Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hEdA9Qtj-Xa_6OvQ55A7cm8-Y3k.roa
File: hEdA9Qtj-Xa_6OvQ55A7cm8-Y3k.roa (raw, json)
Hash identifier: AhPnioOWrOWs+R+pD5mBT0Cz2PT6N0t9/RTi1B9HypI=
Subject key identifier: 84:47:40:F5:0B:63:F9:76:BF:E8:EB:D0:E7:90:3B:72:6F:3E:63:79
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018D599EDCF2E28DD39D886C89BC326339D7
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hEdA9Qtj-Xa_6OvQ55A7cm8-Y3k.roa
Signing time: Tue 30 Jan 2024 09:06:39 +0000
ROA not before: Tue 30 Jan 2024 09:06:39 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.84.89.0/24 maxlen: 24
45.88.90.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.221.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.172.0/24 maxlen: 24
94.156.239.0/24 maxlen: 24
95.214.24.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
185.226.173.0/24 maxlen: 24
185.252.176.0/24 maxlen: 24
194.48.251.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:59:9e:dc:f2:e2:8d:d3:9d:88:6c:89:bc:32:63:39:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 30 09:06:39 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=844740f50b63f976bfe8ebd0e7903b726f3e6379
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:4c:f4:a5:00:ed:2e:2c:c4:43:5c:c9:0f:4d:
a7:0d:f7:48:e7:ba:2a:07:df:00:dc:a2:34:13:e4:
3e:e0:14:0d:32:7f:0a:cf:75:e4:80:4c:46:b6:e3:
86:98:0b:43:7f:34:26:2e:17:fd:e4:d0:a0:63:6d:
05:4d:a4:62:0f:7c:ed:da:78:d5:83:d9:ce:65:bc:
1e:56:98:96:e7:6c:d8:d0:92:f4:15:82:22:20:41:
7a:bf:e0:01:68:f1:0c:e2:13:4c:45:5f:5a:c4:9d:
bf:11:84:10:55:fb:0d:ff:e0:39:a1:4a:36:51:6c:
6b:7e:2a:0e:ee:05:23:ef:fb:34:c8:cc:99:85:8e:
ca:38:21:73:f6:5f:11:ad:0b:23:01:5e:30:bb:33:
80:1a:0f:85:4e:b7:61:f6:13:84:28:4f:03:0c:09:
c8:49:e5:6c:24:11:d0:21:46:bf:4f:6b:14:3e:b8:
22:5f:16:86:02:83:64:40:b9:1e:be:49:33:25:1d:
0e:27:c9:ba:f6:99:73:df:bb:e0:22:c8:d0:3d:c4:
89:b6:cd:68:14:b2:21:f5:0b:c7:9b:3c:c5:e5:82:
f7:92:7f:1d:0e:1b:34:d0:fa:61:01:cb:d2:99:1a:
a2:fc:9a:04:e1:6a:55:0e:ac:04:17:22:19:39:a2:
db:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
84:47:40:F5:0B:63:F9:76:BF:E8:EB:D0:E7:90:3B:72:6F:3E:63:79
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/hEdA9Qtj-Xa_6OvQ55A7cm8-Y3k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.84.89.0/24
45.88.90.0/24
45.151.89.0/24
87.120.87.0/24
87.121.45.0/24
87.121.221.0/24
92.119.196.0/23
94.154.161.0-94.154.163.255
94.154.172.0/24
94.156.239.0/24
95.214.24.0/24
147.78.101.0-147.78.102.255
171.22.72.0/22
