Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KiAhvXKkh3EfmCZN48WidUy-ZiU.roa
File: KiAhvXKkh3EfmCZN48WidUy-ZiU.roa (raw, json)
Hash identifier: AZxf1Xwi8mI+DzP9ulbD0/xXrtX9GK8TtYBvfsuEOPU=
Subject key identifier: 2A:20:21:BD:72:A4:87:71:1F:98:26:4D:E3:C5:A2:75:4C:BE:66:25
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01855DF20C30EC90E1CFE1AF9C6B9FE8AC5B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KiAhvXKkh3EfmCZN48WidUy-ZiU.roa
Signing time: Thu 29 Dec 2022 12:53:42 +0000
ROA not before: Thu 29 Dec 2022 12:53:42 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 50225
IP address blocks: 194.55.224.0/24 maxlen: 24
84.54.50.0/24 maxlen: 24
178.215.226.0/24 maxlen: 24
194.55.225.0/24 maxlen: 24
185.222.161.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
193.42.34.0/24 maxlen: 24
193.47.63.0/24 maxlen: 24
193.47.60.0/24 maxlen: 24
45.84.91.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.88.65.0/24 maxlen: 24
194.180.38.0/24 maxlen: 24
194.180.39.0/24 maxlen: 24
94.154.162.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:5d:f2:0c:30:ec:90:e1:cf:e1:af:9c:6b:9f:e8:ac:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Dec 29 12:53:42 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=2a2021bd72a487711f98264de3c5a2754cbe6625
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:eb:fe:e8:73:e0:1d:8e:4c:bb:5b:71:f0:44:a5:
ac:e4:26:c1:31:e4:a7:19:6e:9d:51:4c:2d:54:ee:
5d:72:5a:21:6e:59:b1:bb:6e:32:72:ca:96:3f:c9:
73:02:c3:4b:b5:9c:da:c0:bf:11:f1:d1:78:e0:fb:
e0:4c:1a:ed:a8:2e:f6:f8:eb:0a:a9:3b:c1:b3:90:
06:c1:2f:36:1c:f8:c7:cc:4e:a7:ce:f5:69:42:cd:
93:38:c1:79:4d:6c:5a:91:ad:8f:8f:36:04:d5:29:
2e:c7:9e:20:dc:67:ba:f0:de:37:2c:b3:b8:4a:62:
9f:a4:ec:d9:e0:f3:5d:a0:b0:f7:f5:3e:01:3a:fb:
9e:63:11:32:26:74:35:4f:bf:05:2b:11:27:66:86:
5d:aa:f1:46:03:1a:eb:e4:00:3f:b5:7d:ed:99:52:
4c:04:4b:8d:83:c6:e4:68:bc:d7:6b:12:14:48:ad:
c3:d6:2e:0d:8f:24:ef:16:cc:cf:16:b9:ba:55:ed:
bf:96:4d:fa:62:b1:33:27:77:73:a6:18:37:7c:29:
f7:4d:f0:72:36:49:97:5d:2a:18:ba:03:8b:59:a4:
7d:5e:3d:6c:8d:77:14:33:f8:73:da:fc:a7:7b:fa:
6e:5a:e8:54:28:de:8d:50:b0:79:8c:51:49:5a:31:
6c:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:20:21:BD:72:A4:87:71:1F:98:26:4D:E3:C5:A2:75:4C:BE:66:25
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KiAhvXKkh3EfmCZN48WidUy-ZiU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.12.255.0/24
45.84.91.0/24
45.88.64.0/23
