Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/eJqTTvexXRznaI3RUBFvdJc6UIA.roa
File: eJqTTvexXRznaI3RUBFvdJc6UIA.roa (raw, json)
Hash identifier: 8Kkj+OccGCpfW2RXHppqrP+cLPs5TL643yJUqlsnSiw=
Subject key identifier: 78:9A:93:4E:F7:B1:5D:1C:E7:68:8D:D1:50:11:6F:74:97:3A:50:80
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01934A1EC33812C5985EF428A169AAC5BE3E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/eJqTTvexXRznaI3RUBFvdJc6UIA.roa
Signing time: Wed 20 Nov 2024 15:09:10 +0000
ROA not before: Wed 20 Nov 2024 15:09:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.88.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
93.123.84.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
141.98.1.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:4a:1e:c3:38:12:c5:98:5e:f4:28:a1:69:aa:c5:be:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Nov 20 15:09:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=789a934ef7b15d1ce7688dd150116f74973a5080
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d7:30:45:bc:58:f8:75:51:c8:c7:d5:99:29:e9:
8b:f4:65:75:ab:f5:51:85:7f:df:98:82:73:07:e0:
a3:c9:41:c0:76:28:01:06:f4:32:19:81:b0:3f:c3:
2c:bd:4a:3d:c1:87:e1:68:3f:18:1b:76:5d:88:b9:
01:59:65:b8:a3:68:b3:8b:cd:41:a3:05:ce:17:e3:
d2:79:83:24:92:cf:fa:0e:7a:4d:fc:0f:3b:59:ab:
53:76:6d:00:84:f6:18:aa:44:73:02:ef:54:15:c2:
e3:04:2c:dc:20:bd:de:c0:fc:0a:45:c0:f0:a0:b2:
e9:72:0c:9c:8a:6a:c1:05:dd:b5:dc:27:ad:93:eb:
28:c6:af:57:0a:c4:73:ab:8e:5d:97:5f:9c:ed:c2:
9e:e0:1e:c9:27:6a:d1:1c:a3:4a:32:9e:e5:3c:b7:
65:3a:7a:cb:21:4f:6d:cf:4f:f0:0a:6e:3c:3a:a0:
2c:d3:4a:e2:3a:a6:2e:a6:a7:88:f3:28:ee:d8:e3:
ee:bf:15:a7:93:86:7f:85:02:da:f6:63:0f:67:76:
8d:d2:bc:72:85:4c:65:ee:88:5f:50:af:fc:a7:ad:
5d:fa:46:fe:77:f8:2b:51:18:d0:f7:5a:57:96:67:
8f:3e:4f:23:b9:a5:bc:42:0a:ca:ec:06:64:2e:a2:
80:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
78:9A:93:4E:F7:B1:5D:1C:E7:68:8D:D1:50:11:6F:74:97:3A:50:80
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/eJqTTvexXRznaI3RUBFvdJc6UIA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.14.164.0/24
45.66.228.0/24
45.88.64.0/24
45.90.88.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
93.123.84.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
141.98.1.0/24
147.78.100.0/24
171.22.72.0/22
185.216.84.0/22
185.218.84.0/22
Signature Algorithm: sha256WithRSAEncryption
