Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kfWE2SFKiSfbdegJ-uw11_GRnfY.roa
File: kfWE2SFKiSfbdegJ-uw11_GRnfY.roa (raw, json)
Hash identifier: UmAt8js+yji94pC0hz59ifwPIU7iUlNM5m5K/2+CyZ0=
Subject key identifier: 91:F5:84:D9:21:4A:89:27:DB:75:E8:09:FA:EC:35:D7:F1:91:9D:F6
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018C8B520D177CCA0A9A1AFF53A5B5D2C2B3
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kfWE2SFKiSfbdegJ-uw11_GRnfY.roa
Signing time: Thu 21 Dec 2023 07:40:59 +0000
ROA not before: Thu 21 Dec 2023 07:40:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 206003
IP address blocks: 171.22.31.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
81.161.239.0/24 maxlen: 24
91.200.192.0/22 maxlen: 24
94.156.248.0/24 maxlen: 24
87.121.162.0/24 maxlen: 24
147.78.100.0/23 maxlen: 24
45.141.158.0/24 maxlen: 24
171.22.17.0/24 maxlen: 24
171.22.18.0/24 maxlen: 24
79.110.61.0/24 maxlen: 24
92.249.48.0/24 maxlen: 24
45.129.84.0/24 maxlen: 24
193.35.19.0/24 maxlen: 24
37.139.130.0/24 maxlen: 24
94.154.172.0/24 maxlen: 24
193.25.216.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:8b:52:0d:17:7c:ca:0a:9a:1a:ff:53:a5:b5:d2:c2:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Dec 21 07:40:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=91f584d9214a8927db75e809faec35d7f1919df6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:84:df:c5:10:82:5f:a4:85:c7:e9:86:a1:2e:
81:2a:80:33:b8:01:33:51:b5:01:4b:39:2f:b5:de:
b2:8f:35:32:71:7d:e8:6a:98:f8:ee:9e:20:9c:82:
93:a0:f7:08:b5:f5:fc:cd:97:8c:82:c8:ee:f2:f6:
6b:d9:d9:2f:53:d2:12:38:45:d5:fa:38:ac:00:cc:
c2:08:9c:90:ec:81:f6:ea:87:69:5c:50:11:16:13:
54:eb:2b:9a:1a:c5:05:49:7a:f3:ef:fa:95:1d:4d:
5a:bd:6d:09:7f:8c:b7:d9:2e:d2:0a:79:31:e1:0f:
67:83:17:3a:22:e5:d1:1a:d4:f2:7e:7b:3e:ad:75:
f1:07:c9:cb:4c:0a:d7:24:00:26:76:f4:9b:75:80:
83:05:7d:cb:92:02:2b:16:54:b7:b7:32:0a:2f:55:
fe:f5:ff:92:34:de:c3:66:e2:6f:43:1d:14:d8:c6:
11:e6:70:4c:f5:4f:4c:06:62:e5:81:aa:6f:cf:f7:
a1:92:b9:3c:94:cc:e0:b2:2c:b9:a1:05:01:c3:6e:
27:a9:c8:47:ce:7d:ca:c9:34:a8:e2:cc:63:a1:94:
ec:98:a1:b9:7b:0b:6a:f2:af:4b:0d:89:11:2a:cf:
64:00:b6:5e:c4:ff:4d:6f:5e:ed:64:38:e1:5f:e7:
56:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:F5:84:D9:21:4A:89:27:DB:75:E8:09:FA:EC:35:D7:F1:91:9D:F6
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kfWE2SFKiSfbdegJ-uw11_GRnfY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.130.0/24
45.129.84.0/24
45.141.158.0/24
79.110.61.0/24
81.161.239.0/24
87.121.124.0/23
