Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XOUs3ydSs9tUIPh6ddDM5yb_e5A.roa
File: XOUs3ydSs9tUIPh6ddDM5yb_e5A.roa (raw, json)
Hash identifier: XXNOrmY28bCrmXXIlC1SyWmmq36PXNw8JbvdOJyWENs=
Subject key identifier: 5C:E5:2C:DF:27:52:B3:DB:54:20:F8:7A:75:D0:CC:E7:26:FF:7B:90
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01899C7B845A3CC6D3203F2DAEE1BFE85285
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XOUs3ydSs9tUIPh6ddDM5yb_e5A.roa
Signing time: Fri 28 Jul 2023 12:31:27 +0000
ROA not before: Fri 28 Jul 2023 12:31:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211252
IP address blocks: 94.156.6.0/24 maxlen: 24
45.81.243.0/24 maxlen: 24
45.12.253.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
85.31.44.0/24 maxlen: 24
85.31.46.0/24 maxlen: 24
85.31.45.0/24 maxlen: 24
185.246.221.0/24 maxlen: 24
185.246.220.0/24 maxlen: 24
109.206.243.0/24 maxlen: 24
109.206.241.0/24 maxlen: 24
185.254.37.0/24 maxlen: 24
194.180.48.0/24 maxlen: 24
194.180.49.0/24 maxlen: 24
185.225.73.0/24 maxlen: 24
45.139.105.0/24 maxlen: 24
185.225.75.0/24 maxlen: 24
185.225.74.0/24 maxlen: 24
37.139.128.0/24 maxlen: 24
37.139.129.0/24 maxlen: 24
87.121.3.0/24 maxlen: 24
84.21.172.0/24 maxlen: 24
109.206.240.0/24 maxlen: 24
212.87.204.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
84.54.50.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
85.217.144.0/24 maxlen: 24
45.81.39.0/24 maxlen: 24
94.156.253.0/24 maxlen: 24
80.76.51.0/24 maxlen: 24
94.156.161.0/24 maxlen: 24
193.42.33.0/24 maxlen: 24
193.42.32.0/24 maxlen: 24
185.252.178.0/24 maxlen: 24
193.47.61.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
185.216.68.0/24 maxlen: 24
45.88.67.0/24 maxlen: 24
185.216.71.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
79.110.63.0/24 maxlen: 24
93.123.118.0/24 maxlen: 24
87.121.221.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:9c:7b:84:5a:3c:c6:d3:20:3f:2d:ae:e1:bf:e8:52:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jul 28 12:31:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5ce52cdf2752b3db5420f87a75d0cce726ff7b90
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:95:6d:5c:6d:d8:30:46:88:32:bc:e1:d1:7f:
4b:a3:a5:04:ba:30:a8:25:df:45:df:f1:48:14:0e:
4f:07:43:66:59:61:9c:0e:1c:51:18:f8:09:96:6e:
ac:da:13:7e:dc:e3:e7:58:99:88:b1:aa:f6:5b:38:
06:7b:75:5b:12:12:da:96:a5:de:8c:c3:11:c0:6f:
58:a9:4a:e3:2d:ab:7c:2e:0e:47:b3:a5:2a:00:31:
4b:da:99:4e:c9:e2:78:e8:36:77:4a:7a:34:d8:d9:
7d:ca:91:85:36:89:d1:26:18:85:ab:72:95:79:57:
22:c7:ec:98:e8:fe:c5:12:8a:c4:9b:1b:c0:2d:b1:
37:66:14:c0:77:37:74:1e:ee:19:a7:09:27:62:ee:
5f:4e:7e:1b:81:7a:e3:c9:52:b6:6a:04:c4:3c:51:
c9:4a:e1:ad:b9:07:9d:0c:2d:fb:3d:31:e8:7d:e5:
f7:94:7a:7c:45:5b:31:a9:af:01:52:5a:ea:65:a6:
a9:ff:1b:f5:7c:2e:e9:86:f7:3e:2b:85:2c:63:25:
de:02:b2:58:0f:26:43:a0:12:40:d3:1d:9b:dc:97:
a2:62:eb:b9:44:39:6d:9e:87:50:34:58:ad:20:4c:
ea:e6:bd:0c:92:80:a6:7e:55:6b:07:51:de:06:b7:
1d:7f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5C:E5:2C:DF:27:52:B3:DB:54:20:F8:7A:75:D0:CC:E7:26:FF:7B:90
