Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FNFTKZGSyRs4N8rXHSzX-rg8MXI.roa
File: FNFTKZGSyRs4N8rXHSzX-rg8MXI.roa (raw, json)
Hash identifier: MGgU4Sp+J6yhgfthkdlRVm4I2+ePnR1jZbj3RuZnNbA=
Subject key identifier: 14:D1:53:29:91:92:C9:1B:38:37:CA:D7:1D:2C:D7:FA:B8:3C:31:72
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018EF0C59BF090B4A6D0004B88D20E2CBB70
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FNFTKZGSyRs4N8rXHSzX-rg8MXI.roa
Signing time: Thu 18 Apr 2024 10:34:26 +0000
ROA not before: Thu 18 Apr 2024 10:34:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.9.156.0/24 maxlen: 24
45.88.88.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.21.174.0/23 maxlen: 24
85.209.133.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.86.0/23 maxlen: 24
87.121.221.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.163.0/24 maxlen: 24
94.156.72.0/23 maxlen: 24
94.156.239.0/24 maxlen: 24
95.214.25.0/24 maxlen: 24
95.214.26.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.42.32.0/23 maxlen: 24
194.48.248.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
194.59.31.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:f0:c5:9b:f0:90:b4:a6:d0:00:4b:88:d2:0e:2c:bb:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 18 10:34:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=14d153299192c91b3837cad71d2cd7fab83c3172
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:2e:1b:df:4d:cf:4d:50:83:bd:86:63:08:a6:
ec:44:72:04:8e:7f:c0:a9:e0:ec:54:fb:3c:34:49:
bc:ec:89:ce:ae:16:ce:84:27:e5:ca:3e:3d:0c:e6:
98:3d:fa:89:5d:47:ab:08:03:79:5c:88:c6:3f:2f:
bb:a4:99:93:ec:02:b7:6d:fd:ec:48:53:d4:e0:96:
39:ac:88:94:fd:38:c0:55:d1:11:ab:60:fe:40:b5:
88:d3:25:d3:f9:3f:35:06:2a:9f:54:c1:c7:9d:fa:
48:36:79:a9:4a:59:8a:86:6a:98:69:16:ec:1b:d6:
21:b5:6a:d9:80:f0:40:1e:42:e2:58:65:81:b1:a1:
ab:b7:99:f0:0e:c1:09:4f:37:38:ea:ae:48:02:b8:
e9:56:a1:2a:d7:0b:27:21:71:e9:0e:d0:0d:4c:da:
f0:1b:b7:c4:8b:78:32:c9:c8:4d:5a:6a:96:5e:9e:
c8:73:62:8a:24:36:3a:ad:b3:6c:52:6a:da:92:fa:
9e:3a:54:e1:1f:6f:e9:34:6d:66:80:1c:84:89:f8:
ce:f5:a4:69:89:40:45:41:52:a2:70:cb:06:b0:71:
61:ab:fe:22:92:16:13:b5:1e:eb:e9:9f:34:82:29:
bf:eb:83:48:ea:19:ec:c2:f9:98:49:1e:e6:f0:ff:
25:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
14:D1:53:29:91:92:C9:1B:38:37:CA:D7:1D:2C:D7:FA:B8:3C:31:72
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/FNFTKZGSyRs4N8rXHSzX-rg8MXI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/24
45.88.88.0/24
45.151.89.0/24
79.110.62.0/24
83.219.97.0/24
84.21.174.0/23
85.209.133.0/24
87.120.87.0/24
87.121.45.0/24
87.121.86.0/23
87.121.221.0/24
92.119.196.0/23
94.154.160.0/22
