Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bFsoLiMREknN7DovMf6BQArkFQQ.roa
File: bFsoLiMREknN7DovMf6BQArkFQQ.roa (raw, json)
Hash identifier: 08qX4LhL4jWDfefqv2IfW4NuSRbFFxD8/WAUFTGkDmo=
Subject key identifier: 6C:5B:28:2E:23:11:12:49:CD:EC:3A:2F:31:FE:81:40:0A:E4:15:04
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01860D4C0BA3D058B62B84BC0B3AA9182DC4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bFsoLiMREknN7DovMf6BQArkFQQ.roa
Signing time: Wed 01 Feb 2023 14:05:32 +0000
ROA not before: Wed 01 Feb 2023 14:05:32 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209371
IP address blocks: 185.216.70.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
194.55.225.0/24 maxlen: 24
178.215.239.0/24 maxlen: 24
45.128.96.0/22 maxlen: 24
85.31.47.0/24 maxlen: 24
193.42.32.0/24 maxlen: 24
45.139.107.0/24 maxlen: 24
45.84.89.0/24 maxlen: 24
193.35.19.0/24 maxlen: 24
94.154.172.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:0d:4c:0b:a3:d0:58:b6:2b:84:bc:0b:3a:a9:18:2d:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 1 14:05:32 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6c5b282e23111249cdec3a2f31fe81400ae41504
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:47:aa:0f:d8:59:46:74:41:4a:e2:0a:40:2f:
cf:9e:45:45:f4:1a:3e:84:c9:6d:8e:2f:34:4e:d2:
17:ea:2a:86:85:06:00:0a:d1:b2:c7:5a:a7:71:df:
32:70:5b:8d:48:f1:e9:5e:fd:75:ed:f2:51:20:c8:
1a:9e:ad:b6:ff:da:18:1a:c1:ed:6a:5a:0b:bb:b4:
a3:3c:ea:67:5b:ae:03:9e:d9:7f:94:ae:6b:a7:b9:
d6:96:a8:fb:ae:c3:dd:7f:93:f2:61:06:99:22:e7:
24:38:e6:8a:cb:bc:ef:8c:4f:50:b4:bc:63:d2:15:
d0:37:39:4f:17:4c:76:9c:fd:4b:de:c4:ee:b3:fd:
68:e5:f1:ca:67:e3:ab:63:34:ac:d0:b7:f1:c6:12:
9f:56:b7:36:b8:ea:92:aa:c2:c0:5f:2b:b1:ad:5d:
fc:18:5f:c3:57:ec:5a:3e:20:cc:dd:ec:a3:49:da:
cc:0d:09:bb:76:25:78:00:84:b6:3c:2d:9d:87:97:
fa:ff:f7:a4:e7:a5:fe:39:4e:4d:d0:c4:65:20:a5:
04:a6:b8:b6:c7:3f:83:26:ed:ee:ef:6c:eb:51:32:
ed:eb:ee:8a:c2:6e:a4:8d:1f:55:0f:58:8c:73:06:
c9:11:cf:01:cc:5d:f8:7c:28:a6:e9:a7:82:40:e3:
df:39
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6C:5B:28:2E:23:11:12:49:CD:EC:3A:2F:31:FE:81:40:0A:E4:15:04
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/bFsoLiMREknN7DovMf6BQArkFQQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.84.89.0/24
45.128.96.0/22
45.139.107.0/24
85.31.47.0/24
94.154.172.0/24
178.215.239.0/24
185.216.70.0/24
193.35.19.0/24
193.42.32.0/24
194.55.224.0/23
Signature Algorithm: sha256WithRSAEncryption
26:6d:5e:45:52:8b:57:4d:60:2f:43:a6:a1:11:9b:80:59:e2:
de:ad:77:d7:c1:8d:40:29:a6:5e:ed:5e:e5:59:82:e8:7a:53:
05:2d:5b:35:2a:c5:be:b0:48:0d:fd:10:cc:f3:6f:c7:4d:7c:
09:86:82:15:2f:ff:5e:b1:b5:3e:11:fc:4a:8d:63:f8:b1:b8:
ce:b4:76:89:90:b8:51:5d:52:9f:f9:af:4b:98:7c:81:91:7c:
9b:ab:f6:0b:71:70:43:72:16:49:e4:79:b9:0c:b0:77:d7:12:
62:f2:f9:d2:be:10:fd:bb:1e:4f:17:f0:05:3e:da:4e:75:0f:
c0:be:67:cc:6b:ad:92:d0:44:80:23:58:45:9b:44:b6:19:96:
c0:0b:67:29:9b:25:85:be:5b:76:8a:2b:e2:6f:2b:49:d8:45:
83:12:ab:97:36:c3:bd:23:af:7d:63:f6:20:3a:e8:53:bc:0c:
7b:b4:50:36:db:c0:26:c5:37:80:bb:28:d3:83:a1:cf:3e:38:
33:0a:5a:fa:df:b7:71:e5:ad:8e:67:ea:75:2a:22:35:d7:a2:
cb:0d:08:a9:cc:97:e3:2f:f7:59:de:aa:4e:5d:27:e0:ea:60:
ac:68:8a:5f:54:2b:4b:dd:f8:fd:69:f3:79:d4:b2:42:83:49:
22:2f:5e:73
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYYNTAuj0Fi2K4S8CzqpGC3EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMjAxMTQwNTMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2YzViMjgyZTIzMTExMjQ5Y2RlYzNhMmYzMWZlODE0MDBhZTQxNTA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt0eqD9hZRnRBSuIKQC/PnkVF9Bo+
hMltji80TtIX6iqGhQYACtGyx1qncd8ycFuNSPHpXv117fJRIMganq22/9oYGsHt
aloLu7SjPOpnW64Dntl/lK5rp7nWlqj7rsPdf5PyYQaZIuckOOaKy7zvjE9QtLxj
0hXQNzlPF0x2nP1L3sTus/1o5fHKZ+OrYzSs0LfxxhKfVrc2uOqSqsLAXyuxrV38
GF/DV+xaPiDM3eyjSdrMDQm7diV4AIS2PC2dh5f6//ek56X+OU5N0MRlIKUEpri2
xz+DJu3u72zrUTLt6+6Kwm6kjR9VD1iMcwbJEc8BzF34fCim6aeCQOPfOQIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFGxbKC4jERJJzew6LzH+gUAK5BUEMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvYkZzb0xpTVJFa25ON0Rvdk1mNkJRQXJrRlFRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALVRZAwQC
LYBgAwQALYtrAwQAVR8vAwQAXpqsAwQAstfvAwQAudhGAwQAwSMTAwQAwSogAwQB
wjfgMA0GCSqGSIb3DQEBCwUAA4IBAQAmbV5FUotXTWAvQ6ahEZuAWeLerXfXwY1A
KaZe7V7lWYLoelMFLVs1KsW+sEgN/RDM82/HTXwJhoIVL/9esbU+EfxKjWP4sbjO
tHaJkLhRXVKf+a9LmHyBkXybq/YLcXBDchZJ5Hm5DLB31xJi8vnSvhD9ux5PF/AF
PtpOdQ/AvmfMa62S0ESAI1hFm0S2GZbAC2cpmyWFvlt2iivibytJ2EWDEquXNsO9
I699Y/YgOuhTvAx7tFA228AmxTeAuyjTg6HPPjgzClr637dx5a2OZ+p1KiI116LL
DQipzJfjL/dZ3qpOXSfg6mCsaIpfVCtL3fj9afN51LJCg0kiL15z
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:39 2023 by rpki-client on console-ams.rpki-client.org