Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Wg42KHdAySIaoGwbPOcOr-JfYJc.roa
File: Wg42KHdAySIaoGwbPOcOr-JfYJc.roa (raw, json)
Hash identifier: /zlcRZHfgk8pZykpvx9C/kM6ABmOhEmK7Qvh8Y2ReTY=
Subject key identifier: 5A:0E:36:28:77:40:C9:22:1A:A0:6C:1B:3C:E7:0E:AF:E2:5F:60:97
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018DC1D6E4794EAAAAECE568410D2946E85E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Wg42KHdAySIaoGwbPOcOr-JfYJc.roa
Signing time: Mon 19 Feb 2024 14:48:22 +0000
ROA not before: Mon 19 Feb 2024 14:48:22 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.9.156.0/24 maxlen: 24
45.84.89.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.221.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.239.0/24 maxlen: 24
95.214.24.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
185.226.173.0/24 maxlen: 24
185.246.223.0/24 maxlen: 24
185.252.176.0/24 maxlen: 24
193.35.19.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:c1:d6:e4:79:4e:aa:aa:ec:e5:68:41:0d:29:46:e8:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 19 14:48:22 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5a0e36287740c9221aa06c1b3ce70eafe25f6097
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:80:cf:7f:52:18:a6:10:5a:d4:b2:56:56:f7:
6c:a1:8d:6f:29:38:21:0a:92:db:b4:a2:ec:63:73:
c5:d5:91:2f:98:ad:46:1f:54:39:4f:67:65:b2:36:
be:5d:6d:af:45:46:79:f9:aa:b2:92:f9:0e:d9:d6:
a5:27:18:ad:b0:51:44:7e:d6:d8:90:ed:6b:92:e6:
68:25:14:2a:85:3f:70:9c:d0:b3:d6:3c:69:8a:14:
22:c0:42:47:71:4e:55:f5:8a:85:b9:0b:18:c9:e2:
78:0d:aa:a0:b2:d7:91:fa:10:52:68:5c:1e:a4:f1:
9b:ef:97:99:60:62:8c:ca:e0:35:85:13:2e:6c:c9:
de:46:de:e6:c6:60:e0:a8:41:e3:6a:4a:0b:56:f5:
94:42:7e:28:fb:71:68:95:ee:82:4d:05:57:01:93:
91:a7:46:98:4b:b3:85:50:ee:ed:35:15:84:4f:58:
95:02:28:18:ab:8b:50:45:bb:c1:99:59:33:87:64:
d2:04:04:36:c1:37:39:f4:15:d5:73:99:c5:2c:c9:
44:04:f2:0b:41:89:16:f1:8c:6e:6a:89:ca:91:81:
08:ba:28:da:ad:3f:d3:2b:bb:1d:50:b6:51:c9:55:
7d:d1:69:90:46:91:b6:e6:3c:00:52:79:06:a8:00:
60:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:0E:36:28:77:40:C9:22:1A:A0:6C:1B:3C:E7:0E:AF:E2:5F:60:97
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Wg42KHdAySIaoGwbPOcOr-JfYJc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/24
45.84.89.0/24
45.151.89.0/24
87.120.87.0/24
87.121.45.0/24
87.121.221.0/24
92.119.196.0/23
94.154.160.0/22
94.156.239.0/24
95.214.24.0/24
147.78.101.0-147.78.102.255
171.22.72.0/22
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.226.173.0/24
