sBAFCT5Jo96HKhrTRsp+6wWWhUxXY9TDr1ZdizRCI6eRQQNert/lDXJa68VHMwFy
dddr+XlflHVhUmO8E33rk10+9XgPsnHv718kTLMp/WZNSqGk40seQXWjoTAcq6Vi
6MgYSj6anQByOreXUxeY0orN6API3qmLgmby6oCfK+nHw1gFBWcpy5MJnpi9XyiN
4H6fIW9F6P/8+SFY9h8iKsrwrvY01jVqgapL8GrjQJJHHZFBvBpb7zMT9VbdNfnq
W+NzyxoIkncdXfLhGWZ5EjeXbp1jYdHznUc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:25 2024 by rpki-client on console-ams.rpki-client.org