Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9hzFjeUX4puKj0qYZlNaVC-ODQQ.roa
File: 9hzFjeUX4puKj0qYZlNaVC-ODQQ.roa (raw, json)
Hash identifier: Iw5/foJT/PnDxod82/4qZnBp4mZTP3wHjQyOrTUpPdg=
Subject key identifier: F6:1C:C5:8D:E5:17:E2:9B:8A:8F:4A:98:66:53:5A:54:2F:8E:0D:04
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018E7EEB2C15AB74D022E36FE2207285FE78
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9hzFjeUX4puKj0qYZlNaVC-ODQQ.roa
Signing time: Wed 27 Mar 2024 07:58:45 +0000
ROA not before: Wed 27 Mar 2024 07:58:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.9.156.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
84.21.174.0/23 maxlen: 24
87.120.87.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.221.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.72.0/23 maxlen: 24
94.156.239.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
185.254.37.0/24 maxlen: 24
193.37.41.0/24 maxlen: 24
194.48.248.0/24 maxlen: 24
194.48.250.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
194.59.31.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:7e:eb:2c:15:ab:74:d0:22:e3:6f:e2:20:72:85:fe:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 27 07:58:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f61cc58de517e29b8a8f4a9866535a542f8e0d04
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:1f:a5:d4:d6:aa:51:c9:fe:d7:89:95:92:fd:
5b:3e:f5:f2:73:87:28:9a:7a:74:84:a5:c7:7a:d7:
b5:65:f7:48:dd:57:06:6d:a9:0c:42:bb:d4:3e:16:
93:64:f1:fa:9e:9b:9c:43:82:70:76:46:6f:8e:8e:
1b:40:09:3c:b3:e4:fc:d1:51:bb:27:dd:63:83:7f:
b6:4b:d5:77:b2:e7:64:4a:1e:66:74:58:ef:9f:e9:
37:cf:30:a4:af:54:b7:1e:37:3c:0d:e6:af:f3:bc:
3e:5c:43:c6:c2:e8:2c:fe:b3:7c:c1:f0:3f:33:97:
37:84:84:f3:0d:28:ee:10:f0:7d:be:8d:26:02:85:
24:ab:56:e5:49:4e:83:8d:d3:79:46:68:cb:ac:ee:
d7:fb:88:9e:28:ea:27:97:db:eb:02:7d:77:1c:06:
ec:b5:a2:89:3c:29:ab:ab:e9:a9:cc:cf:24:f4:80:
c7:d1:b0:0c:da:77:e7:12:65:c7:39:c6:c3:87:b9:
6d:ad:eb:ed:a6:c5:10:0f:15:0b:fe:b9:82:5b:4a:
b9:4a:b6:f3:6a:17:4b:7a:0d:02:c3:1a:85:5a:d5:
f6:d2:6c:b6:d8:be:e4:8f:54:4a:bb:4e:c0:41:c6:
7e:77:84:83:88:99:e5:f1:6c:60:c0:0e:dc:5c:4c:
e5:35
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:1C:C5:8D:E5:17:E2:9B:8A:8F:4A:98:66:53:5A:54:2F:8E:0D:04
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9hzFjeUX4puKj0qYZlNaVC-ODQQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/24
45.151.89.0/24
84.21.174.0/23
87.120.87.0/24
87.121.45.0/24
87.121.221.0/24
92.119.196.0/23
94.154.160.0/22
94.156.72.0/23
94.156.239.0/24
147.78.102.0/24
171.22.72.0/22
