Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NI6Em4aYZJxf9yzdPQAsBeEYwWw.roa
File: NI6Em4aYZJxf9yzdPQAsBeEYwWw.roa (raw, json)
Hash identifier: 2nzEiolRJht4zsL8bw5jnqbCbYf1AvGjE4ulgUvjC6A=
Subject key identifier: 34:8E:84:9B:86:98:64:9C:5F:F7:2C:DD:3D:00:2C:05:E1:18:C1:6C
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018E79ED1ACD2AA8CCAD6E93DABFC5EC4026
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NI6Em4aYZJxf9yzdPQAsBeEYwWw.roa
Signing time: Tue 26 Mar 2024 08:42:45 +0000
ROA not before: Tue 26 Mar 2024 08:42:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.9.156.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.221.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.72.0/23 maxlen: 24
94.156.239.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
185.254.37.0/24 maxlen: 24
193.37.41.0/24 maxlen: 24
194.48.248.0/24 maxlen: 24
194.48.250.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
194.59.31.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:79:ed:1a:cd:2a:a8:cc:ad:6e:93:da:bf:c5:ec:40:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 26 08:42:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=348e849b8698649c5ff72cdd3d002c05e118c16c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:2d:91:09:5e:47:ad:6d:db:84:4a:12:11:61:
1f:aa:bc:f3:bd:73:29:e8:eb:12:76:2e:23:59:af:
ad:98:63:45:ae:f4:dd:ba:d1:3d:bf:d9:4b:12:55:
58:25:e7:5b:fc:79:ea:4e:7a:06:6b:7c:bb:71:9b:
b1:4c:d1:da:80:0d:63:41:89:a7:30:d7:2c:19:ee:
30:89:09:65:6c:bb:76:03:ba:26:fa:7d:fe:84:9e:
26:18:44:cf:95:9c:87:ab:3a:92:51:59:3b:87:74:
63:9c:af:52:5f:5b:d8:94:6e:80:ae:c3:ca:24:af:
88:fb:8a:69:9d:a0:27:d5:67:eb:32:46:84:95:11:
6e:79:d3:1b:89:c6:a7:5c:34:76:90:cf:1b:04:71:
48:08:f5:c9:34:d2:32:0c:89:5a:cc:84:c1:ba:b2:
9c:5c:08:b4:27:5b:db:8d:80:26:2c:76:c1:20:14:
54:9d:98:12:5c:0e:a0:9a:9d:b0:69:3c:ef:07:c2:
77:a4:88:c4:0d:9b:ba:08:70:c1:2a:e6:9c:b2:a3:
b5:91:a0:8a:85:87:64:40:cf:99:a4:37:5b:f8:d9:
10:c0:63:01:9f:4c:d3:6c:a0:5d:f8:47:a7:a5:69:
25:e5:f2:6b:f2:7a:53:0b:ab:09:4a:ec:53:6c:83:
17:65
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
34:8E:84:9B:86:98:64:9C:5F:F7:2C:DD:3D:00:2C:05:E1:18:C1:6C
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NI6Em4aYZJxf9yzdPQAsBeEYwWw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/24
45.151.89.0/24
87.120.87.0/24
87.121.45.0/24
87.121.221.0/24
92.119.196.0/23
94.154.160.0/22
94.156.72.0/23
94.156.239.0/24
147.78.102.0/24
171.22.72.0/22
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.254.37.0/24
