Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kdg5h2Sd1u11nJLGl9UUZdrWQTU.roa
File: kdg5h2Sd1u11nJLGl9UUZdrWQTU.roa (raw, json)
Hash identifier: Rc4HSr98Arb9+WbGdfQL3SlrhXKlQU1YXA9sCTv5GlQ=
Subject key identifier: 91:D8:39:87:64:9D:D6:ED:75:9C:92:C6:97:D5:14:65:DA:D6:41:35
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0185A4F123D6D4AC39F53E59118B68A6CB8E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kdg5h2Sd1u11nJLGl9UUZdrWQTU.roa
Signing time: Thu 12 Jan 2023 07:45:44 +0000
ROA not before: Thu 12 Jan 2023 07:45:44 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50225
IP address blocks: 194.55.224.0/24 maxlen: 24
178.215.226.0/24 maxlen: 24
194.55.225.0/24 maxlen: 24
185.222.160.0/24 maxlen: 24
185.222.161.0/24 maxlen: 24
45.9.156.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
94.156.160.0/24 maxlen: 24
193.42.34.0/24 maxlen: 24
193.47.63.0/24 maxlen: 24
193.47.60.0/24 maxlen: 24
45.84.91.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.88.65.0/24 maxlen: 24
194.180.39.0/24 maxlen: 24
45.129.84.0/24 maxlen: 24
94.154.162.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:a4:f1:23:d6:d4:ac:39:f5:3e:59:11:8b:68:a6:cb:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 12 07:45:44 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=91d83987649dd6ed759c92c697d51465dad64135
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:23:76:28:14:31:7a:b0:74:51:94:e6:64:29:
be:ad:3b:ab:ff:d1:99:82:64:a3:75:79:a5:6a:16:
2a:49:ce:0f:b0:cc:2b:78:79:cc:7f:89:b8:81:df:
8a:96:f7:38:79:8f:53:df:f4:4e:09:70:00:12:02:
e2:a3:e5:6f:d0:af:b1:59:04:09:9e:2a:d6:f5:7b:
14:d9:e8:61:72:f3:c6:b2:ae:ad:a8:c3:9d:11:0e:
77:b2:9f:85:85:6e:ba:5d:f7:85:f5:fe:8e:82:69:
e7:78:b4:94:28:23:e2:7c:02:b0:56:fd:74:80:94:
f7:77:a9:d0:34:e5:f0:f3:fa:20:25:0c:a3:5c:12:
cb:83:d6:20:c3:1e:c2:32:6d:b7:2a:f6:97:d3:e2:
47:f6:73:b6:4a:1d:06:7b:e8:9c:53:9d:cb:46:cc:
aa:16:6c:c1:10:06:a7:35:43:41:fe:93:bc:00:cd:
be:ad:a2:a6:f6:43:68:7e:54:e0:50:72:fc:6d:f7:
20:cf:2f:ad:91:b6:9a:ea:ab:85:af:60:f1:a3:75:
1b:3f:5f:e1:21:ac:03:0a:20:e7:7d:d9:25:b4:a0:
0f:49:18:56:84:81:ae:26:6f:54:fc:9b:fd:c0:e2:
f3:fd:0c:51:1b:dd:cb:90:b3:11:2c:5d:78:18:43:
dd:33
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:D8:39:87:64:9D:D6:ED:75:9C:92:C6:97:D5:14:65:DA:D6:41:35
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kdg5h2Sd1u11nJLGl9UUZdrWQTU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/24
45.12.255.0/24
45.84.91.0/24
45.88.64.0/23