87.121.162.0/24
91.200.192.0/22
92.249.48.0/24
94.154.172.0/24
94.156.248.0/24
147.78.100.0/23
171.22.17.0-171.22.18.255
171.22.31.0/24
193.25.216.0/24
193.35.19.0/24
Signature Algorithm: sha256WithRSAEncryption
46:30:6b:1d:28:c8:f1:7d:cf:d2:e7:f9:46:c8:14:1b:a6:d1:
fd:20:08:df:93:f1:63:2b:72:13:21:69:53:f7:db:82:7e:3c:
ca:ff:6a:98:4a:ea:7e:b0:bd:a1:25:cc:15:f8:09:40:1c:69:
64:b6:e4:34:d3:69:d4:4a:82:3d:f9:f0:7d:be:bc:f6:3a:89:
ed:f5:3d:38:45:7c:53:06:fd:bb:54:5a:e1:80:5d:a2:c1:92:
4d:6d:8d:4a:b5:9d:9b:7e:8a:7d:c8:53:b5:97:95:94:81:3d:
46:9c:bc:0f:35:51:b8:8e:0c:06:2b:b3:f0:c9:51:9b:88:f4:
49:91:b7:75:14:48:e5:79:a4:20:5a:66:ec:64:06:9e:24:0d:
a6:9f:2d:fa:42:54:d1:ab:ab:6c:44:48:73:31:56:d0:59:31:
16:65:56:b0:1e:23:24:92:bc:43:41:32:c2:b2:e7:28:df:52:
7b:a6:04:47:dc:d9:02:c8:64:61:12:93:46:96:be:42:43:67:
cf:e6:87:18:f5:fd:54:22:4d:43:11:c5:70:33:65:5f:44:f9:
24:cf:43:c1:99:5f:f4:6b:09:6e:0c:04:17:e4:c6:54:bd:2d:
f8:37:2a:6f:e0:01:73:9f:71:3a:02:23:71:f6:3f:0d:8c:c3:
26:a3:29:9a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAYyLUg0XfMoKmhr/U6W10sKzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMxMjIxMDc0MDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWY1ODRkOTIxNGE4OTI3ZGI3NWU4MDlmYWVjMzVkN2YxOTE5ZGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhITfxRCCX6SFx+mGoS6BKoAzuAEz
UbUBSzkvtd6yjzUycX3oapj47p4gnIKToPcItfX8zZeMgsju8vZr2dkvU9ISOEXV
+jisAMzCCJyQ7IH26odpXFARFhNU6yuaGsUFSXrz7/qVHU1avW0Jf4y32S7SCnkx
4Q9ngxc6IuXRGtTyfns+rXXxB8nLTArXJAAmdvSbdYCDBX3LkgIrFlS3tzIKL1X+
9f+SNN7DZuJvQx0U2MYR5nBM9U9MBmLlgapvz/ehkrk8lMzgsiy5oQUBw24nqchH
zn3KyTSo4sxjoZTsmKG5ewtq8q9LDYkRKs9kALZexP9Nb17tZDjhX+dWqQIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFJH1hNkhSokn23XoCfrsNdfxkZ32MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEva2ZXRTJTRktpU2ZiZGVnSi11dzExX0dSbmZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwbgQCAAEwaAMEACWLggME
AC2BVAMEAC2NngMEAE9uPQMEAFGh7wMEAVd5fAMEAFd5ogMEAlvIwAMEAFz5MAME
AF6arAMEAF6c+AMEAZNOZDAMAwQAqxYRAwQAqxYSAwQAqxYfAwQAwRnYAwQAwSMT
MA0GCSqGSIb3DQEBCwUAA4IBAQBGMGsdKMjxfc/S5/lGyBQbptH9IAjfk/FjK3IT
IWlT99uCfjzK/2qYSup+sL2hJcwV+AlAHGlktuQ002nUSoI9+fB9vrz2Oont9T04
RXxTBv27VFrhgF2iwZJNbY1KtZ2bfop9yFO1l5WUgT1GnLwPNVG4jgwGK7PwyVGb
iPRJkbd1FEjleaQgWmbsZAaeJA2mny36QlTRq6tsREhzMVbQWTEWZVawHiMkkrxD
QTLCsuco31J7pgRH3NkCyGRhEpNGlr5CQ2fP5ocY9f1UIk1DEcVwM2VfRPkkz0PB
mV/0awluDAQX5MZUvS34Nypv4AFzn3E6AiNx9j8NjMMmoyma
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:42 2024 by rpki-client on console-ams.rpki-client.org