Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Aue2Dorn-eyMGxhekgRbMNe8DFA.roa
File: Aue2Dorn-eyMGxhekgRbMNe8DFA.roa (raw, json)
Hash identifier: QnlV+uCZNhDGqj368a5CbxeqmPPV8ShOk3kq1ftuqG8=
Subject key identifier: 02:E7:B6:0E:8A:E7:F9:EC:8C:1B:18:5E:92:04:5B:30:D7:BC:0C:50
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018741967F1D6431EBB2E83A63B790A896DF
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Aue2Dorn-eyMGxhekgRbMNe8DFA.roa
Signing time: Sun 02 Apr 2023 10:49:54 +0000
ROA not before: Sun 02 Apr 2023 10:49:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211252
IP address blocks: 45.81.243.0/24 maxlen: 24
45.12.253.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
85.31.44.0/24 maxlen: 24
85.31.46.0/24 maxlen: 24
85.31.45.0/24 maxlen: 24
185.246.221.0/24 maxlen: 24
185.246.220.0/24 maxlen: 24
109.206.243.0/24 maxlen: 24
109.206.241.0/24 maxlen: 24
185.254.37.0/24 maxlen: 24
194.180.48.0/24 maxlen: 24
194.180.49.0/24 maxlen: 24
185.225.73.0/24 maxlen: 24
45.139.105.0/24 maxlen: 24
185.225.74.0/24 maxlen: 24
37.139.128.0/24 maxlen: 24
37.139.129.0/24 maxlen: 24
84.21.172.0/24 maxlen: 24
109.206.240.0/24 maxlen: 24
212.87.204.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
84.54.50.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
85.217.145.0/24 maxlen: 24
85.217.144.0/24 maxlen: 24
45.81.39.0/24 maxlen: 24
80.76.51.0/24 maxlen: 24
94.156.161.0/24 maxlen: 24
193.42.33.0/24 maxlen: 24
193.42.32.0/24 maxlen: 24
45.149.235.0/24 maxlen: 24
185.252.178.0/24 maxlen: 24
193.47.61.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
45.88.67.0/24 maxlen: 24
185.216.71.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
79.110.63.0/24 maxlen: 24
87.121.221.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:41:96:7f:1d:64:31:eb:b2:e8:3a:63:b7:90:a8:96:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 2 10:49:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=02e7b60e8ae7f9ec8c1b185e92045b30d7bc0c50
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:87:16:73:e6:40:f3:06:83:4b:12:d2:3b:01:
6c:94:3b:fb:bb:d9:52:e2:f3:44:52:42:17:0d:78:
1e:a0:8d:1f:36:20:94:2d:b9:24:87:f4:90:f4:fb:
1b:00:da:a3:34:ae:60:af:a0:02:37:59:dc:ed:6e:
11:04:0a:8f:46:28:ab:9a:d0:b6:c0:f3:a4:75:5b:
9d:b9:8a:eb:3a:bf:c2:2b:cd:59:64:4e:62:8c:ac:
bc:1a:f6:f0:1d:a7:39:a9:37:03:b5:e8:89:e8:86:
95:5e:4a:86:2a:99:a8:92:eb:88:14:f4:73:29:e1:
f0:c3:6b:eb:36:74:dd:76:00:dd:33:4a:2d:b4:79:
5d:83:58:23:1a:b8:b9:03:ca:af:f6:7e:3f:04:bf:
64:88:7e:85:7f:13:78:f9:7f:93:fc:18:7f:a7:05:
6b:e5:7b:0f:da:1a:a3:c9:0c:41:eb:fc:34:0e:28:
82:89:18:ed:10:2a:3d:07:89:ff:ef:8b:46:41:07:
a5:95:57:52:96:2b:9c:90:f2:25:63:e2:77:d6:66:
a7:25:94:7f:bc:98:1f:3d:7f:64:35:33:a3:4c:9e:
ec:67:af:0c:fe:c6:b0:ca:36:53:a9:31:c4:cf:f3:
01:0d:b0:b9:5a:2c:af:79:b0:8c:ef:3c:47:3b:8f:
07:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
02:E7:B6:0E:8A:E7:F9:EC:8C:1B:18:5E:92:04:5B:30:D7:BC:0C:50
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Aue2Dorn-eyMGxhekgRbMNe8DFA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.128.0/23