84.54.50.0/24
94.154.162.0/24
178.215.226.0/24
185.222.161.0/24
193.42.34.0/24
193.47.60.0/24
193.47.63.0/24
194.55.224.0/23
194.180.38.0/23
Signature Algorithm: sha256WithRSAEncryption
5a:c7:ba:69:57:4f:f4:f7:87:f6:51:12:6c:73:78:b5:84:b2:
1f:58:0a:99:3f:80:d3:af:69:8f:ff:25:0a:c9:03:7e:b7:7b:
92:32:26:ae:6f:9f:79:24:b0:53:29:fd:95:69:dc:f0:ac:d9:
74:ba:11:44:01:3f:e9:63:7e:8c:75:e8:4f:af:29:7d:e9:70:
77:e8:92:bf:04:b7:2f:fe:82:12:da:85:7e:f6:0b:f1:e7:dc:
f5:38:a8:46:66:3d:fd:14:a3:b8:f9:77:39:ad:66:87:e8:3d:
01:61:76:86:59:33:47:7a:5e:ff:62:91:f2:3d:c4:31:30:d7:
ff:74:cd:9e:47:08:69:06:0d:0e:bb:bf:a9:64:84:14:31:c0:
24:fa:eb:7c:e2:1c:68:94:61:f9:bf:58:2d:35:e8:f4:4c:fd:
b6:4d:09:27:1d:58:a0:ff:55:1c:57:03:e2:09:61:d6:c9:40:
78:6e:d0:47:3b:12:c6:74:25:c0:8d:cc:89:a7:e0:4b:f9:d2:
21:76:0a:80:dc:d5:52:20:99:23:14:80:6c:9e:c7:e6:92:95:
df:ed:4b:65:d6:80:6a:91:c8:c6:8d:19:c9:88:0a:5f:2c:72:
b3:92:56:3b:70:4f:5c:97:71:67:e9:20:ff:b1:eb:de:9b:79:
90:0e:02:33
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYVd8gww7JDhz+GvnGuf6KxbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMjI5MTI1MzQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYTIwMjFiZDcyYTQ4NzcxMWY5ODI2NGRlM2M1YTI3NTRjYmU2NjI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6/7oc+Adjky7W3HwRKWs5CbBMeSn
GW6dUUwtVO5dclohblmxu24ycsqWP8lzAsNLtZzawL8R8dF44PvgTBrtqC72+OsK
qTvBs5AGwS82HPjHzE6nzvVpQs2TOMF5TWxaka2PjzYE1Skux54g3Ge68N43LLO4
SmKfpOzZ4PNdoLD39T4BOvueYxEyJnQ1T78FKxEnZoZdqvFGAxrr5AA/tX3tmVJM
BEuNg8bkaLzXaxIUSK3D1i4NjyTvFszPFrm6Ve2/lk36YrEzJ3dzphg3fCn3TfBy
NkmXXSoYugOLWaR9Xj1sjXcUM/hz2vyne/puWuhUKN6NULB5jFFJWjFsgwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFCogIb1ypIdxH5gmTePFonVMvmYlMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvS2lBaHZYS2toM0VmbUNaTjQ4V2lkVXktWmlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQALQz/AwQA
LVRbAwQBLVhAAwQAVDYyAwQAXpqiAwQAstfiAwQAud6hAwQAwSoiAwQAwS88AwQA
wS8/AwQBwjfgAwQBwrQmMA0GCSqGSIb3DQEBCwUAA4IBAQBax7ppV0/094f2URJs
c3i1hLIfWAqZP4DTr2mP/yUKyQN+t3uSMiaub595JLBTKf2VadzwrNl0uhFEAT/p
Y36MdehPryl96XB36JK/BLcv/oIS2oV+9gvx59z1OKhGZj39FKO4+Xc5rWaH6D0B
YXaGWTNHel7/YpHyPcQxMNf/dM2eRwhpBg0Ou7+pZIQUMcAk+ut84hxolGH5v1gt
Nej0TP22TQknHVig/1UcVwPiCWHWyUB4btBHOxLGdCXAjcyJp+BL+dIhdgqA3NVS
IJkjFIBsnsfmkpXf7Utl1oBqkcjGjRnJiApfLHKzklY7cE9cl3Fn6SD/sevem3mQ
DgIz
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:35 2023 by rpki-client on console-ams.rpki-client.org