Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kIuugGKvlVvS-hE7urOfPXb5qPU.roa
File: kIuugGKvlVvS-hE7urOfPXb5qPU.roa (raw, json)
Hash identifier: ha4bkC3u62o4TOaEkyQ2yNwoOZGIe3Y8tCje+Xsu80k=
Subject key identifier: 90:8B:AE:80:62:AF:95:5B:D2:FA:11:3B:BA:B3:9F:3D:76:F9:A8:F5
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018ADFEFF730446C1F8B5CD8FD07641C7180
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kIuugGKvlVvS-hE7urOfPXb5qPU.roa
Signing time: Fri 29 Sep 2023 07:56:00 +0000
ROA not before: Fri 29 Sep 2023 07:56:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.218.84.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
91.92.24.0/23 maxlen: 24
94.156.239.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.252.176.0/24 maxlen: 24
94.156.177.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
185.216.84.0/22 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.59.0/24 maxlen: 24
194.180.50.0/24 maxlen: 24
194.169.174.0/24 maxlen: 24
94.156.78.0/24 maxlen: 24
93.123.116.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
185.219.126.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:df:ef:f7:30:44:6c:1f:8b:5c:d8:fd:07:64:1c:71:80
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Sep 29 07:56:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=908bae8062af955bd2fa113bbab39f3d76f9a8f5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:a4:a0:21:12:62:42:5b:b7:8e:30:21:38:99:
b6:72:ab:49:fa:1b:89:e9:9f:8f:a1:d6:b6:90:89:
f6:70:26:a7:b6:54:1c:d3:28:22:9a:48:11:75:4c:
20:99:4c:85:3c:95:d0:34:1a:de:bb:01:e3:df:eb:
26:c6:67:e4:21:dd:66:87:10:11:9a:3d:34:66:a9:
81:d8:c9:42:3b:a1:76:21:b6:eb:b8:3a:3d:8e:67:
5e:f9:7b:f5:f5:65:76:e5:c1:6c:4d:53:01:c0:9f:
67:55:15:d7:a7:9f:6b:c7:a1:8a:c4:4d:f8:48:e6:
79:4d:d2:c9:f8:9a:6f:1f:4c:e5:41:76:dd:b8:8e:
19:03:83:39:88:b1:01:d3:af:8f:a0:0d:63:bf:82:
69:ee:e9:b3:d7:4e:01:bf:97:94:13:5a:a4:4b:a9:
0c:8e:c2:01:18:72:74:a3:eb:51:26:b2:6e:02:30:
cc:69:b8:10:5c:fe:c2:61:e4:2c:5f:85:79:59:49:
69:34:c4:69:f0:bd:6c:2e:9f:72:b0:72:85:5c:eb:
50:c4:36:5d:33:0c:12:d9:bf:13:56:c6:87:e2:1b:
1b:08:6a:bf:67:c3:46:8e:51:49:75:aa:98:f0:68:
17:97:67:19:ca:f6:2f:9e:f8:3e:cf:c8:b1:16:8b:
32:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:8B:AE:80:62:AF:95:5B:D2:FA:11:3B:BA:B3:9F:3D:76:F9:A8:F5
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kIuugGKvlVvS-hE7urOfPXb5qPU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.89.0/24
87.121.45.0/24
87.121.59.0/24
91.92.24.0/23
92.119.196.0/23
93.123.116.0/24
94.154.161.0-94.154.163.255
94.156.78.0/24
94.156.177.0/24
94.156.239.0/24