94.156.72.0/23
94.156.239.0/24
95.214.25.0-95.214.26.255
147.78.102.0/24
171.22.72.0/22
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
193.42.32.0/23
194.48.248.0/24
194.55.186.0/24
194.55.224.0/24
194.59.31.0/24
Signature Algorithm: sha256WithRSAEncryption
7a:fb:ac:be:78:11:89:f6:dc:15:ae:9c:09:0f:dd:56:67:8b:
3e:6f:a7:d8:2c:0d:2d:53:5f:56:a9:63:2d:6b:c2:f9:4e:89:
08:8a:51:df:8d:d4:6a:ae:f0:31:5a:4c:ef:84:74:35:19:6a:
00:6b:69:cf:10:2a:66:82:78:51:dd:63:22:9d:dd:6f:c7:b2:
e6:14:4d:d0:5b:5e:fe:2e:ab:c3:54:42:fd:30:e8:86:c1:a5:
f4:c2:56:97:97:a4:5d:12:dc:8f:59:63:d2:8a:b9:e8:a8:f3:
2e:58:2c:15:b7:d1:34:57:da:b9:af:e0:5a:8c:ca:d8:8a:ee:
07:15:ac:ea:b0:11:d3:fb:b7:22:11:a2:35:f3:cf:79:ad:7a:
c9:13:87:69:20:eb:02:5d:0a:03:dd:ad:91:71:00:e8:8e:32:
32:93:a1:e4:84:64:04:52:4e:14:d5:33:e7:1d:46:59:b9:fb:
89:f3:ae:83:2b:67:12:6a:7e:ca:2f:a7:df:5c:5a:db:54:c2:
93:57:c6:5c:eb:ba:a6:99:01:e4:b2:dc:92:4c:2a:aa:e0:34:
50:d9:f1:e9:27:70:b9:d9:c5:6f:a4:71:45:03:33:f6:63:aa:
ac:1d:c2:5f:57:da:ab:dc:dd:e9:2b:f6:96:6d:cd:0f:3f:8c:
ff:b0:20:a1
-----BEGIN CERTIFICATE-----
MIIFpjCCBI6gAwIBAgISAY7wxZvwkLSm0ABLiNIOLLtwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNDE4MTAzNDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNGQxNTMyOTkxOTJjOTFiMzgzN2NhZDcxZDJjZDdmYWI4M2MzMTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsC4b303PTVCDvYZjCKbsRHIEjn/A
qeDsVPs8NEm87InOrhbOhCflyj49DOaYPfqJXUerCAN5XIjGPy+7pJmT7AK3bf3s
SFPU4JY5rIiU/TjAVdERq2D+QLWI0yXT+T81BiqfVMHHnfpINnmpSlmKhmqYaRbs
G9YhtWrZgPBAHkLiWGWBsaGrt5nwDsEJTzc46q5IArjpVqEq1wsnIXHpDtANTNrw
G7fEi3gyychNWmqWXp7Ic2KKJDY6rbNsUmrakvqeOlThH2/pNG1mgByEifjO9aRp
iUBFQVKicMsGsHFhq/4ikhYTtR7r6Z80gim/64NI6hnswvmYSR7m8P8lGQIDAQAB
o4ICsjCCAq4wHQYDVR0OBBYEFBTRUymRkskbODfK1x0s1/q4PDFyMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRk5GVEtaR1N5UnM0TjhyWEhTelgtcmc4TVhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHHBggrBgEFBQcBBwEB/wSBtzCBtDCBsQQCAAEwgaoDBAAt
CZwDBAAtWFgDBAAtl1kDBABPbj4DBABT22EDBAFUFa4DBABV0YUDBABXeFcDBABX
eS0DBAFXeVYDBABXed0DBAFcd8QDBAJemqADBAFenEgDBABenO8wDAMEAF/WGQME
AF/WGgMEAJNOZgMEAqsWSAMEALLX4AMEALLX7AMEArnYVAMEArnaVAMEAcEqIAME
AMIw+AMEAMI3ugMEAMI34AMEAMI7HzANBgkqhkiG9w0BAQsFAAOCAQEAevusvngR
ifbcFa6cCQ/dVmeLPm+n2CwNLVNfVqljLWvC+U6JCIpR343Uaq7wMVpM74R0NRlq
AGtpzxAqZoJ4Ud1jIp3db8ey5hRN0Fte/i6rw1RC/TDohsGl9MJWl5ekXRLcj1lj
0oq56KjzLlgsFbfRNFfaua/gWozK2IruBxWs6rAR0/u3IhGiNfPPea16yROHaSDr
Al0KA92tkXEA6I4yMpOh5IRkBFJOFNUz5x1GWbn7ifOugytnEmp+yi+n31xa21TC
k1fGXOu6ppkB5LLckkwqquA0UNnx6SdwudnFb6RxRQMz9mOqrB3CX1faq9zd6Sv2
lm3NDz+M/7AgoQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:02 2024 by rpki-client on console-fra.rpki-client.org