Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Vg7mA4Oe4sy8lakrNh_KlrBjwug.roa
File: Vg7mA4Oe4sy8lakrNh_KlrBjwug.roa (raw, json)
Hash identifier: x9gv4efN/AikoOXa1EbW4u9HN0UPhpllfKBDwczTNwE=
Subject key identifier: 56:0E:E6:03:83:9E:E2:CC:BC:95:A9:2B:36:1F:CA:96:B0:63:C2:E8
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018B65364048DFA783D712EA1674E44F2E72
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Vg7mA4Oe4sy8lakrNh_KlrBjwug.roa
Signing time: Wed 25 Oct 2023 05:02:16 +0000
ROA not before: Wed 25 Oct 2023 05:02:16 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.218.84.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
91.92.24.0/23 maxlen: 24
94.156.239.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.252.176.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
185.226.175.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
185.216.84.0/22 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.59.0/24 maxlen: 24
194.180.50.0/24 maxlen: 24
194.169.174.0/24 maxlen: 24
94.156.78.0/24 maxlen: 24
93.123.116.0/24 maxlen: 24
176.125.255.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:65:36:40:48:df:a7:83:d7:12:ea:16:74:e4:4f:2e:72
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Oct 25 05:02:16 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=560ee603839ee2ccbc95a92b361fca96b063c2e8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:2a:a5:cd:00:57:ec:7c:8f:61:d0:65:c7:6d:
43:ae:9a:d9:5c:dc:cf:3e:89:d7:70:48:56:03:e2:
b6:ea:05:7e:60:d4:ab:b0:be:18:31:93:13:b9:2f:
d0:ff:67:ea:ce:77:92:4b:ab:8e:d2:08:98:9f:d0:
8d:d8:da:bb:d1:3c:39:e9:1c:30:19:3d:9e:c1:36:
ab:5c:f7:22:82:8f:a2:0f:82:06:16:a8:84:23:3e:
c4:38:3e:c1:07:1e:40:39:e3:bb:37:da:d8:11:86:
96:9b:72:4f:58:d2:5d:1a:30:09:a6:15:93:62:c7:
28:fd:db:22:9d:a8:f6:6c:e4:0f:8e:bd:29:57:7f:
de:59:7d:4b:64:a4:44:ed:bb:a8:6a:98:46:f2:11:
89:ca:eb:e6:bb:c7:4e:ca:2f:67:24:3e:50:fc:71:
60:7f:dd:3c:d5:bb:6f:9f:f6:85:b8:cd:40:1d:d6:
f0:f8:c7:fe:91:ec:31:a2:8b:ed:79:89:06:19:be:
5d:d2:f1:b8:09:27:c9:31:53:40:c7:55:cb:0a:d3:
6f:e1:14:74:3c:b3:72:7b:fd:84:5f:8f:16:fc:b5:
02:49:58:97:74:21:43:17:f9:20:16:b2:4e:81:5e:
84:61:f5:de:69:7e:0d:7d:3d:f9:b4:70:00:ba:72:
be:db
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
56:0E:E6:03:83:9E:E2:CC:BC:95:A9:2B:36:1F:CA:96:B0:63:C2:E8
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Vg7mA4Oe4sy8lakrNh_KlrBjwug.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.89.0/24
87.121.45.0/24
87.121.59.0/24
91.92.24.0/23
92.119.196.0/23
93.123.116.0/24
94.154.161.0-94.154.163.255
94.156.78.0/24
94.156.239.0/24
