Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/du4CnzhZR3lCJPXSX2HBHor0rz0.roa
File: du4CnzhZR3lCJPXSX2HBHor0rz0.roa (raw, json)
Hash identifier: gb2IttkK+CYCDOwwmoZKm3QShKOxZ+TYGXd0JrK1ev0=
Subject key identifier: 76:EE:02:9F:38:59:47:79:42:24:F5:D2:5F:61:C1:1E:8A:F4:AF:3D
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018E611B56FFEA5D3F11974F8D4A90179182
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/du4CnzhZR3lCJPXSX2HBHor0rz0.roa
Signing time: Thu 21 Mar 2024 13:02:45 +0000
ROA not before: Thu 21 Mar 2024 13:02:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207279
IP address blocks: 2.59.253.0/24 maxlen: 24
45.84.91.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.88.91.0/24 maxlen: 24
79.110.51.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
92.119.198.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.162.0/24 maxlen: 24
94.156.75.0/24 maxlen: 24
109.206.239.0/24 maxlen: 24
178.215.225.0/24 maxlen: 24
178.215.227.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
185.222.160.0/24 maxlen: 24
185.222.161.0/24 maxlen: 24
185.222.162.0/24 maxlen: 24
193.25.217.0/24 maxlen: 24
193.37.40.0/24 maxlen: 24
193.37.42.0/24 maxlen: 24
193.37.44.0/24 maxlen: 24
193.222.97.0/24 maxlen: 24
193.222.99.0/24 maxlen: 24
194.55.187.0/24 maxlen: 24
194.55.225.0/24 maxlen: 24
194.59.31.0/24 maxlen: 24
194.180.38.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:61:1b:56:ff:ea:5d:3f:11:97:4f:8d:4a:90:17:91:82
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 21 13:02:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=76ee029f385947794224f5d25f61c11e8af4af3d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:83:89:45:a9:41:de:bc:2c:ba:7d:8f:3d:39:db:
01:3b:b3:6d:5c:6d:a1:4e:8b:83:4b:d4:2f:41:f0:
2e:ff:9e:77:ba:c9:f7:8d:b5:1f:1e:80:f0:9b:bc:
b2:5a:93:c5:32:2f:b1:0b:d1:23:75:08:ea:f5:ab:
5e:da:f2:7b:7b:f9:e9:c0:f2:86:00:6e:13:36:1c:
be:a3:33:71:65:23:b8:ae:65:f2:4e:b8:6b:f4:dc:
2c:54:27:43:ba:c0:2a:71:b7:7e:68:86:fb:29:c3:
0f:6a:7f:93:23:df:9f:98:ea:88:7a:60:6c:c0:57:
b0:0a:40:6c:c0:e0:36:b1:47:47:7c:3c:c0:e3:5f:
ee:5a:db:3a:3c:e8:c8:5d:50:2e:d8:a4:e0:10:ec:
17:59:2b:e1:69:6e:03:32:d3:20:2e:b8:90:8f:2c:
76:5e:de:58:3e:69:b6:1e:26:49:21:0b:9f:be:87:
e4:5b:cd:bb:f3:8d:86:0c:7f:ff:28:15:81:a2:d4:
d8:dd:97:4d:19:cf:89:e6:5a:28:19:30:34:57:77:
1d:18:b8:3e:20:1f:86:e0:69:eb:2a:fe:b4:35:1f:
3d:23:b9:1e:bf:9c:8c:ae:86:c3:84:c2:c2:b0:92:
0a:9b:8f:3c:b1:31:2d:46:85:b8:96:b6:18:d1:f6:
63:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:EE:02:9F:38:59:47:79:42:24:F5:D2:5F:61:C1:1E:8A:F4:AF:3D
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/du4CnzhZR3lCJPXSX2HBHor0rz0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.253.0/24
45.84.91.0/24
45.88.64.0/24
45.88.91.0/24
