Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/SaGRq8YGQnKkrn9Rj7z6P7HFhZQ.roa
File: SaGRq8YGQnKkrn9Rj7z6P7HFhZQ.roa (raw, json)
Hash identifier: q7PpAaA0Xp4rM/bYvoJ5gFRXBFgNYTCBLXwnnj8loSw=
Subject key identifier: 49:A1:91:AB:C6:06:42:72:A4:AE:7F:51:8F:BC:FA:3F:B1:C5:85:94
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01857C4039E26A721D4349A45C2AF9A3E83A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/SaGRq8YGQnKkrn9Rj7z6P7HFhZQ.roa
Signing time: Wed 04 Jan 2023 10:07:41 +0000
ROA not before: Wed 04 Jan 2023 10:07:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50225
IP address blocks: 194.55.224.0/24 maxlen: 24
84.54.50.0/24 maxlen: 24
194.55.225.0/24 maxlen: 24
185.222.160.0/24 maxlen: 24
185.222.161.0/24 maxlen: 24
45.9.156.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
94.156.160.0/24 maxlen: 24
193.42.34.0/24 maxlen: 24
193.47.60.0/24 maxlen: 24
45.84.91.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.88.65.0/24 maxlen: 24
194.180.38.0/24 maxlen: 24
194.180.39.0/24 maxlen: 24
45.129.84.0/24 maxlen: 24
94.154.162.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:7c:40:39:e2:6a:72:1d:43:49:a4:5c:2a:f9:a3:e8:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 4 10:07:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=49a191abc6064272a4ae7f518fbcfa3fb1c58594
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:c7:a1:16:64:3e:69:de:a0:22:0e:d5:6e:81:
51:c0:81:2f:2f:c0:ae:77:0f:3f:08:51:a0:be:1f:
99:e9:b5:c3:6d:8f:71:0a:c3:7e:7f:7a:a0:54:a1:
94:2a:95:c6:37:b1:fd:14:d3:b1:d6:29:ba:df:3e:
11:05:f4:a9:5a:d4:91:0e:15:54:3f:57:d8:1c:a6:
66:f5:3a:9b:d3:71:9f:ce:e0:02:c0:f1:57:15:08:
a1:b3:61:ae:b8:52:74:38:c9:4a:18:49:7b:57:af:
5e:08:ef:fb:73:a9:f2:63:8e:c7:cb:d7:46:89:22:
b5:50:17:73:52:a5:41:8a:ab:25:ce:b2:6a:e1:0f:
ac:b7:bf:f3:ae:bb:4b:8e:39:3f:74:76:1d:84:0f:
34:42:ab:c5:8e:af:0d:1e:94:bb:8b:03:6b:03:c1:
74:ba:17:a6:40:70:c6:4f:de:6f:28:3c:07:ed:57:
7c:ac:c2:29:fe:a3:89:90:b7:42:5b:83:00:e3:d6:
02:fc:48:4c:92:90:9b:6c:c0:78:9a:5f:68:98:88:
b8:f9:08:a5:73:ed:c3:5f:5a:ec:ac:16:73:06:f8:
7b:a7:3d:f3:0a:fc:ab:78:ec:c5:d1:22:2d:30:09:
f9:4e:c6:68:19:3c:cc:ae:97:24:a7:67:16:f7:9c:
a7:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
49:A1:91:AB:C6:06:42:72:A4:AE:7F:51:8F:BC:FA:3F:B1:C5:85:94
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/SaGRq8YGQnKkrn9Rj7z6P7HFhZQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/24
45.12.255.0/24
45.84.91.0/24
