Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kNRmS3HdInwZZLR3pvA7S1r_0EM.roa
File: kNRmS3HdInwZZLR3pvA7S1r_0EM.roa (raw, json)
Hash identifier: 7IoQl9St0h7a/LBW/st8Upl9JkYfcp96bSRPybXYJ10=
Subject key identifier: 90:D4:66:4B:71:DD:22:7C:19:64:B4:77:A6:F0:3B:4B:5A:FF:D0:43
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0189770553CEFA93D94FD42169746CDC02C1
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kNRmS3HdInwZZLR3pvA7S1r_0EM.roa
Signing time: Fri 21 Jul 2023 05:56:25 +0000
ROA not before: Fri 21 Jul 2023 05:56:25 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.218.84.0/22 maxlen: 24
94.156.239.0/24 maxlen: 24
194.113.36.0/22 maxlen: 24
178.215.236.0/24 maxlen: 24
178.215.239.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.252.176.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
45.95.0.0/22 maxlen: 24
185.216.84.0/22 maxlen: 24
87.121.45.0/24 maxlen: 24
185.218.137.0/24 maxlen: 24
194.169.174.0/24 maxlen: 24
94.154.163.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
185.219.126.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:77:05:53:ce:fa:93:d9:4f:d4:21:69:74:6c:dc:02:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jul 21 05:56:25 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=90d4664b71dd227c1964b477a6f03b4b5affd043
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:61:b1:40:f4:d3:c4:7c:5c:0a:c2:e9:15:0f:
bd:3c:db:65:d0:34:26:8b:c3:4e:9e:93:1b:af:58:
2c:66:86:22:8a:09:39:2a:84:e5:90:b8:27:f7:88:
74:90:72:7f:bf:6e:76:c7:bf:33:b7:72:3d:9c:c8:
fb:49:b0:d9:14:4b:17:4a:96:5b:30:98:a5:22:9d:
a6:ac:aa:b3:66:6f:65:30:0b:86:7f:d9:16:f5:86:
ee:65:66:52:5f:7c:8c:24:98:71:71:b3:e4:16:cd:
f1:44:66:eb:3c:74:18:62:bb:55:46:3b:d9:fc:f9:
c1:55:c6:37:f6:d7:db:40:88:be:f8:dd:4e:f0:fa:
e0:c0:77:fb:1f:91:e2:7b:4a:07:92:e2:ea:87:41:
11:0c:ab:be:ae:8b:be:a1:93:67:f8:4e:68:5b:05:
c1:7e:e1:86:84:59:b2:01:1c:be:59:14:89:0f:ea:
63:ac:3b:3b:5b:51:f5:ee:24:f7:0e:08:17:6e:3a:
9d:7e:bc:f0:2a:d1:43:ab:76:19:0f:f8:dc:2c:d3:
e6:28:d7:89:1d:4b:1a:71:29:5c:54:23:30:9f:38:
de:3c:99:63:fd:f4:37:08:d2:88:1b:b4:d8:06:f7:
52:61:bf:e9:3e:c3:3d:df:18:8a:aa:70:96:f0:d0:
17:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
90:D4:66:4B:71:DD:22:7C:19:64:B4:77:A6:F0:3B:4B:5A:FF:D0:43
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kNRmS3HdInwZZLR3pvA7S1r_0EM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.95.0.0/22
45.151.89.0/24
87.121.45.0/24
92.119.196.0/23
94.154.161.0-94.154.163.255
94.156.239.0/24
147.78.100.0-147.78.102.255
