Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/B9D-_Rk636P1MZZx5zVzYEFrVqw.roa
File: B9D-_Rk636P1MZZx5zVzYEFrVqw.roa (raw, json)
Hash identifier: rRF+G7GNYHZXSwg+PVlY/jOisw6xyJWbMd14c5ecOmI=
Subject key identifier: 07:D0:FE:FD:19:3A:DF:A3:F5:31:96:71:E7:35:73:60:41:6B:56:AC
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01899C8DD28AF5FF8717EA2F74D8E59DC381
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/B9D-_Rk636P1MZZx5zVzYEFrVqw.roa
Signing time: Fri 28 Jul 2023 12:51:27 +0000
ROA not before: Fri 28 Jul 2023 12:51:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.218.84.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
91.92.21.0/24 maxlen: 24
94.156.239.0/24 maxlen: 24
194.113.36.0/22 maxlen: 24
178.215.236.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.252.176.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
45.95.0.0/22 maxlen: 24
185.216.84.0/22 maxlen: 24
87.121.45.0/24 maxlen: 24
185.218.137.0/24 maxlen: 24
194.169.174.0/24 maxlen: 24
94.154.163.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
185.219.126.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:9c:8d:d2:8a:f5:ff:87:17:ea:2f:74:d8:e5:9d:c3:81
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jul 28 12:51:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=07d0fefd193adfa3f5319671e7357360416b56ac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:6b:ce:fa:dd:5a:9f:00:31:3f:cf:a1:ea:a8:
b3:dd:39:41:86:09:d0:7f:e9:c1:0f:a4:b1:58:75:
5e:09:58:ef:5e:da:0c:9b:17:fe:51:24:3d:fd:c9:
fd:0c:7b:4a:45:c1:6f:be:0e:cc:c5:ef:00:5c:c1:
95:57:99:5d:8a:13:5b:99:55:23:c6:5f:ac:df:3e:
82:4b:9a:7f:15:f1:fd:58:d5:08:22:e5:94:81:d7:
85:70:0c:37:6b:a0:58:8c:21:91:00:8a:61:6d:4a:
0e:f8:c9:a2:4f:0b:15:ab:25:30:53:45:fc:6c:bb:
e3:ac:71:24:de:31:cf:67:bb:a2:50:bc:53:f9:01:
2c:c1:22:f4:f2:74:fd:1b:1f:b3:bf:3a:b9:e6:27:
7b:02:29:2e:49:78:89:b5:94:8d:7b:a3:77:ab:b1:
5b:3c:a5:1c:0e:f8:0c:16:cf:9a:bc:8d:da:36:ba:
d0:6b:3b:8c:7f:2e:14:65:fe:e1:fa:c5:18:43:95:
0b:1c:df:22:f9:7a:99:77:bf:11:5a:74:f1:29:ab:
0c:e7:7a:36:ff:78:1c:ff:a3:45:5c:06:6f:b9:e5:
b8:10:85:65:27:d9:cd:1f:30:26:f3:c6:b8:4b:0e:
ee:99:f7:68:41:26:c5:31:61:79:a6:81:63:1e:9e:
e2:69
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:D0:FE:FD:19:3A:DF:A3:F5:31:96:71:E7:35:73:60:41:6B:56:AC
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/B9D-_Rk636P1MZZx5zVzYEFrVqw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.95.0.0/22
45.151.89.0/24
87.121.45.0/24
91.92.21.0/24
92.119.196.0/23
94.154.161.0-94.154.163.255
94.156.239.0/24
147.78.100.0-147.78.102.255
