Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/R7XjQRVa9buiaKoqnv--eF91bk0.roa
File: R7XjQRVa9buiaKoqnv--eF91bk0.roa (raw, json)
Hash identifier: EA9ni3uaEWbs9k5i/Eai/LQW4x+5dSZK4m+1bieempA=
Subject key identifier: 47:B5:E3:41:15:5A:F5:BB:A2:68:AA:2A:9E:FF:BE:78:5F:75:6E:4D
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018C0F9F3646E6BA1B6BE9742E95EABF9753
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/R7XjQRVa9buiaKoqnv--eF91bk0.roa
Signing time: Mon 27 Nov 2023 07:12:21 +0000
ROA not before: Mon 27 Nov 2023 07:12:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50738
IP address blocks: 87.121.124.0/23 maxlen: 24
171.22.31.0/24 maxlen: 24
81.161.230.0/24 maxlen: 24
81.161.239.0/24 maxlen: 24
91.200.192.0/22 maxlen: 24
94.156.250.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
45.9.156.0/24 maxlen: 24
87.121.162.0/24 maxlen: 24
147.78.100.0/23 maxlen: 24
45.141.158.0/24 maxlen: 24
171.22.17.0/24 maxlen: 24
171.22.18.0/24 maxlen: 24
92.249.48.0/24 maxlen: 24
79.110.61.0/24 maxlen: 24
194.180.39.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
45.129.84.0/24 maxlen: 24
45.129.86.0/24 maxlen: 24
94.154.172.0/24 maxlen: 24
193.35.19.0/24 maxlen: 24
37.139.130.0/24 maxlen: 24
193.25.216.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:0f:9f:36:46:e6:ba:1b:6b:e9:74:2e:95:ea:bf:97:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Nov 27 07:12:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=47b5e341155af5bba268aa2a9effbe785f756e4d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:10:16:0f:ee:76:8a:d1:20:c6:7b:f8:d1:9a:
d9:4a:65:23:87:c4:9a:e3:a2:af:03:62:7a:06:4f:
2e:a1:9c:c1:75:66:85:d6:b0:46:d9:65:85:21:90:
b0:45:be:b5:da:5c:05:23:66:7c:92:91:23:88:ab:
8e:c2:e3:d5:d5:d5:82:3b:2d:1e:c5:25:2a:a3:87:
a2:70:50:41:35:b4:05:22:a6:f7:d4:5f:55:c8:8e:
02:95:02:ce:99:f6:6c:7a:0d:ae:48:64:12:5c:92:
e5:e8:0e:b6:59:c2:d8:c6:8e:bb:ae:d0:91:00:11:
52:47:5f:5f:23:33:f8:b0:ee:77:07:56:b4:5b:e1:
77:14:60:d2:f1:f6:45:cb:b5:84:5f:4e:ee:2c:c5:
dd:26:3a:99:d3:a2:cc:96:f2:a9:e5:95:b7:41:0a:
38:bc:e7:fa:63:b9:8d:59:43:5b:36:e3:b2:78:a5:
64:1f:9c:f0:11:62:fa:c1:aa:1b:b1:16:89:b2:d9:
e6:53:a9:bc:9c:c9:f2:e9:fb:2d:a7:22:5a:8b:28:
69:83:0b:c4:d4:b3:55:4f:95:02:31:60:38:75:10:
c9:48:e8:28:66:49:a6:cc:f5:53:d6:a9:81:e7:bc:
01:be:3d:fd:59:94:4d:06:5e:55:5e:f3:c2:97:73:
59:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:B5:E3:41:15:5A:F5:BB:A2:68:AA:2A:9E:FF:BE:78:5F:75:6E:4D
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/R7XjQRVa9buiaKoqnv--eF91bk0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.130.0/24
45.9.156.0/24
45.129.84.0/24
45.129.86.0/24
45.141.158.0/24
79.110.61.0/24
