Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/P-Z2Fxo4FF7P3DWlPoOKRVZMxbU.roa
File: P-Z2Fxo4FF7P3DWlPoOKRVZMxbU.roa (raw, json)
Hash identifier: YGye4lRFrIli/KRIkw9ZTpalFzRD6UbHYS8kIneQhCI=
Subject key identifier: 3F:E6:76:17:1A:38:14:5E:CF:DC:35:A5:3E:83:8A:45:56:4C:C5:B5
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0186164117838470B82976E1D1523B1CA7BE
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/P-Z2Fxo4FF7P3DWlPoOKRVZMxbU.roa
Signing time: Fri 03 Feb 2023 07:50:09 +0000
ROA not before: Fri 03 Feb 2023 07:50:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 25369
IP address blocks: 45.90.88.0/22 maxlen: 24
45.12.254.0/24 maxlen: 24
193.58.120.0/24 maxlen: 24
147.78.100.0/23 maxlen: 24
84.21.173.0/24 maxlen: 24
194.31.204.0/24 maxlen: 24
195.178.121.0/24 maxlen: 24
194.169.174.0/24 maxlen: 24
194.169.173.0/24 maxlen: 24
109.206.239.0/24 maxlen: 24
171.22.31.0/24 maxlen: 24
171.22.29.0/24 maxlen: 24
81.161.238.0/23 maxlen: 24
84.54.49.0/24 maxlen: 24
141.98.4.0/24 maxlen: 24
194.55.227.0/24 maxlen: 24
141.98.7.0/24 maxlen: 24
178.215.237.0/24 maxlen: 24
45.149.233.0/24 maxlen: 24
94.156.161.0/24 maxlen: 24
45.149.241.0/24 maxlen: 24
193.222.98.0/23 maxlen: 24
194.48.248.0/24 maxlen: 24
171.22.18.0/24 maxlen: 24
185.221.67.0/24 maxlen: 24
79.110.48.0/23 maxlen: 24
194.49.87.0/24 maxlen: 24
194.49.86.0/24 maxlen: 24
194.49.95.0/24 maxlen: 24
193.25.218.0/24 maxlen: 24
193.25.217.0/24 maxlen: 24
87.121.220.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:16:41:17:83:84:70:b8:29:76:e1:d1:52:3b:1c:a7:be
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 3 07:50:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3fe676171a38145ecfdc35a53e838a45564cc5b5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:4b:c1:a4:65:33:fd:b6:d7:a2:b5:1f:84:fa:
66:72:b0:63:82:99:87:c9:f1:4f:1e:ff:5a:e7:18:
7f:33:ae:74:e4:49:15:0f:86:4c:a0:21:e3:90:95:
ff:ca:c8:88:4e:6a:92:bb:8b:80:d1:f5:27:3c:9e:
c3:8f:d7:8c:1d:11:3b:eb:17:f2:91:f4:38:e8:13:
f7:fe:91:08:d9:17:67:19:6b:83:6b:c8:7e:b6:67:
4f:b7:22:74:49:b1:e7:fd:4b:d2:be:06:62:15:cd:
4b:a6:1a:ad:ba:03:a3:0c:72:b1:f3:86:cf:a1:c7:
6c:8f:8c:02:b2:64:03:01:b2:89:48:af:a9:69:44:
78:fa:a0:81:22:25:e3:a2:91:b1:6f:c3:27:aa:3b:
32:81:c7:4a:b1:58:9d:92:5e:8c:d4:98:9a:53:5b:
82:a6:20:c9:27:7f:d5:e9:28:22:c5:83:49:4b:61:
3c:e0:db:5a:aa:fe:60:11:7e:a3:7d:f5:30:67:36:
2d:b8:93:60:30:2f:0f:63:a8:ce:3d:ac:fe:46:c2:
b0:1e:3e:ab:69:b7:c7:4a:10:d4:44:f9:cc:2a:b7:
27:33:e1:74:41:67:1c:e6:d7:04:e2:60:2d:50:77:
1a:ae:51:44:48:82:7f:35:3e:e4:4b:3f:70:d8:d6:
db:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:E6:76:17:1A:38:14:5E:CF:DC:35:A5:3E:83:8A:45:56:4C:C5:B5
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/P-Z2Fxo4FF7P3DWlPoOKRVZMxbU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.12.254.0/24
45.90.88.0/22
45.149.233.0/24
45.149.241.0/24
79.110.48.0/23