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.254.37.0/24
193.37.41.0/24
194.48.248.0/24
194.48.250.0/24
194.55.186.0/24
194.55.224.0/24
194.59.31.0/24
Signature Algorithm: sha256WithRSAEncryption
0f:00:59:97:3b:ce:45:24:99:6f:ec:be:df:fa:6e:15:d1:19:
0e:45:c9:d6:8e:5f:91:fb:26:66:d6:10:c1:82:fd:21:1f:cf:
57:87:ef:af:15:85:11:e0:c6:6a:6e:3d:6d:48:e1:bf:50:14:
2f:28:99:99:21:34:d8:60:a8:42:b0:0c:ee:46:3f:61:4c:e8:
3b:6d:4a:36:45:30:3d:34:8a:f8:f6:f4:32:a1:1b:31:e9:f7:
a0:d2:52:d8:b6:49:91:34:ff:fe:d3:c6:dc:b9:cf:63:29:42:
f0:58:5b:2b:ac:83:1a:5d:83:01:a2:22:28:ff:70:73:da:9f:
14:3f:de:9e:72:ef:c2:55:36:d5:69:7f:31:bb:57:e9:86:ca:
6f:2e:a1:4b:9b:e1:f3:54:7d:30:0f:37:5e:d9:f4:f2:da:77:
1c:81:4c:2d:bb:37:cf:c5:57:cc:91:ce:0c:6b:49:d7:61:c2:
7c:80:9a:fa:c6:e8:c3:bd:3b:c5:d2:d2:39:b8:ae:a4:2a:82:
b2:3a:80:b3:1f:f4:11:fb:0e:c1:9f:cb:60:52:72:1c:04:74:
9a:11:75:14:e7:c0:a1:e8:d9:76:f0:f0:3d:42:90:91:b4:86:
18:e4:0d:37:70:de:d8:4d:4d:ea:ea:49:60:d3:87:f1:67:39:
ad:da:3b:ef
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgISAY5+6ywVq3TQIuNv4iByhf54MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMzI3MDc1ODQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNjFjYzU4ZGU1MTdlMjliOGE4ZjRhOTg2NjUzNWE1NDJmOGUwZDA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0R+l1NaqUcn+14mVkv1bPvXyc4co
mnp0hKXHete1ZfdI3VcGbakMQrvUPhaTZPH6npucQ4JwdkZvjo4bQAk8s+T80VG7
J91jg3+2S9V3sudkSh5mdFjvn+k3zzCkr1S3Hjc8Deav87w+XEPGwugs/rN8wfA/
M5c3hITzDSjuEPB9vo0mAoUkq1blSU6DjdN5RmjLrO7X+4ieKOonl9vrAn13HAbs
taKJPCmrq+mpzM8k9IDH0bAM2nfnEmXHOcbDh7ltrevtpsUQDxUL/rmCW0q5Srbz
ahdLeg0CwxqFWtX20my22L7kj1RKu07AQcZ+d4SDiJnl8WxgwA7cXEzlNQIDAQAB
o4ICkjCCAo4wHQYDVR0OBBYEFPYcxY3lF+Kbio9KmGZTWlQvjg0EMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvOWh6RmplVVg0cHVLajBxWVpsTmFWQy1PRFFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGnBggrBgEFBQcBBwEB/wSBlzCBlDCBkQQCAAEwgYoDBAAt
CZwDBAAtl1kDBAFUFa4DBABXeFcDBABXeS0DBABXed0DBAFcd8QDBAJemqADBAFe
nEgDBABenO8DBACTTmYDBAKrFkgDBACy1+ADBACy1+wDBAK52FQDBAK52lQDBAC5
/iUDBADBJSkDBADCMPgDBADCMPoDBADCN7oDBADCN+ADBADCOx8wDQYJKoZIhvcN
AQELBQADggEBAA8AWZc7zkUkmW/svt/6bhXRGQ5FydaOX5H7JmbWEMGC/SEfz1eH
768VhRHgxmpuPW1I4b9QFC8omZkhNNhgqEKwDO5GP2FM6DttSjZFMD00ivj29DKh
GzHp96DSUti2SZE0//7Txty5z2MpQvBYWyusgxpdgwGiIij/cHPanxQ/3p5y78JV
NtVpfzG7V+mGym8uoUub4fNUfTAPN17Z9PLadxyBTC27N8/FV8yRzgxrSddhwnyA
mvrG6MO9O8XS0jm4rqQqgrI6gLMf9BH7DsGfy2BSchwEdJoRdRTnwKHo2Xbw8D1C
kJG0hhjkDTdw3thNTerqSWDTh/FnOa3aO+8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:26 2024 by rpki-client on console-ams.rpki-client.org