Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JPmIJ3n-NtNTU8cvsbrByeN5s-8.roa
File: JPmIJ3n-NtNTU8cvsbrByeN5s-8.roa (raw, json)
Hash identifier: A6Oo9LTqNlCPjpJkHEJZ3ximPU+/FzYNxavA2td1xgY=
Subject key identifier: 24:F9:88:27:79:FE:36:D3:53:53:C7:2F:B1:BA:C1:C9:E3:79:B3:EF
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018AF4926FB571DB83A0DF16042241CB59BE
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JPmIJ3n-NtNTU8cvsbrByeN5s-8.roa
Signing time: Tue 03 Oct 2023 08:05:52 +0000
ROA not before: Tue 03 Oct 2023 08:05:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.218.84.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
91.92.24.0/23 maxlen: 24
94.156.239.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.252.176.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
185.216.84.0/22 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.59.0/24 maxlen: 24
194.180.50.0/24 maxlen: 24
194.169.174.0/24 maxlen: 24
94.156.78.0/24 maxlen: 24
93.123.116.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:f4:92:6f:b5:71:db:83:a0:df:16:04:22:41:cb:59:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Oct 3 08:05:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=24f9882779fe36d35353c72fb1bac1c9e379b3ef
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:e1:1b:92:e7:7e:37:61:ed:6c:08:c8:d8:14:
74:66:7d:b5:c6:44:92:ed:a4:93:77:c7:da:59:17:
67:0e:e8:26:29:c6:fa:d3:a8:72:db:c4:b7:28:97:
dc:ad:fa:f0:f6:83:78:f3:9e:6b:04:32:20:f9:3c:
2c:30:60:82:2c:2a:c0:99:09:cf:6d:e5:e1:5d:07:
af:8d:10:6e:ae:ce:bd:46:77:a9:3b:91:09:42:21:
32:78:8f:04:25:7a:4a:47:7d:2f:f5:26:66:f8:af:
5d:9f:fd:00:05:ac:f7:80:e1:9e:6c:28:65:90:38:
ce:6a:5d:d9:09:d0:ea:8b:3f:52:83:9c:f8:ad:11:
9d:65:34:34:8f:65:11:f9:2e:1e:f3:d0:b4:58:c3:
c7:6f:b3:33:24:a4:a9:fb:55:57:93:05:c1:78:a0:
44:be:cd:ac:2f:a0:4b:87:c1:bd:71:8b:70:60:fb:
3d:04:de:58:8a:59:8e:7f:37:8d:62:01:0a:bd:0a:
c9:bf:aa:47:9f:2d:eb:b9:79:c7:62:21:f0:cd:44:
27:1b:7d:fa:b1:f1:45:ca:90:a8:11:9f:9e:35:d8:
be:d5:3d:31:ed:ff:08:63:fa:ef:2e:19:55:df:44:
5d:ac:7d:8a:79:00:8d:31:27:27:94:d6:e1:34:a1:
c4:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:F9:88:27:79:FE:36:D3:53:53:C7:2F:B1:BA:C1:C9:E3:79:B3:EF
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JPmIJ3n-NtNTU8cvsbrByeN5s-8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.89.0/24
87.121.45.0/24
87.121.59.0/24
91.92.24.0/23
92.119.196.0/23
93.123.116.0/24
94.154.161.0-94.154.163.255
94.156.78.0/24
94.156.239.0/24
147.78.100.0-147.78.102.255
