Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/D6IbSAwpgUNO73rRoKw8NO-6rLk.roa
File: D6IbSAwpgUNO73rRoKw8NO-6rLk.roa (raw, json)
Hash identifier: 8pctkcdrR8W+aGvRO+2HwMZ79gjBXJq32YLQP0UYbng=
Subject key identifier: 0F:A2:1B:48:0C:29:81:43:4E:EF:7A:D1:A0:AC:3C:34:EF:BA:AC:B9
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018C7BE83CB9FB0310B96C851106BF931DC5
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/D6IbSAwpgUNO73rRoKw8NO-6rLk.roa
Signing time: Mon 18 Dec 2023 07:51:06 +0000
ROA not before: Mon 18 Dec 2023 07:51:06 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61302
IP address blocks: 171.22.31.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
81.161.239.0/24 maxlen: 24
91.200.192.0/22 maxlen: 24
94.156.248.0/24 maxlen: 24
87.121.162.0/24 maxlen: 24
147.78.100.0/23 maxlen: 24
45.141.158.0/24 maxlen: 24
171.22.17.0/24 maxlen: 24
171.22.18.0/24 maxlen: 24
92.249.48.0/24 maxlen: 24
79.110.61.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
82.115.210.0/24 maxlen: 24
45.129.84.0/24 maxlen: 24
45.129.86.0/24 maxlen: 24
94.154.172.0/24 maxlen: 24
193.35.19.0/24 maxlen: 24
37.139.130.0/24 maxlen: 24
193.25.216.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:7b:e8:3c:b9:fb:03:10:b9:6c:85:11:06:bf:93:1d:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Dec 18 07:51:06 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0fa21b480c2981434eef7ad1a0ac3c34efbaacb9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:7e:02:fe:1e:e9:00:2d:af:36:ab:af:7e:5d:
fd:f2:8a:9f:6c:e5:12:9d:82:91:95:d4:48:85:81:
c5:28:91:5a:ab:bf:19:70:f2:ac:a0:24:b7:bf:cd:
fb:5d:1e:38:e9:e4:f0:43:5e:d8:fc:0d:6d:78:c6:
5e:90:b3:99:e7:0b:f0:6e:23:71:a6:29:b4:d9:83:
c1:7b:24:4a:0e:29:b1:e1:1e:9f:ed:ef:a1:08:23:
db:3b:61:e1:73:cf:16:55:a0:c2:24:85:6b:63:ee:
23:3e:fd:89:b5:ba:01:f7:70:63:95:77:af:f5:dc:
6c:de:af:74:21:21:3f:bf:85:09:35:ee:71:41:47:
69:af:51:83:d6:a2:5a:92:d4:db:2e:c0:b9:63:73:
ec:81:f2:db:67:e9:f3:73:f8:79:65:93:e3:b9:18:
0b:a7:a0:9a:2d:38:c6:e6:7a:94:fb:43:a0:6b:e3:
cc:f4:49:50:ad:87:2b:e9:cb:ba:c8:cd:e7:2b:5e:
6c:25:8c:35:9a:f0:02:65:fd:12:52:c3:01:a0:7f:
1e:73:ec:b9:5a:8e:45:32:c2:2a:68:81:3d:f4:96:
05:90:67:99:9e:eb:7e:89:7f:bf:13:4b:75:87:71:
95:e8:26:51:0b:05:c4:e2:dc:67:dd:e4:92:b4:9c:
8e:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:A2:1B:48:0C:29:81:43:4E:EF:7A:D1:A0:AC:3C:34:EF:BA:AC:B9
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/D6IbSAwpgUNO73rRoKw8NO-6rLk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.130.0/24
45.129.84.0/24
45.129.86.0/24
45.141.158.0/24
79.110.61.0/24
81.161.239.0/24
