Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TD9bKkAVDdPkDRy8G4_k8KyxcCI.roa
File: TD9bKkAVDdPkDRy8G4_k8KyxcCI.roa (raw, json)
Hash identifier: OXBAlQs8xbOCuxe6WXk8HGTg0uVpJI1cetmObQB0W+I=
Subject key identifier: 4C:3F:5B:2A:40:15:0D:D3:E4:0D:1C:BC:1B:8F:E4:F0:AC:B1:70:22
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018BECBB561E34ADA791D61D1AC73D5BCB8F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TD9bKkAVDdPkDRy8G4_k8KyxcCI.roa
Signing time: Mon 20 Nov 2023 12:36:22 +0000
ROA not before: Mon 20 Nov 2023 12:36:22 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206003
IP address blocks: 45.9.156.0/24 maxlen: 24
147.78.100.0/23 maxlen: 24
92.249.48.0/24 maxlen: 24
194.180.39.0/24 maxlen: 24
45.139.104.0/24 maxlen: 24
45.129.84.0/24 maxlen: 24
45.129.86.0/24 maxlen: 24
193.35.19.0/24 maxlen: 24
37.139.130.0/24 maxlen: 24
94.154.172.0/24 maxlen: 24
171.22.31.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
81.161.230.0/24 maxlen: 24
81.161.239.0/24 maxlen: 24
178.215.226.0/24 maxlen: 24
91.200.192.0/22 maxlen: 24
94.156.248.0/24 maxlen: 24
178.215.238.0/24 maxlen: 24
94.156.250.0/24 maxlen: 24
87.121.162.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
171.22.17.0/24 maxlen: 24
171.22.18.0/24 maxlen: 24
79.110.61.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
193.25.216.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:ec:bb:56:1e:34:ad:a7:91:d6:1d:1a:c7:3d:5b:cb:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Nov 20 12:36:22 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4c3f5b2a40150dd3e40d1cbc1b8fe4f0acb17022
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:26:4e:34:99:bb:77:2e:df:37:67:40:86:2b:
b1:74:3b:b5:8e:11:3b:86:4a:82:c6:d1:6a:2f:7a:
43:d3:03:69:7c:97:03:42:e5:c3:c6:6e:47:d6:32:
e1:4b:f3:41:47:80:d6:6e:50:2a:f3:e3:2a:06:ea:
66:5c:7a:15:e7:b9:17:ad:bc:af:b8:1f:e9:5d:88:
cf:f4:e3:dd:00:e8:a9:cb:6e:c6:39:9b:f1:5d:57:
3f:c0:27:d3:83:c4:2b:c7:03:87:7f:be:1c:d6:b6:
37:c3:bc:03:f0:78:1a:51:05:a2:8f:17:6e:72:5c:
52:ff:15:21:f3:56:e9:29:12:cc:a2:7d:a7:73:86:
4d:27:cd:22:46:b9:91:90:c8:b6:32:d9:11:ff:15:
d4:2a:52:c8:eb:90:37:6a:8e:c8:07:be:85:2d:f1:
ab:29:fb:40:87:66:75:04:eb:74:ae:1d:6c:e7:50:
b5:89:35:76:a4:8c:95:dc:56:c3:dd:2f:e1:26:78:
35:f0:2c:7c:82:2a:4f:be:53:a2:19:8c:ae:59:41:
68:87:60:12:ef:9d:9b:b5:51:e0:53:5a:7e:09:4c:
d9:ee:c1:3f:a3:f0:47:f4:3e:16:ce:b9:1c:f0:2f:
a7:51:46:d6:62:0c:84:1e:8e:3e:81:3b:b1:b8:ef:
f5:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:3F:5B:2A:40:15:0D:D3:E4:0D:1C:BC:1B:8F:E4:F0:AC:B1:70:22
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TD9bKkAVDdPkDRy8G4_k8KyxcCI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.130.0/24
45.9.156.0/24
45.129.84.0/24
45.129.86.0/24
45.139.104.0/24