45.12.253.0/24
45.66.230.0/24
45.81.39.0/24
45.81.243.0/24
45.88.67.0/24
45.139.105.0/24
45.149.235.0/24
79.110.62.0/23
80.76.51.0/24
84.21.172.0/24
84.54.50.0/24
85.31.44.0-85.31.46.255
85.217.144.0/23
87.121.221.0/24
94.156.161.0/24
95.214.27.0/24
109.206.240.0/23
109.206.243.0/24
185.216.71.0/24
185.225.73.0-185.225.74.255
185.246.220.0/23
185.252.178.0/24
185.254.37.0/24
193.42.32.0/23
193.47.61.0/24
194.55.186.0/24
194.55.224.0/24
194.180.48.0/23
212.87.204.0/24
Signature Algorithm: sha256WithRSAEncryption
72:00:1b:ea:2c:1a:6d:65:d7:47:f6:0b:66:c7:5e:c0:76:45:
37:e3:58:20:53:06:58:7c:d4:ce:95:3b:60:9a:23:17:1a:f1:
4e:84:8c:c4:9d:34:be:c1:f6:5d:b6:e7:79:da:ba:bf:75:73:
4e:ce:3f:dc:39:16:e4:1d:f9:5c:38:38:2e:3e:6b:ea:50:70:
a6:99:bd:5c:88:f1:4b:de:b6:be:15:b8:ad:6b:c5:6e:fa:12:
69:db:fd:3c:38:7e:9d:bf:ce:50:c6:33:60:43:47:90:0a:25:
3d:8a:0b:45:6e:91:2b:dc:fd:83:b0:01:80:5d:15:cf:cc:09:
b6:fd:f2:85:e5:65:dc:df:bc:fe:6d:e3:db:3e:52:68:3c:01:
70:59:c2:3d:9c:c9:e3:be:d0:99:08:c0:26:9d:f1:37:8e:59:
e5:75:47:5a:31:76:9b:e0:f8:e5:1e:99:74:97:7a:81:df:f8:
ca:4a:b5:b3:73:90:93:da:9b:92:88:35:7a:10:74:f9:18:64:
92:d4:4a:18:df:fc:02:00:c1:bd:7b:35:99:4a:a9:e2:ea:d1:
25:8e:c9:40:71:9f:78:ae:d0:90:bc:80:c9:5c:f6:c3:b6:0b:
0e:d6:35:4c:2c:c4:bc:ea:65:eb:e3:3e:46:7b:ec:fd:25:b7:
cd:45:3f:5f
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgISAYdBln8dZDHrsug6Y7eQqJbfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDAyMTA0OTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMmU3YjYwZThhZTdmOWVjOGMxYjE4NWU5MjA0NWIzMGQ3YmMwYzUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqIcWc+ZA8waDSxLSOwFslDv7u9lS
4vNEUkIXDXgeoI0fNiCULbkkh/SQ9PsbANqjNK5gr6ACN1nc7W4RBAqPRiirmtC2
wPOkdVuduYrrOr/CK81ZZE5ijKy8GvbwHac5qTcDteiJ6IaVXkqGKpmokuuIFPRz
KeHww2vrNnTddgDdM0ottHldg1gjGri5A8qv9n4/BL9kiH6FfxN4+X+T/Bh/pwVr
5XsP2hqjyQxB6/w0DiiCiRjtECo9B4n/74tGQQellVdSliuckPIlY+J31manJZR/
vJgfPX9kNTOjTJ7sZ68M/sawyjZTqTHEz/MBDbC5WiyvebCM7zxHO48H4wIDAQAB
o4ICzDCCAsgwHQYDVR0OBBYEFALntg6K5/nsjBsYXpIEWzDXvAxQMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQXVlMkRvcm4tZXlNR3hoZWtnUmJNTmU4REZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHhBggrBgEFBQcBBwEB/wSB0TCBzjCBywQCAAEwgcQDBAEl
i4ADBAAtDP0DBAAtQuYDBAAtUScDBAAtUfMDBAAtWEMDBAAti2kDBAAtlesDBAFP
bj4DBABQTDMDBABUFawDBABUNjIwDAMEAlUfLAMEAFUfLgMEAVXZkAMEAFd53QME
AF6coQMEAF/WGwMEAW3O8AMEAG3O8wMEALnYRzAMAwQAueFJAwQAueFKAwQBufbc
AwQAufyyAwQAuf4lAwQBwSogAwQAwS89AwQAwje6AwQAwjfgAwQBwrQwAwQA1FfM
MA0GCSqGSIb3DQEBCwUAA4IBAQByABvqLBptZddH9gtmx17AdkU341ggUwZYfNTO
lTtgmiMXGvFOhIzEnTS+wfZdtud52rq/dXNOzj/cORbkHflcODguPmvqUHCmmb1c
iPFL3ra+Fbita8Vu+hJp2/08OH6dv85QxjNgQ0eQCiU9igtFbpEr3P2DsAGAXRXP
zAm2/fKF5WXc37z+bePbPlJoPAFwWcI9nMnjvtCZCMAmnfE3jlnldUdaMXab4Pjl
Hpl0l3qB3/jKSrWzc5CT2puSiDV6EHT5GGSS1EoY3/wCAMG9ezWZSqni6tEljslA
cZ94rtCQvIDJXPbDtgsO1jVMLMS86mXr4z5Ge+z9JbfNRT9f
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:00 2024 by rpki-client on console-fra.rpki-client.org