171.22.72.0/22
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.252.176.0/24
194.169.174.0/24
194.180.50.0/24
Signature Algorithm: sha256WithRSAEncryption
4a:df:28:93:aa:ec:e1:aa:9e:36:1e:f3:82:fe:ca:ca:7e:d1:
be:ea:0b:1c:91:ad:07:c7:78:ef:61:66:1e:de:74:96:9d:42:
fb:1d:80:70:31:f2:fc:9c:a4:30:30:22:35:64:86:f8:19:ef:
49:e6:af:5a:3d:6a:42:89:79:ad:3f:24:e0:b3:a4:ea:10:a1:
e6:c5:b2:1f:05:4b:a3:7e:f6:22:8d:d6:f9:8f:b7:6e:70:db:
bb:c5:ee:ae:86:fd:e2:e0:34:b4:ca:ad:26:76:bf:62:80:6a:
92:21:36:b5:9b:b1:9c:b8:7d:ef:b4:a7:87:d6:d3:98:42:31:
ed:92:22:40:db:85:97:98:c6:5d:1d:92:96:53:7a:41:8f:de:
34:11:6e:90:86:73:63:8f:0b:85:22:6b:fa:2d:73:47:7d:56:
81:a7:cf:6c:50:eb:d5:6b:2f:24:6e:9d:f4:84:ac:d6:65:6b:
51:65:40:06:41:95:5b:14:44:f8:d7:fc:04:66:3e:27:0b:b4:
6e:16:56:17:ae:72:37:e7:59:76:22:dc:c9:d2:1f:5e:0e:39:
bf:7a:e4:54:05:22:a2:20:fe:30:cf:2d:2e:d9:0e:d9:25:21:
e6:c4:e6:f2:24:9c:fc:06:97:94:01:8c:69:34:32:f1:4f:99:
1b:ca:7f:6c
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAYr0km+1cduDoN8WBCJBy1m+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMDAzMDgwNTUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGY5ODgyNzc5ZmUzNmQzNTM1M2M3MmZiMWJhYzFjOWUzNzliM2VmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAieEbkud+N2HtbAjI2BR0Zn21xkSS
7aSTd8faWRdnDugmKcb606hy28S3KJfcrfrw9oN4855rBDIg+TwsMGCCLCrAmQnP
beXhXQevjRBurs69RnepO5EJQiEyeI8EJXpKR30v9SZm+K9dn/0ABaz3gOGebChl
kDjOal3ZCdDqiz9Sg5z4rRGdZTQ0j2UR+S4e89C0WMPHb7MzJKSp+1VXkwXBeKBE
vs2sL6BLh8G9cYtwYPs9BN5YilmOfzeNYgEKvQrJv6pHny3ruXnHYiHwzUQnG336
sfFFypCoEZ+eNdi+1T0x7f8IY/rvLhlV30RdrH2KeQCNMScnlNbhNKHEKQIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFCT5iCd5/jbTU1PHL7G6wcnjebPvMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSlBtSUozbi1OdE5UVThjdnNickJ5ZU41cy04LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGYBggrBgEFBQcBBwEB/wSBiDCBhTCBggQCAAEwfAMEAC2X
WQMEAFd5LQMEAFd5OwMEAVtcGAMEAVx3xAMEAF17dDAMAwQAXpqhAwQCXpqgAwQA
XpxOAwQAXpzvMAwDBAKTTmQDBACTTmYDBAKrFkgDBACy1+ADBACy1+wDBAK52FQD
BAK52lQDBAC5/LADBADCqa4DBADCtDIwDQYJKoZIhvcNAQELBQADggEBAErfKJOq
7OGqnjYe84L+ysp+0b7qCxyRrQfHeO9hZh7edJadQvsdgHAx8vycpDAwIjVkhvgZ
70nmr1o9akKJea0/JOCzpOoQoebFsh8FS6N+9iKN1vmPt25w27vF7q6G/eLgNLTK
rSZ2v2KAapIhNrWbsZy4fe+0p4fW05hCMe2SIkDbhZeYxl0dkpZTekGP3jQRbpCG
c2OPC4Uia/otc0d9VoGnz2xQ69VrLyRunfSErNZla1FlQAZBlVsURPjX/ARmPicL
tG4WVheucjfnWXYi3MnSH14OOb965FQFIqIg/jDPLS7ZDtklIebE5vIknPwGl5QB
jGk0MvFPmRvKf2w=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:29 2024 by rpki-client on console-ams.rpki-client.org