81.161.230.0/24
81.161.239.0/24
83.219.97.0/24
87.121.124.0/23
87.121.162.0/24
91.200.192.0/22
92.249.48.0/24
94.154.172.0/24
94.156.248.0/24
94.156.250.0/24
147.78.100.0/23
171.22.17.0-171.22.18.255
171.22.31.0/24
193.25.216.0/24
193.35.19.0/24
194.180.39.0/24
Signature Algorithm: sha256WithRSAEncryption
82:67:99:a4:81:c9:c1:ce:9d:9c:f4:61:d2:d6:b8:22:03:3f:
1b:bb:46:9f:0f:0b:e1:9d:30:4e:d0:36:b0:c9:6a:dd:a8:49:
13:e7:af:1a:5c:b9:15:65:50:0b:08:6b:f8:21:41:e0:c6:01:
e1:03:dc:70:f7:34:1d:6d:cd:f2:ef:bb:b8:16:7c:63:81:b3:
1e:63:09:f4:40:eb:a0:90:bf:e0:6b:f2:58:54:1b:4d:24:e0:
9b:10:4e:2f:98:f2:a3:6b:7b:d6:de:3f:39:a8:05:f7:26:3f:
a2:1f:10:bf:e6:a3:6f:f2:97:66:f3:69:f4:70:9c:f4:a6:2f:
27:6c:da:62:11:9a:8c:c5:28:d3:26:0c:30:9d:c2:4a:b8:d5:
06:10:d6:23:ba:f2:ce:35:b3:db:81:67:d7:8d:a4:7d:b8:f6:
97:12:89:1c:3c:85:42:6a:1c:41:8e:b6:8d:74:d1:14:b7:37:
83:9f:b2:9e:09:0e:7d:9c:01:e9:21:42:fb:17:ea:b2:6f:96:
df:3b:22:9f:8e:a6:75:f8:63:56:4d:46:9e:bc:bb:35:81:46:
98:14:11:2e:25:11:04:ed:cf:7a:14:62:47:87:bb:11:97:bc:
9d:fc:8a:ab:f5:46:40:40:ca:92:d2:75:38:93:be:a3:5e:48:
50:97:07:0e
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAYwPnzZG5roba+l0LpXqv5dTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMTI3MDcxMjIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2I1ZTM0MTE1NWFmNWJiYTI2OGFhMmE5ZWZmYmU3ODVmNzU2ZTRkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2BAWD+52itEgxnv40ZrZSmUjh8Sa
46KvA2J6Bk8uoZzBdWaF1rBG2WWFIZCwRb612lwFI2Z8kpEjiKuOwuPV1dWCOy0e
xSUqo4eicFBBNbQFIqb31F9VyI4ClQLOmfZseg2uSGQSXJLl6A62WcLYxo67rtCR
ABFSR19fIzP4sO53B1a0W+F3FGDS8fZFy7WEX07uLMXdJjqZ06LMlvKp5ZW3QQo4
vOf6Y7mNWUNbNuOyeKVkH5zwEWL6waobsRaJstnmU6m8nMny6fstpyJaiyhpgwvE
1LNVT5UCMWA4dRDJSOgoZkmmzPVT1qmB57wBvj39WZRNBl5VXvPCl3NZOwIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFEe140EVWvW7omiqKp7/vnhfdW5NMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUjdYalFSVmE5YnVpYUtvcW52LS1lRjkxYmswLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGpBggrBgEFBQcBBwEB/wSBmTCBljCBkwQCAAEwgYwDBAAl
i4IDBAAtCZwDBAAtgVQDBAAtgVYDBAAtjZ4DBABPbj0DBABRoeYDBABRoe8DBABT
22EDBAFXeXwDBABXeaIDBAJbyMADBABc+TADBABemqwDBABenPgDBABenPoDBAGT
TmQwDAMEAKsWEQMEAKsWEgMEAKsWHwMEAMEZ2AMEAMEjEwMEAMK0JzANBgkqhkiG
9w0BAQsFAAOCAQEAgmeZpIHJwc6dnPRh0ta4IgM/G7tGnw8L4Z0wTtA2sMlq3ahJ
E+evGly5FWVQCwhr+CFB4MYB4QPccPc0HW3N8u+7uBZ8Y4GzHmMJ9EDroJC/4Gvy
WFQbTSTgmxBOL5jyo2t71t4/OagF9yY/oh8Qv+ajb/KXZvNp9HCc9KYvJ2zaYhGa
jMUo0yYMMJ3CSrjVBhDWI7ryzjWz24Fn142kfbj2lxKJHDyFQmocQY62jXTRFLc3
g5+yngkOfZwB6SFC+xfqsm+W3zsin46mdfhjVk1Gnry7NYFGmBQRLiURBO3PehRi
R4e7EZe8nfyKq/VGQEDKktJ1OJO+o15IUJcHDg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:07 2024 by rpki-client on console-fra.rpki-client.org