82.115.210.0/24
83.219.97.0/24
87.121.124.0/23
87.121.162.0/24
91.200.192.0/22
92.249.48.0/24
94.154.172.0/24
94.156.248.0/24
147.78.100.0/23
171.22.17.0-171.22.18.255
171.22.31.0/24
193.25.216.0/24
193.35.19.0/24
Signature Algorithm: sha256WithRSAEncryption
0c:19:c0:70:ea:8b:c7:c8:60:70:97:ca:2a:4d:6c:58:91:57:
af:c5:00:ce:24:49:e6:a9:33:da:be:d7:3d:13:bb:40:97:46:
c7:da:36:41:09:63:af:7f:79:44:6f:b4:57:2a:28:ba:06:5c:
31:e3:e1:b2:de:76:f4:d9:e8:00:c3:b0:46:04:81:41:bd:b2:
ea:96:67:b5:5d:64:d2:47:37:80:d9:49:3c:c7:0a:60:a3:1b:
20:b7:af:05:d3:04:75:12:bb:f8:f4:14:43:af:7d:55:70:23:
87:4c:1d:b0:cf:c2:ca:e8:cb:8c:70:e9:61:65:20:e5:0c:2a:
ec:78:2f:84:6b:06:7f:22:9c:e3:12:ad:41:29:a8:73:20:36:
1e:28:c8:3a:74:7f:1f:8c:ec:92:2c:17:94:21:93:e8:4a:22:
28:14:2d:ad:55:76:88:a3:a6:a0:77:8c:68:c6:06:b0:45:33:
d5:78:56:1d:1b:43:af:97:64:a8:4e:c5:25:57:24:3a:fd:81:
e7:b4:8b:c4:48:11:bd:dd:dd:9b:db:1b:ff:26:68:d9:75:c8:
67:fc:66:20:dd:61:f4:3d:dc:1a:f0:31:13:6a:c3:00:77:d0:
10:45:39:d2:08:fd:c5:79:e8:57:b1:75:4a:e7:e7:4f:4d:07:
49:00:0a:ae
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgISAYx76Dy5+wMQuWyFEQa/kx3FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMjE4MDc1MTA2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZmEyMWI0ODBjMjk4MTQzNGVlZjdhZDFhMGFjM2MzNGVmYmFhY2I5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgn4C/h7pAC2vNquvfl398oqfbOUS
nYKRldRIhYHFKJFaq78ZcPKsoCS3v837XR446eTwQ17Y/A1teMZekLOZ5wvwbiNx
pim02YPBeyRKDimx4R6f7e+hCCPbO2Hhc88WVaDCJIVrY+4jPv2JtboB93BjlXev
9dxs3q90ISE/v4UJNe5xQUdpr1GD1qJaktTbLsC5Y3PsgfLbZ+nzc/h5ZZPjuRgL
p6CaLTjG5nqU+0Oga+PM9ElQrYcr6cu6yM3nK15sJYw1mvACZf0SUsMBoH8ec+y5
Wo5FMsIqaIE99JYFkGeZnut+iX+/E0t1h3GV6CZRCwXE4txn3eSStJyOhQIDAQAB
o4ICgTCCAn0wHQYDVR0OBBYEFA+iG0gMKYFDTu960aCsPDTvuqy5MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRDZJYlNBd3BnVU5PNzNyUm9LdzhOTy02ckxrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGWBggrBgEFBQcBBwEB/wSBhjCBgzCBgAQCAAEwegMEACWL
ggMEAC2BVAMEAC2BVgMEAC2NngMEAE9uPQMEAFGh7wMEAFJz0gMEAFPbYQMEAVd5
fAMEAFd5ogMEAlvIwAMEAFz5MAMEAF6arAMEAF6c+AMEAZNOZDAMAwQAqxYRAwQA
qxYSAwQAqxYfAwQAwRnYAwQAwSMTMA0GCSqGSIb3DQEBCwUAA4IBAQAMGcBw6ovH
yGBwl8oqTWxYkVevxQDOJEnmqTPavtc9E7tAl0bH2jZBCWOvf3lEb7RXKii6Blwx
4+Gy3nb02egAw7BGBIFBvbLqlme1XWTSRzeA2Uk8xwpgoxsgt68F0wR1Erv49BRD
r31VcCOHTB2wz8LK6MuMcOlhZSDlDCrseC+EawZ/IpzjEq1BKahzIDYeKMg6dH8f
jOySLBeUIZPoSiIoFC2tVXaIo6agd4xoxgawRTPVeFYdG0Ovl2SoTsUlVyQ6/YHn
tIvESBG93d2b2xv/JmjZdchn/GYg3WH0Pdwa8DETasMAd9AQRTnSCP3FeehXsXVK
5+dPTQdJAAqu
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:27 2024 by rpki-client on console-ams.rpki-client.org