Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PbtBKj_m1M-LlvgGzPGP6CKx8p4.roa
File: PbtBKj_m1M-LlvgGzPGP6CKx8p4.roa (raw, json)
Hash identifier: KDogvr73+6jhgW3NX7D3frEejSkI2/otb14AZ8xWFgo=
Subject key identifier: 3D:BB:41:2A:3F:E6:D4:CF:8B:96:F8:06:CC:F1:8F:E8:22:B1:F2:9E
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018DCA7FF731A391B8661CCF7E6BB1A48C2E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PbtBKj_m1M-LlvgGzPGP6CKx8p4.roa
Signing time: Wed 21 Feb 2024 07:10:00 +0000
ROA not before: Wed 21 Feb 2024 07:10:00 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.9.156.0/24 maxlen: 24
45.84.89.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.221.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.239.0/24 maxlen: 24
95.214.24.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
185.226.173.0/24 maxlen: 24
185.246.223.0/24 maxlen: 24
185.252.176.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:ca:7f:f7:31:a3:91:b8:66:1c:cf:7e:6b:b1:a4:8c:2e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 21 07:10:00 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3dbb412a3fe6d4cf8b96f806ccf18fe822b1f29e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b1:dc:95:d8:87:df:84:33:ed:c1:b8:65:e3:35:
9a:85:af:32:fd:45:73:98:6b:5d:7d:a4:17:a7:fc:
0d:60:d8:cc:18:09:d3:95:53:cf:9f:53:72:dc:0c:
a6:d5:93:00:2e:8b:6a:ad:2b:91:75:f7:34:3b:b8:
a2:32:1b:7d:c5:3a:7f:15:cf:e4:f3:34:c7:b6:b8:
62:11:4f:e3:15:3d:9e:c7:93:70:21:09:3d:15:b1:
70:8b:df:19:57:b1:d5:1b:10:c6:5a:6e:6d:8e:c4:
24:95:28:0a:3f:f4:9c:f5:c6:d1:25:69:55:8c:34:
59:f6:8a:67:2e:f9:2b:b8:dc:d1:a2:88:27:70:a3:
de:cf:b7:6d:8a:4b:a6:c3:79:90:b2:83:ab:3c:f0:
65:46:55:e0:f8:6a:7b:b2:d6:34:75:c9:87:0c:b8:
a7:34:19:de:cb:fd:07:bc:17:33:e6:d9:3b:2e:60:
1d:85:1f:96:9c:9f:16:41:e7:74:c2:e1:32:38:4d:
65:b6:8a:ae:c4:96:7f:63:33:0b:33:0c:58:8d:53:
eb:8e:81:79:f2:02:b9:26:0c:2d:f0:7e:1b:12:37:
92:83:0c:e0:99:57:60:41:29:36:9d:99:09:c7:5d:
2e:43:85:59:40:42:c2:47:35:60:f9:61:95:f0:a9:
24:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:BB:41:2A:3F:E6:D4:CF:8B:96:F8:06:CC:F1:8F:E8:22:B1:F2:9E
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/PbtBKj_m1M-LlvgGzPGP6CKx8p4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/24
45.84.89.0/24
45.151.89.0/24
87.120.87.0/24
87.121.45.0/24
87.121.221.0/24
92.119.196.0/23
94.154.160.0/22
94.156.239.0/24
95.214.24.0/24
147.78.101.0-147.78.102.255
171.22.72.0/22
