Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VPcRyW2d_J41M9oSXTeQ-LrfRCo.roa
File: VPcRyW2d_J41M9oSXTeQ-LrfRCo.roa (raw, json)
Hash identifier: i2zXJSsW+675yFfMn1GSs/cbg1O7SRxbP7XakUJkbcA=
Subject key identifier: 54:F7:11:C9:6D:9D:FC:9E:35:33:DA:12:5D:37:90:F8:BA:DF:44:2A
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018B93E84CE46AE31EE31C5820D8EB9A534E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VPcRyW2d_J41M9oSXTeQ-LrfRCo.roa
Signing time: Fri 03 Nov 2023 06:39:16 +0000
ROA not before: Fri 03 Nov 2023 06:39:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206003
IP address blocks: 45.9.156.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
87.120.130.0/24 maxlen: 24
147.78.100.0/23 maxlen: 24
185.246.223.0/24 maxlen: 24
92.249.48.0/24 maxlen: 24
194.180.39.0/24 maxlen: 24
45.139.104.0/24 maxlen: 24
45.129.84.0/24 maxlen: 24
45.129.86.0/24 maxlen: 24
193.35.19.0/24 maxlen: 24
37.139.130.0/24 maxlen: 24
94.154.172.0/24 maxlen: 24
171.22.31.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
93.123.39.0/24 maxlen: 24
81.161.230.0/24 maxlen: 24
81.161.239.0/24 maxlen: 24
178.215.226.0/24 maxlen: 24
91.200.192.0/22 maxlen: 24
94.156.248.0/24 maxlen: 24
178.215.238.0/24 maxlen: 24
94.156.250.0/24 maxlen: 24
87.121.162.0/24 maxlen: 24
94.156.160.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
171.22.17.0/24 maxlen: 24
171.22.18.0/24 maxlen: 24
79.110.61.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
193.25.216.0/24 maxlen: 24
87.121.220.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:93:e8:4c:e4:6a:e3:1e:e3:1c:58:20:d8:eb:9a:53:4e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Nov 3 06:39:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=54f711c96d9dfc9e3533da125d3790f8badf442a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:a8:1e:a6:ae:5e:4c:3d:f6:c9:f1:7d:33:7b:
ec:6d:ea:02:45:24:76:6b:bc:1b:40:f8:36:15:a5:
82:68:fe:53:59:b3:56:82:45:6f:3b:49:a1:ed:30:
4d:ff:7c:45:01:cb:a0:e5:4b:1b:6e:bf:7c:46:83:
0d:05:39:05:f3:4c:f6:c5:b2:2c:b6:e0:7f:cb:f5:
38:1d:8a:87:76:0f:66:e3:20:d6:40:15:f2:2a:1c:
35:2c:74:2e:18:ec:e2:63:a0:20:c8:19:94:a3:29:
2c:1c:00:d7:c4:3b:f8:03:ad:f7:e5:58:de:dc:b8:
f7:7d:78:11:0c:a3:1c:a1:9f:5b:bd:d2:19:c3:40:
20:38:1a:b7:b5:2a:33:44:dc:2b:4f:a7:05:e9:96:
0f:f2:5e:54:fe:7f:36:8a:3e:96:ae:dc:1c:39:89:
fe:89:c1:bf:62:89:54:e2:b9:6d:37:9a:63:49:7b:
80:d2:03:36:12:84:16:9a:fa:17:cc:34:3c:26:ae:
d3:b1:4b:28:bb:5c:fd:1e:19:49:da:e5:ad:f7:5b:
c0:61:b1:b7:41:a4:c8:bc:5c:68:66:56:82:a5:4b:
9a:90:22:38:23:b1:c7:2f:76:f1:a5:67:bd:5b:75:
4b:b9:8e:33:37:cd:cc:eb:bd:0e:d2:8f:c6:64:03:
25:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:F7:11:C9:6D:9D:FC:9E:35:33:DA:12:5D:37:90:F8:BA:DF:44:2A
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VPcRyW2d_J41M9oSXTeQ-LrfRCo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.130.0/24
45.9.156.0/24
45.12.255.0/24
45.66.228.0/24
45.129.84.0/24