171.22.72.0/22
178.215.236.0/24
178.215.239.0/24
185.216.84.0/22
185.218.84.0/22
185.218.137.0/24
185.219.126.0/24
185.252.176.0/24
194.113.36.0/22
194.169.174.0/24
Signature Algorithm: sha256WithRSAEncryption
22:ea:64:5d:a0:23:32:b2:c8:a4:b0:d9:71:01:2f:d2:35:38:
cc:8b:bb:8a:02:a5:5e:68:01:77:bc:7e:20:58:1b:18:3a:0f:
b0:78:f1:d1:d2:37:51:e8:7f:58:fe:b8:53:a9:52:ed:87:e0:
32:ff:3c:7a:27:fb:25:d8:fa:f5:dd:89:ef:f4:6a:e4:f7:c9:
b2:4c:af:75:8a:c4:17:66:67:5d:3d:ec:01:28:c1:c6:a7:50:
64:63:0a:7f:c3:54:ae:ee:70:a0:f4:f3:f1:9c:43:f2:91:7f:
29:39:8b:46:bc:01:58:6d:8f:c6:e0:3e:f6:6a:6a:26:34:1a:
dd:f1:7b:4b:8c:21:fb:74:4d:70:5c:ae:c2:3a:a2:4e:b9:a8:
21:6b:75:b5:43:57:f2:68:6a:54:c3:da:22:b2:ca:5d:53:e8:
26:89:c7:9c:75:45:2c:0f:3f:94:87:bd:ce:c4:f3:1f:3a:81:
40:21:24:d2:bc:09:c4:02:2a:44:79:c9:e9:b3:02:ef:3f:4c:
30:3b:77:57:ed:70:8f:9c:3f:64:95:3b:6f:de:dc:ec:39:be:
de:a3:3d:37:33:80:46:d0:36:3c:ac:cb:a6:82:b1:44:bd:45:
63:4c:d7:ec:a3:ea:de:4c:f8:7d:f3:47:b1:88:7f:6b:df:f1:
22:ca:5f:cd
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAYl3BVPO+pPZT9QhaXRs3ALBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzIxMDU1NjI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MGQ0NjY0YjcxZGQyMjdjMTk2NGI0NzdhNmYwM2I0YjVhZmZkMDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWGxQPTTxHxcCsLpFQ+9PNtl0DQm
i8NOnpMbr1gsZoYiigk5KoTlkLgn94h0kHJ/v252x78zt3I9nMj7SbDZFEsXSpZb
MJilIp2mrKqzZm9lMAuGf9kW9YbuZWZSX3yMJJhxcbPkFs3xRGbrPHQYYrtVRjvZ
/PnBVcY39tfbQIi++N1O8PrgwHf7H5Hie0oHkuLqh0ERDKu+rou+oZNn+E5oWwXB
fuGGhFmyARy+WRSJD+pjrDs7W1H17iT3DggXbjqdfrzwKtFDq3YZD/jcLNPmKNeJ
HUsacSlcVCMwnzjePJlj/fQ3CNKIG7TYBvdSYb/pPsM93xiKqnCW8NAXxQIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFJDUZktx3SJ8GWS0d6bwO0ta/9BDMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEva05SbVMzSGRJbndaWkxSM3B2QTdTMXJfMEVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MHwEAgABMHYDBAItXwAD
BAAtl1kDBABXeS0DBAFcd8QwDAMEAF6aoQMEAl6aoAMEAF6c7zAMAwQCk05kAwQA
k05mAwQCqxZIAwQAstfsAwQAstfvAwQCudhUAwQCudpUAwQAudqJAwQAudt+AwQA
ufywAwQCwnEkAwQAwqmuMA0GCSqGSIb3DQEBCwUAA4IBAQAi6mRdoCMyssiksNlx
AS/SNTjMi7uKAqVeaAF3vH4gWBsYOg+wePHR0jdR6H9Y/rhTqVLth+Ay/zx6J/sl
2Pr13Ynv9Grk98myTK91isQXZmddPewBKMHGp1BkYwp/w1Su7nCg9PPxnEPykX8p
OYtGvAFYbY/G4D72amomNBrd8XtLjCH7dE1wXK7COqJOuagha3W1Q1fyaGpUw9oi
sspdU+gmicecdUUsDz+Uh73OxPMfOoFAISTSvAnEAipEecnpswLvP0wwO3dX7XCP
nD9klTtv3tzsOb7eoz03M4BG0DY8rMumgrFEvUVjTNfso+reTPh980exiH9r3/Ei
yl/N
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:41 2024 by rpki-client on console-ams.rpki-client.org