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/XOUs3ydSs9tUIPh6ddDM5yb_e5A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.128.0/23
45.12.253.0/24
45.66.230.0/24
45.81.39.0/24
45.81.243.0/24
45.88.67.0/24
45.139.105.0/24
79.110.62.0/23
80.76.51.0/24
84.21.172.0/24
84.54.50.0/24
85.31.44.0-85.31.46.255
85.217.144.0/24
87.121.3.0/24
87.121.221.0/24
93.123.118.0/24
94.156.6.0/24
94.156.161.0/24
94.156.253.0/24
95.214.27.0/24
109.206.240.0/23
109.206.243.0/24
185.216.68.0/24
185.216.71.0/24
185.225.73.0-185.225.75.255
185.246.220.0/23
185.252.178.0/24
185.254.37.0/24
193.42.32.0/23
193.47.61.0/24
194.55.186.0/24
194.55.224.0/24
194.180.48.0/23
212.87.204.0/24
Signature Algorithm: sha256WithRSAEncryption
36:50:34:41:a3:73:99:ae:d8:93:12:b5:bf:a8:67:01:bf:cf:
8d:66:c8:ff:c1:7a:d4:ea:97:27:97:19:00:4b:e3:c3:c7:a3:
ed:b9:e8:33:dd:f9:7e:07:64:24:d2:e5:9f:b6:05:70:0b:95:
fe:8c:88:89:ea:d1:8e:73:3f:27:5d:62:e3:3d:7c:ee:12:21:
24:70:02:6e:2a:5a:a4:42:ea:1b:59:e4:91:38:17:4f:96:5d:
2a:95:2e:35:ae:75:dd:54:05:0b:dc:cd:8c:81:44:0e:87:cc:
6b:23:6c:04:75:e9:0a:7c:d2:50:c8:22:57:00:49:8f:d2:c6:
7f:60:95:84:c0:b9:e3:39:16:44:8c:fa:02:f7:fe:58:02:4f:
59:1d:77:f5:95:eb:7b:c4:57:01:44:63:de:8c:42:65:64:f4:
39:1d:31:1b:c4:2e:b0:00:24:fb:cb:e1:f5:e1:ea:d5:2c:e4:
49:03:a6:e6:5b:9b:88:65:ae:2c:84:8f:b5:35:e7:2b:ef:cd:
be:2e:ba:46:5c:2d:dc:e9:dd:0f:d6:ba:56:39:78:c7:49:63:
ed:8f:ef:d2:27:da:3a:e2:62:a9:27:ef:4f:25:8b:e6:17:cf:
21:25:73:2b:af:55:e2:96:6d:23:67:6a:37:46:83:ca:2f:97:
4c:6f:44:92
-----BEGIN CERTIFICATE-----
MIIF2DCCBMCgAwIBAgISAYmce4RaPMbTID8truG/6FKFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzI4MTIzMTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1Y2U1MmNkZjI3NTJiM2RiNTQyMGY4N2E3NWQwY2NlNzI2ZmY3YjkwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA35VtXG3YMEaIMrzh0X9Lo6UEujCo
Jd9F3/FIFA5PB0NmWWGcDhxRGPgJlm6s2hN+3OPnWJmIsar2WzgGe3VbEhLalqXe
jMMRwG9YqUrjLat8Lg5Hs6UqADFL2plOyeJ46DZ3Sno02Nl9ypGFNonRJhiFq3KV
eVcix+yY6P7FEorEmxvALbE3ZhTAdzd0Hu4ZpwknYu5fTn4bgXrjyVK2agTEPFHJ
SuGtuQedDC37PTHofeX3lHp8RVsxqa8BUlrqZaap/xv1fC7phvc+K4UsYyXeArJY
DyZDoBJA0x2b3JeiYuu5RDltnodQNFitIEzq5r0MkoCmflVrB1HeBrcdfwIDAQAB
o4IC5DCCAuAwHQYDVR0OBBYEFFzlLN8nUrPbVCD4enXQzOcm/3uQMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWE9VczN5ZFNzOXRVSVBoNmRkRE01eWJfZTVBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH5BggrBgEFBQcBBwEB/wSB6TCB5jCB4wQCAAEwgdwDBAEl
i4ADBAAtDP0DBAAtQuYDBAAtUScDBAAtUfMDBAAtWEMDBAAti2kDBAFPbj4DBABQ
TDMDBABUFawDBABUNjIwDAMEAlUfLAMEAFUfLgMEAFXZkAMEAFd5AwMEAFd53QME
AF17dgMEAF6cBgMEAF6coQMEAF6c/QMEAF/WGwMEAW3O8AMEAG3O8wMEALnYRAME
ALnYRzAMAwQAueFJAwQCueFIAwQBufbcAwQAufyyAwQAuf4lAwQBwSogAwQAwS89
AwQAwje6AwQAwjfgAwQBwrQwAwQA1FfMMA0GCSqGSIb3DQEBCwUAA4IBAQA2UDRB
o3OZrtiTErW/qGcBv8+NZsj/wXrU6pcnlxkAS+PDx6Ptuegz3fl+B2Qk0uWftgVw
C5X+jIiJ6tGOcz8nXWLjPXzuEiEkcAJuKlqkQuobWeSROBdPll0qlS41rnXdVAUL
3M2MgUQOh8xrI2wEdekKfNJQyCJXAEmP0sZ/YJWEwLnjORZEjPoC9/5YAk9ZHXf1
let7xFcBRGPejEJlZPQ5HTEbxC6wACT7y+H14erVLORJA6bmW5uIZa4shI+1Necr
782+LrpGXC3c6d0P1rpWOXjHSWPtj+/SJ9o64mKpJ+9PJYvmF88hJXMrr1Xilm0j
Z2o3RoPKL5dMb0SS
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:35 2024 by rpki-client on console-ams.rpki-client.org