45.129.84.0/24
94.154.162.0/24
94.156.160.0/24
178.215.226.0/24
185.222.160.0/23
193.42.34.0/24
193.47.60.0/24
193.47.63.0/24
194.55.224.0/23
194.180.39.0/24
Signature Algorithm: sha256WithRSAEncryption
a3:17:92:99:27:aa:b2:28:f7:d3:14:82:06:f5:5d:07:7a:d9:
c5:4a:b2:73:c9:71:d9:9d:71:a2:90:eb:92:a7:97:54:0b:49:
f8:25:f6:a7:8c:6d:fc:4a:cd:30:f1:87:73:32:51:2b:d3:71:
6a:aa:08:68:fb:73:4d:68:ca:86:b3:6d:b1:78:c8:d0:54:75:
c3:19:db:59:65:1c:31:f0:c0:76:d1:75:7a:22:5b:36:13:b1:
28:b7:06:3f:fb:4d:68:17:00:76:f1:e9:fc:18:a3:ed:24:f6:
98:89:5c:33:9e:f1:a6:f2:11:bc:79:a6:ac:48:93:1d:88:e6:
46:5b:47:9f:6c:45:ee:b5:e9:e5:09:1d:b2:40:43:8c:5b:42:
be:8a:e5:4a:c9:bb:2d:ee:94:f8:03:72:46:b8:0c:ab:74:1c:
d1:41:bd:65:e3:7e:b1:d3:56:87:b6:8a:a1:0d:9a:c9:bc:0a:
03:22:d8:84:9f:31:d8:dc:f3:be:2e:cf:e7:03:6b:55:76:be:
cb:b4:8b:f5:d8:7d:b5:11:41:46:12:c7:26:89:50:fc:a0:de:
02:f5:ae:13:b2:2c:05:1f:bf:dc:a0:65:58:97:8c:4c:4e:07:
9d:79:dd:1f:ad:ff:0e:23:49:20:9f:4b:17:b5:0c:77:aa:77:
3a:e4:be:29
-----BEGIN CERTIFICATE-----
MIIFSzCCBDOgAwIBAgISAYWk8SPW1Kw59T5ZEYtopsuOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMTEyMDc0NTQ0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWQ4Mzk4NzY0OWRkNmVkNzU5YzkyYzY5N2Q1MTQ2NWRhZDY0MTM1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjSN2KBQxerB0UZTmZCm+rTur/9GZ
gmSjdXmlahYqSc4PsMwreHnMf4m4gd+Klvc4eY9T3/ROCXAAEgLio+Vv0K+xWQQJ
nirW9XsU2ehhcvPGsq6tqMOdEQ53sp+FhW66XfeF9f6OgmnneLSUKCPifAKwVv10
gJT3d6nQNOXw8/ogJQyjXBLLg9Ygwx7CMm23KvaX0+JH9nO2Sh0Ge+icU53LRsyq
FmzBEAanNUNB/pO8AM2+raKm9kNoflTgUHL8bfcgzy+tkbaa6quFr2Dxo3UbP1/h
IawDCiDnfdkltKAPSRhWhIGuJm9U/Jv9wOLz/QxRG93LkLMRLF14GEPdMwIDAQAB
o4ICVzCCAlMwHQYDVR0OBBYEFJHYOYdkndbtdZySxpfVFGXa1kE1MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEva2RnNWgyU2QxdTExbkpMR2w5VVVaZHJXUVRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG0GCCsGAQUFBwEHAQH/BF4wXDBaBAIAATBUAwQALQmcAwQA
LQz/AwQALVRbAwQBLVhAAwQALYFUAwQAXpqiAwQAXpygAwQAstfiAwQBud6gAwQA
wSoiAwQAwS88AwQAwS8/AwQBwjfgAwQAwrQnMA0GCSqGSIb3DQEBCwUAA4IBAQCj
F5KZJ6qyKPfTFIIG9V0HetnFSrJzyXHZnXGikOuSp5dUC0n4JfanjG38Ss0w8Ydz
MlEr03Fqqgho+3NNaMqGs22xeMjQVHXDGdtZZRwx8MB20XV6Ils2E7EotwY/+01o
FwB28en8GKPtJPaYiVwznvGm8hG8eaasSJMdiOZGW0efbEXutenlCR2yQEOMW0K+
iuVKybst7pT4A3JGuAyrdBzRQb1l436x01aHtoqhDZrJvAoDItiEnzHY3PO+Ls/n
A2tVdr7LtIv12H21EUFGEscmiVD8oN4C9a4TsiwFH7/coGVYl4xMTgeded0frf8O
I0kgn0sXtQx3qnc65L4p
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:41 2023 by rpki-client on console-ams.rpki-client.org