45.88.64.0/23
45.129.84.0/24
84.54.50.0/24
94.154.162.0/24
94.156.160.0/24
185.222.160.0/23
193.42.34.0/24
193.47.60.0/24
194.55.224.0/23
194.180.38.0/23
Signature Algorithm: sha256WithRSAEncryption
58:e5:42:5d:b4:b2:1b:a8:d7:24:70:3c:82:19:43:8f:ad:c0:
4a:99:90:a7:57:de:0a:a4:b2:01:2e:2f:f5:1f:08:45:11:e0:
74:64:b5:da:5b:c3:fd:23:ac:8d:43:3f:35:e3:a5:5c:47:6c:
ef:e3:d0:b7:32:ba:bd:7e:b9:34:31:49:1c:10:30:d6:a9:64:
fd:37:3f:4f:25:30:7b:a5:85:67:b8:92:8a:36:15:11:03:cb:
74:92:44:80:45:df:0e:df:48:fb:64:3b:e4:87:3e:86:28:17:
3a:7e:23:a5:c1:fe:4b:e1:e4:12:be:42:2e:73:12:53:cf:1c:
bd:08:60:43:41:fe:6c:3e:4a:0d:eb:5d:b7:8f:2f:d0:af:e6:
c9:4d:06:4b:e0:f8:5a:e8:76:39:59:0b:52:79:14:a6:4a:37:
5d:1b:a2:ef:a1:e3:45:db:b4:37:b3:e2:ba:19:c7:57:dc:8b:
23:fc:89:ef:12:8d:d4:5a:29:fe:d9:2c:4b:b9:36:39:29:b4:
de:a2:5c:94:29:e5:15:1b:04:a3:dd:36:fd:d8:24:e9:b4:5d:
6a:de:a0:d3:30:a4:dc:30:84:a3:00:51:7c:20:b9:2f:a7:cf:
64:71:81:e7:5f:82:e3:ef:61:d2:75:9a:d9:4b:5e:d3:c1:27:
4d:2f:54:06
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYV8QDnianIdQ0mkXCr5o+g6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTA0MTAwNzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0OWExOTFhYmM2MDY0MjcyYTRhZTdmNTE4ZmJjZmEzZmIxYzU4NTk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw8ehFmQ+ad6gIg7VboFRwIEvL8Cu
dw8/CFGgvh+Z6bXDbY9xCsN+f3qgVKGUKpXGN7H9FNOx1im63z4RBfSpWtSRDhVU
P1fYHKZm9Tqb03GfzuACwPFXFQihs2GuuFJ0OMlKGEl7V69eCO/7c6nyY47Hy9dG
iSK1UBdzUqVBiqslzrJq4Q+st7/zrrtLjjk/dHYdhA80QqvFjq8NHpS7iwNrA8F0
uhemQHDGT95vKDwH7Vd8rMIp/qOJkLdCW4MA49YC/EhMkpCbbMB4ml9omIi4+Qil
c+3DX1rsrBZzBvh7pz3zCvyreOzF0SItMAn5TsZoGTzMrpckp2cW95ynhwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFEmhkavGBkJypK5/UY+8+j+xxYWUMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvU2FHUnE4WUdRbktrcm45Umo3ejZQN0hGaFpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQALQmcAwQA
LQz/AwQALVRbAwQBLVhAAwQALYFUAwQAVDYyAwQAXpqiAwQAXpygAwQBud6gAwQA
wSoiAwQAwS88AwQBwjfgAwQBwrQmMA0GCSqGSIb3DQEBCwUAA4IBAQBY5UJdtLIb
qNckcDyCGUOPrcBKmZCnV94KpLIBLi/1HwhFEeB0ZLXaW8P9I6yNQz8146VcR2zv
49C3Mrq9frk0MUkcEDDWqWT9Nz9PJTB7pYVnuJKKNhURA8t0kkSARd8O30j7ZDvk
hz6GKBc6fiOlwf5L4eQSvkIucxJTzxy9CGBDQf5sPkoN6123jy/Qr+bJTQZL4Pha
6HY5WQtSeRSmSjddG6LvoeNF27Q3s+K6GcdX3Isj/InvEo3UWin+2SxLuTY5KbTe
olyUKeUVGwSj3Tb92CTptF1q3qDTMKTcMISjAFF8ILkvp89kcYHnX4Lj72HSdZrZ
S17TwSdNL1QG
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:37 2023 by rpki-client on console-ams.rpki-client.org