147.78.100.0-147.78.102.255
171.22.72.0/22
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.219.126.0/24
185.252.176.0/24
194.169.174.0/24
194.180.50.0/24
Signature Algorithm: sha256WithRSAEncryption
79:d2:a6:26:35:85:d3:17:64:a4:e2:84:bf:eb:02:55:65:bd:
5e:d0:69:bd:24:d1:20:57:2c:04:3a:c8:c6:91:34:95:43:86:
d2:3c:1e:ec:9c:9e:54:cb:ef:04:17:3c:ab:14:1e:4a:33:23:
e1:bc:11:30:3c:a6:70:06:de:80:cb:55:a3:d5:59:5d:cb:38:
d5:ed:ed:11:44:04:46:a0:24:2c:58:4c:d8:c7:44:99:d3:48:
2d:07:5e:d1:40:4d:c4:97:bb:18:ad:34:4e:cd:7e:c7:67:33:
8f:16:40:a4:36:6c:2a:b4:67:ba:4c:6b:f1:2c:67:ee:c2:e6:
2c:ae:9b:d8:80:bf:5e:49:e9:59:1f:3e:e0:3c:75:30:85:43:
18:a7:90:5b:38:a8:91:c8:67:ea:bb:62:63:40:34:7b:2b:de:
e1:0d:82:ef:27:1a:c9:ba:9c:4c:f3:a1:43:ff:7a:68:40:8c:
87:7f:d3:17:91:5c:70:0e:f6:f2:96:4a:e7:31:68:e1:cb:cf:
b0:a0:d7:14:2f:03:ec:6b:df:55:dd:52:28:f1:45:15:77:70:
a6:87:0b:63:79:b0:2f:67:10:21:62:c6:91:c0:03:87:cd:71:
c1:0d:ee:f8:be:63:e6:bb:1d:54:c5:61:54:f9:40:c1:62:d3:
a8:b3:7c:9a
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAYrf7/cwRGwfi1zY/QdkHHGAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTI5MDc1NjAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MDhiYWU4MDYyYWY5NTViZDJmYTExM2JiYWIzOWYzZDc2ZjlhOGY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhaSgIRJiQlu3jjAhOJm2cqtJ+huJ
6Z+Poda2kIn2cCantlQc0ygimkgRdUwgmUyFPJXQNBreuwHj3+smxmfkId1mhxAR
mj00ZqmB2MlCO6F2IbbruDo9jmde+Xv19WV25cFsTVMBwJ9nVRXXp59rx6GKxE34
SOZ5TdLJ+JpvH0zlQXbduI4ZA4M5iLEB06+PoA1jv4Jp7umz104Bv5eUE1qkS6kM
jsIBGHJ0o+tRJrJuAjDMabgQXP7CYeQsX4V5WUlpNMRp8L1sLp9ysHKFXOtQxDZd
MwwS2b8TVsaH4hsbCGq/Z8NGjlFJdaqY8GgXl2cZyvYvnvg+z8ixFosyEwIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFJCLroBir5Vb0voRO7qznz12+aj1MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEva0l1dWdHS3ZsVnZTLWhFN3VyT2ZQWGI1cVBVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGlBggrBgEFBQcBBwEB/wSBlTCBkjCBjwQCAAEwgYgDBAAt
l1kDBABXeS0DBABXeTsDBAFbXBgDBAFcd8QDBABde3QwDAMEAF6aoQMEAl6aoAME
AF6cTgMEAF6csQMEAF6c7zAMAwQCk05kAwQAk05mAwQCqxZIAwQAstfgAwQAstfs
AwQCudhUAwQCudpUAwQAudt+AwQAufywAwQAwqmuAwQAwrQyMA0GCSqGSIb3DQEB
CwUAA4IBAQB50qYmNYXTF2Sk4oS/6wJVZb1e0Gm9JNEgVywEOsjGkTSVQ4bSPB7s
nJ5Uy+8EFzyrFB5KMyPhvBEwPKZwBt6Ay1Wj1VldyzjV7e0RRARGoCQsWEzYx0SZ
00gtB17RQE3El7sYrTROzX7HZzOPFkCkNmwqtGe6TGvxLGfuwuYsrpvYgL9eSelZ
Hz7gPHUwhUMYp5BbOKiRyGfqu2JjQDR7K97hDYLvJxrJupxM86FD/3poQIyHf9MX
kVxwDvbylkrnMWjhy8+woNcULwPsa99V3VIo8UUVd3CmhwtjebAvZxAhYsaRwAOH
zXHBDe74vmPmux1UxWFU+UDBYtOos3ya
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:17 2024 by rpki-client on console-fra.rpki-client.org