Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HfZ-R5JOMxJJ94PSjmw3cQ-IrCg.roa
File: HfZ-R5JOMxJJ94PSjmw3cQ-IrCg.roa (raw, json)
Hash identifier: sBiwhOz0NtrVwWaZLiJvJ5rvVGeXaY2ahQC/QYtROv8=
Subject key identifier: 1D:F6:7E:47:92:4E:33:12:49:F7:83:D2:8E:6C:37:71:0F:88:AC:28
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018B93EBF5358C28DD0A43403545FF1F34D5
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HfZ-R5JOMxJJ94PSjmw3cQ-IrCg.roa
Signing time: Fri 03 Nov 2023 06:43:16 +0000
ROA not before: Fri 03 Nov 2023 06:43:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50738
IP address blocks: 45.9.156.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
87.120.130.0/24 maxlen: 24
147.78.100.0/23 maxlen: 24
185.246.223.0/24 maxlen: 24
92.249.48.0/24 maxlen: 24
194.180.39.0/24 maxlen: 24
45.139.104.0/24 maxlen: 24
45.129.84.0/24 maxlen: 24
45.129.86.0/24 maxlen: 24
94.154.172.0/24 maxlen: 24
193.35.19.0/24 maxlen: 24
37.139.130.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
171.22.31.0/24 maxlen: 24
81.161.230.0/24 maxlen: 24
93.123.39.0/24 maxlen: 24
81.161.239.0/24 maxlen: 24
178.215.226.0/24 maxlen: 24
91.200.192.0/22 maxlen: 24
94.156.250.0/24 maxlen: 24
178.215.238.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
87.121.162.0/24 maxlen: 24
94.156.160.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
171.22.17.0/24 maxlen: 24
171.22.18.0/24 maxlen: 24
79.110.61.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
193.25.216.0/24 maxlen: 24
87.121.220.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:93:eb:f5:35:8c:28:dd:0a:43:40:35:45:ff:1f:34:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Nov 3 06:43:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1df67e47924e331249f783d28e6c37710f88ac28
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:dc:c4:dc:54:d3:2d:64:fd:fe:fe:d6:34:17:
98:c5:87:5d:87:e6:c0:7b:c5:98:74:97:fd:c4:55:
67:ce:39:a3:aa:04:e2:91:4c:d4:32:95:d8:4a:6e:
e9:36:a7:07:75:e1:14:88:36:3c:52:8d:f8:7b:fc:
6d:7e:e1:22:3a:89:8b:0a:6c:72:95:ed:07:72:bd:
c4:36:4e:e3:7d:66:d4:e8:1e:46:11:de:06:6d:37:
8d:7d:48:4f:5c:a4:55:11:82:2c:58:64:f7:bf:18:
4c:ad:dc:46:1b:e8:4b:58:10:81:2d:8a:bc:e2:c0:
c5:39:6b:03:41:f6:42:42:4e:5d:2d:85:8d:24:a3:
ec:bb:44:4b:b1:1e:19:6d:73:7b:7c:de:40:1b:53:
01:4a:6d:71:fd:1f:c7:bc:a0:0e:a6:2e:9c:38:fc:
7d:f6:d6:92:91:5e:b1:fb:b7:4a:92:eb:96:05:0f:
31:24:c4:c6:ef:43:b0:8b:87:a1:63:1e:9a:de:39:
43:0b:af:dc:7a:79:94:fe:9a:e0:25:9d:2f:0d:29:
be:87:ce:55:82:3a:bd:cb:4f:a2:05:7a:ec:fc:fa:
56:a3:65:04:79:b4:2f:57:30:2d:6d:cd:38:13:23:
6a:ac:63:b6:1c:a9:1a:36:eb:dc:18:a3:0f:4f:4b:
5f:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:F6:7E:47:92:4E:33:12:49:F7:83:D2:8E:6C:37:71:0F:88:AC:28
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/HfZ-R5JOMxJJ94PSjmw3cQ-IrCg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.130.0/24
45.9.156.0/24
45.12.255.0/24
45.129.84.0/24
