Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Jm1kVrHatmSsTEEVEovoHy7QL7w.roa
File: Jm1kVrHatmSsTEEVEovoHy7QL7w.roa (raw, json)
Hash identifier: wXklFwnDpbf8GGdE2sNu6Nibd0nD6MVXrOvBLtSKjVk=
Subject key identifier: 26:6D:64:56:B1:DA:B6:64:AC:4C:41:15:12:8B:E8:1F:2E:D0:2F:BC
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018D5E6A1E13A92941B8370557CBDEBC0948
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Jm1kVrHatmSsTEEVEovoHy7QL7w.roa
Signing time: Wed 31 Jan 2024 07:27:09 +0000
ROA not before: Wed 31 Jan 2024 07:27:09 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.84.89.0/24 maxlen: 24
45.88.90.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.221.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.172.0/24 maxlen: 24
94.156.239.0/24 maxlen: 24
95.214.24.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
185.226.173.0/24 maxlen: 24
185.252.176.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:5e:6a:1e:13:a9:29:41:b8:37:05:57:cb:de:bc:09:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 31 07:27:09 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=266d6456b1dab664ac4c4115128be81f2ed02fbc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:0c:a8:fd:84:c1:bf:94:ac:1c:a2:eb:44:db:
7c:f4:d9:ac:d2:6e:be:f9:6c:9e:5d:b8:84:e3:ee:
29:b7:9d:fe:c6:a2:7c:aa:d0:c8:91:4c:e8:c6:bf:
89:71:52:cd:92:e8:96:2b:4d:67:c8:27:50:55:37:
6f:a8:e6:86:d0:06:00:81:5a:5a:98:de:35:37:4e:
d8:da:a9:16:03:af:c1:35:2f:b9:50:9d:d5:d6:6a:
30:47:80:60:99:0c:46:ca:3f:11:fd:44:ff:74:1b:
e7:86:b2:3e:18:51:17:13:21:9f:2e:38:c1:0c:80:
25:10:60:a3:79:95:0d:40:e1:4b:73:6a:f4:45:db:
c7:5d:c6:07:88:07:58:35:78:6a:11:e3:6b:d8:13:
b4:e3:c5:ff:48:f0:d9:df:c7:1a:95:1a:c3:bd:58:
68:be:45:af:1d:a6:d8:3f:3a:72:e8:ef:10:58:f6:
26:e4:75:76:89:8f:76:3e:4b:3d:ea:e4:c2:4d:28:
31:dc:e4:f6:42:5d:ca:76:07:49:d0:b1:00:32:ab:
bd:69:ef:cd:d9:9b:64:12:f3:65:f8:95:7c:b4:ac:
0d:1d:08:44:4f:1e:73:69:46:c1:77:b7:d6:d8:c4:
cd:3b:3c:21:b5:25:87:f5:c2:e1:26:80:c3:62:0b:
97:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:6D:64:56:B1:DA:B6:64:AC:4C:41:15:12:8B:E8:1F:2E:D0:2F:BC
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Jm1kVrHatmSsTEEVEovoHy7QL7w.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.84.89.0/24
45.88.90.0/24
45.151.89.0/24
87.120.87.0/24
87.121.45.0/24
87.121.221.0/24
92.119.196.0/23
94.154.161.0-94.154.163.255
94.154.172.0/24
94.156.239.0/24
95.214.24.0/24
147.78.101.0-147.78.102.255
171.22.72.0/22