79.110.51.0/24
83.219.97.0/24
92.119.198.0/24
92.249.50.0/24
94.154.162.0/24
94.156.75.0/24
109.206.239.0/24
178.215.225.0/24
178.215.227.0/24
178.215.236.0/24
185.222.160.0-185.222.162.255
193.25.217.0/24
193.37.40.0/24
193.37.42.0/24
193.37.44.0/24
193.222.97.0/24
193.222.99.0/24
194.55.187.0/24
194.55.225.0/24
194.59.31.0/24
194.180.38.0/24
Signature Algorithm: sha256WithRSAEncryption
94:48:b6:87:5a:8d:4b:b4:5d:ec:8a:9b:32:91:92:61:e2:10:
66:b9:33:5a:b4:dd:72:bb:43:ac:3a:7e:31:d8:47:d5:35:1b:
3e:1d:bc:39:03:fc:ef:9c:35:d1:56:4e:39:96:e1:d7:8e:b3:
e0:a4:60:f1:55:c7:f3:80:7e:58:c4:9e:4f:28:87:a6:fc:d3:
22:5c:14:4e:90:8b:30:dc:b1:c4:29:be:22:e5:15:5c:f9:b4:
9d:12:bf:31:a1:09:2b:3f:d0:c9:85:61:02:ab:d5:00:e0:ca:
61:07:86:e2:2f:ac:20:32:9c:41:69:d0:95:da:0a:9a:bf:f5:
48:62:ab:11:4d:cb:1a:f8:26:3e:2a:82:af:d3:be:4f:78:21:
cc:57:f1:96:ee:40:08:1c:55:f3:9e:d4:2e:b5:fb:54:8c:56:
a1:78:01:8a:0c:27:b3:30:b7:68:6e:0e:49:f8:a2:88:8a:c6:
52:aa:94:9d:e4:f7:c1:e7:fc:b0:83:08:82:9d:21:15:a4:e9:
6c:c5:8c:79:f6:b4:58:6f:0c:53:5a:97:44:16:16:ae:ab:48:
e0:a0:ba:cf:da:38:43:69:aa:30:3d:b4:be:7a:5f:53:0b:c8:
b4:a6:b1:6b:64:04:15:df:c9:a3:d5:7a:86:83:df:ac:79:56:
a0:5a:40:1b
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgISAY5hG1b/6l0/EZdPjUqQF5GCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMzIxMTMwMjQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NmVlMDI5ZjM4NTk0Nzc5NDIyNGY1ZDI1ZjYxYzExZThhZjRhZjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg4lFqUHevCy6fY89OdsBO7NtXG2h
TouDS9QvQfAu/553usn3jbUfHoDwm7yyWpPFMi+xC9EjdQjq9ate2vJ7e/npwPKG
AG4TNhy+ozNxZSO4rmXyTrhr9NwsVCdDusAqcbd+aIb7KcMPan+TI9+fmOqIemBs
wFewCkBswOA2sUdHfDzA41/uWts6POjIXVAu2KTgEOwXWSvhaW4DMtMgLriQjyx2
Xt5YPmm2HiZJIQufvofkW827842GDH//KBWBotTY3ZdNGc+J5looGTA0V3cdGLg+
IB+G4GnrKv60NR89I7kev5yMrobDhMLCsJIKm488sTEtRoW4lrYY0fZjKwIDAQAB
o4ICpjCCAqIwHQYDVR0OBBYEFHbuAp84WUd5QiT10l9hwR6K9K89MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZHU0Q256aFpSM2xDSlBYU1gySEJIb3IwcnowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG7BggrBgEFBQcBBwEB/wSBqzCBqDCBpQQCAAEwgZ4DBAAC
O/0DBAAtVFsDBAAtWEADBAAtWFsDBABPbjMDBABT22EDBABcd8YDBABc+TIDBABe
mqIDBABenEsDBABtzu8DBACy1+EDBACy1+MDBACy1+wwDAMEBbneoAMEALneogME
AMEZ2QMEAMElKAMEAMElKgMEAMElLAMEAMHeYQMEAMHeYwMEAMI3uwMEAMI34QME
AMI7HwMEAMK0JjANBgkqhkiG9w0BAQsFAAOCAQEAlEi2h1qNS7Rd7IqbMpGSYeIQ
ZrkzWrTdcrtDrDp+MdhH1TUbPh28OQP875w10VZOOZbh146z4KRg8VXH84B+WMSe
TyiHpvzTIlwUTpCLMNyxxCm+IuUVXPm0nRK/MaEJKz/QyYVhAqvVAODKYQeG4i+s
IDKcQWnQldoKmr/1SGKrEU3LGvgmPiqCr9O+T3ghzFfxlu5ACBxV857ULrX7VIxW
oXgBigwnszC3aG4OSfiiiIrGUqqUneT3wef8sIMIgp0hFaTpbMWMefa0WG8MU1qX
RBYWrqtI4KC6z9o4Q2mqMD20vnpfUwvItKaxa2QEFd/Jo9V6hoPfrHlWoFpAGw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:15 2024 by rpki-client on console-fra.rpki-client.org