Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Tt4vdoPhejby2wOjtz1MDrKTihQ.roa
File: Tt4vdoPhejby2wOjtz1MDrKTihQ.roa (raw, json)
Hash identifier: XU9Sy0fd0m1b4qcmu/e2ILEZfy+B7mHTiN6wlAFVk+8=
Subject key identifier: 4E:DE:2F:76:83:E1:7A:36:F2:DB:03:A3:B7:3D:4C:0E:B2:93:8A:14
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0189773F08D64CB6D157D6A1EBACBEB1C627
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Tt4vdoPhejby2wOjtz1MDrKTihQ.roa
Signing time: Fri 21 Jul 2023 06:59:27 +0000
ROA not before: Fri 21 Jul 2023 06:59:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 199605
IP address blocks: 171.22.31.0/24 maxlen: 24
81.161.230.0/24 maxlen: 24
45.9.156.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
94.156.160.0/24 maxlen: 24
45.129.84.0/24 maxlen: 24
45.129.86.0/24 maxlen: 24
193.35.19.0/24 maxlen: 24
37.139.130.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:77:3f:08:d6:4c:b6:d1:57:d6:a1:eb:ac:be:b1:c6:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jul 21 06:59:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4ede2f7683e17a36f2db03a3b73d4c0eb2938a14
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:28:f3:d2:d1:c8:b0:da:0c:1c:dd:41:23:50:
3e:0a:65:c9:ec:02:8b:53:df:48:83:01:64:75:b6:
b3:14:3d:e0:d4:ed:ce:16:b8:74:9c:a0:4a:02:7d:
46:1f:47:91:bb:35:ac:f8:43:9b:3a:b6:44:ab:69:
e0:c0:92:52:14:58:9f:17:00:4d:a3:f6:e3:02:ba:
d0:af:d7:92:c8:be:9b:a3:34:e8:d8:75:18:6d:23:
d7:0c:0b:06:db:fd:16:71:44:d8:d2:36:b8:0d:0d:
f7:7e:63:92:8c:a7:1d:cd:d8:ca:4a:18:8c:bc:7f:
e2:99:e8:70:4a:7e:64:c8:d1:88:63:1e:8a:61:a3:
d2:7e:ac:6b:28:08:94:c6:0b:e8:97:3e:f6:e6:61:
92:b9:0c:d2:0c:f8:b0:a1:7f:40:58:20:55:b2:22:
ee:05:c7:32:b9:5a:b4:65:85:1d:23:64:c5:ca:cd:
9e:33:28:6f:e3:6b:ff:5f:f2:18:16:c9:e4:87:79:
4a:23:c5:ab:c4:d6:58:59:8d:64:95:c0:f2:44:b0:
93:c5:c0:76:e2:ea:81:4e:7f:b1:f8:8a:29:60:f1:
9b:bd:48:23:01:de:82:76:f8:e8:36:6f:3e:2c:48:
ee:0c:1e:94:99:d0:5b:58:85:e3:c9:42:ef:e9:60:
24:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:DE:2F:76:83:E1:7A:36:F2:DB:03:A3:B7:3D:4C:0E:B2:93:8A:14
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Tt4vdoPhejby2wOjtz1MDrKTihQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.130.0/24
45.9.156.0/24
45.12.255.0/24
45.129.84.0/24
45.129.86.0/24
81.161.230.0/24
94.156.160.0/24
171.22.31.0/24
193.35.19.0/24
Signature Algorithm: sha256WithRSAEncryption
62:42:d4:a0:63:e3:ef:8e:2a:65:d3:6e:55:f7:e4:fe:bf:4e:
c3:1b:f1:31:b2:55:d6:f4:d6:d6:43:43:e5:c0:aa:da:b2:24:
70:2c:d8:5d:35:1b:a6:d3:fb:75:42:2c:f2:07:7a:0c:60:29:
32:dc:79:75:fd:df:fe:0a:31:91:f4:ea:31:36:7c:56:8e:1d:
9b:98:a0:42:39:7d:f7:68:17:a6:b5:7a:e3:3b:cf:1e:70:98:
33:34:03:51:b8:8f:cd:e8:d8:28:3d:a4:f7:7a:55:2e:5b:c9:
0a:a0:4d:95:6c:a6:08:a9:b2:3c:88:20:aa:64:8e:60:22:be:
3e:0c:c2:01:7c:29:8c:42:05:1c:7d:27:fa:3d:59:1c:1a:a8:
43:35:bc:34:97:7f:87:f1:94:7f:88:35:95:0c:c8:c3:1f:14:
69:09:62:38:e0:2f:3b:18:2f:09:39:b7:1f:9f:87:62:b0:ee:
bd:27:a2:ba:9b:76:c3:e4:3f:1f:2d:4e:6c:d1:a9:d6:31:71:
ab:90:2a:5c:01:42:bd:64:36:37:37:2d:19:fe:fb:92:34:40:
94:ba:7a:a0:ff:9c:43:ea:e4:0d:0c:0e:b7:2e:c9:c4:78:38:
e1:95:d9:ce:c9:14:98:f0:ba:2c:97:11:7c:d2:fe:5b:b1:99:
a1:dc:eb:0d
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYl3PwjWTLbRV9ah66y+scYnMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzIxMDY1OTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZWRlMmY3NjgzZTE3YTM2ZjJkYjAzYTNiNzNkNGMwZWIyOTM4YTE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkCjz0tHIsNoMHN1BI1A+CmXJ7AKL
U99IgwFkdbazFD3g1O3OFrh0nKBKAn1GH0eRuzWs+EObOrZEq2ngwJJSFFifFwBN
o/bjArrQr9eSyL6bozTo2HUYbSPXDAsG2/0WcUTY0ja4DQ33fmOSjKcdzdjKShiM
vH/imehwSn5kyNGIYx6KYaPSfqxrKAiUxgvolz725mGSuQzSDPiwoX9AWCBVsiLu
BccyuVq0ZYUdI2TFys2eMyhv42v/X/IYFsnkh3lKI8WrxNZYWY1klcDyRLCTxcB2
4uqBTn+x+IopYPGbvUgjAd6CdvjoNm8+LEjuDB6UmdBbWIXjyULv6WAkpwIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFE7eL3aD4Xo28tsDo7c9TA6yk4oUMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVHQ0dmRvUGhlamJ5MndPanR6MU1EcktUaWhRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAJYuCAwQA
LQmcAwQALQz/AwQALYFUAwQALYFWAwQAUaHmAwQAXpygAwQAqxYfAwQAwSMTMA0G
CSqGSIb3DQEBCwUAA4IBAQBiQtSgY+Pvjipl025V9+T+v07DG/ExslXW9NbWQ0Pl
wKrasiRwLNhdNRum0/t1QizyB3oMYCky3Hl1/d/+CjGR9OoxNnxWjh2bmKBCOX33
aBemtXrjO88ecJgzNANRuI/N6NgoPaT3elUuW8kKoE2VbKYIqbI8iCCqZI5gIr4+
DMIBfCmMQgUcfSf6PVkcGqhDNbw0l3+H8ZR/iDWVDMjDHxRpCWI44C87GC8JObcf
n4disO69J6K6m3bD5D8fLU5s0anWMXGrkCpcAUK9ZDY3Ny0Z/vuSNECUunqg/5xD
6uQNDA63LsnEeDjhldnOyRSY8LoslxF80v5bsZmh3OsN
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:08 2024 by rpki-client on console-fra.rpki-client.org