Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/t5xpTa-qr0y3kqZrxIcerEwEEFk.roa
File: t5xpTa-qr0y3kqZrxIcerEwEEFk.roa (raw, json)
Hash identifier: DQdnqtnlJ7IVCJ6Fj0qeCDZgWJs7EyRm4ZcOgw11y6Y=
Subject key identifier: B7:9C:69:4D:AF:AA:AF:4C:B7:92:A6:6B:C4:87:1E:AC:4C:04:10:59
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018626DF8BE72E226070D75ECF41FF48C3D5
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/t5xpTa-qr0y3kqZrxIcerEwEEFk.roa
Signing time: Mon 06 Feb 2023 13:17:09 +0000
ROA not before: Mon 06 Feb 2023 13:17:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 50225
IP address blocks: 81.161.230.0/24 maxlen: 24
94.156.234.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
178.215.226.0/24 maxlen: 24
194.55.225.0/24 maxlen: 24
185.222.160.0/24 maxlen: 24
185.222.162.0/24 maxlen: 24
45.9.156.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
94.156.160.0/24 maxlen: 24
193.42.34.0/24 maxlen: 24
193.47.63.0/24 maxlen: 24
193.47.60.0/24 maxlen: 24
45.84.91.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
194.180.39.0/24 maxlen: 24
45.129.84.0/24 maxlen: 24
45.129.86.0/24 maxlen: 24
176.125.252.0/24 maxlen: 24
94.154.162.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:26:df:8b:e7:2e:22:60:70:d7:5e:cf:41:ff:48:c3:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 6 13:17:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b79c694dafaaaf4cb792a66bc4871eac4c041059
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:e9:e3:55:4b:ef:47:d0:e6:1f:3d:1f:73:4e:
6f:66:eb:0c:60:35:69:e1:07:93:8d:b8:86:9d:ff:
fe:5b:9f:cf:36:b1:e3:21:a9:c1:9a:66:76:f4:78:
c4:f0:fc:7d:9b:5e:15:3f:a7:d1:54:d0:21:c1:c8:
ec:f6:55:4a:7b:67:00:7b:52:8b:20:c7:8d:a0:12:
fa:b0:2e:94:40:65:9b:6b:d9:83:5d:f8:d6:ee:60:
ff:6d:e8:78:22:00:ee:ab:f3:b4:c0:62:67:7c:8e:
62:1a:79:73:4e:5c:6e:14:e4:c6:4d:bc:d8:ea:f4:
b3:df:aa:11:3d:b7:10:da:f2:0b:31:cc:39:30:33:
55:ff:56:8e:4c:c9:42:c4:05:cb:72:0d:13:dc:55:
2f:01:1c:e3:19:82:50:45:9f:4a:67:88:73:0b:2d:
8b:7f:e1:57:95:bb:cb:2c:8d:1e:45:5e:e6:16:9b:
6d:04:d2:43:f7:72:a7:ac:d8:2c:a4:a1:c1:05:e3:
be:7c:bf:09:da:62:0d:61:ce:6d:7e:11:40:de:ad:
63:06:99:c7:3c:0e:e6:bf:f5:c8:26:72:7c:8a:1d:
0d:af:f5:b1:21:5e:14:af:08:31:de:37:d9:f7:0e:
0a:47:35:ee:d1:6b:61:97:57:65:ae:41:29:2c:db:
01:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:9C:69:4D:AF:AA:AF:4C:B7:92:A6:6B:C4:87:1E:AC:4C:04:10:59
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/t5xpTa-qr0y3kqZrxIcerEwEEFk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/24
45.12.255.0/24
45.66.228.0/24
45.84.91.0/24
45.88.64.0/24
45.129.84.0/24
