Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bBrxvzOJt2zg98vXivRUr9OLavI.roa
File: bBrxvzOJt2zg98vXivRUr9OLavI.roa (raw, json)
Hash identifier: KPL1jNAy8BHRWuZbgKFYDeDThyHCWOYqrQEsN1b7fvs=
Subject key identifier: 6C:1A:F1:BF:33:89:B7:6C:E0:F7:CB:D7:8A:F4:54:AF:D3:8B:6A:F2
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018A5FF40F3B7CE9182E4F3B347258A37DB8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bBrxvzOJt2zg98vXivRUr9OLavI.roa
Signing time: Mon 04 Sep 2023 11:29:04 +0000
ROA not before: Mon 04 Sep 2023 11:29:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.218.84.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
94.156.239.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.252.176.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
185.216.84.0/22 maxlen: 24
87.121.45.0/24 maxlen: 24
194.169.174.0/24 maxlen: 24
94.156.78.0/24 maxlen: 24
94.154.163.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
185.219.126.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:5f:f4:0f:3b:7c:e9:18:2e:4f:3b:34:72:58:a3:7d:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Sep 4 11:29:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6c1af1bf3389b76ce0f7cbd78af454afd38b6af2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:e0:08:05:ac:9c:90:5a:90:3f:7d:f6:8d:ac:
73:0f:df:03:5c:3b:c4:25:43:b1:f1:e0:05:c1:5b:
49:5c:ca:a7:40:c2:c9:1e:bb:ec:5d:03:4e:ec:a4:
60:45:b9:94:02:30:98:76:a2:34:35:95:50:7e:f7:
cb:73:52:85:6c:b4:55:f8:8b:3e:28:12:47:d0:1e:
f3:1c:df:60:1a:48:0e:37:a7:10:33:60:6b:c7:46:
f1:43:aa:86:2c:4b:f4:b3:35:6f:62:4e:a5:3d:99:
61:d0:e4:f3:55:59:50:ef:7b:4e:d7:ca:b5:a7:9a:
10:03:55:d4:04:4c:eb:24:50:65:ec:6a:85:cf:1b:
e2:16:37:7f:8e:c5:fa:f7:f1:6e:81:88:1b:b7:4d:
14:3f:69:ec:b7:bd:e5:45:65:9e:81:cd:b4:9c:fa:
f5:7a:1d:d4:56:ae:7d:70:81:cd:07:56:16:5e:f5:
8f:11:3a:23:c3:de:b9:3f:98:49:58:ad:93:0c:2b:
8c:ad:21:61:6b:e9:40:9c:09:3f:be:62:59:c5:12:
c5:ee:16:40:65:09:24:4c:02:8c:46:4f:a9:55:74:
78:ba:d5:65:7d:8b:c2:a0:04:89:bd:1f:41:f2:7a:
aa:fd:3d:ee:2f:db:80:00:2e:1d:53:94:ab:08:c0:
1b:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:1A:F1:BF:33:89:B7:6C:E0:F7:CB:D7:8A:F4:54:AF:D3:8B:6A:F2
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bBrxvzOJt2zg98vXivRUr9OLavI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.89.0/24
87.121.45.0/24
92.119.196.0/23
94.154.161.0-94.154.163.255
94.156.78.0/24
94.156.239.0/24
147.78.100.0-147.78.102.255
171.22.72.0/22