81.161.238.0/23
84.21.173.0/24
84.54.49.0/24
87.121.220.0/24
94.156.161.0/24
109.206.239.0/24
141.98.4.0/24
141.98.7.0/24
147.78.100.0/23
171.22.18.0/24
171.22.29.0/24
171.22.31.0/24
178.215.237.0/24
185.221.67.0/24
193.25.217.0-193.25.218.255
193.58.120.0/24
193.222.98.0/23
194.31.204.0/24
194.48.248.0/24
194.49.86.0/23
194.49.95.0/24
194.55.227.0/24
194.169.173.0-194.169.174.255
195.178.121.0/24
Signature Algorithm: sha256WithRSAEncryption
ac:3a:63:7d:d6:04:1d:29:91:5b:34:e5:fb:3a:d8:bd:83:fe:
6c:ad:04:c2:0e:c8:81:77:22:00:5c:6b:8e:18:cd:0a:df:52:
89:93:d0:68:9b:97:91:c7:bd:5c:1c:b9:7c:59:f9:41:29:7f:
38:90:76:29:b5:6b:5d:b7:76:95:b9:ba:c3:3f:01:76:a3:b6:
7c:d9:7e:dc:2c:34:16:bd:13:3e:ea:40:33:bd:2c:bb:81:57:
59:a9:aa:6f:9f:6e:e7:67:67:59:b6:b0:11:6a:8b:00:e7:52:
b2:18:43:f6:e4:9b:d2:60:49:ee:89:48:08:c4:28:f5:b7:59:
57:32:17:bf:01:13:37:e7:ec:a3:35:f4:bc:c6:3b:39:c6:2e:
1d:17:90:37:ee:cc:f8:87:80:56:d4:9b:ae:c5:3b:e2:2b:4f:
2b:bf:33:98:9e:43:cc:6d:e0:96:52:97:20:54:4f:8c:22:09:
79:e5:93:3c:de:98:05:40:a6:5d:aa:0e:df:99:a8:ea:fe:c8:
96:1d:49:3b:db:e7:34:59:49:43:47:1e:da:25:57:61:95:90:
c1:85:13:95:06:5c:9d:46:7c:cc:52:ef:a1:a1:7e:45:91:b9:
19:6c:16:40:ec:4e:2c:d4:27:32:25:7d:4b:38:23:e3:c9:90:
cb:12:87:76
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgISAYYWQReDhHC4KXbh0VI7HKe+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMjAzMDc1MDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmU2NzYxNzFhMzgxNDVlY2ZkYzM1YTUzZTgzOGE0NTU2NGNjNWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq0vBpGUz/bbXorUfhPpmcrBjgpmH
yfFPHv9a5xh/M6505EkVD4ZMoCHjkJX/ysiITmqSu4uA0fUnPJ7Dj9eMHRE76xfy
kfQ46BP3/pEI2RdnGWuDa8h+tmdPtyJ0SbHn/UvSvgZiFc1LphqtugOjDHKx84bP
ocdsj4wCsmQDAbKJSK+paUR4+qCBIiXjopGxb8MnqjsygcdKsVidkl6M1JiaU1uC
piDJJ3/V6SgixYNJS2E84Ntaqv5gEX6jffUwZzYtuJNgMC8PY6jOPaz+RsKwHj6r
abfHShDURPnMKrcnM+F0QWcc5tcE4mAtUHcarlFESIJ/NT7kSz9w2NbbtQIDAQAB
o4ICxjCCAsIwHQYDVR0OBBYEFD/mdhcaOBRez9w1pT6DikVWTMW1MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUC1aMkZ4bzRGRjdQM0RXbFBvT0tSVlpNeGJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHbBggrBgEFBQcBBwEB/wSByzCByDCBxQQCAAEwgb4DBAAt
DP4DBAItWlgDBAAtlekDBAAtlfEDBAFPbjADBAFRoe4DBABUFa0DBABUNjEDBABX
edwDBABenKEDBABtzu8DBACNYgQDBACNYgcDBAGTTmQDBACrFhIDBACrFh0DBACr
Fh8DBACy1+0DBAC53UMwDAMEAMEZ2QMEAMEZ2gMEAME6eAMEAcHeYgMEAMIfzAME
AMIw+AMEAcIxVgMEAMIxXwMEAMI34zAMAwQAwqmtAwQAwqmuAwQAw7J5MA0GCSqG
SIb3DQEBCwUAA4IBAQCsOmN91gQdKZFbNOX7Oti9g/5srQTCDsiBdyIAXGuOGM0K
31KJk9Bom5eRx71cHLl8WflBKX84kHYptWtdt3aVubrDPwF2o7Z82X7cLDQWvRM+
6kAzvSy7gVdZqapvn27nZ2dZtrARaosA51KyGEP25JvSYEnuiUgIxCj1t1lXMhe/
ARM35+yjNfS8xjs5xi4dF5A37sz4h4BW1JuuxTviK08rvzOYnkPMbeCWUpcgVE+M
Igl55ZM83pgFQKZdqg7fmajq/siWHUk72+c0WUlDRx7aJVdhlZDBhROVBlydRnzM
Uu+hoX5FkbkZbBZA7E4s1CcyJX1LOCPjyZDLEod2
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:32 2024 by rpki-client on console-ams.rpki-client.org