Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PD21ZfeeOc5dgV6AIFOKcEMR6l8.roa
File: PD21ZfeeOc5dgV6AIFOKcEMR6l8.roa (raw, json)
Hash identifier: jeffe2HG5w9bJXY/UV+kCWn5qQUZdFCP1h4Pz8q0uwI=
Subject key identifier: 3C:3D:B5:65:F7:9E:39:CE:5D:81:5E:80:20:53:8A:70:43:11:EA:5F
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0187A35EA5D2A957B2368737FCC4E985DBDF
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PD21ZfeeOc5dgV6AIFOKcEMR6l8.roa
Signing time: Fri 21 Apr 2023 10:31:41 +0000
ROA not before: Fri 21 Apr 2023 10:31:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.218.84.0/22 maxlen: 24
178.215.236.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
185.246.223.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
87.120.64.0/23 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.137.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
185.219.126.0/24 maxlen: 24
94.154.172.0/24 maxlen: 24
87.121.220.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:a3:5e:a5:d2:a9:57:b2:36:87:37:fc:c4:e9:85:db:df
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 21 10:31:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3c3db565f79e39ce5d815e8020538a704311ea5f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:91:60:c1:ea:f9:7f:4c:ae:d0:b6:df:7f:58:
37:1a:f0:71:63:c0:d6:ca:39:5b:5c:0f:e4:06:f9:
ee:0f:cc:34:27:3b:0b:d9:6f:4a:aa:eb:17:b3:2d:
51:63:9b:02:7a:16:a3:e5:fa:47:53:07:b5:ea:a3:
7d:92:ba:54:bf:8b:5e:b4:86:ab:7c:e5:48:bc:ce:
1e:94:a9:1a:86:0c:78:ce:bc:23:9c:ee:16:8c:b2:
53:1a:9d:a3:3c:98:a2:f9:6c:21:08:3d:02:3a:29:
2a:30:82:1c:76:78:b6:67:c6:34:3e:07:54:80:b5:
14:3b:e3:f0:e1:72:75:bc:ca:a1:e5:86:2e:96:a5:
9d:af:18:3c:b9:1c:16:ff:bc:90:f7:24:81:db:8e:
af:ac:b0:2a:8b:59:3b:a8:4d:b2:fc:2b:17:04:31:
d9:78:9e:68:a7:12:65:01:e9:64:4b:83:23:1f:f3:
07:96:21:4a:ad:f8:bd:be:7b:0e:d0:c1:6b:53:17:
0c:d3:5a:00:cf:76:9d:c8:f6:31:a4:10:6e:8e:7e:
66:c4:26:e1:11:22:27:fa:ed:48:54:01:5f:46:64:
35:3d:99:03:b6:fe:9b:13:9f:5b:bd:57:5d:e3:6d:
51:09:8b:4c:fa:a4:c9:6a:9f:0b:6d:1f:26:d2:be:
ca:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3C:3D:B5:65:F7:9E:39:CE:5D:81:5E:80:20:53:8A:70:43:11:EA:5F
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PD21ZfeeOc5dgV6AIFOKcEMR6l8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.89.0/24
87.120.64.0/23
87.121.220.0/24
92.119.196.0/23
94.154.161.0-94.154.163.255
94.154.172.0/24
147.78.100.0/23
171.22.72.0/22