45.129.86.0/24
81.161.230.0/24
94.154.162.0/24
94.156.160.0/24
94.156.234.0/24
176.125.252.0/24
178.215.226.0/24
185.222.160.0/24
185.222.162.0/24
193.42.34.0/24
193.47.60.0/24
193.47.63.0/24
194.55.224.0/23
194.180.39.0/24
Signature Algorithm: sha256WithRSAEncryption
98:75:b7:57:a2:61:19:4b:c7:36:99:b8:8c:48:5c:7c:a4:bb:
e7:14:ae:e3:dc:a5:fa:1d:9c:87:9e:cc:2f:cf:9b:1f:b3:18:
50:a0:6c:36:33:74:c9:e9:7f:fb:21:cf:92:b0:28:be:0d:ca:
ce:93:36:ca:39:3d:f8:30:56:1e:27:fc:2c:ce:8c:fc:5f:8e:
52:86:0f:6d:03:fb:18:36:52:46:2a:c4:8e:d1:53:05:93:f2:
b5:0d:68:55:b7:1a:b2:73:50:83:9c:04:9f:7c:53:25:30:3f:
42:a3:84:69:9e:88:6f:f1:b5:2f:9a:0e:f4:72:dc:a1:c8:f2:
d6:8f:02:c0:70:52:cf:bc:64:6c:f7:57:db:80:69:fe:24:29:
6f:3d:33:f9:d8:68:6d:3c:d0:89:a3:27:80:9e:b6:2b:34:7b:
50:65:3d:0d:d9:fb:73:b3:a9:d1:0a:e0:0a:53:5a:07:92:88:
71:88:8b:67:ba:76:00:88:98:91:22:b8:8a:84:ec:cc:05:a6:
b3:85:a3:4d:32:84:ff:ca:ed:42:8b:bd:7b:1a:c4:fe:74:a6:
2e:6a:ac:a7:2f:b5:ee:9c:8b:97:7a:c1:57:c7:9d:e4:72:91:
06:19:71:19:e8:e1:82:3d:48:1b:5e:bf:d8:b7:44:98:c8:dd:
54:85:b2:cb
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgISAYYm34vnLiJgcNdez0H/SMPVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMjA2MTMxNzA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzljNjk0ZGFmYWFhZjRjYjc5MmE2NmJjNDg3MWVhYzRjMDQxMDU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjenjVUvvR9DmHz0fc05vZusMYDVp
4QeTjbiGnf/+W5/PNrHjIanBmmZ29HjE8Px9m14VP6fRVNAhwcjs9lVKe2cAe1KL
IMeNoBL6sC6UQGWba9mDXfjW7mD/beh4IgDuq/O0wGJnfI5iGnlzTlxuFOTGTbzY
6vSz36oRPbcQ2vILMcw5MDNV/1aOTMlCxAXLcg0T3FUvARzjGYJQRZ9KZ4hzCy2L
f+FXlbvLLI0eRV7mFpttBNJD93KnrNgspKHBBeO+fL8J2mINYc5tfhFA3q1jBpnH
PA7mv/XIJnJ8ih0Nr/WxIV4Urwgx3jfZ9w4KRzXu0Wthl1dlrkEpLNsB3wIDAQAB
o4ICfjCCAnowHQYDVR0OBBYEFLecaU2vqq9Mt5Kma8SHHqxMBBBZMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvdDV4cFRhLXFyMHkza3FacnhJY2VyRXdFRUZrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGTBggrBgEFBQcBBwEB/wSBgzCBgDB+BAIAATB4AwQALQmc
AwQALQz/AwQALULkAwQALVRbAwQALVhAAwQALYFUAwQALYFWAwQAUaHmAwQAXpqi
AwQAXpygAwQAXpzqAwQAsH38AwQAstfiAwQAud6gAwQAud6iAwQAwSoiAwQAwS88
AwQAwS8/AwQBwjfgAwQAwrQnMA0GCSqGSIb3DQEBCwUAA4IBAQCYdbdXomEZS8c2
mbiMSFx8pLvnFK7j3KX6HZyHnswvz5sfsxhQoGw2M3TJ6X/7Ic+SsCi+DcrOkzbK
OT34MFYeJ/wszoz8X45Shg9tA/sYNlJGKsSO0VMFk/K1DWhVtxqyc1CDnASffFMl
MD9Co4Rpnohv8bUvmg70ctyhyPLWjwLAcFLPvGRs91fbgGn+JClvPTP52GhtPNCJ
oyeAnrYrNHtQZT0N2ftzs6nRCuAKU1oHkohxiItnunYAiJiRIriKhOzMBaazhaNN
MoT/yu1Ci717GsT+dKYuaqynL7XunIuXesFXx53kcpEGGXEZ6OGCPUgbXr/Yt0SY
yN1UhbLL
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:43 2023 by rpki-client on console-ams.rpki-client.org