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.226.173.0/24
185.252.176.0/24
194.55.224.0/24
Signature Algorithm: sha256WithRSAEncryption
8d:81:db:b4:18:90:70:9b:5c:53:05:67:d2:48:7a:48:3f:85:
63:ac:ee:38:25:e1:65:4c:61:2f:e7:0d:9b:f3:41:87:d2:bc:
ad:ae:a4:69:9f:f1:0d:42:43:a0:67:ca:46:af:61:53:4f:4a:
ec:c0:69:f3:d3:bc:7e:5d:a2:e0:48:b4:3a:e8:b2:1b:8a:fc:
fe:98:c0:85:6f:81:bb:dd:47:49:16:e9:9b:e0:9b:51:16:9d:
41:49:a7:a4:7f:3a:52:64:70:ac:52:37:89:bd:1f:38:16:7d:
23:13:30:7e:f8:47:89:c9:73:23:ff:05:38:7a:35:d1:42:4d:
be:84:0b:59:11:ee:11:91:37:23:ba:87:57:ef:95:a7:7f:9e:
37:1c:bd:76:cf:f0:00:f2:1e:ef:1c:72:98:a4:67:38:87:9c:
8a:89:e3:a1:05:f2:cb:4b:10:6f:e8:09:90:88:c1:7c:12:24:
c7:23:d3:df:10:30:b4:91:07:51:be:30:36:c4:d0:b3:a5:b8:
97:1a:77:6e:c5:28:af:8e:0e:77:4f:ef:70:d2:31:0a:6b:97:
06:f4:de:1c:d1:98:69:b5:85:a5:a9:0b:a4:ae:7f:87:60:0a:
5a:c5:34:e3:8d:e7:df:e8:33:0a:65:7e:0e:c2:1d:1e:ae:5c:
f1:7b:65:49
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAY1eah4TqSlBuDcFV8vevAlIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTMxMDcyNzA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjZkNjQ1NmIxZGFiNjY0YWM0YzQxMTUxMjhiZTgxZjJlZDAyZmJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAyo/YTBv5SsHKLrRNt89Nms0m6+
+WyeXbiE4+4pt53+xqJ8qtDIkUzoxr+JcVLNkuiWK01nyCdQVTdvqOaG0AYAgVpa
mN41N07Y2qkWA6/BNS+5UJ3V1mowR4BgmQxGyj8R/UT/dBvnhrI+GFEXEyGfLjjB
DIAlEGCjeZUNQOFLc2r0RdvHXcYHiAdYNXhqEeNr2BO048X/SPDZ38calRrDvVho
vkWvHabYPzpy6O8QWPYm5HV2iY92Pks96uTCTSgx3OT2Ql3KdgdJ0LEAMqu9ae/N
2ZtkEvNl+JV8tKwNHQhETx5zaUbBd7fW2MTNOzwhtSWH9cLhJoDDYguXrwIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFCZtZFax2rZkrExBFRKL6B8u0C+8MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSm0xa1ZySGF0bVNzVEVFVkVvdm9IeTdRTDd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGlBggrBgEFBQcBBwEB/wSBlTCBkjCBjwQCAAEwgYgDBAAt
VFkDBAAtWFoDBAAtl1kDBABXeFcDBABXeS0DBABXed0DBAFcd8QwDAMEAF6aoQME
Al6aoAMEAF6arAMEAF6c7wMEAF/WGDAMAwQAk05lAwQAk05mAwQCqxZIAwQAstfg
AwQAstfsAwQCudhUAwQCudpUAwQAueKtAwQAufywAwQAwjfgMA0GCSqGSIb3DQEB
CwUAA4IBAQCNgdu0GJBwm1xTBWfSSHpIP4VjrO44JeFlTGEv5w2b80GH0rytrqRp
n/ENQkOgZ8pGr2FTT0rswGnz07x+XaLgSLQ66LIbivz+mMCFb4G73UdJFumb4JtR
Fp1BSaekfzpSZHCsUjeJvR84Fn0jEzB++EeJyXMj/wU4ejXRQk2+hAtZEe4RkTcj
uodX75Wnf543HL12z/AA8h7vHHKYpGc4h5yKieOhBfLLSxBv6AmQiMF8EiTHI9Pf
EDC0kQdRvjA2xNCzpbiXGnduxSivjg53T+9w0jEKa5cG9N4c0ZhptYWlqQukrn+H
YApaxTTjjeff6DMKZX4Owh0erlzxe2VJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:04 2024 by rpki-client on console-fra.rpki-client.org