Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BFrrlUAfCl_tdpDegXnjD2EYuKM.roa
File: BFrrlUAfCl_tdpDegXnjD2EYuKM.roa (raw, json)
Hash identifier: HVo1iXwV0bWp6Xs9gd+0ipX4RDzN/gPGNW7Ob8j5dOY=
Subject key identifier: 04:5A:EB:95:40:1F:0A:5F:ED:76:90:DE:81:79:E3:0F:61:18:B8:A3
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018AB29B4F63FEA71115A0EC7BA1B4442C9E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BFrrlUAfCl_tdpDegXnjD2EYuKM.roa
Signing time: Wed 20 Sep 2023 12:40:37 +0000
ROA not before: Wed 20 Sep 2023 12:40:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.218.84.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
91.92.24.0/23 maxlen: 24
94.156.239.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.252.176.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
185.216.84.0/22 maxlen: 24
87.121.45.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.121.59.0/24 maxlen: 24
194.180.50.0/24 maxlen: 24
194.169.174.0/24 maxlen: 24
94.156.78.0/24 maxlen: 24
93.123.116.0/24 maxlen: 24
94.154.163.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
185.219.126.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:b2:9b:4f:63:fe:a7:11:15:a0:ec:7b:a1:b4:44:2c:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Sep 20 12:40:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=045aeb95401f0a5fed7690de8179e30f6118b8a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:90:95:6c:a8:e0:5f:d4:cd:ae:49:f4:ed:9c:
dd:c3:18:c8:d4:f8:8a:7b:67:c9:e4:7d:1f:ef:39:
b4:f2:47:ec:45:35:82:b0:7a:f8:f9:9f:e9:51:b9:
dc:5e:05:4e:16:f8:16:40:ca:3c:27:b5:99:b5:34:
78:95:c5:2e:4f:b0:11:df:76:d4:69:01:40:4b:0b:
4d:d7:32:c7:b5:0d:c4:2d:7b:45:de:cf:c2:cf:41:
6b:a7:55:76:07:27:32:cb:a6:da:49:50:33:10:52:
77:ba:b0:15:44:1e:fa:45:7c:a2:b8:ce:5e:09:9f:
e9:76:59:45:b6:0b:80:29:0b:ea:bb:18:8f:13:f7:
44:94:fc:99:b3:cf:eb:f6:ce:59:0f:35:a3:8f:d6:
7e:58:ec:54:05:a0:ff:0b:c0:74:3a:11:c8:a0:11:
1e:e0:9d:1f:0f:ac:35:77:96:ea:a7:28:c5:a0:22:
bb:f9:8a:4a:ce:3d:fc:13:be:a5:30:69:ff:e8:94:
b5:28:79:c4:7e:27:cd:55:63:65:5d:08:d0:57:6f:
8e:88:95:34:a6:37:2e:2a:1f:1e:36:2f:a1:74:70:
60:cb:d2:0d:3a:31:6b:fc:9c:38:cb:29:87:1a:24:
eb:cf:f2:b4:be:34:0e:8f:09:3e:34:9c:71:af:8d:
e5:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
04:5A:EB:95:40:1F:0A:5F:ED:76:90:DE:81:79:E3:0F:61:18:B8:A3
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/BFrrlUAfCl_tdpDegXnjD2EYuKM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.89.0/24
87.120.87.0/24
87.121.45.0/24
87.121.59.0/24
91.92.24.0/23
92.119.196.0/23
93.123.116.0/24
94.154.161.0-94.154.163.255
94.156.78.0/24
