Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OnSvdEIJpYktkOUI5XUsl6BXpJw.roa
File: OnSvdEIJpYktkOUI5XUsl6BXpJw.roa (raw, json)
Hash identifier: DqzEb6FAq2voxb8CaJA9zpHz7Qb4O2WCzd9G27prFS0=
Subject key identifier: 3A:74:AF:74:42:09:A5:89:2D:90:E5:08:E5:75:2C:97:A0:57:A4:9C
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01857D12CB9FE3DA931A4B24FB004B6C6C8E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OnSvdEIJpYktkOUI5XUsl6BXpJw.roa
Signing time: Wed 04 Jan 2023 13:57:41 +0000
ROA not before: Wed 04 Jan 2023 13:57:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209371
IP address blocks: 185.216.70.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
194.55.225.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
178.215.239.0/24 maxlen: 24
45.128.96.0/22 maxlen: 24
85.31.47.0/24 maxlen: 24
45.139.107.0/24 maxlen: 24
45.84.89.0/24 maxlen: 24
193.35.19.0/24 maxlen: 24
94.154.172.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:7d:12:cb:9f:e3:da:93:1a:4b:24:fb:00:4b:6c:6c:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 4 13:57:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3a74af744209a5892d90e508e5752c97a057a49c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:15:de:82:fb:e9:b9:c7:9e:6e:43:11:3e:ca:
23:17:71:37:61:40:7e:79:43:f6:a0:58:93:32:77:
73:53:93:6b:fb:12:1d:3c:ba:42:55:bc:f9:93:3c:
68:13:8a:fb:d4:3d:77:1d:e5:6f:03:13:60:3f:f5:
46:74:21:0a:c7:51:2f:ab:53:e6:ac:73:97:8a:7f:
c7:c0:91:e5:c0:65:b3:82:d8:a3:92:49:10:ba:6b:
d8:66:62:80:4c:b5:ea:eb:93:7c:88:76:70:59:1e:
ca:ed:3d:27:ee:bc:9b:54:ba:ed:4c:4f:60:e3:3f:
6e:75:f1:9b:8d:7b:4c:da:ef:93:13:97:6e:ab:0c:
fb:cf:b7:fb:c5:d8:75:a0:46:99:d9:78:7e:4d:60:
e5:e6:21:54:88:c3:69:5a:d3:16:97:ae:b9:08:55:
32:da:04:ae:b8:50:e4:c2:e2:1b:b2:9f:7d:1f:a9:
9c:ce:e1:c0:29:70:de:45:3f:aa:42:5b:db:5e:3b:
64:4f:ac:05:13:15:e9:00:54:22:42:d1:78:8e:20:
b1:cd:ec:c9:42:8a:ac:28:f4:68:a4:f8:68:ed:f0:
1d:f9:3a:c7:9b:ee:e5:00:14:2a:3b:82:0a:b4:37:
bc:b5:b1:fa:69:10:d4:be:f1:b3:e2:2c:c7:f6:b8:
5b:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3A:74:AF:74:42:09:A5:89:2D:90:E5:08:E5:75:2C:97:A0:57:A4:9C
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OnSvdEIJpYktkOUI5XUsl6BXpJw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.84.89.0/24
45.128.96.0/22
45.139.107.0/24
85.31.47.0/24
87.120.87.0/24
94.154.172.0/24
178.215.239.0/24
185.216.70.0/24
193.35.19.0/24
194.55.224.0/23
Signature Algorithm: sha256WithRSAEncryption
5b:f1:27:88:77:f4:30:9d:cb:38:5b:ad:b7:39:44:a1:c4:5d:
e8:03:2f:ee:86:cd:d6:09:f5:e0:3a:64:4f:dd:f0:c5:b1:d9:
67:b6:b0:36:80:59:04:da:db:4c:eb:0e:63:c7:4e:ba:0e:2d:
98:94:f9:13:9e:73:c3:0f:36:f9:d3:03:ff:a4:19:21:35:69:
d2:46:8d:ac:e5:b7:1e:25:5e:e2:5a:d4:66:f7:fd:26:5e:c6:
d8:97:7f:0e:94:20:86:d4:fb:8e:59:49:4f:1b:03:e5:cb:e3:
37:52:d6:01:c8:ac:77:cb:92:1c:12:61:1a:d0:84:12:31:c1:
52:91:5e:84:a3:52:cd:17:0b:39:de:ba:24:a1:3a:38:5f:03:
b2:31:a6:a7:31:58:6a:11:14:e8:29:fd:4c:04:92:5a:cf:3d:
90:96:17:02:8d:14:71:81:13:4c:eb:76:c7:a3:4d:ac:4d:7e:
1b:52:d6:0f:2f:3a:67:55:0a:66:f0:4e:26:09:6c:55:42:4c:
72:30:1e:fb:2a:d1:61:62:11:db:1f:79:61:94:82:76:92:ff:
c3:6e:f7:bd:dd:f5:c3:d9:d0:6d:3d:1b:56:d9:cb:a9:e3:5e:
77:e4:32:46:4e:de:84:cb:ec:f3:5b:17:ef:7e:00:d4:4d:ce:
ea:4c:ba:95
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYV9Esuf49qTGksk+wBLbGyOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTA0MTM1NzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYTc0YWY3NDQyMDlhNTg5MmQ5MGU1MDhlNTc1MmM5N2EwNTdhNDljMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihXegvvpuceebkMRPsojF3E3YUB+
eUP2oFiTMndzU5Nr+xIdPLpCVbz5kzxoE4r71D13HeVvAxNgP/VGdCEKx1Evq1Pm
rHOXin/HwJHlwGWzgtijkkkQumvYZmKATLXq65N8iHZwWR7K7T0n7rybVLrtTE9g
4z9udfGbjXtM2u+TE5duqwz7z7f7xdh1oEaZ2Xh+TWDl5iFUiMNpWtMWl665CFUy
2gSuuFDkwuIbsp99H6mczuHAKXDeRT+qQlvbXjtkT6wFExXpAFQiQtF4jiCxzezJ
QoqsKPRopPho7fAd+TrHm+7lABQqO4IKtDe8tbH6aRDUvvGz4izH9rhbWwIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFDp0r3RCCaWJLZDlCOV1LJegV6ScMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvT25TdmRFSUpwWWt0a09VSTVYVXNsNkJYcEp3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALVRZAwQC
LYBgAwQALYtrAwQAVR8vAwQAV3hXAwQAXpqsAwQAstfvAwQAudhGAwQAwSMTAwQB
wjfgMA0GCSqGSIb3DQEBCwUAA4IBAQBb8SeId/Qwncs4W623OUShxF3oAy/uhs3W
CfXgOmRP3fDFsdlntrA2gFkE2ttM6w5jx066Di2YlPkTnnPDDzb50wP/pBkhNWnS
Ro2s5bceJV7iWtRm9/0mXsbYl38OlCCG1PuOWUlPGwPly+M3UtYByKx3y5IcEmEa
0IQSMcFSkV6Eo1LNFws53rokoTo4XwOyMaanMVhqERToKf1MBJJazz2QlhcCjRRx
gRNM63bHo02sTX4bUtYPLzpnVQpm8E4mCWxVQkxyMB77KtFhYhHbH3lhlIJ2kv/D
bve93fXD2dBtPRtW2cup41535DJGTt6Ey+zzWxfvfgDUTc7qTLqV
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:06 2024 by rpki-client on console-fra.rpki-client.org