Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/x63GeSgwVxwBRh1AYQZcjLLSN4c.roa
File: x63GeSgwVxwBRh1AYQZcjLLSN4c.roa (raw, json)
Hash identifier: /g7JdNqvVk5VlmMSaX5iSzEUl4wE8uQwIDuGz90WeKM=
Subject key identifier: C7:AD:C6:79:28:30:57:1C:01:46:1D:40:61:06:5C:8C:B2:D2:37:87
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018D5BD6F6DB162EFD65241AF6407BE8AB29
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/x63GeSgwVxwBRh1AYQZcjLLSN4c.roa
Signing time: Tue 30 Jan 2024 19:27:11 +0000
ROA not before: Tue 30 Jan 2024 19:27:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.66.230.0/24 maxlen: 24
45.84.89.0/24 maxlen: 24
45.88.90.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.221.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.172.0/24 maxlen: 24
94.156.239.0/24 maxlen: 24
95.214.24.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
185.226.173.0/24 maxlen: 24
185.252.176.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:5b:d6:f6:db:16:2e:fd:65:24:1a:f6:40:7b:e8:ab:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 30 19:27:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c7adc6792830571c01461d4061065c8cb2d23787
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:89:7f:8b:2d:b2:5f:aa:c8:31:ca:b6:dd:b1:
9e:72:13:6e:e6:23:75:56:20:9f:7c:ac:6f:13:f3:
74:cc:1c:42:73:1c:43:3f:b7:16:76:e8:b7:6d:03:
5d:06:d5:48:2a:6c:9d:69:5a:02:b0:e1:77:a1:aa:
65:37:f1:f3:30:60:5f:78:ad:d7:d9:32:0e:a3:95:
ab:5c:c9:af:ad:68:17:23:01:81:df:be:82:a7:c1:
dc:db:b9:1e:67:b6:e9:26:0f:ed:f8:db:53:86:3e:
ba:27:09:9d:04:de:35:d3:32:bd:4a:db:02:44:62:
8b:e1:04:bb:1e:15:41:02:58:ea:65:35:69:ba:0a:
ac:71:88:b1:5d:04:2f:49:11:c1:0e:a4:86:ae:d7:
1e:ba:6b:fb:4e:c8:88:8d:91:59:f7:81:e7:67:c2:
f3:3b:4c:ab:8f:46:d2:6a:0c:e4:3e:6d:6a:64:fa:
dc:81:e0:17:6b:20:e9:7a:15:68:f5:13:0f:05:19:
e4:69:6b:38:9e:10:c1:18:43:f2:7d:28:31:89:c8:
ce:c8:b8:8f:95:41:b4:aa:10:e2:2e:d3:0d:29:6a:
ea:8d:65:4d:51:9c:4f:25:2e:aa:b5:d8:97:31:83:
fe:5f:f5:22:a0:83:8f:4c:80:a7:7a:ba:98:a1:3c:
c2:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:AD:C6:79:28:30:57:1C:01:46:1D:40:61:06:5C:8C:B2:D2:37:87
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/x63GeSgwVxwBRh1AYQZcjLLSN4c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.230.0/24
45.84.89.0/24
45.88.90.0/24
45.151.89.0/24
87.120.87.0/24
87.121.45.0/24
87.121.221.0/24
92.119.196.0/23
94.154.161.0-94.154.163.255
94.154.172.0/24
94.156.239.0/24
95.214.24.0/24
147.78.101.0-147.78.102.255
171.22.72.0/22
