Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lzo1iEo6FBTxC27AK6-CmqU3omg.roa
File: lzo1iEo6FBTxC27AK6-CmqU3omg.roa (raw, json)
Hash identifier: pGHS/PkX73sx8c3MEFoM0ZY00TMWGHbkILHjTRBovrA=
Subject key identifier: 97:3A:35:88:4A:3A:14:14:F1:0B:6E:C0:2B:AF:82:9A:A5:37:A2:68
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0187EBE23ED80F8E052D2A758E6093491017
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lzo1iEo6FBTxC27AK6-CmqU3omg.roa
Signing time: Fri 05 May 2023 12:28:05 +0000
ROA not before: Fri 05 May 2023 12:28:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.218.84.0/22 maxlen: 24
178.215.236.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
94.156.160.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
185.216.84.0/22 maxlen: 24
94.103.126.0/24 maxlen: 24
185.218.137.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
193.35.19.0/24 maxlen: 24
185.219.126.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:eb:e2:3e:d8:0f:8e:05:2d:2a:75:8e:60:93:49:10:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 5 12:28:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=973a35884a3a1414f10b6ec02baf829aa537a268
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:d3:63:37:3f:be:cb:35:70:54:23:84:9e:43:
3a:76:b6:de:ec:c2:3e:06:db:4a:43:6f:37:b4:74:
54:58:a9:83:72:eb:dd:1e:c7:87:1b:5b:4a:0c:b0:
dc:9c:86:08:e9:f7:12:59:49:b3:36:66:a4:7d:c5:
01:7d:14:38:49:89:10:2c:e9:b6:2d:fb:7d:5a:33:
35:48:47:23:4a:f6:bf:cd:b5:01:4b:1a:9b:be:f9:
45:d9:85:ce:72:04:4b:be:8e:b9:88:5f:02:02:d6:
29:2c:1b:3e:2d:29:95:7c:8c:05:c2:e8:06:6d:96:
4d:cb:2c:81:7d:e8:b3:a5:3d:23:d7:9c:28:89:7b:
10:a3:ee:00:7d:29:37:b8:65:a7:d0:a7:82:37:05:
12:4f:98:fa:2c:20:03:a6:01:43:0c:5e:d8:d0:e9:
d7:4b:df:ca:cf:9f:9f:d0:17:fd:46:61:14:cc:b4:
b9:62:c8:5a:9d:cb:3f:df:95:e8:34:2a:85:54:0b:
4d:12:a3:9d:91:1e:50:4e:13:0b:3f:24:66:98:51:
d6:00:6e:11:c2:00:46:ba:a8:fe:ba:54:8f:4c:7e:
bd:a9:6d:6b:66:e9:74:b9:75:02:4a:d1:de:d0:88:
ce:04:2a:9b:f2:58:dc:c2:25:da:f2:f7:67:58:8f:
5d:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:3A:35:88:4A:3A:14:14:F1:0B:6E:C0:2B:AF:82:9A:A5:37:A2:68
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/lzo1iEo6FBTxC27AK6-CmqU3omg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.89.0/24
92.119.196.0/23
94.103.126.0/24
94.154.161.0-94.154.163.255
94.156.160.0/24
147.78.100.0/23
171.22.72.0/22