171.22.72.0/22
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.218.137.0/24
185.219.126.0/24
185.252.176.0/24
194.113.36.0/22
194.169.174.0/24
Signature Algorithm: sha256WithRSAEncryption
63:ec:a3:9a:d1:55:ac:8b:0e:e6:47:0b:a4:4d:8f:d8:59:8a:
8b:40:8e:0c:f0:06:f5:96:0f:0b:68:3c:ec:08:91:c0:05:27:
30:76:0f:2b:75:cc:bd:56:14:0b:1e:96:10:d7:8d:47:82:42:
62:79:bf:3b:d5:c7:c5:5e:6c:10:85:e5:7b:8c:c2:5b:b0:91:
ca:a0:c9:7a:6f:96:a1:a9:a2:57:b9:e1:ed:db:47:b8:cd:da:
c8:c5:18:63:67:16:37:57:07:aa:b3:94:b9:d2:35:33:ac:51:
0b:f0:11:65:46:a5:65:73:6a:85:80:db:db:99:d9:81:e9:46:
eb:58:18:a5:56:a4:c5:72:fa:36:09:6a:85:bc:97:73:92:dc:
ac:cb:38:35:64:78:db:c4:ec:dc:f1:31:b8:22:2a:d2:a5:c7:
b5:92:d9:f4:5c:4f:45:f3:ad:66:c9:3e:0f:e8:de:b0:a1:a9:
5e:04:6d:a0:0a:1d:ae:4a:f9:cf:32:a8:11:7b:55:2b:73:a9:
af:f1:50:ae:de:f6:c4:ad:b9:dc:d9:ef:eb:44:36:e5:39:9f:
f9:45:82:e1:ac:28:5d:8a:5e:bd:6b:63:cb:c6:53:f6:1f:e0:
c2:0f:01:f4:c9:1c:94:c7:8a:36:c6:e5:81:ea:20:b8:24:ff:
ff:1a:07:07
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAYmcjdKK9f+HF+ovdNjlncOBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzI4MTI1MTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2QwZmVmZDE5M2FkZmEzZjUzMTk2NzFlNzM1NzM2MDQxNmI1NmFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgWvO+t1anwAxP8+h6qiz3TlBhgnQ
f+nBD6SxWHVeCVjvXtoMmxf+USQ9/cn9DHtKRcFvvg7Mxe8AXMGVV5ldihNbmVUj
xl+s3z6CS5p/FfH9WNUIIuWUgdeFcAw3a6BYjCGRAIphbUoO+MmiTwsVqyUwU0X8
bLvjrHEk3jHPZ7uiULxT+QEswSL08nT9Gx+zvzq55id7AikuSXiJtZSNe6N3q7Fb
PKUcDvgMFs+avI3aNrrQazuMfy4UZf7h+sUYQ5ULHN8i+XqZd78RWnTxKasM53o2
/3gc/6NFXAZvueW4EIVlJ9nNHzAm88a4Sw7umfdoQSbFMWF5poFjHp7iaQIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFAfQ/v0ZOt+j9TGWcec1c2BBa1asMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQjlELV9SazYzNlAxTVpaeDV6VnpZRUZyVnF3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGYBggrBgEFBQcBBwEB/wSBiDCBhTCBggQCAAEwfAMEAi1f
AAMEAC2XWQMEAFd5LQMEAFtcFQMEAVx3xDAMAwQAXpqhAwQCXpqgAwQAXpzvMAwD
BAKTTmQDBACTTmYDBAKrFkgDBACy1+ADBACy1+wDBAK52FQDBAK52lQDBAC52okD
BAC5234DBAC5/LADBALCcSQDBADCqa4wDQYJKoZIhvcNAQELBQADggEBAGPso5rR
VayLDuZHC6RNj9hZiotAjgzwBvWWDwtoPOwIkcAFJzB2Dyt1zL1WFAselhDXjUeC
QmJ5vzvVx8VebBCF5XuMwluwkcqgyXpvlqGpole54e3bR7jN2sjFGGNnFjdXB6qz
lLnSNTOsUQvwEWVGpWVzaoWA29uZ2YHpRutYGKVWpMVy+jYJaoW8l3OS3KzLODVk
eNvE7NzxMbgiKtKlx7WS2fRcT0XzrWbJPg/o3rChqV4EbaAKHa5K+c8yqBF7VStz
qa/xUK7e9sStudzZ7+tENuU5n/lFguGsKF2KXr1rY8vGU/Yf4MIPAfTJHJTHijbG
5YHqILgk//8aBwc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:00 2024 by rpki-client on console-fra.rpki-client.org