45.129.86.0/24
45.139.104.0/24
45.141.158.0/24
79.110.61.0/24
81.161.230.0/24
81.161.239.0/24
83.219.97.0/24
87.120.130.0/24
87.121.124.0/23
87.121.162.0/24
87.121.220.0/24
91.200.192.0/22
92.249.48.0/24
93.123.39.0/24
94.154.172.0/24
94.156.160.0/24
94.156.248.0/24
94.156.250.0/24
147.78.100.0/23
171.22.17.0-171.22.18.255
171.22.31.0/24
178.215.226.0/24
178.215.238.0/24
185.246.223.0/24
193.25.216.0/24
193.35.19.0/24
194.180.39.0/24
Signature Algorithm: sha256WithRSAEncryption
31:cc:5b:7d:5b:85:f6:d0:a8:fe:45:31:36:94:de:62:73:7c:
23:ba:b9:e1:e8:23:a4:72:47:7a:39:ae:47:ea:76:79:78:89:
fa:4c:70:f0:07:e6:0a:23:13:4f:52:f6:33:fe:67:f1:6f:fd:
1e:8d:cf:45:f4:ae:cc:88:68:77:60:41:bb:53:5b:e0:ff:a0:
98:22:46:ed:da:bd:67:2b:32:2a:73:1e:c5:7d:a6:4b:2e:05:
38:ae:48:cb:50:ab:4f:e0:f5:00:a8:3a:45:52:78:ac:f5:18:
b4:e1:45:4c:94:28:72:b7:4b:32:d1:56:4d:59:40:3e:49:fd:
bf:bf:e2:92:f8:1d:18:b3:c3:ef:e1:83:ab:7f:58:60:d8:61:
cf:49:c6:05:72:6f:b7:e0:08:24:34:dd:1e:21:b7:01:01:fe:
b7:ce:06:92:c4:fb:21:29:bf:9d:f2:0b:fd:5e:3e:1f:49:d3:
7a:37:8a:f0:10:06:58:c3:3d:19:9d:eb:5f:bb:6b:09:b2:ba:
b5:e7:61:15:9d:b8:7b:d7:a6:ba:e5:2f:a8:86:ff:bf:5c:bf:
fc:27:c7:a8:05:60:ea:69:8d:2d:fd:d9:e4:11:c4:3b:ad:5e:
48:a3:ab:bf:48:72:d5:82:32:7c:62:b7:ea:50:7e:32:84:7d:
03:67:00:0f
-----BEGIN CERTIFICATE-----
MIIFxDCCBKygAwIBAgISAYuT6EzkauMe4xxYINjrmlNOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMTAzMDYzOTE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NGY3MTFjOTZkOWRmYzllMzUzM2RhMTI1ZDM3OTBmOGJhZGY0NDJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiKgepq5eTD32yfF9M3vsbeoCRSR2
a7wbQPg2FaWCaP5TWbNWgkVvO0mh7TBN/3xFAcug5Usbbr98RoMNBTkF80z2xbIs
tuB/y/U4HYqHdg9m4yDWQBXyKhw1LHQuGOziY6AgyBmUoyksHADXxDv4A6335Vje
3Lj3fXgRDKMcoZ9bvdIZw0AgOBq3tSozRNwrT6cF6ZYP8l5U/n82ij6WrtwcOYn+
icG/YolU4rltN5pjSXuA0gM2EoQWmvoXzDQ8Jq7TsUsou1z9HhlJ2uWt91vAYbG3
QaTIvFxoZlaCpUuakCI4I7HHL3bxpWe9W3VLuY4zN83M670O0o/GZAMlyQIDAQAB
o4IC0DCCAswwHQYDVR0OBBYEFFT3EcltnfyeNTPaEl03kPi630QqMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVlBjUnlXMmRfSjQxTTlvU1hUZVEtTHJmUkNvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHlBggrBgEFBQcBBwEB/wSB1TCB0jCBzwQCAAEwgcgDBAAl
i4IDBAAtCZwDBAAtDP8DBAAtQuQDBAAtgVQDBAAtgVYDBAAti2gDBAAtjZ4DBABP
bj0DBABRoeYDBABRoe8DBABT22EDBABXeIIDBAFXeXwDBABXeaIDBABXedwDBAJb
yMADBABc+TADBABdeycDBABemqwDBABenKADBABenPgDBABenPoDBAGTTmQwDAME
AKsWEQMEAKsWEgMEAKsWHwMEALLX4gMEALLX7gMEALn23wMEAMEZ2AMEAMEjEwME
AMK0JzANBgkqhkiG9w0BAQsFAAOCAQEAMcxbfVuF9tCo/kUxNpTeYnN8I7q54egj
pHJHejmuR+p2eXiJ+kxw8AfmCiMTT1L2M/5n8W/9Ho3PRfSuzIhod2BBu1Nb4P+g
mCJG7dq9ZysyKnMexX2mSy4FOK5Iy1CrT+D1AKg6RVJ4rPUYtOFFTJQocrdLMtFW
TVlAPkn9v7/ikvgdGLPD7+GDq39YYNhhz0nGBXJvt+AIJDTdHiG3AQH+t84GksT7
ISm/nfIL/V4+H0nTejeK8BAGWMM9GZ3rX7trCbK6tedhFZ24e9emuuUvqIb/v1y/
/CfHqAVg6mmNLf3Z5BHEO61eSKOrv0hy1YIyfGK36lB+MoR9A2cADw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:08 2024 by rpki-client on console-fra.rpki-client.org