147.78.100.0-147.78.102.255
171.22.72.0/22
176.125.255.0/24
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.226.175.0/24
185.252.176.0/24
194.169.174.0/24
194.180.50.0/24
Signature Algorithm: sha256WithRSAEncryption
89:bd:3d:bc:0d:e0:10:0d:36:3b:4d:e2:55:65:6f:ef:af:5e:
37:a8:26:34:24:88:8f:51:01:fb:4e:6a:d9:e1:b3:6f:2c:c3:
ef:40:df:26:9c:66:6a:35:3c:95:68:bc:5f:42:2e:6f:bc:ee:
7d:ef:43:d9:cf:e7:c6:45:45:ad:6a:fb:54:19:e8:f8:c9:ff:
e7:d1:c7:5d:95:5f:27:35:29:3c:00:17:e9:88:d8:c2:5c:25:
77:3b:fc:d0:10:e4:9c:33:71:7d:5f:0d:b1:de:52:eb:e6:fa:
0e:aa:4f:47:5f:5c:6e:93:93:c4:b2:58:b0:93:d2:4f:8e:69:
24:a0:6a:70:5b:0d:d3:0d:64:8b:35:c6:92:8e:62:55:ec:c1:
a6:89:17:aa:0d:a6:ae:04:8d:aa:c5:07:a5:e4:8d:73:fb:59:
08:db:46:c9:b4:5f:ea:84:ce:c7:fb:95:81:1d:83:c8:7d:62:
9b:f0:d1:5a:59:cd:74:b8:d7:5f:20:89:25:ec:09:fb:13:3d:
4c:5c:6b:20:b1:7d:1a:d9:84:bd:5f:67:00:9e:d0:5a:9f:4f:
bf:dd:a4:c4:70:20:37:00:2d:9e:a1:a3:7a:c3:bc:da:43:a0:
2b:6f:c9:1d:39:17:cd:11:b4:d1:58:fd:ed:07:de:f6:a6:91:
8c:ae:ed:e0
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAYtlNkBI36eD1xLqFnTkTy5yMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMDI1MDUwMjE2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NjBlZTYwMzgzOWVlMmNjYmM5NWE5MmIzNjFmY2E5NmIwNjNjMmU4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsCqlzQBX7HyPYdBlx21DrprZXNzP
PonXcEhWA+K26gV+YNSrsL4YMZMTuS/Q/2fqzneSS6uO0giYn9CN2Nq70Tw56Rww
GT2ewTarXPcigo+iD4IGFqiEIz7EOD7BBx5AOeO7N9rYEYaWm3JPWNJdGjAJphWT
Ysco/dsinaj2bOQPjr0pV3/eWX1LZKRE7buoaphG8hGJyuvmu8dOyi9nJD5Q/HFg
f9081btvn/aFuM1AHdbw+Mf+kewxoovteYkGGb5d0vG4CSfJMVNAx1XLCtNv4RR0
PLNye/2EX48W/LUCSViXdCFDF/kgFrJOgV6EYfXeaX4NfT35tHAAunK+2wIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFFYO5gODnuLMvJWpKzYfypawY8LoMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVmc3bUE0T2U0c3k4bGFrck5oX0tsckJqd3VnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGlBggrBgEFBQcBBwEB/wSBlTCBkjCBjwQCAAEwgYgDBAAt
l1kDBABXeS0DBABXeTsDBAFbXBgDBAFcd8QDBABde3QwDAMEAF6aoQMEAl6aoAME
AF6cTgMEAF6c7zAMAwQCk05kAwQAk05mAwQCqxZIAwQAsH3/AwQAstfgAwQAstfs
AwQCudhUAwQCudpUAwQAueKvAwQAufywAwQAwqmuAwQAwrQyMA0GCSqGSIb3DQEB
CwUAA4IBAQCJvT28DeAQDTY7TeJVZW/vr143qCY0JIiPUQH7TmrZ4bNvLMPvQN8m
nGZqNTyVaLxfQi5vvO5970PZz+fGRUWtavtUGej4yf/n0cddlV8nNSk8ABfpiNjC
XCV3O/zQEOScM3F9Xw2x3lLr5voOqk9HX1xuk5PEsliwk9JPjmkkoGpwWw3TDWSL
NcaSjmJV7MGmiReqDaauBI2qxQel5I1z+1kI20bJtF/qhM7H+5WBHYPIfWKb8NFa
Wc10uNdfIIkl7An7Ez1MXGsgsX0a2YS9X2cAntBan0+/3aTEcCA3AC2eoaN6w7za
Q6Arb8kdORfNEbTRWP3tB972ppGMru3g
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:34 2024 by rpki-client on console-ams.rpki-client.org