Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yPmfgWokpk9YYYni1Qm5swJLbro.roa
File: yPmfgWokpk9YYYni1Qm5swJLbro.roa (raw, json)
Hash identifier: Yt3ARaod2vE5ECXdCb1kYfdIvJrZoisWwgchYh81XBE=
Subject key identifier: C8:F9:9F:81:6A:24:A6:4F:58:61:89:E2:D5:09:B9:B3:02:4B:6E:BA
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018CCE3C7859301CC0DBAA8E849402EB5E17
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yPmfgWokpk9YYYni1Qm5swJLbro.roa
Signing time: Wed 03 Jan 2024 07:31:58 +0000
ROA not before: Wed 03 Jan 2024 07:31:58 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 207279
IP address blocks: 194.169.172.0/24 maxlen: 24
2.59.253.0/24 maxlen: 24
194.31.205.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
194.180.38.0/24 maxlen: 24
194.180.39.0/24 maxlen: 24
94.154.162.0/24 maxlen: 24
109.206.239.0/24 maxlen: 24
178.215.225.0/24 maxlen: 24
194.55.225.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
185.222.160.0/24 maxlen: 24
178.215.227.0/24 maxlen: 24
185.222.162.0/24 maxlen: 24
185.222.161.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
193.222.97.0/24 maxlen: 24
193.222.99.0/24 maxlen: 24
193.37.42.0/24 maxlen: 24
193.37.44.0/24 maxlen: 24
193.37.40.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.48.248.0/24 maxlen: 24
45.84.91.0/24 maxlen: 24
194.55.187.0/24 maxlen: 24
92.119.198.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
79.110.51.0/24 maxlen: 24
45.88.91.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
193.25.217.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ce:3c:78:59:30:1c:c0:db:aa:8e:84:94:02:eb:5e:17
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 3 07:31:58 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c8f99f816a24a64f586189e2d509b9b3024b6eba
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:85:12:56:19:21:79:61:8d:2f:df:52:6e:a3:
6b:05:84:e3:af:43:2c:2f:90:f0:b8:7c:cf:07:ce:
17:2e:2d:ac:b6:c4:b8:15:d8:fb:8d:33:fd:95:2e:
3c:1d:f0:ae:0e:c8:c9:c2:3c:3a:ae:31:45:bc:7d:
14:36:42:c3:1a:f8:0b:4d:94:71:54:7f:25:85:90:
70:3d:a2:4f:50:af:f7:ad:cc:22:a5:7e:a7:05:0d:
35:15:21:2f:7d:00:5e:70:48:7e:b0:e8:63:86:de:
f7:57:78:d2:60:2f:6d:82:b9:cc:4b:2a:4c:9c:7e:
73:50:bb:29:df:fb:6c:d3:2d:d9:e6:30:38:4e:85:
6f:f0:90:d0:0d:69:0f:1b:9d:7c:d7:f6:20:19:9b:
23:73:c0:9f:b7:40:20:22:7e:ab:55:6b:31:81:0a:
bf:d0:1c:02:4e:ad:b1:be:16:36:36:cd:54:2c:e3:
f0:c8:c1:0b:1b:db:6d:14:84:a1:d7:ad:ed:bd:6f:
92:0e:9a:a1:9c:7b:39:62:2d:e2:be:e8:e5:9a:39:
8d:ca:89:68:7a:4e:8b:c0:76:c0:b0:1a:a4:d2:7e:
06:9c:6a:8d:14:33:ef:17:ce:d0:96:30:9f:42:da:
94:18:29:27:d1:ce:99:e6:7d:3b:3c:5d:7d:23:a6:
21:19
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:F9:9F:81:6A:24:A6:4F:58:61:89:E2:D5:09:B9:B3:02:4B:6E:BA
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yPmfgWokpk9YYYni1Qm5swJLbro.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.253.0/24