45.129.86.0/24
45.139.104.0/24
45.141.158.0/24
79.110.61.0/24
81.161.230.0/24
81.161.239.0/24
83.219.97.0/24
87.120.130.0/24
87.121.124.0/23
87.121.162.0/24
87.121.220.0/24
91.200.192.0/22
92.249.48.0/24
93.123.39.0/24
94.154.172.0/24
94.156.160.0/24
94.156.248.0/24
94.156.250.0/24
147.78.100.0/23
171.22.17.0-171.22.18.255
171.22.31.0/24
178.215.226.0/24
178.215.238.0/24
185.246.223.0/24
193.25.216.0/24
193.35.19.0/24
194.180.39.0/24
Signature Algorithm: sha256WithRSAEncryption
27:8d:12:20:69:6e:0d:5a:b3:62:e4:a1:98:68:b1:15:55:3d:
61:b0:62:91:8a:31:97:2a:98:9e:20:34:41:80:2c:18:47:86:
76:d6:45:56:bd:e6:51:f3:15:0d:19:83:51:11:e0:af:81:2b:
c8:de:a7:a1:cc:b6:54:81:46:2e:c9:0d:a8:38:ab:0c:9b:8b:
29:91:34:38:cb:57:be:12:24:71:eb:2e:6b:49:35:5c:46:a3:
ec:c3:df:cd:a8:58:09:42:d7:80:0f:74:2a:d8:14:d9:0f:90:
6f:27:3e:80:35:2d:c6:2b:b2:f8:61:58:1c:5f:6a:da:c4:a9:
91:2f:d3:40:84:32:ca:4c:08:22:50:7f:75:7e:33:6d:01:4e:
e6:1a:1b:f0:89:ef:1b:6b:7f:05:79:5e:89:14:83:de:e0:c1:
ff:1b:ab:65:11:64:c9:23:b3:91:9a:e0:ef:8d:a5:e5:7f:6a:
6f:40:1f:3c:45:9a:94:35:15:b7:a3:ea:b8:9c:c7:c9:73:5c:
c4:77:41:33:3b:e4:0d:ee:a3:85:07:81:ea:88:7e:82:8e:44:
06:0f:ed:5b:c2:db:df:50:dc:75:3c:a4:c8:39:ab:38:a8:c4:
0c:e1:0e:51:0d:e5:05:3f:6d:f0:77:de:88:0b:f1:ac:1c:41:
1f:f5:c0:fa
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgISAYuT6/U1jCjdCkNANUX/HzTVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMTAzMDY0MzE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZGY2N2U0NzkyNGUzMzEyNDlmNzgzZDI4ZTZjMzc3MTBmODhhYzI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkdzE3FTTLWT9/v7WNBeYxYddh+bA
e8WYdJf9xFVnzjmjqgTikUzUMpXYSm7pNqcHdeEUiDY8Uo34e/xtfuEiOomLCmxy
le0Hcr3ENk7jfWbU6B5GEd4GbTeNfUhPXKRVEYIsWGT3vxhMrdxGG+hLWBCBLYq8
4sDFOWsDQfZCQk5dLYWNJKPsu0RLsR4ZbXN7fN5AG1MBSm1x/R/HvKAOpi6cOPx9
9taSkV6x+7dKkuuWBQ8xJMTG70Owi4ehYx6a3jlDC6/cenmU/prgJZ0vDSm+h85V
gjq9y0+iBXrs/PpWo2UEebQvVzAtbc04EyNqrGO2HKkaNuvcGKMPT0tfQwIDAQAB
o4ICyjCCAsYwHQYDVR0OBBYEFB32fkeSTjMSSfeD0o5sN3EPiKwoMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSGZaLVI1Sk9NeEpKOTRQU2ptdzNjUS1JckNnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHfBggrBgEFBQcBBwEB/wSBzzCBzDCByQQCAAEwgcIDBAAl
i4IDBAAtCZwDBAAtDP8DBAAtgVQDBAAtgVYDBAAti2gDBAAtjZ4DBABPbj0DBABR
oeYDBABRoe8DBABT22EDBABXeIIDBAFXeXwDBABXeaIDBABXedwDBAJbyMADBABc
+TADBABdeycDBABemqwDBABenKADBABenPgDBABenPoDBAGTTmQwDAMEAKsWEQME
AKsWEgMEAKsWHwMEALLX4gMEALLX7gMEALn23wMEAMEZ2AMEAMEjEwMEAMK0JzAN
BgkqhkiG9w0BAQsFAAOCAQEAJ40SIGluDVqzYuShmGixFVU9YbBikYoxlyqYniA0
QYAsGEeGdtZFVr3mUfMVDRmDURHgr4EryN6nocy2VIFGLskNqDirDJuLKZE0OMtX
vhIkcesua0k1XEaj7MPfzahYCULXgA90KtgU2Q+Qbyc+gDUtxiuy+GFYHF9q2sSp
kS/TQIQyykwIIlB/dX4zbQFO5hob8InvG2t/BXleiRSD3uDB/xurZRFkySOzkZrg
742l5X9qb0AfPEWalDUVt6PquJzHyXNcxHdBMzvkDe6jhQeB6oh+go5EBg/tW8Lb
31DcdTykyDmrOKjEDOEOUQ3lBT9t8HfeiAvxrBxBH/XA+g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:29 2024 by rpki-client on console-ams.rpki-client.org