Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yCi4yhIhxqaRr1Yk0wgwpH3pMKM.roa
File: yCi4yhIhxqaRr1Yk0wgwpH3pMKM.roa (raw, json)
Hash identifier: 7SJBB0iXARuI+MmNhswEYKQ/NnqOKigo3ZhE6oJtdzk=
Subject key identifier: C8:28:B8:CA:12:21:C6:A6:91:AF:56:24:D3:08:30:A4:7D:E9:30:A3
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018650537961A2A5E7E782B9433B9BFEF27F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yCi4yhIhxqaRr1Yk0wgwpH3pMKM.roa
Signing time: Tue 14 Feb 2023 14:28:13 +0000
ROA not before: Tue 14 Feb 2023 14:28:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 25369
IP address blocks: 171.22.31.0/24 maxlen: 24
45.90.88.0/22 maxlen: 24
141.98.4.0/24 maxlen: 24
194.55.227.0/24 maxlen: 24
45.12.254.0/24 maxlen: 24
193.58.120.0/24 maxlen: 24
45.149.241.0/24 maxlen: 24
193.222.98.0/23 maxlen: 24
194.48.248.0/24 maxlen: 24
171.22.18.0/24 maxlen: 24
84.21.173.0/24 maxlen: 24
194.31.204.0/24 maxlen: 24
185.221.67.0/24 maxlen: 24
79.110.48.0/23 maxlen: 24
195.178.121.0/24 maxlen: 24
194.169.174.0/24 maxlen: 24
194.169.173.0/24 maxlen: 24
194.49.86.0/24 maxlen: 24
193.25.218.0/24 maxlen: 24
193.25.217.0/24 maxlen: 24
109.206.239.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:50:53:79:61:a2:a5:e7:e7:82:b9:43:3b:9b:fe:f2:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 14 14:28:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c828b8ca1221c6a691af5624d30830a47de930a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:47:c8:3d:f0:cb:90:90:12:0a:ba:31:be:eb:
49:69:63:4f:6a:9e:a2:2c:f0:54:12:b6:25:21:54:
68:8f:32:15:32:b0:e1:19:67:bb:96:13:fe:fd:ac:
b5:6f:fa:62:a2:5e:d3:13:ac:c3:0d:9f:bc:7e:72:
b7:69:48:a8:bc:df:af:28:cb:f5:3b:ef:0e:a1:5e:
34:2f:3a:e4:3c:19:35:51:df:28:a4:0e:27:01:54:
c3:5f:66:5a:f7:e2:07:20:ed:10:8a:53:1f:91:90:
bf:6e:2f:5c:1a:b1:b5:9f:06:35:85:a7:6f:95:31:
6f:dc:d2:94:9a:8f:3e:4b:fe:da:47:a0:80:14:4a:
47:33:ed:a1:66:91:f6:39:22:a9:5c:07:f6:5d:69:
f2:d2:91:9b:d7:a3:5c:99:ea:f8:a0:e9:5a:42:7a:
dd:93:2e:a3:ed:ee:23:c7:9e:c0:ca:2e:b8:56:65:
08:16:f7:13:8f:98:64:74:dd:26:ea:97:62:38:de:
b2:ef:66:6c:e4:ff:28:bc:9c:e8:0d:b3:23:c4:97:
41:18:58:f9:68:30:d6:bd:d9:a5:7e:79:73:80:03:
93:0c:e5:ed:c6:79:9d:f1:a6:42:21:d9:e4:7b:c0:
ba:ef:62:4c:47:e3:15:44:db:d7:9d:50:b2:a3:8c:
ff:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:28:B8:CA:12:21:C6:A6:91:AF:56:24:D3:08:30:A4:7D:E9:30:A3
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yCi4yhIhxqaRr1Yk0wgwpH3pMKM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.12.254.0/24
45.90.88.0/22
45.149.241.0/24
79.110.48.0/23
84.21.173.0/24
109.206.239.0/24
141.98.4.0/24
