Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KwSlPuTVIyvosm_1lD--99WfYX0.roa
File: KwSlPuTVIyvosm_1lD--99WfYX0.roa (raw, json)
Hash identifier: L0KEmKJXULPjmvhAWedFFkN6McHFn3MqIFV9osordoI=
Subject key identifier: 2B:04:A5:3E:E4:D5:23:2B:E8:B2:6F:F5:94:3F:BE:F7:D5:9F:61:7D
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018810898C217B36EDB22D4BA323500359EF
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KwSlPuTVIyvosm_1lD--99WfYX0.roa
Signing time: Fri 12 May 2023 15:17:09 +0000
ROA not before: Fri 12 May 2023 15:17:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50738
IP address blocks: 87.121.124.0/23 maxlen: 24
81.161.230.0/24 maxlen: 24
81.161.239.0/24 maxlen: 24
178.215.226.0/24 maxlen: 24
91.200.192.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
94.156.160.0/24 maxlen: 24
147.78.100.0/23 maxlen: 24
185.246.223.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
171.22.17.0/24 maxlen: 24
171.22.18.0/24 maxlen: 24
194.180.39.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
45.139.104.0/24 maxlen: 24
82.115.210.0/23 maxlen: 24
45.129.84.0/24 maxlen: 24
45.129.86.0/24 maxlen: 24
94.154.172.0/24 maxlen: 24
193.35.19.0/24 maxlen: 24
87.121.220.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:10:89:8c:21:7b:36:ed:b2:2d:4b:a3:23:50:03:59:ef
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 12 15:17:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=2b04a53ee4d5232be8b26ff5943fbef7d59f617d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:25:81:76:37:dc:c7:bf:45:29:76:78:d8:5c:
9a:5d:19:c7:a8:7c:f4:b6:63:0c:16:9d:64:b8:8f:
6c:ba:39:6e:07:e9:34:e2:b4:b4:38:43:12:46:82:
da:c4:14:7c:4d:00:e8:41:0e:69:5b:ea:60:3b:d6:
28:df:8c:34:a1:fb:f1:6d:a5:44:7e:28:ca:fb:1d:
ce:3b:62:62:73:a3:38:c2:6f:4f:99:de:da:a2:0f:
e1:9c:cb:1a:23:8c:98:2e:e0:7a:25:1a:2e:32:13:
0c:e5:e3:b1:ca:c7:00:85:e3:91:b7:bf:88:b5:04:
06:dc:29:f1:7e:63:eb:dd:83:df:08:e7:31:32:4d:
21:11:46:49:60:db:22:76:ca:22:94:9d:18:97:a0:
95:4e:c0:31:73:48:ec:05:76:b3:8a:59:75:14:56:
ce:e6:16:81:ef:15:1e:71:99:34:de:27:45:be:22:
4e:3b:97:ed:c3:68:bd:9e:30:e0:26:e9:cd:4f:4a:
eb:2a:2a:ce:a2:2b:89:9e:62:12:fc:5a:95:90:ea:
f3:c8:a7:98:b0:7d:4d:b4:5d:20:0e:21:32:7e:84:
0b:79:ea:c6:60:c0:6f:db:3d:3d:aa:7c:cc:ef:91:
fe:3d:71:32:35:d7:e0:32:36:2a:eb:0b:4a:3f:51:
90:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:04:A5:3E:E4:D5:23:2B:E8:B2:6F:F5:94:3F:BE:F7:D5:9F:61:7D
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/KwSlPuTVIyvosm_1lD--99WfYX0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/24
45.12.255.0/24
45.66.228.0/24
45.129.84.0/24
45.129.86.0/24
45.139.104.0/24
45.141.158.0/24
81.161.230.0/24