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.218.137.0/24
185.219.126.0/24
193.35.19.0/24
Signature Algorithm: sha256WithRSAEncryption
57:82:57:58:23:a3:2f:96:b2:5d:a2:68:38:a2:ea:18:af:23:
16:44:dc:d1:1e:e3:df:7d:5a:fa:27:3b:07:d5:71:69:65:81:
fb:cf:af:d2:3c:ed:42:61:fc:32:5f:3f:34:e3:4e:3e:76:5a:
33:6e:ab:fc:e7:c1:8b:b0:ed:8a:a3:c9:29:45:c8:b4:94:d8:
42:41:a0:a5:49:cd:36:aa:87:5c:d3:cb:27:33:cf:97:81:8a:
3a:46:ac:94:5e:4d:36:86:ec:89:19:33:b8:50:83:58:fc:23:
2d:f5:02:c6:b7:4b:c7:66:45:d1:2f:c9:39:37:f2:b1:29:51:
f6:2f:70:e8:6a:68:e9:ce:09:08:fd:fd:5f:7c:81:c8:0a:e1:
57:b9:e9:61:d0:71:cc:eb:c0:2f:53:08:09:f1:c5:5a:3d:f3:
ac:35:e5:42:49:98:11:ee:59:a6:1d:ad:ab:01:14:60:4a:99:
ca:82:e3:3f:05:1d:dd:d9:b1:16:99:db:e9:ca:19:31:1e:66:
5c:fb:fd:77:2a:06:15:ab:f2:bd:45:ac:20:45:95:b1:9b:a3:
e9:e7:72:3d:8c:cd:df:51:cc:a1:db:35:04:52:b3:9a:99:c9:
c1:9b:f0:d2:91:a8:bd:0a:41:d9:3c:15:4d:d2:43:6b:3a:91:
ea:8d:04:bf
-----BEGIN CERTIFICATE-----
MIIFTTCCBDWgAwIBAgISAYfr4j7YD44FLSp1jmCTSRAXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNTA1MTIyODA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzNhMzU4ODRhM2ExNDE0ZjEwYjZlYzAyYmFmODI5YWE1MzdhMjY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr9NjNz++yzVwVCOEnkM6drbe7MI+
BttKQ283tHRUWKmDcuvdHseHG1tKDLDcnIYI6fcSWUmzNmakfcUBfRQ4SYkQLOm2
Lft9WjM1SEcjSva/zbUBSxqbvvlF2YXOcgRLvo65iF8CAtYpLBs+LSmVfIwFwugG
bZZNyyyBfeizpT0j15woiXsQo+4AfSk3uGWn0KeCNwUST5j6LCADpgFDDF7Y0OnX
S9/Kz5+f0Bf9RmEUzLS5Yshancs/35XoNCqFVAtNEqOdkR5QThMLPyRmmFHWAG4R
wgBGuqj+ulSPTH69qW1rZul0uXUCStHe0IjOBCqb8ljcwiXa8vdnWI9dAwIDAQAB
o4ICWTCCAlUwHQYDVR0OBBYEFJc6NYhKOhQU8QtuwCuvgpqlN6JoMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbHpvMWlFbzZGQlR4QzI3QUs2LUNtcVUzb21nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG8GCCsGAQUFBwEHAQH/BGAwXjBcBAIAATBWAwQALZdZAwQB
XHfEAwQAXmd+MAwDBABemqEDBAJemqADBABenKADBAGTTmQDBAKrFkgDBACy1+wD
BAK52FQDBAK52lQDBAC52okDBAC5234DBADBIxMwDQYJKoZIhvcNAQELBQADggEB
AFeCV1gjoy+Wsl2iaDii6hivIxZE3NEe4999WvonOwfVcWllgfvPr9I87UJh/DJf
PzTjTj52WjNuq/znwYuw7YqjySlFyLSU2EJBoKVJzTaqh1zTyyczz5eBijpGrJRe
TTaG7IkZM7hQg1j8Iy31Asa3S8dmRdEvyTk38rEpUfYvcOhqaOnOCQj9/V98gcgK
4Ve56WHQcczrwC9TCAnxxVo986w15UJJmBHuWaYdrasBFGBKmcqC4z8FHd3ZsRaZ
2+nKGTEeZlz7/XcqBhWr8r1FrCBFlbGbo+nncj2Mzd9RzKHbNQRSs5qZycGb8NKR
qL0KQdk8FU3SQ2s6keqNBL8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:18 2024 by rpki-client on console-fra.rpki-client.org