171.22.18.0/24
171.22.31.0/24
185.221.67.0/24
193.25.217.0-193.25.218.255
193.58.120.0/24
193.222.98.0/23
194.31.204.0/24
194.48.248.0/24
194.49.86.0/24
194.55.227.0/24
194.169.173.0-194.169.174.255
195.178.121.0/24
Signature Algorithm: sha256WithRSAEncryption
28:ef:3b:53:2c:b7:86:08:b0:0a:28:92:c2:b2:27:af:e5:b7:
33:fb:f0:e1:a1:8d:01:fe:9e:3a:19:74:59:6e:bf:ac:30:4d:
a5:81:e9:7e:03:cc:a1:80:da:d4:c6:a0:44:f2:1d:76:a1:d8:
18:f9:de:0a:c7:05:fd:c3:e8:cc:c7:4e:d0:1d:bf:3b:f6:c8:
2a:ee:cc:70:e4:22:ad:41:16:7d:43:8b:3f:eb:2f:24:1e:aa:
ff:ff:ab:b8:4e:60:fd:01:8b:71:bd:34:ce:ed:fa:8f:3f:cd:
2a:3b:e9:07:8e:b6:1b:6d:99:ad:e3:ee:3a:1d:92:05:df:8e:
f9:12:48:77:d2:ee:23:2c:33:b1:69:fc:42:66:fd:2f:07:4a:
23:f9:4e:97:35:35:6c:0f:83:f6:a3:f2:95:2d:d5:63:55:c1:
75:08:b3:18:e4:98:f9:a7:3c:33:7d:1d:c2:18:9e:b1:69:3f:
6c:63:07:9e:84:86:92:d2:65:3d:1f:3d:1f:a1:fc:4c:91:02:
f1:dd:ef:08:9f:6a:b9:bc:8b:84:6b:e7:31:0f:ba:e7:77:45:
01:28:20:9a:2d:8e:26:54:60:6c:69:53:d0:21:fd:06:d1:69:
5d:b9:99:d7:93:f4:d7:d6:70:cf:cf:31:df:e5:0b:28:7b:38:
b7:4c:ac:f6
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYZQU3lhoqXn54K5Qzub/vJ/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMjE0MTQyODEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODI4YjhjYTEyMjFjNmE2OTFhZjU2MjRkMzA4MzBhNDdkZTkzMGEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp0fIPfDLkJASCroxvutJaWNPap6i
LPBUErYlIVRojzIVMrDhGWe7lhP+/ay1b/piol7TE6zDDZ+8fnK3aUiovN+vKMv1
O+8OoV40LzrkPBk1Ud8opA4nAVTDX2Za9+IHIO0QilMfkZC/bi9cGrG1nwY1hadv
lTFv3NKUmo8+S/7aR6CAFEpHM+2hZpH2OSKpXAf2XWny0pGb16Ncmer4oOlaQnrd
ky6j7e4jx57Ayi64VmUIFvcTj5hkdN0m6pdiON6y72Zs5P8ovJzoDbMjxJdBGFj5
aDDWvdmlfnlzgAOTDOXtxnmd8aZCIdnke8C672JMR+MVRNvXnVCyo4z/+QIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFMgouMoSIcamka9WJNMIMKR96TCjMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveUNpNHloSWh4cWFScjFZazB3Z3dwSDNwTUtNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGfBggrBgEFBQcBBwEB/wSBjzCBjDCBiQQCAAEwgYIDBAAt
DP4DBAItWlgDBAAtlfEDBAFPbjADBABUFa0DBABtzu8DBACNYgQDBACrFhIDBACr
Fh8DBAC53UMwDAMEAMEZ2QMEAMEZ2gMEAME6eAMEAcHeYgMEAMIfzAMEAMIw+AME
AMIxVgMEAMI34zAMAwQAwqmtAwQAwqmuAwQAw7J5MA0GCSqGSIb3DQEBCwUAA4IB
AQAo7ztTLLeGCLAKKJLCsiev5bcz+/DhoY0B/p46GXRZbr+sME2lgel+A8yhgNrU
xqBE8h12odgY+d4KxwX9w+jMx07QHb879sgq7sxw5CKtQRZ9Q4s/6y8kHqr//6u4
TmD9AYtxvTTO7fqPP80qO+kHjrYbbZmt4+46HZIF3475Ekh30u4jLDOxafxCZv0v
B0oj+U6XNTVsD4P2o/KVLdVjVcF1CLMY5Jj5pzwzfR3CGJ6xaT9sYweehIaS0mU9
Hz0fofxMkQLx3e8In2q5vIuEa+cxD7rnd0UBKCCaLY4mVGBsaVPQIf0G0WlduZnX
k/TX1nDPzzHf5Qsoezi3TKz2
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:46 2024 by rpki-client on console-ams.rpki-client.org