Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/RDriiIiW4UWQY1xqe5GElkbsULA.roa
File: RDriiIiW4UWQY1xqe5GElkbsULA.roa (raw, json)
Hash identifier: Ys37GYNW0+MYREgjvTlq3+gk4rxJ4NwRHPfIcvC2byg=
Subject key identifier: 44:3A:E2:88:88:96:E1:45:90:63:5C:6A:7B:91:84:96:46:EC:50:B0
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0189ABC64FB2DF0D467AEC2041ACDDB0B9C5
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/RDriiIiW4UWQY1xqe5GElkbsULA.roa
Signing time: Mon 31 Jul 2023 11:47:27 +0000
ROA not before: Mon 31 Jul 2023 11:47:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211252
IP address blocks: 94.156.6.0/24 maxlen: 24
45.81.243.0/24 maxlen: 24
45.12.253.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
85.31.44.0/24 maxlen: 24
85.31.46.0/24 maxlen: 24
85.31.45.0/24 maxlen: 24
185.246.221.0/24 maxlen: 24
185.246.220.0/24 maxlen: 24
109.206.243.0/24 maxlen: 24
109.206.241.0/24 maxlen: 24
185.254.37.0/24 maxlen: 24
194.180.48.0/24 maxlen: 24
194.180.49.0/24 maxlen: 24
185.225.73.0/24 maxlen: 24
45.139.105.0/24 maxlen: 24
185.225.75.0/24 maxlen: 24
185.225.74.0/24 maxlen: 24
37.139.128.0/24 maxlen: 24
37.139.129.0/24 maxlen: 24
87.121.3.0/24 maxlen: 24
94.156.102.0/24 maxlen: 24
84.21.172.0/24 maxlen: 24
109.206.240.0/24 maxlen: 24
212.87.204.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
84.54.50.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
85.217.144.0/24 maxlen: 24
45.81.39.0/24 maxlen: 24
94.156.253.0/24 maxlen: 24
80.76.51.0/24 maxlen: 24
94.156.161.0/24 maxlen: 24
193.42.33.0/24 maxlen: 24
193.42.32.0/24 maxlen: 24
185.252.178.0/24 maxlen: 24
193.47.61.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
185.216.68.0/24 maxlen: 24
45.88.67.0/24 maxlen: 24
185.216.71.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
79.110.63.0/24 maxlen: 24
93.123.118.0/24 maxlen: 24
87.121.221.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:ab:c6:4f:b2:df:0d:46:7a:ec:20:41:ac:dd:b0:b9:c5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jul 31 11:47:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=443ae2888896e14590635c6a7b91849646ec50b0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:c0:c3:fd:3a:86:be:6b:73:d5:ba:cd:80:97:
8d:1a:f4:bc:eb:aa:37:11:8c:86:ad:59:27:8a:63:
a2:2e:4a:5c:f5:ca:b3:ec:a9:76:d4:91:d6:7b:f7:
ef:3d:03:2c:55:1f:df:88:c7:0c:8f:5c:d2:1a:47:
7c:b7:85:2c:16:03:15:7a:e7:d6:2e:4f:29:0b:f3:
d1:b3:1e:a1:fd:aa:08:62:c5:aa:ce:87:36:8c:66:
d9:78:09:5c:0a:0f:eb:25:89:cb:3d:fc:6a:04:17:
7b:b0:8c:d3:77:ab:59:ca:55:f9:22:36:ba:09:37:
70:d1:d2:3d:92:36:e2:eb:e4:c7:f5:58:81:d8:ba:
3b:8a:ad:48:2b:62:b7:e6:3a:dd:a6:41:9c:53:7f:
3f:93:bd:2c:2b:ea:05:03:f5:12:0b:ad:13:eb:6b:
a2:06:b5:a1:05:9e:11:ca:1d:77:be:e7:66:ea:63:
98:0b:4b:75:76:3c:d8:87:cc:c0:00:4d:e0:b0:94:
61:bc:85:9b:08:18:d8:73:e4:bb:97:15:6f:8d:52:
5c:7b:8b:86:d5:22:9e:13:2c:07:6f:78:32:45:20:
d1:af:7d:77:26:6b:46:a8:61:fe:7e:bf:dc:0e:be:
76:1c:02:1b:8e:27:6b:7d:3e:c8:4a:36:01:73:b3:
9d:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:3A:E2:88:88:96:E1:45:90:63:5C:6A:7B:91:84:96:46:EC:50:B0