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.218.137.0/24
185.219.126.0/24
185.246.223.0/24
Signature Algorithm: sha256WithRSAEncryption
9c:22:48:f5:9d:66:01:31:8a:99:ff:33:ff:0f:26:b9:4a:37:
a4:a9:03:71:37:40:64:56:39:6c:29:56:fe:b6:7d:17:26:90:
2c:d1:f4:e3:cb:b4:27:ca:24:cb:83:72:78:b9:61:e0:9f:e9:
50:e2:27:de:8e:8f:10:45:9d:c2:a1:ab:61:9e:e9:ee:45:80:
3a:3e:7c:2a:53:d9:19:be:d2:01:0a:ba:0d:dd:0f:14:87:9d:
ef:c9:f9:36:ba:7f:f5:79:4c:d7:2a:c8:c3:13:83:46:5d:be:
e1:e4:d1:73:ab:59:45:bd:cd:2b:71:00:5d:85:51:34:48:ac:
f6:52:8d:fb:4d:b8:ef:c2:40:73:c4:d7:78:87:e7:d6:ea:70:
89:32:f3:ab:dd:f6:4c:a0:0f:87:a9:6b:0d:2e:5e:3f:38:f6:
d8:e8:6b:22:d2:52:8d:37:66:61:34:f7:62:43:62:5b:53:8e:
48:01:4f:90:fb:41:88:6b:8d:04:92:c1:12:76:27:28:9f:14:
2e:6c:1b:8f:3c:7f:e3:dc:f0:ba:28:64:a5:3d:bf:5a:0d:4f:
20:53:65:ab:4f:25:90:80:04:bc:0a:33:3b:34:79:8b:64:de:
03:52:a5:4a:89:63:8f:3e:a6:fc:37:14:2e:cd:81:c1:a7:50:
e8:12:fd:b5
-----BEGIN CERTIFICATE-----
MIIFUzCCBDugAwIBAgISAYejXqXSqVeyNoc3/MTphdvfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDIxMTAzMTQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYzNkYjU2NWY3OWUzOWNlNWQ4MTVlODAyMDUzOGE3MDQzMTFlYTVmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhZFgwer5f0yu0Lbff1g3GvBxY8DW
yjlbXA/kBvnuD8w0JzsL2W9KqusXsy1RY5sCehaj5fpHUwe16qN9krpUv4tetIar
fOVIvM4elKkahgx4zrwjnO4WjLJTGp2jPJii+WwhCD0COikqMIIcdni2Z8Y0PgdU
gLUUO+Pw4XJ1vMqh5YYulqWdrxg8uRwW/7yQ9ySB246vrLAqi1k7qE2y/CsXBDHZ
eJ5opxJlAelkS4MjH/MHliFKrfi9vnsO0MFrUxcM01oAz3adyPYxpBBujn5mxCbh
ESIn+u1IVAFfRmQ1PZkDtv6bE59bvVdd421RCYtM+qTJap8LbR8m0r7K0QIDAQAB
o4ICXzCCAlswHQYDVR0OBBYEFDw9tWX3njnOXYFegCBTinBDEepfMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUEQyMVpmZWVPYzVkZ1Y2QUlGT0tjRU1SNmw4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHUGCCsGAQUFBwEHAQH/BGYwZDBiBAIAATBcAwQALZdZAwQB
V3hAAwQAV3ncAwQBXHfEMAwDBABemqEDBAJemqADBABemqwDBAGTTmQDBAKrFkgD
BACy1+wDBAK52FQDBAK52lQDBAC52okDBAC5234DBAC59t8wDQYJKoZIhvcNAQEL
BQADggEBAJwiSPWdZgExipn/M/8PJrlKN6SpA3E3QGRWOWwpVv62fRcmkCzR9OPL
tCfKJMuDcni5YeCf6VDiJ96OjxBFncKhq2Ge6e5FgDo+fCpT2Rm+0gEKug3dDxSH
ne/J+Ta6f/V5TNcqyMMTg0ZdvuHk0XOrWUW9zStxAF2FUTRIrPZSjftNuO/CQHPE
13iH59bqcIky86vd9kygD4epaw0uXj849tjoayLSUo03ZmE092JDYltTjkgBT5D7
QYhrjQSSwRJ2JyifFC5sG488f+Pc8LooZKU9v1oNTyBTZatPJZCABLwKMzs0eYtk
3gNSpUqJY48+pvw3FC7NgcGnUOgS/bU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:32 2024 by rpki-client on console-ams.rpki-client.org