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.226.173.0/24
185.246.223.0/24
185.252.176.0/24
194.55.224.0/24
Signature Algorithm: sha256WithRSAEncryption
57:71:41:50:c7:5c:a4:06:fc:16:b6:97:eb:1f:7c:9e:ad:e0:
ae:7a:53:6a:b0:f9:c8:6b:bd:a7:74:08:fa:93:62:9c:bb:5a:
76:93:9e:e8:3e:10:f0:f3:c8:96:df:6e:29:98:bf:b1:ba:ec:
ce:04:e0:bb:fc:40:e2:65:13:08:27:6a:45:bf:5b:6e:7a:5e:
c1:f5:b1:bd:85:7b:5c:37:7b:d7:e7:10:53:97:07:55:57:87:
15:43:8c:b5:29:6a:36:c5:bd:9c:cd:3f:8f:c3:cb:c9:f8:82:
d3:58:c1:28:c0:12:6b:71:77:31:e2:c5:55:7a:87:1f:da:23:
8a:ac:b7:cf:77:e5:26:fa:71:05:6f:02:8c:f1:10:c3:2c:cb:
57:71:44:ba:9f:ea:22:5e:6e:a1:e3:82:5f:2f:70:34:d0:e9:
5f:22:02:29:df:e7:39:0c:98:39:0a:fd:e3:3d:f0:1e:c9:81:
41:1f:78:66:7b:89:d9:29:1e:b4:99:4f:9e:21:39:b6:95:f3:
9b:7d:04:48:8a:00:40:90:2a:dd:85:10:81:32:fe:37:f0:4c:
b4:f0:c5:2c:13:8e:d7:3d:ff:09:ae:90:08:d4:a8:a6:01:f7:
7e:5e:00:56:32:a7:70:15:82:9c:de:64:b5:e7:78:f2:48:8f:
78:bb:f6:25
-----BEGIN CERTIFICATE-----
MIIFfDCCBGSgAwIBAgISAY3Kf/cxo5G4ZhzPfmuxpIwuMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjIxMDcxMDAwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGJiNDEyYTNmZTZkNGNmOGI5NmY4MDZjY2YxOGZlODIyYjFmMjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsdyV2IffhDPtwbhl4zWaha8y/UVz
mGtdfaQXp/wNYNjMGAnTlVPPn1Ny3Aym1ZMALotqrSuRdfc0O7iiMht9xTp/Fc/k
8zTHtrhiEU/jFT2ex5NwIQk9FbFwi98ZV7HVGxDGWm5tjsQklSgKP/Sc9cbRJWlV
jDRZ9opnLvkruNzRoogncKPez7dtikumw3mQsoOrPPBlRlXg+Gp7stY0dcmHDLin
NBney/0HvBcz5tk7LmAdhR+WnJ8WQed0wuEyOE1ltoquxJZ/YzMLMwxYjVPrjoF5
8gK5Jgwt8H4bEjeSgwzgmVdgQSk2nZkJx10uQ4VZQELCRzVg+WGV8KkkpQIDAQAB
o4ICiDCCAoQwHQYDVR0OBBYEFD27QSo/5tTPi5b4Bszxj+gisfKeMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUGJ0QktqX20xTS1MbHZnR3pQR1A2Q0t4OHA0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGdBggrBgEFBQcBBwEB/wSBjTCBijCBhwQCAAEwgYADBAAt
CZwDBAAtVFkDBAAtl1kDBABXeFcDBABXeS0DBABXed0DBAFcd8QDBAJemqADBABe
nO8DBABf1hgwDAMEAJNOZQMEAJNOZgMEAqsWSAMEALLX4AMEALLX7AMEArnYVAME
ArnaVAMEALnirQMEALn23wMEALn8sAMEAMI34DANBgkqhkiG9w0BAQsFAAOCAQEA
V3FBUMdcpAb8FraX6x98nq3grnpTarD5yGu9p3QI+pNinLtadpOe6D4Q8PPIlt9u
KZi/sbrszgTgu/xA4mUTCCdqRb9bbnpewfWxvYV7XDd71+cQU5cHVVeHFUOMtSlq
NsW9nM0/j8PLyfiC01jBKMASa3F3MeLFVXqHH9ojiqy3z3flJvpxBW8CjPEQwyzL
V3FEup/qIl5uoeOCXy9wNNDpXyICKd/nOQyYOQr94z3wHsmBQR94ZnuJ2SketJlP
niE5tpXzm30ESIoAQJAq3YUQgTL+N/BMtPDFLBOO1z3/Ca6QCNSopgH3fl4AVjKn
cBWCnN5kted48kiPeLv2JQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:32 2024 by rpki-client on console-ams.rpki-client.org