185.246.223.0/24
185.252.176.0/24
193.35.19.0/24
194.55.224.0/24
Signature Algorithm: sha256WithRSAEncryption
0a:ce:bb:a6:39:3e:1a:5e:7e:b1:65:e8:6b:f7:78:d5:e5:df:
a0:3e:d9:bd:3f:56:43:fc:b7:a7:3d:c9:c6:47:98:bf:98:41:
7d:8c:d7:b3:55:b5:a0:f6:85:23:3c:db:07:8c:f9:e4:a4:4b:
f2:51:aa:af:e4:da:f5:8d:86:3d:80:b6:5f:6e:18:12:82:d2:
ec:d5:a7:1e:e4:9f:26:d2:4e:dc:89:5d:17:d4:5c:25:70:b1:
c2:15:9c:a6:1d:42:49:d8:6a:00:c0:e1:6f:41:7a:6c:cd:43:
d1:cb:c5:43:bf:9c:19:ef:08:1a:cc:5e:7b:79:5d:96:df:f7:
2f:d0:ba:bb:85:b3:3d:5e:05:61:f6:32:d1:a1:7a:bc:f9:04:
76:40:3a:cc:63:51:ed:d2:37:a2:4d:06:04:67:15:e1:8a:76:
9f:9a:fc:a4:83:f0:e5:06:78:f4:1d:88:54:9e:86:40:7b:a3:
00:00:f0:a0:8b:80:ed:3e:ab:0a:a8:8d:5e:ad:24:75:61:46:
af:75:93:94:d6:ca:5d:1a:24:b7:f2:49:f3:e4:c4:3c:a5:78:
52:82:c6:cf:ea:19:75:d6:b9:8f:4c:b6:3a:ad:a8:24:2f:a2:
90:ba:96:0e:8f:4f:e4:ae:95:5d:4e:ac:c7:fa:cd:e4:ef:27:
0c:23:77:5e
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgISAY3B1uR5Tqqq7OVoQQ0pRuheMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjE5MTQ0ODIyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YTBlMzYyODc3NDBjOTIyMWFhMDZjMWIzY2U3MGVhZmUyNWY2MDk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIDPf1IYphBa1LJWVvdsoY1vKTgh
CpLbtKLsY3PF1ZEvmK1GH1Q5T2dlsja+XW2vRUZ5+aqykvkO2dalJxitsFFEftbY
kO1rkuZoJRQqhT9wnNCz1jxpihQiwEJHcU5V9YqFuQsYyeJ4DaqgsteR+hBSaFwe
pPGb75eZYGKMyuA1hRMubMneRt7mxmDgqEHjakoLVvWUQn4o+3Fole6CTQVXAZOR
p0aYS7OFUO7tNRWET1iVAigYq4tQRbvBmVkzh2TSBAQ2wTc59BXVc5nFLMlEBPIL
QYkW8YxuaonKkYEIuijarT/TK7sdULZRyVV90WmQRpG25jwAUnkGqABg4wIDAQAB
o4ICjjCCAoowHQYDVR0OBBYEFFoONih3QMkiGqBsGzznDq/iX2CXMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvV2c0MktIZEF5U0lhb0d3YlBPY09yLUpmWUpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGjBggrBgEFBQcBBwEB/wSBkzCBkDCBjQQCAAEwgYYDBAAt
CZwDBAAtVFkDBAAtl1kDBABXeFcDBABXeS0DBABXed0DBAFcd8QDBAJemqADBABe
nO8DBABf1hgwDAMEAJNOZQMEAJNOZgMEAqsWSAMEALLX4AMEALLX7AMEArnYVAME
ArnaVAMEALnirQMEALn23wMEALn8sAMEAMEjEwMEAMI34DANBgkqhkiG9w0BAQsF
AAOCAQEACs67pjk+Gl5+sWXoa/d41eXfoD7ZvT9WQ/y3pz3JxkeYv5hBfYzXs1W1
oPaFIzzbB4z55KRL8lGqr+Ta9Y2GPYC2X24YEoLS7NWnHuSfJtJO3IldF9RcJXCx
whWcph1CSdhqAMDhb0F6bM1D0cvFQ7+cGe8IGsxee3ldlt/3L9C6u4WzPV4FYfYy
0aF6vPkEdkA6zGNR7dI3ok0GBGcV4Yp2n5r8pIPw5QZ49B2IVJ6GQHujAADwoIuA
7T6rCqiNXq0kdWFGr3WTlNbKXRokt/JJ8+TEPKV4UoLGz+oZdda5j0y2Oq2oJC+i
kLqWDo9P5K6VXU6sx/rN5O8nDCN3Xg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:35 2024 by rpki-client on console-ams.rpki-client.org