81.161.239.0/24
82.115.210.0/23
83.219.97.0/24
87.121.124.0/23
87.121.220.0/24
91.200.192.0/22
94.154.172.0/24
94.156.160.0/24
147.78.100.0/23
171.22.17.0-171.22.18.255
178.215.226.0/24
185.246.223.0/24
193.35.19.0/24
194.180.39.0/24
Signature Algorithm: sha256WithRSAEncryption
28:ba:92:0c:83:77:5c:ac:1e:7e:46:16:cb:3e:8a:cb:59:1e:
b7:ee:b5:02:e0:7d:3d:1b:31:be:b8:05:b3:ca:d0:45:a9:dd:
fc:29:ce:cc:ff:ea:44:22:c7:77:e7:54:d0:fe:89:7c:8e:4c:
dc:c3:df:f1:e3:2d:bc:05:43:36:1b:cd:db:cc:20:d4:39:05:
7d:10:f5:04:ce:4a:73:b5:7d:79:c4:99:32:03:24:59:3b:18:
a2:c2:8f:fb:e2:de:a1:32:5d:fc:1e:07:69:be:5c:36:cb:d8:
dc:ac:fb:84:47:32:2a:0d:f4:ab:0c:37:85:42:8b:2f:d3:50:
70:cc:c9:69:74:18:0f:33:6f:2d:40:c4:8a:ef:8f:1f:87:ce:
81:e5:4b:2f:ea:02:bb:4a:a3:54:86:80:4c:81:28:0b:7f:c6:
f9:79:41:a7:f0:6c:a3:89:6c:ce:a3:0f:4b:e8:d1:44:34:fb:
58:43:74:09:e0:78:09:20:95:70:d2:98:2a:4a:f2:50:33:a8:
d4:86:22:82:fb:f1:87:10:a3:90:9f:ab:11:1b:af:2a:f2:fb:
9b:0b:52:6a:2c:ac:da:11:e3:2d:90:22:1d:12:5e:39:68:a0:
0a:d4:ba:67:4c:90:6b:96:35:60:2f:f1:e5:17:78:05:14:fc:
9b:32:30:47
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAYgQiYwhezbtsi1LoyNQA1nvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTEyMTUxNzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjA0YTUzZWU0ZDUyMzJiZThiMjZmZjU5NDNmYmVmN2Q1OWY2MTdkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyyWBdjfcx79FKXZ42FyaXRnHqHz0
tmMMFp1kuI9sujluB+k04rS0OEMSRoLaxBR8TQDoQQ5pW+pgO9Yo34w0ofvxbaVE
fijK+x3OO2Jic6M4wm9Pmd7aog/hnMsaI4yYLuB6JRouMhMM5eOxyscAheORt7+I
tQQG3CnxfmPr3YPfCOcxMk0hEUZJYNsidsoilJ0Yl6CVTsAxc0jsBXazill1FFbO
5haB7xUecZk03idFviJOO5ftw2i9njDgJunNT0rrKirOoiuJnmIS/FqVkOrzyKeY
sH1NtF0gDiEyfoQLeerGYMBv2z09qnzM75H+PXEyNdfgMjYq6wtKP1GQHwIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFCsEpT7k1SMr6LJv9ZQ/vvfVn2F9MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvS3dTbFB1VFZJeXZvc21fMWxELS05OVdmWVgwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGpBggrBgEFBQcBBwEB/wSBmTCBljCBkwQCAAEwgYwDBAAt
CZwDBAAtDP8DBAAtQuQDBAAtgVQDBAAtgVYDBAAti2gDBAAtjZ4DBABRoeYDBABR
oe8DBAFSc9IDBABT22EDBAFXeXwDBABXedwDBAJbyMADBABemqwDBABenKADBAGT
TmQwDAMEAKsWEQMEAKsWEgMEALLX4gMEALn23wMEAMEjEwMEAMK0JzANBgkqhkiG
9w0BAQsFAAOCAQEAKLqSDIN3XKwefkYWyz6Ky1ket+61AuB9PRsxvrgFs8rQRand
/CnOzP/qRCLHd+dU0P6JfI5M3MPf8eMtvAVDNhvN28wg1DkFfRD1BM5Kc7V9ecSZ
MgMkWTsYosKP++LeoTJd/B4Hab5cNsvY3Kz7hEcyKg30qww3hUKLL9NQcMzJaXQY
DzNvLUDEiu+PH4fOgeVLL+oCu0qjVIaATIEoC3/G+XlBp/Bso4lszqMPS+jRRDT7
WEN0CeB4CSCVcNKYKkryUDOo1IYigvvxhxCjkJ+rERuvKvL7mwtSaiys2hHjLZAi
HRJeOWigCtS6Z0yQa5Y1YC/x5Rd4BRT8mzIwRw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:04 2024 by rpki-client on console-fra.rpki-client.org