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.219.126.0/24
185.252.176.0/24
194.169.174.0/24
Signature Algorithm: sha256WithRSAEncryption
4f:b7:21:a1:db:6a:da:6b:8b:dc:35:28:2c:91:c4:1b:ec:cb:
82:50:a8:94:f2:4b:59:4f:e4:86:02:c3:60:7c:17:a5:07:4e:
27:74:e5:56:2b:58:eb:06:a6:d2:8d:52:dc:70:e8:44:61:c6:
7a:a6:7d:b5:0c:55:9d:86:c4:1d:5c:60:38:4c:3c:49:51:ef:
97:59:9e:c1:f9:35:c0:32:1e:16:87:1b:55:24:e1:e9:03:86:
5e:27:8f:06:4c:6b:ad:3a:d8:fe:06:8a:d0:50:85:16:c7:04:
4d:de:fe:7e:9e:ae:26:f5:46:5f:d6:55:ee:5b:56:d0:97:14:
73:5c:ac:47:84:62:8e:09:b5:34:92:4a:ca:62:7d:b3:af:0c:
70:74:23:22:0d:3c:d0:e4:07:37:e6:9e:bf:09:50:e7:c2:d2:
b8:27:d9:c7:02:7e:7b:7f:8d:b3:af:cc:fb:69:39:da:c1:6a:
2e:f2:ec:33:77:7c:cc:53:ef:d0:c1:99:eb:17:48:8a:bd:66:
b8:7b:31:e1:ca:c0:35:18:72:9d:9a:1d:88:52:e1:db:2d:3f:
c7:c7:ba:dd:49:95:27:5b:a4:f4:f1:c4:51:b8:11:d4:aa:96:
26:80:cb:07:93:82:63:08:4c:45:af:f2:e1:a9:27:c5:d9:32:
a2:5f:e3:29
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAYpf9A87fOkYLk87NHJYo324MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTA0MTEyOTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzFhZjFiZjMzODliNzZjZTBmN2NiZDc4YWY0NTRhZmQzOGI2YWYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA7+AIBayckFqQP332jaxzD98DXDvE
JUOx8eAFwVtJXMqnQMLJHrvsXQNO7KRgRbmUAjCYdqI0NZVQfvfLc1KFbLRV+Is+
KBJH0B7zHN9gGkgON6cQM2Brx0bxQ6qGLEv0szVvYk6lPZlh0OTzVVlQ73tO18q1
p5oQA1XUBEzrJFBl7GqFzxviFjd/jsX69/FugYgbt00UP2nst73lRWWegc20nPr1
eh3UVq59cIHNB1YWXvWPETojw965P5hJWK2TDCuMrSFha+lAnAk/vmJZxRLF7hZA
ZQkkTAKMRk+pVXR4utVlfYvCoASJvR9B8nqq/T3uL9uAAC4dU5SrCMAbBQIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFGwa8b8zibds4PfL14r0VK/Ti2ryMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvYkJyeHZ6T0p0MnpnOTh2WGl2UlVyOU9MYXZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGDBggrBgEFBQcBBwEB/wR0MHIwcAQCAAEwagMEAC2XWQME
AFd5LQMEAVx3xDAMAwQAXpqhAwQCXpqgAwQAXpxOAwQAXpzvMAwDBAKTTmQDBACT
TmYDBAKrFkgDBACy1+ADBACy1+wDBAK52FQDBAK52lQDBAC5234DBAC5/LADBADC
qa4wDQYJKoZIhvcNAQELBQADggEBAE+3IaHbatpri9w1KCyRxBvsy4JQqJTyS1lP
5IYCw2B8F6UHTid05VYrWOsGptKNUtxw6ERhxnqmfbUMVZ2GxB1cYDhMPElR75dZ
nsH5NcAyHhaHG1Uk4ekDhl4njwZMa6062P4GitBQhRbHBE3e/n6erib1Rl/WVe5b
VtCXFHNcrEeEYo4JtTSSSspifbOvDHB0IyINPNDkBzfmnr8JUOfC0rgn2ccCfnt/
jbOvzPtpOdrBai7y7DN3fMxT79DBmesXSIq9Zrh7MeHKwDUYcp2aHYhS4dstP8fH
ut1JlSdbpPTxxFG4EdSqliaAyweTgmMITEWv8uGpJ8XZMqJf4yk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:37 2024 by rpki-client on console-ams.rpki-client.org