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.226.173.0/24
185.252.176.0/24
194.48.251.0/24
194.55.224.0/24
Signature Algorithm: sha256WithRSAEncryption
03:cc:20:5b:46:9b:78:15:2a:67:6b:3e:b9:a2:b0:f3:00:7c:
3c:d3:01:e5:39:ec:6d:33:5c:e3:ca:ce:90:af:bf:99:67:2e:
d6:59:89:69:dc:57:2a:96:4f:0c:03:db:21:7c:b3:11:31:89:
be:3c:19:5e:34:4d:f8:bd:ec:07:90:fb:c0:1e:1c:4c:98:67:
20:98:e2:b6:19:d1:6a:02:44:24:40:60:eb:2f:b1:1d:f1:fb:
6f:8e:9f:1c:ff:b1:4c:6e:56:02:00:f3:18:01:48:de:66:82:
53:8b:f3:b3:26:5c:6e:b9:ff:d3:a7:43:19:59:e1:86:83:08:
03:1a:57:21:16:76:76:8d:32:08:95:77:39:74:9d:47:81:91:
98:a6:77:0f:3c:7d:9f:9a:d1:6d:7e:f7:e5:a2:62:14:2a:89:
30:28:fe:2b:41:ae:88:ce:fd:8d:2b:61:64:5a:2f:8f:bc:00:
f0:eb:38:21:b0:3d:da:51:0a:01:f4:da:29:88:d1:91:17:6b:
cc:4d:e8:33:fb:76:73:bd:62:aa:ff:2d:6a:73:88:7a:36:21:
cd:e9:38:bf:36:23:8e:3c:c7:75:f2:16:14:e3:6c:90:33:bc:
95:07:f1:07:db:fb:65:4c:7a:4c:fa:81:73:cf:2d:87:2c:78:
8d:72:4b:e0
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgISAY1Zntzy4o3TnYhsibwyYznXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTMwMDkwNjM5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NDQ3NDBmNTBiNjNmOTc2YmZlOGViZDBlNzkwM2I3MjZmM2U2Mzc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkUz0pQDtLizEQ1zJD02nDfdI57oq
B98A3KI0E+Q+4BQNMn8Kz3XkgExGtuOGmAtDfzQmLhf95NCgY20FTaRiD3zt2njV
g9nOZbweVpiW52zY0JL0FYIiIEF6v+ABaPEM4hNMRV9axJ2/EYQQVfsN/+A5oUo2
UWxrfioO7gUj7/s0yMyZhY7KOCFz9l8RrQsjAV4wuzOAGg+FTrdh9hOEKE8DDAnI
SeVsJBHQIUa/T2sUPrgiXxaGAoNkQLkevkkzJR0OJ8m69plz37vgIsjQPcSJts1o
FLIh9QvHmzzF5YL3kn8dDhs00PphAcvSmRqi/JoE4WpVDqwEFyIZOaLbAQIDAQAB
o4ICljCCApIwHQYDVR0OBBYEFIRHQPULY/l2v+jr0OeQO3JvPmN5MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaEVkQTlRdGotWGFfNk92UTU1QTdjbTgtWTNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGrBggrBgEFBQcBBwEB/wSBmzCBmDCBlQQCAAEwgY4DBAAt
VFkDBAAtWFoDBAAtl1kDBABXeFcDBABXeS0DBABXed0DBAFcd8QwDAMEAF6aoQME
Al6aoAMEAF6arAMEAF6c7wMEAF/WGDAMAwQAk05lAwQAk05mAwQCqxZIAwQAstfg
AwQAstfsAwQCudhUAwQCudpUAwQAueKtAwQAufywAwQAwjD7AwQAwjfgMA0GCSqG
SIb3DQEBCwUAA4IBAQADzCBbRpt4FSpnaz65orDzAHw80wHlOextM1zjys6Qr7+Z
Zy7WWYlp3Fcqlk8MA9shfLMRMYm+PBleNE34vewHkPvAHhxMmGcgmOK2GdFqAkQk
QGDrL7Ed8ftvjp8c/7FMblYCAPMYAUjeZoJTi/OzJlxuuf/Tp0MZWeGGgwgDGlch
FnZ2jTIIlXc5dJ1HgZGYpncPPH2fmtFtfvflomIUKokwKP4rQa6Izv2NK2FkWi+P
vADw6zghsD3aUQoB9NopiNGRF2vMTegz+3ZzvWKq/y1qc4h6NiHN6Ti/NiOOPMd1
8hYU42yQM7yVB/EH2/tlTHpM+oFzzy2HLHiNckvg
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:16 2024 by rpki-client on console-fra.rpki-client.org