45.141.158.0/24
79.110.61.0/24
81.161.230.0/24
81.161.239.0/24
83.219.97.0/24
87.121.124.0/23
87.121.162.0/24
91.200.192.0/22
92.249.48.0/24
94.154.172.0/24
94.156.248.0/24
94.156.250.0/24
147.78.100.0/23
171.22.17.0-171.22.18.255
171.22.31.0/24
178.215.226.0/24
178.215.238.0/24
193.25.216.0/24
193.35.19.0/24
194.180.39.0/24
Signature Algorithm: sha256WithRSAEncryption
70:33:bc:31:9b:69:00:fb:b6:d8:19:83:12:19:a2:8d:a1:7b:
70:dd:3a:8d:71:91:2b:86:c2:93:7e:2c:d9:65:46:66:fc:b7:
d5:c4:ac:e5:9b:cc:a9:63:0a:67:10:c6:91:3b:2d:33:a5:aa:
d6:41:38:7b:2a:6a:34:e9:cd:eb:36:8a:24:3c:e4:72:08:7d:
fd:6b:d7:c3:9b:c6:fa:43:59:25:9c:21:2f:2f:da:3c:2c:0d:
e7:e1:f8:dc:12:9a:63:64:28:09:80:02:0e:13:e4:7b:06:0b:
27:02:20:5f:89:73:e2:01:1e:51:25:78:18:93:04:3c:52:0f:
99:75:bb:04:06:4b:e2:e5:63:95:99:4d:ba:a3:2a:ad:bf:22:
78:ef:2a:48:4a:35:0a:45:b0:ba:69:ed:4e:95:b7:91:a8:b8:
8b:1b:82:05:2b:3b:50:39:1e:86:38:ad:96:23:16:04:a5:e7:
9a:54:06:73:c3:e4:79:d8:6c:c8:ae:6a:91:1b:6f:58:27:65:
a5:65:26:d3:de:ee:74:96:98:47:99:83:ba:ce:b6:2a:52:80:
dc:b8:48:4b:61:26:6b:b2:07:8e:ab:ee:cf:69:4f:dc:73:9b:
25:de:19:47:66:bf:9c:5c:10:dc:c6:c6:d6:1b:4d:e5:89:5c:
56:89:a7:c5
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgISAYvsu1YeNK2nkdYdGsc9W8uPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMTIwMTIzNjIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YzNmNWIyYTQwMTUwZGQzZTQwZDFjYmMxYjhmZTRmMGFjYjE3MDIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmSZONJm7dy7fN2dAhiuxdDu1jhE7
hkqCxtFqL3pD0wNpfJcDQuXDxm5H1jLhS/NBR4DWblAq8+MqBupmXHoV57kXrbyv
uB/pXYjP9OPdAOipy27GOZvxXVc/wCfTg8QrxwOHf74c1rY3w7wD8HgaUQWijxdu
clxS/xUh81bpKRLMon2nc4ZNJ80iRrmRkMi2MtkR/xXUKlLI65A3ao7IB76FLfGr
KftAh2Z1BOt0rh1s51C1iTV2pIyV3FbD3S/hJng18Cx8gipPvlOiGYyuWUFoh2AS
752btVHgU1p+CUzZ7sE/o/BH9D4Wzrkc8C+nUUbWYgyEHo4+gTuxuO/1IQIDAQAB
o4ICpjCCAqIwHQYDVR0OBBYEFEw/WypAFQ3T5A0cvBuP5PCssXAiMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVEQ5YktrQVZEZFBrRFJ5OEc0X2s4S3l4Y0NJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG7BggrBgEFBQcBBwEB/wSBqzCBqDCBpQQCAAEwgZ4DBAAl
i4IDBAAtCZwDBAAtgVQDBAAtgVYDBAAti2gDBAAtjZ4DBABPbj0DBABRoeYDBABR
oe8DBABT22EDBAFXeXwDBABXeaIDBAJbyMADBABc+TADBABemqwDBABenPgDBABe
nPoDBAGTTmQwDAMEAKsWEQMEAKsWEgMEAKsWHwMEALLX4gMEALLX7gMEAMEZ2AME
AMEjEwMEAMK0JzANBgkqhkiG9w0BAQsFAAOCAQEAcDO8MZtpAPu22BmDEhmijaF7
cN06jXGRK4bCk34s2WVGZvy31cSs5ZvMqWMKZxDGkTstM6Wq1kE4eypqNOnN6zaK
JDzkcgh9/WvXw5vG+kNZJZwhLy/aPCwN5+H43BKaY2QoCYACDhPkewYLJwIgX4lz
4gEeUSV4GJMEPFIPmXW7BAZL4uVjlZlNuqMqrb8ieO8qSEo1CkWwumntTpW3kai4
ixuCBSs7UDkehjitliMWBKXnmlQGc8PkedhsyK5qkRtvWCdlpWUm097udJaYR5mD
us62KlKA3LhIS2Ema7IHjqvuz2lP3HObJd4ZR2a/nFwQ3MbG1htN5YlcVomnxQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:33 2024 by rpki-client on console-ams.rpki-client.org