Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Sk30LTah7BQuZbe7_iauocQtXfQ.roa
File: Sk30LTah7BQuZbe7_iauocQtXfQ.roa (raw, json)
Hash identifier: nKaS+jPh9RHfMX6lsqbCY42Pzwud9w5/kr7RFfKWZjA=
Subject key identifier: 4A:4D:F4:2D:36:A1:EC:14:2E:65:B7:BB:FE:26:AE:A1:C4:2D:5D:F4
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018B6B5ECAB5D5391A507214CD0495C39337
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Sk30LTah7BQuZbe7_iauocQtXfQ.roa
Signing time: Thu 26 Oct 2023 09:44:16 +0000
ROA not before: Thu 26 Oct 2023 09:44:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207459
IP address blocks: 84.54.49.0/24 maxlen: 24
85.217.145.0/24 maxlen: 24
79.110.51.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
193.149.29.0/24 maxlen: 24
193.149.30.0/24 maxlen: 24
193.149.28.0/22 maxlen: 22
193.149.31.0/24 maxlen: 24
193.149.28.0/24 maxlen: 24
194.49.86.0/24 maxlen: 24
45.84.90.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:6b:5e:ca:b5:d5:39:1a:50:72:14:cd:04:95:c3:93:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Oct 26 09:44:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4a4df42d36a1ec142e65b7bbfe26aea1c42d5df4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:d3:52:fa:d7:82:b4:9a:8f:b6:62:6a:75:9a:
b0:c8:25:c8:24:73:6d:ae:d2:ea:af:0d:bb:7a:7e:
57:ce:76:08:53:eb:5a:20:d5:dd:b1:d6:11:86:bc:
e9:c5:65:a4:81:82:d9:f1:94:f9:af:4f:23:5a:ce:
7e:7c:7b:9c:09:a0:95:f2:a6:f2:42:11:d6:65:94:
43:ec:c1:9e:1d:00:50:52:ba:c3:ad:58:68:ee:1f:
39:c5:5a:26:35:7b:89:b5:11:02:38:26:dc:88:6d:
8e:6d:f5:06:94:b4:b2:32:b1:f4:dd:00:c8:4b:37:
23:53:71:1c:db:e6:15:63:0e:92:aa:19:93:1d:aa:
bc:57:14:9c:f9:d3:64:be:bb:4c:1b:64:13:e2:f9:
28:5d:b1:eb:ae:22:02:7b:16:68:ab:25:ce:a2:62:
ef:8e:be:6f:ce:16:c6:da:3a:ad:c5:f4:75:8c:cc:
3d:1f:85:26:5a:2c:a7:9d:c3:52:cb:7c:67:af:e6:
e5:62:1e:fb:26:88:36:24:3d:f3:38:e8:a5:a6:16:
5d:33:0e:48:d9:78:a8:fd:b3:4c:10:f6:0a:57:64:
b5:23:5c:a2:4e:04:b0:43:52:be:99:84:6c:68:8f:
e7:3d:b2:1d:3a:e5:c2:aa:d1:50:e3:b1:f6:f9:a5:
d5:45
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:4D:F4:2D:36:A1:EC:14:2E:65:B7:BB:FE:26:AE:A1:C4:2D:5D:F4
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Sk30LTah7BQuZbe7_iauocQtXfQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.84.90.0/24
45.151.90.0/24
79.110.51.0/24
84.54.49.0/24
85.217.145.0/24
87.120.87.0/24
193.149.28.0/22
194.49.86.0/24
Signature Algorithm: sha256WithRSAEncryption
ad:a3:1a:ef:45:03:0c:e9:12:42:6e:39:6d:21:98:9e:8a:21:
85:53:70:3c:32:6c:86:00:03:87:2e:cb:4a:07:c9:1f:ca:e5:
58:ca:12:07:3b:06:47:67:6d:e0:b3:81:7c:17:73:fc:f8:ff:
e2:41:77:e3:e9:75:a6:c9:5a:e1:88:1f:36:6c:d6:49:21:6a:
a2:65:07:e5:a8:3c:e4:ca:2d:3c:5b:52:e8:01:fc:f9:b7:33:
11:65:52:c7:99:e9:5e:2f:aa:b5:17:8b:f2:05:eb:7a:9e:a1:
16:b6:64:13:c0:8e:96:28:c2:de:c1:07:40:fe:65:f7:c4:e6:
6c:a7:4e:93:17:12:0b:e0:88:e2:df:25:60:17:d5:d7:ca:98:
f8:d3:dd:a0:e0:4e:69:31:25:e3:79:d6:9f:b6:3c:68:20:dc:
0a:8f:f5:f4:35:69:02:c7:1c:f5:07:66:69:73:ad:ec:71:c6:
d8:62:53:68:b7:e6:c6:c4:cf:7b:71:e8:33:24:e6:5b:c0:af:
0b:0b:15:76:a1:4c:31:88:bd:75:c1:86:01:c0:70:8f:3c:35:
e2:7e:23:53:8c:95:e4:c5:ae:ef:33:40:d8:21:d6:85:2c:d5:
c6:be:b4:25:c7:06:ab:3a:41:41:0e:88:6a:1c:63:53:5b:95:
a4:43:f3:06
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYtrXsq11TkaUHIUzQSVw5M3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMDI2MDk0NDE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YTRkZjQyZDM2YTFlYzE0MmU2NWI3YmJmZTI2YWVhMWM0MmQ1ZGY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2NNS+teCtJqPtmJqdZqwyCXIJHNt
rtLqrw27en5XznYIU+taINXdsdYRhrzpxWWkgYLZ8ZT5r08jWs5+fHucCaCV8qby
QhHWZZRD7MGeHQBQUrrDrVho7h85xVomNXuJtRECOCbciG2ObfUGlLSyMrH03QDI
SzcjU3Ec2+YVYw6SqhmTHaq8VxSc+dNkvrtMG2QT4vkoXbHrriICexZoqyXOomLv
jr5vzhbG2jqtxfR1jMw9H4UmWiynncNSy3xnr+blYh77Jog2JD3zOOilphZdMw5I
2Xio/bNMEPYKV2S1I1yiTgSwQ1K+mYRsaI/nPbIdOuXCqtFQ47H2+aXVRQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFEpN9C02oewULmW3u/4mrqHELV30MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvU2szMExUYWg3QlF1WmJlN19pYXVvY1F0WGZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQALVRaAwQA
LZdaAwQAT24zAwQAVDYxAwQAVdmRAwQAV3hXAwQCwZUcAwQAwjFWMA0GCSqGSIb3
DQEBCwUAA4IBAQCtoxrvRQMM6RJCbjltIZieiiGFU3A8MmyGAAOHLstKB8kfyuVY
yhIHOwZHZ23gs4F8F3P8+P/iQXfj6XWmyVrhiB82bNZJIWqiZQflqDzkyi08W1Lo
Afz5tzMRZVLHmeleL6q1F4vyBet6nqEWtmQTwI6WKMLewQdA/mX3xOZsp06TFxIL
4Iji3yVgF9XXypj4092g4E5pMSXjedaftjxoINwKj/X0NWkCxxz1B2Zpc63sccbY
YlNot+bGxM97cegzJOZbwK8LCxV2oUwxiL11wYYBwHCPPDXifiNTjJXkxa7vM0DY
IdaFLNXGvrQlxwarOkFBDohqHGNTW5WkQ/MG
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:33 2024 by rpki-client on console-ams.rpki-client.org