193.37.41.0/24
194.48.248.0/24
194.48.250.0/24
194.55.186.0/24
194.55.224.0/24
194.59.31.0/24
Signature Algorithm: sha256WithRSAEncryption
8d:98:80:3b:5e:80:ed:57:e8:95:80:7e:13:db:72:6a:5a:ce:
35:c2:7a:55:63:8c:5b:fb:d7:78:e0:94:47:5c:ea:1b:c6:52:
ea:59:cb:13:26:b3:27:7c:99:f5:05:8c:15:50:e9:16:76:fc:
8e:a1:67:6d:8f:0f:8e:c1:ba:08:aa:82:ba:82:94:c6:3c:50:
37:41:98:b4:e0:2f:9e:ca:9a:dd:79:08:84:85:f0:9c:fe:58:
94:c8:c5:3b:2d:36:27:3a:8d:0a:9e:2e:c5:c3:8e:3e:7d:aa:
a4:05:80:f8:02:82:a3:74:50:aa:ac:bc:6c:a3:57:fe:6c:25:
0e:48:de:11:61:78:fa:f9:10:d1:66:3e:ed:c2:7a:5d:7e:9c:
3e:fb:8f:c6:f8:46:9f:c1:e7:ed:12:0f:aa:5c:f0:4a:a6:f4:
68:ee:35:2b:f3:e4:dc:07:d9:ec:10:85:df:f9:2c:1f:88:5f:
38:46:63:a8:23:11:1a:de:3a:a8:2c:34:65:f8:59:7b:2f:08:
8c:a5:46:6a:11:df:a7:93:6a:07:a9:20:ae:a3:c9:03:80:d0:
83:65:4c:49:5a:3d:07:81:43:d3:a2:2f:0b:a3:54:f4:5b:b4:
f5:79:ab:52:8c:b9:3c:dd:a1:f8:83:46:42:77:b3:65:5d:e4:
07:f5:74:f4
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgISAY557RrNKqjMrW6T2r/F7EAmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMzI2MDg0MjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNDhlODQ5Yjg2OTg2NDljNWZmNzJjZGQzZDAwMmMwNWUxMThjMTZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4C2RCV5HrW3bhEoSEWEfqrzzvXMp
6OsSdi4jWa+tmGNFrvTdutE9v9lLElVYJedb/HnqTnoGa3y7cZuxTNHagA1jQYmn
MNcsGe4wiQllbLt2A7om+n3+hJ4mGETPlZyHqzqSUVk7h3RjnK9SX1vYlG6ArsPK
JK+I+4ppnaAn1WfrMkaElRFuedMbicanXDR2kM8bBHFICPXJNNIyDIlazITBurKc
XAi0J1vbjYAmLHbBIBRUnZgSXA6gmp2waTzvB8J3pIjEDZu6CHDBKuacsqO1kaCK
hYdkQM+ZpDdb+NkQwGMBn0zTbKBd+EenpWkl5fJr8npTC6sJSuxTbIMXZQIDAQAB
o4ICjDCCAogwHQYDVR0OBBYEFDSOhJuGmGScX/cs3T0ALAXhGMFsMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTkk2RW00YVlaSnhmOXl6ZFBRQXNCZUVZd1d3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGhBggrBgEFBQcBBwEB/wSBkTCBjjCBiwQCAAEwgYQDBAAt
CZwDBAAtl1kDBABXeFcDBABXeS0DBABXed0DBAFcd8QDBAJemqADBAFenEgDBABe
nO8DBACTTmYDBAKrFkgDBACy1+ADBACy1+wDBAK52FQDBAK52lQDBAC5/iUDBADB
JSkDBADCMPgDBADCMPoDBADCN7oDBADCN+ADBADCOx8wDQYJKoZIhvcNAQELBQAD
ggEBAI2YgDtegO1X6JWAfhPbcmpazjXCelVjjFv713jglEdc6hvGUupZyxMmsyd8
mfUFjBVQ6RZ2/I6hZ22PD47BugiqgrqClMY8UDdBmLTgL57Kmt15CISF8Jz+WJTI
xTstNic6jQqeLsXDjj59qqQFgPgCgqN0UKqsvGyjV/5sJQ5I3hFhePr5ENFmPu3C
el1+nD77j8b4Rp/B5+0SD6pc8Eqm9GjuNSvz5NwH2ewQhd/5LB+IXzhGY6gjERre
OqgsNGX4WXsvCIylRmoR36eTagepIK6jyQOA0INlTElaPQeBQ9OiLwujVPRbtPV5
q1KMuTzdofiDRkJ3s2Vd5Af1dPQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:05 2024 by rpki-client on console-fra.rpki-client.org