94.156.239.0/24
147.78.100.0-147.78.102.255
171.22.72.0/22
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.219.126.0/24
185.252.176.0/24
194.169.174.0/24
194.180.50.0/24
Signature Algorithm: sha256WithRSAEncryption
3d:78:c5:e4:0e:90:1b:6b:05:97:38:db:bd:36:55:03:51:a4:
59:4d:8d:6a:73:46:70:cf:c7:0d:8f:e8:b7:de:d6:ba:53:de:
de:63:30:84:e2:95:2c:7f:f0:23:f9:cf:87:d4:17:14:c5:7a:
98:1f:40:83:92:05:7d:3e:8b:5f:75:1f:dd:00:9d:53:75:3e:
c4:ef:85:3a:57:25:58:c4:33:f9:2f:dd:33:44:33:54:8d:43:
4c:9d:f7:88:f3:c9:fe:57:b5:33:03:54:da:d1:10:d1:af:42:
02:87:00:c0:2c:03:5b:3f:42:66:6f:b2:68:e3:b9:b8:d8:fc:
2f:c9:a8:34:23:82:ff:8c:ea:fe:de:0d:aa:d5:73:5c:21:b5:
99:ae:88:d4:09:58:e5:ea:69:a2:d1:5e:da:6e:7b:82:b8:6b:
dd:99:ee:2e:bf:e3:25:09:9a:79:9c:be:4e:f9:b7:97:0f:b9:
0f:97:0f:b2:e6:d8:cb:5d:d0:27:9d:87:73:cc:31:52:cd:d7:
74:6e:fa:89:8d:0d:21:69:4b:7d:8d:b5:dc:f4:b8:24:d3:1a:
8a:fb:1f:5d:36:6e:13:b9:74:fd:36:22:cc:60:41:ea:db:56:
1f:20:e8:d0:b2:ce:63:ee:dd:85:a6:a9:07:03:4b:a2:8a:f2:
9d:d5:f9:99
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAYqym09j/qcRFaDse6G0RCyeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTIwMTI0MDM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNDVhZWI5NTQwMWYwYTVmZWQ3NjkwZGU4MTc5ZTMwZjYxMThiOGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpCVbKjgX9TNrkn07ZzdwxjI1PiK
e2fJ5H0f7zm08kfsRTWCsHr4+Z/pUbncXgVOFvgWQMo8J7WZtTR4lcUuT7AR33bU
aQFASwtN1zLHtQ3ELXtF3s/Cz0Frp1V2Bycyy6baSVAzEFJ3urAVRB76RXyiuM5e
CZ/pdllFtguAKQvquxiPE/dElPyZs8/r9s5ZDzWjj9Z+WOxUBaD/C8B0OhHIoBEe
4J0fD6w1d5bqpyjFoCK7+YpKzj38E76lMGn/6JS1KHnEfifNVWNlXQjQV2+OiJU0
pjcuKh8eNi+hdHBgy9INOjFr/Jw4yymHGiTrz/K0vjQOjwk+NJxxr43lKwIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFARa65VAHwpf7XaQ3oF54w9hGLijMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQkZycmxVQWZDbF90ZHBEZWdYbmpEMkVZdUtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGlBggrBgEFBQcBBwEB/wSBlTCBkjCBjwQCAAEwgYgDBAAt
l1kDBABXeFcDBABXeS0DBABXeTsDBAFbXBgDBAFcd8QDBABde3QwDAMEAF6aoQME
Al6aoAMEAF6cTgMEAF6c7zAMAwQCk05kAwQAk05mAwQCqxZIAwQAstfgAwQAstfs
AwQCudhUAwQCudpUAwQAudt+AwQAufywAwQAwqmuAwQAwrQyMA0GCSqGSIb3DQEB
CwUAA4IBAQA9eMXkDpAbawWXONu9NlUDUaRZTY1qc0Zwz8cNj+i33ta6U97eYzCE
4pUsf/Aj+c+H1BcUxXqYH0CDkgV9PotfdR/dAJ1TdT7E74U6VyVYxDP5L90zRDNU
jUNMnfeI88n+V7UzA1Ta0RDRr0IChwDALANbP0Jmb7Jo47m42Pwvyag0I4L/jOr+
3g2q1XNcIbWZrojUCVjl6mmi0V7abnuCuGvdme4uv+MlCZp5nL5O+beXD7kPlw+y
5tjLXdAnnYdzzDFSzdd0bvqJjQ0haUt9jbXc9Lgk0xqK+x9dNm4TuXT9NiLMYEHq
21YfIOjQss5j7t2FpqkHA0uiivKd1fmZ
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:26 2024 by rpki-client on console-ams.rpki-client.org