a1:d2:39:3d:1c:5b:d7:fc:f2:1d:47:b5:26:75:86:40:b5:0d:
e2:c9:86:4b:ad:19:08:c6:d6:c9:32:c0:75:00:a0:81:38:39:
d3:4f:30:4c:06:01:04:3e:d7:0b:e8:fc:34:f5:d4:1e:bb:ac:
53:1b:b7:f6:73:08:b4:f3:28:5d:37:9c:d2:12:90:1f:e1:b9:
58:31:f2:c9:96:84:54:f0:63:6f:62:87:66:cb:d2:26:69:52:
86:ce:b1:e3:5e:a3:9d:85:39:06:dc:f0:db:94:3f:e8:c9:ef:
cc:8e:da:83:98:a1:b5:c2:c1:d1:16:81:31:d0:47:ef:48:3b:
c6:49:23:73:44:b5:7f:db:59:b5:d4:2a:ce:c0:a5:46:2c:23:
b8:b4:11:61:8d:25:da:3b:a4:d0:48:d7:43:5d:bb:13:d8:7f:
4a:85:2a:dd:18:35:6c:cc:90:41:00:26:1a:02:b9:7c:0c:d4:
74:d3:ea:66:c7:61:d7:ce:c0:ed:6c:5c:80:24:13:c7:d0:d6:
16:8e:0b:d9:f2:46:76:55:e6:d2:df:e0:95:2b:c8:92:7e:24:
d7:61:bf:17:69:88:1e:f9:55:c7:a2:64:b5:ea:a3:e1:53:5d:
d3:df:a8:5b:b7:37:08:9c:0f:e0:ca:84:0a:10:04:ed:92:7a:
56:34:5c:c5
-----BEGIN CERTIFICATE-----
MIIFpjCCBI6gAwIBAgISAZNKHsM4EsWYXvQooWmqxb4+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMTIwMTUwOTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ODlhOTM0ZWY3YjE1ZDFjZTc2ODhkZDE1MDExNmY3NDk3M2E1MDgwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1zBFvFj4dVHIx9WZKemL9GV1q/VR
hX/fmIJzB+CjyUHAdigBBvQyGYGwP8MsvUo9wYfhaD8YG3ZdiLkBWWW4o2izi81B
owXOF+PSeYMkks/6DnpN/A87WatTdm0AhPYYqkRzAu9UFcLjBCzcIL3ewPwKRcDw
oLLpcgycimrBBd213Cetk+soxq9XCsRzq45dl1+c7cKe4B7JJ2rRHKNKMp7lPLdl
OnrLIU9tz0/wCm48OqAs00riOqYupqeI8yju2OPuvxWnk4Z/hQLa9mMPZ3aN0rxy
hUxl7ohfUK/8p61d+kb+d/grURjQ91pXlmePPk8juaW8QgrK7AZkLqKAoQIDAQAB
o4ICsjCCAq4wHQYDVR0OBBYEFHiak073sV0c52iN0VARb3SXOlCAMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZUpxVFR2ZXhYUnpuYUkzUlVCRnZkSmM2VUlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHHBggrBgEFBQcBBwEB/wSBtzCBtDCBsQQCAAEwgaoDBAAt
DqQDBAAtQuQDBAAtWEADBAAtWlgDBAAti2oDBAAtjZ4wDAMEAC2XWQMEAi2XWAME
AFPbYQMEAFQ2MAMEAFd4VwMEAFd4pgMEAFd5LQMEAFd5VwMEAVd5fAMEAFd5ogME
AFd5pQMEBFtc8AMEAVx3xAMEAF17VAMEAl6aoAMEAF6cCwMEA16cQAMEAI1iAQME
AJNOZAMEAqsWSAMEArnYVAMEArnaVDANBgkqhkiG9w0BAQsFAAOCAQEAodI5PRxb
1/zyHUe1JnWGQLUN4smGS60ZCMbWyTLAdQCggTg5008wTAYBBD7XC+j8NPXUHrus
Uxu39nMItPMoXTec0hKQH+G5WDHyyZaEVPBjb2KHZsvSJmlShs6x416jnYU5Btzw
25Q/6MnvzI7ag5ihtcLB0RaBMdBH70g7xkkjc0S1f9tZtdQqzsClRiwjuLQRYY0l
2juk0EjXQ127E9h/SoUq3Rg1bMyQQQAmGgK5fAzUdNPqZsdh187A7WxcgCQTx9DW
Fo4L2fJGdlXm0t/glSvIkn4k12G/F2mIHvlVx6Jkteqj4VNd09+oW7c3CJwP4MqE
ChAE7ZJ6VjRcxQ==
-----END CERTIFICATE-----
Generated at Wed Apr 16 19:26:45 2025 by rpki-client