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/RDriiIiW4UWQY1xqe5GElkbsULA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.128.0/23
45.12.253.0/24
45.66.230.0/24
45.81.39.0/24
45.81.243.0/24
45.88.67.0/24
45.139.105.0/24
79.110.62.0/23
80.76.51.0/24
84.21.172.0/24
84.54.50.0/24
85.31.44.0-85.31.46.255
85.217.144.0/24
87.121.3.0/24
87.121.221.0/24
93.123.118.0/24
94.156.6.0/24
94.156.102.0/24
94.156.161.0/24
94.156.253.0/24
95.214.27.0/24
109.206.240.0/23
109.206.243.0/24
185.216.68.0/24
185.216.71.0/24
185.225.73.0-185.225.75.255
185.246.220.0/23
185.252.178.0/24
185.254.37.0/24
193.42.32.0/23
193.47.61.0/24
194.55.186.0/24
194.55.224.0/24
194.180.48.0/23
212.87.204.0/24
Signature Algorithm: sha256WithRSAEncryption
97:01:11:41:79:82:4b:85:ab:50:0f:7b:f8:d0:a1:07:8e:a3:
6f:05:13:2a:f5:19:23:31:c7:50:21:ba:88:0c:ac:01:9e:e7:
ca:d6:0d:b1:da:7e:80:17:c1:e5:dc:76:71:8a:96:24:fc:8c:
cf:12:93:18:f9:60:ec:33:42:2a:9f:00:1d:58:42:bb:44:97:
fc:b9:e3:0f:ed:8a:43:99:34:9d:fe:25:a6:34:58:9d:57:40:
94:f0:1b:91:fc:49:da:de:9f:46:f5:52:24:95:58:4e:f2:8f:
90:be:5d:08:45:76:f5:dc:09:66:ea:1a:de:c0:48:ce:17:85:
55:88:bc:2c:77:3e:15:36:10:db:16:45:70:ae:72:d9:75:08:
ac:ac:63:9f:49:1b:51:e7:81:89:c2:06:5b:7b:d0:db:b7:74:
4d:57:3e:e7:3b:0d:5e:ca:f1:50:32:e1:f2:a2:18:54:2a:44:
d5:e2:d5:d0:cc:e2:6b:7d:03:a7:d3:42:23:5e:88:9f:b4:e7:
42:d6:68:ce:64:04:18:fa:d9:eb:ab:d9:42:e8:41:8d:3a:6c:
0d:03:93:16:04:96:c5:c9:26:9f:d4:20:50:b8:8e:bc:2c:11:
92:e8:24:28:92:30:e8:93:6c:1b:0b:df:ac:6f:c7:65:f5:3b:
fe:39:85:77
-----BEGIN CERTIFICATE-----
MIIF3jCCBMagAwIBAgISAYmrxk+y3w1GeuwgQazdsLnFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzMxMTE0NzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDNhZTI4ODg4OTZlMTQ1OTA2MzVjNmE3YjkxODQ5NjQ2ZWM1MGIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtMDD/TqGvmtz1brNgJeNGvS866o3
EYyGrVknimOiLkpc9cqz7Kl21JHWe/fvPQMsVR/fiMcMj1zSGkd8t4UsFgMVeufW
Lk8pC/PRsx6h/aoIYsWqzoc2jGbZeAlcCg/rJYnLPfxqBBd7sIzTd6tZylX5Ija6
CTdw0dI9kjbi6+TH9ViB2Lo7iq1IK2K35jrdpkGcU38/k70sK+oFA/USC60T62ui
BrWhBZ4Ryh13vudm6mOYC0t1djzYh8zAAE3gsJRhvIWbCBjYc+S7lxVvjVJce4uG
1SKeEywHb3gyRSDRr313JmtGqGH+fr/cDr52HAIbjidrfT7ISjYBc7OdYwIDAQAB
o4IC6jCCAuYwHQYDVR0OBBYEFEQ64oiIluFFkGNcanuRhJZG7FCwMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUkRyaWlJaVc0VVdRWTF4cWU1R0Vsa2JzVUxBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH/BggrBgEFBQcBBwEB/wSB7zCB7DCB6QQCAAEwgeIDBAEl
i4ADBAAtDP0DBAAtQuYDBAAtUScDBAAtUfMDBAAtWEMDBAAti2kDBAFPbj4DBABQ
TDMDBABUFawDBABUNjIwDAMEAlUfLAMEAFUfLgMEAFXZkAMEAFd5AwMEAFd53QME
AF17dgMEAF6cBgMEAF6cZgMEAF6coQMEAF6c/QMEAF/WGwMEAW3O8AMEAG3O8wME
ALnYRAMEALnYRzAMAwQAueFJAwQCueFIAwQBufbcAwQAufyyAwQAuf4lAwQBwSog
AwQAwS89AwQAwje6AwQAwjfgAwQBwrQwAwQA1FfMMA0GCSqGSIb3DQEBCwUAA4IB
AQCXARFBeYJLhatQD3v40KEHjqNvBRMq9RkjMcdQIbqIDKwBnufK1g2x2n6AF8Hl
3HZxipYk/IzPEpMY+WDsM0IqnwAdWEK7RJf8ueMP7YpDmTSd/iWmNFidV0CU8BuR
/Ena3p9G9VIklVhO8o+Qvl0IRXb13Alm6hrewEjOF4VViLwsdz4VNhDbFkVwrnLZ
dQisrGOfSRtR54GJwgZbe9Dbt3RNVz7nOw1eyvFQMuHyohhUKkTV4tXQzOJrfQOn
00IjXoiftOdC1mjOZAQY+tnrq9lC6EGNOmwNA5MWBJbFySaf1CBQuI68LBGS6CQo
kjDok2wbC9+sb8dl9Tv+OYV3
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:07 2024 by rpki-client on console-fra.rpki-client.org