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.226.173.0/24
185.252.176.0/24
194.55.224.0/24
Signature Algorithm: sha256WithRSAEncryption
b0:19:8e:d2:02:e2:cc:c0:3b:35:5d:ee:54:b4:97:86:03:cb:
d2:58:8d:b4:f4:18:30:96:cf:39:f1:d1:6a:00:0e:92:38:64:
30:87:58:57:9b:5b:c2:17:01:3d:5b:88:c6:21:90:2a:9f:e6:
de:f3:b6:9f:2e:3f:14:f3:3b:b5:8a:fe:10:35:69:57:0d:47:
d7:b4:66:5e:47:bf:4a:71:49:90:05:12:8d:4f:d8:54:c0:87:
62:cb:85:b7:53:88:ef:c2:d7:81:c1:3f:1c:79:17:7d:60:98:
df:c5:df:78:27:c0:b8:fe:76:f5:d8:9f:8d:59:4b:35:17:ed:
d1:5f:12:00:3d:d1:9a:5b:10:0e:08:03:1d:a2:90:22:f7:3f:
9d:2b:b6:4c:d4:19:c5:c9:14:42:30:21:74:29:b5:c4:2d:ce:
c4:72:41:b8:0d:c5:59:bf:32:a8:c0:3f:05:f8:77:68:67:13:
be:76:c9:21:74:91:6e:06:69:fb:8c:a5:65:49:7a:ac:13:f0:
d5:b9:41:df:4c:dd:d4:7c:be:d5:58:93:2c:64:ca:e0:82:32:
bf:a1:e4:78:d4:a6:0b:27:8f:95:f1:5e:56:c1:69:b8:b4:13:
cd:5f:64:46:13:46:3b:7d:33:ff:c5:4d:87:c3:4a:b3:07:3a:
dd:e8:1f:f6
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgISAY1b1vbbFi79ZSQa9kB76KspMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTMwMTkyNzExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjN2FkYzY3OTI4MzA1NzFjMDE0NjFkNDA2MTA2NWM4Y2IyZDIzNzg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhol/iy2yX6rIMcq23bGechNu5iN1
ViCffKxvE/N0zBxCcxxDP7cWdui3bQNdBtVIKmydaVoCsOF3oaplN/HzMGBfeK3X
2TIOo5WrXMmvrWgXIwGB376Cp8Hc27keZ7bpJg/t+NtThj66JwmdBN410zK9StsC
RGKL4QS7HhVBAljqZTVpugqscYixXQQvSRHBDqSGrtceumv7TsiIjZFZ94HnZ8Lz
O0yrj0bSagzkPm1qZPrcgeAXayDpehVo9RMPBRnkaWs4nhDBGEPyfSgxicjOyLiP
lUG0qhDiLtMNKWrqjWVNUZxPJS6qtdiXMYP+X/UioIOPTICnerqYoTzCYwIDAQAB
o4ICljCCApIwHQYDVR0OBBYEFMetxnkoMFccAUYdQGEGXIyy0jeHMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveDYzR2VTZ3dWeHdCUmgxQVlRWmNqTExTTjRjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGrBggrBgEFBQcBBwEB/wSBmzCBmDCBlQQCAAEwgY4DBAAt
QuYDBAAtVFkDBAAtWFoDBAAtl1kDBABXeFcDBABXeS0DBABXed0DBAFcd8QwDAME
AF6aoQMEAl6aoAMEAF6arAMEAF6c7wMEAF/WGDAMAwQAk05lAwQAk05mAwQCqxZI
AwQAstfgAwQAstfsAwQCudhUAwQCudpUAwQAueKtAwQAufywAwQAwjfgMA0GCSqG
SIb3DQEBCwUAA4IBAQCwGY7SAuLMwDs1Xe5UtJeGA8vSWI209Bgwls858dFqAA6S
OGQwh1hXm1vCFwE9W4jGIZAqn+be87afLj8U8zu1iv4QNWlXDUfXtGZeR79KcUmQ
BRKNT9hUwIdiy4W3U4jvwteBwT8ceRd9YJjfxd94J8C4/nb12J+NWUs1F+3RXxIA
PdGaWxAOCAMdopAi9z+dK7ZM1BnFyRRCMCF0KbXELc7EckG4DcVZvzKowD8F+Hdo
ZxO+dskhdJFuBmn7jKVlSXqsE/DVuUHfTN3UfL7VWJMsZMrggjK/oeR41KYLJ4+V
8V5WwWm4tBPNX2RGE0Y7fTP/xU2Hw0qzBzrd6B/2
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:21 2024 by rpki-client on console-fra.rpki-client.org