Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FFOXwuOnaBqXfYhwyY1Y0BpoXXw.roa
File: FFOXwuOnaBqXfYhwyY1Y0BpoXXw.roa (raw, json)
Hash identifier: Z9FG0geLcHKq4CKZ1yT6atv/Yw3V+MrMZ5fX/Jk1nB0=
Subject key identifier: 14:53:97:C2:E3:A7:68:1A:97:7D:88:70:C9:8D:58:D0:1A:68:5D:7C
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018DEE6CFA2F5EB4564602A1DE36E31586BA
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FFOXwuOnaBqXfYhwyY1Y0BpoXXw.roa
Signing time: Wed 28 Feb 2024 06:35:35 +0000
ROA not before: Wed 28 Feb 2024 06:35:35 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 206003
IP address blocks: 45.129.84.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
81.161.239.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
91.200.192.0/22 maxlen: 24
171.22.17.0/24 maxlen: 24
171.22.31.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:ee:6c:fa:2f:5e:b4:56:46:02:a1:de:36:e3:15:86:ba
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 28 06:35:35 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=145397c2e3a7681a977d8870c98d58d01a685d7c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d6:f8:a7:7e:7f:8f:06:e6:ef:25:8a:f2:07:6c:
30:c7:6b:d2:40:a4:e1:3e:0d:f0:5c:85:66:10:99:
2a:11:48:eb:94:eb:ba:a7:87:17:3c:27:93:4c:71:
f3:21:30:6b:f8:aa:09:4e:46:e9:22:45:79:84:b7:
bf:70:eb:3a:b8:65:a5:0c:1f:4d:f7:55:c0:fd:22:
43:e1:80:cf:d3:92:4b:21:71:8a:a8:ba:85:9d:df:
e9:68:6d:f4:12:e4:e5:a1:f8:54:d2:52:27:31:c3:
df:4d:ed:d4:de:4b:50:8f:d1:bd:9b:d9:18:2a:72:
b3:be:c5:73:04:16:b7:f6:ec:39:ea:04:b1:cb:9e:
ca:5f:9d:c3:8b:b5:f1:83:99:65:fe:a8:f0:ab:f0:
7f:00:1f:5b:55:16:2e:2d:15:a4:c8:d2:b0:59:25:
0a:39:fe:b8:ad:4a:9d:41:9c:52:31:e3:41:e6:98:
3a:81:27:7f:a3:a7:db:75:f2:d8:1b:dc:f0:25:7c:
a0:02:e7:ce:ff:8b:e6:34:dc:4e:36:ae:d6:c4:62:
1f:ee:fc:97:9b:99:3a:0e:a8:2f:ea:11:0d:1c:6a:
5e:e6:5f:eb:67:50:a7:5f:69:e5:a3:43:d5:6c:52:
74:f4:14:5b:56:c8:13:11:2e:de:59:c0:49:45:b1:
f0:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:53:97:C2:E3:A7:68:1A:97:7D:88:70:C9:8D:58:D0:1A:68:5D:7C
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FFOXwuOnaBqXfYhwyY1Y0BpoXXw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.129.84.0/24
45.141.158.0/24
81.161.239.0/24
87.121.124.0/23
87.121.162.0/24
91.200.192.0/22
171.22.17.0/24
171.22.31.0/24
Signature Algorithm: sha256WithRSAEncryption
4b:9b:01:42:61:30:24:71:5f:4f:cd:56:3d:cb:b6:cd:ab:4a:
98:42:4f:36:a2:e3:f6:b3:d3:fd:af:2d:34:c6:1b:9f:e7:ca:
c5:51:96:e0:d4:38:b0:b0:1d:b9:c8:f8:5f:00:2a:cb:71:23:
0b:38:aa:56:96:aa:e7:00:42:2a:f3:ed:ef:1a:30:bf:f3:f8:
95:b8:87:29:6b:d2:42:4c:6f:a5:fa:2a:e0:e9:dc:6e:a9:fd:
d3:4e:57:a4:3a:11:14:36:d3:fe:44:86:33:e2:d3:cc:7b:b1:
d9:7a:30:07:66:f9:1c:d6:73:38:9c:cc:e5:ea:ff:ab:40:96:
39:6b:c6:0b:ab:5d:d6:8b:5b:3c:b2:36:ad:c9:fd:25:b5:ea:
b7:2b:4f:47:19:5d:2d:09:b9:3a:92:bb:0c:50:5d:2b:f5:7b:
f0:57:01:6c:88:16:dc:82:d3:cf:72:f4:c7:fc:db:37:46:49:
06:0e:bc:b2:4f:72:fc:97:80:bc:42:b3:e6:e2:b7:73:1d:f0:
73:4b:e0:78:6d:32:ca:28:0f:ca:46:8f:86:c7:16:0a:15:c7:
72:51:43:e4:77:40:03:f9:0c:fb:ce:b6:ff:7c:9b:25:92:d4:
80:f4:4d:fa:2e:dd:94:39:c6:a1:09:d1:84:bd:46:44:c1:20:
00:6a:8b:49
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAY3ubPovXrRWRgKh3jbjFYa6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjI4MDYzNTM1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNDUzOTdjMmUzYTc2ODFhOTc3ZDg4NzBjOThkNThkMDFhNjg1ZDdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1vinfn+PBubvJYryB2wwx2vSQKTh
Pg3wXIVmEJkqEUjrlOu6p4cXPCeTTHHzITBr+KoJTkbpIkV5hLe/cOs6uGWlDB9N
91XA/SJD4YDP05JLIXGKqLqFnd/paG30EuTlofhU0lInMcPfTe3U3ktQj9G9m9kY
KnKzvsVzBBa39uw56gSxy57KX53Di7Xxg5ll/qjwq/B/AB9bVRYuLRWkyNKwWSUK
Of64rUqdQZxSMeNB5pg6gSd/o6fbdfLYG9zwJXygAufO/4vmNNxONq7WxGIf7vyX
m5k6Dqgv6hENHGpe5l/rZ1CnX2nlo0PVbFJ09BRbVsgTES7eWcBJRbHw3QIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFBRTl8Ljp2gal32IcMmNWNAaaF18MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRkZPWHd1T25hQnFYZllod3lZMVkwQnBvWFh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALYFUAwQA
LY2eAwQAUaHvAwQBV3l8AwQAV3miAwQCW8jAAwQAqxYRAwQAqxYfMA0GCSqGSIb3
DQEBCwUAA4IBAQBLmwFCYTAkcV9PzVY9y7bNq0qYQk82ouP2s9P9ry00xhuf58rF
UZbg1DiwsB25yPhfACrLcSMLOKpWlqrnAEIq8+3vGjC/8/iVuIcpa9JCTG+l+irg
6dxuqf3TTlekOhEUNtP+RIYz4tPMe7HZejAHZvkc1nM4nMzl6v+rQJY5a8YLq13W
i1s8sjatyf0lteq3K09HGV0tCbk6krsMUF0r9XvwVwFsiBbcgtPPcvTH/Ns3RkkG
DryyT3L8l4C8QrPm4rdzHfBzS+B4bTLKKA/KRo+GxxYKFcdyUUPkd0AD+Qz7zrb/
fJslktSA9E36Lt2UOcahCdGEvUZEwSAAaotJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:28 2024 by rpki-client on console-ams.rpki-client.org