45.84.91.0/24
45.88.64.0/24
45.88.91.0/24
79.110.51.0/24
83.219.97.0/24
92.119.198.0/24
92.249.50.0/24
94.154.162.0/24
109.206.239.0/24
178.215.225.0/24
178.215.227.0/24
178.215.236.0/24
185.222.160.0-185.222.162.255
193.25.217.0/24
193.37.40.0/24
193.37.42.0/24
193.37.44.0/24
193.222.97.0/24
193.222.99.0/24
194.31.205.0/24
194.48.248.0/24
194.55.186.0/23
194.55.224.0/23
194.169.172.0/24
194.180.38.0/23
Signature Algorithm: sha256WithRSAEncryption
90:d3:08:c1:f4:50:fb:6d:6a:38:dd:3c:1a:60:6b:f9:86:39:
21:f0:59:91:d7:58:40:4d:aa:c2:68:94:f1:aa:ec:bd:11:57:
2a:62:54:72:78:11:dd:2a:0e:f7:9c:eb:c6:ca:5e:32:ed:7d:
2f:18:de:4a:3b:60:4a:80:ed:76:ef:48:14:9f:4b:28:0d:3e:
ca:f6:d7:dc:63:60:c4:43:a6:bf:0f:fc:43:61:4b:c4:de:43:
38:75:7b:81:e8:1b:93:f6:07:d0:19:06:ee:e5:a1:7b:60:b1:
e7:01:b1:ac:2f:3e:89:54:b8:4f:d6:02:be:fb:ce:3f:9f:4d:
3c:b9:3a:07:d7:91:68:f5:3b:e6:59:69:03:7e:ac:9b:03:30:
c6:a8:48:05:4e:55:06:56:ed:93:05:83:cc:89:38:bd:3d:a2:
79:08:2d:03:ec:e9:20:cb:4f:3a:b7:59:5a:a8:5f:f5:cf:b8:
28:68:ca:8f:7f:11:a1:07:c0:ab:d8:d2:57:a5:75:bf:0c:39:
74:e5:a2:1c:b8:ff:9d:3d:61:0b:aa:d5:a5:c1:17:b4:83:47:
b5:8e:03:85:36:85:f9:5b:ed:24:41:b7:c1:97:ce:f9:76:4d:
53:1f:e4:a5:d9:f9:38:34:08:43:d2:c2:02:63:2c:80:f0:09:
04:8c:b2:bd
-----BEGIN CERTIFICATE-----
MIIFoDCCBIigAwIBAgISAYzOPHhZMBzA26qOhJQC614XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMTAzMDczMTU4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOGY5OWY4MTZhMjRhNjRmNTg2MTg5ZTJkNTA5YjliMzAyNGI2ZWJhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn4USVhkheWGNL99SbqNrBYTjr0Ms
L5DwuHzPB84XLi2stsS4Fdj7jTP9lS48HfCuDsjJwjw6rjFFvH0UNkLDGvgLTZRx
VH8lhZBwPaJPUK/3rcwipX6nBQ01FSEvfQBecEh+sOhjht73V3jSYC9tgrnMSypM
nH5zULsp3/ts0y3Z5jA4ToVv8JDQDWkPG5181/YgGZsjc8Cft0AgIn6rVWsxgQq/
0BwCTq2xvhY2Ns1ULOPwyMELG9ttFISh163tvW+SDpqhnHs5Yi3ivujlmjmNyolo
ek6LwHbAsBqk0n4GnGqNFDPvF87QljCfQtqUGCkn0c6Z5n07PF19I6YhGQIDAQAB
o4ICrDCCAqgwHQYDVR0OBBYEFMj5n4FqJKZPWGGJ4tUJubMCS266MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveVBtZmdXb2twazlZWVluaTFRbTVzd0pMYnJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHBBggrBgEFBQcBBwEB/wSBsTCBrjCBqwQCAAEwgaQDBAAC
O/0DBAAtVFsDBAAtWEADBAAtWFsDBABPbjMDBABT22EDBABcd8YDBABc+TIDBABe
mqIDBABtzu8DBACy1+EDBACy1+MDBACy1+wwDAMEBbneoAMEALneogMEAMEZ2QME
AMElKAMEAMElKgMEAMElLAMEAMHeYQMEAMHeYwMEAMIfzQMEAMIw+AMEAcI3ugME
AcI34AMEAMKprAMEAcK0JjANBgkqhkiG9w0BAQsFAAOCAQEAkNMIwfRQ+21qON08
GmBr+YY5IfBZkddYQE2qwmiU8arsvRFXKmJUcngR3SoO95zrxspeMu19LxjeSjtg
SoDtdu9IFJ9LKA0+yvbX3GNgxEOmvw/8Q2FLxN5DOHV7gegbk/YH0BkG7uWhe2Cx
5wGxrC8+iVS4T9YCvvvOP59NPLk6B9eRaPU75llpA36smwMwxqhIBU5VBlbtkwWD
zIk4vT2ieQgtA+zpIMtPOrdZWqhf9c+4KGjKj38RoQfAq9jSV6V1vww5dOWiHLj/
nT1hC6rVpcEXtINHtY4DhTaF+VvtJEG3wZfO+XZNUx/kpdn5ODQIQ9LCAmMsgPAJ
BIyyvQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:22 2024 by rpki-client on console-fra.rpki-client.org