Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yrjZG_RPU12gMecuIvpsMEtdNBs.roa
File: yrjZG_RPU12gMecuIvpsMEtdNBs.roa (raw, json)
Hash identifier: co4+ZbggsdI+sRIlioltp3cxwP8HVwHZSRGoE6sJffQ=
Subject key identifier: CA:B8:D9:1B:F4:4F:53:5D:A0:31:E7:2E:22:FA:6C:30:4B:5D:34:1B
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0193871882BC3BFD8B6F42CC4E331CEA6304
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yrjZG_RPU12gMecuIvpsMEtdNBs.roa
Signing time: Mon 02 Dec 2024 11:19:10 +0000
ROA not before: Mon 02 Dec 2024 11:19:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 31.13.246.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.88.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
93.123.24.0/24 maxlen: 24
93.123.84.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.179.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
185.226.174.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:87:18:82:bc:3b:fd:8b:6f:42:cc:4e:33:1c:ea:63:04
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Dec 2 11:19:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=cab8d91bf44f535da031e72e22fa6c304b5d341b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e9:88:d6:9d:12:29:1e:a8:e3:29:9a:18:de:31:
4d:3e:83:3e:7d:80:5e:44:9c:76:ac:51:ce:da:17:
f3:ed:05:2a:a0:92:ae:ed:f5:97:2b:30:43:63:96:
e1:2c:d6:3f:1d:8f:35:d9:50:9f:2b:3b:12:10:7a:
80:69:07:45:2f:ab:42:a9:ae:73:c4:0a:20:74:25:
e2:3e:e8:fc:0d:74:a8:cb:bb:9c:79:e6:e2:93:ee:
f5:0b:73:c7:00:49:46:b9:d6:e7:b4:eb:45:cb:33:
66:e6:d7:d6:55:ee:3d:c4:94:b4:51:ab:63:b7:c6:
3d:e5:f2:42:63:3c:2c:ba:3e:bc:aa:35:11:d6:1b:
f5:5b:97:37:99:d4:e9:4e:d9:62:16:2d:f9:20:c2:
c5:3b:1f:77:56:9b:d0:5d:6d:85:aa:23:37:80:0b:
db:06:9a:df:de:a9:d7:bd:47:a1:7a:5b:ed:93:93:
26:17:80:52:40:67:21:8e:cc:b6:78:e1:f9:d4:4a:
e7:19:f6:2e:40:28:23:2a:cb:49:28:5d:fc:e7:e5:
38:c5:ed:0b:0f:d2:28:0f:0e:db:1b:27:f9:44:b5:
54:17:76:f8:e5:0c:97:8e:62:94:10:18:93:07:12:
a3:75:a6:c8:8f:7e:0b:b9:76:3c:34:2a:41:ba:9e:
ef:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:B8:D9:1B:F4:4F:53:5D:A0:31:E7:2E:22:FA:6C:30:4B:5D:34:1B
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yrjZG_RPU12gMecuIvpsMEtdNBs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.13.246.0/24
45.14.164.0/24
45.66.228.0/24
45.88.64.0/24
45.90.88.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
93.123.24.0/24
93.123.84.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.179.0/24
141.98.1.0/24
147.78.100.0/24
171.22.72.0/22
185.216.84.0/22
185.218.84.0/22
185.226.174.0/24
Signature Algorithm: sha256WithRSAEncryption
2e:be:1d:f1:16:d7:95:28:24:c5:cd:53:46:0a:48:05:d5:66:
98:31:23:92:7b:f0:a8:a0:3a:14:95:e1:cb:33:ac:83:be:46:
bd:09:c0:28:15:02:53:de:f2:45:1b:3e:8d:0e:af:95:c8:08:
6f:c4:0a:59:c3:50:5d:c4:f4:a9:1a:fb:2e:91:c7:ab:2c:9f:
57:5c:18:f0:99:85:8d:86:89:0b:71:53:64:37:a5:5d:8a:a0:
7f:20:57:2b:7c:a6:a1:e8:97:73:2d:be:8b:04:c1:2a:bc:d1:
c1:c7:0a:10:cb:5d:b1:ef:60:8c:5c:ff:17:51:2a:49:ad:90:
df:2f:44:0f:80:1f:db:37:4c:a8:73:df:ab:12:bd:28:a2:ec:
53:c3:35:c4:c7:40:7b:07:a0:ff:b5:ad:39:c4:4b:0d:3d:83:
35:c9:88:a8:5a:9a:da:ea:67:be:c6:97:ba:a5:37:5d:14:ca:
f8:66:01:66:55:7c:5c:dc:fd:16:d3:a3:e4:24:05:d6:b6:35:
66:d1:59:b4:25:74:ed:8c:79:f4:08:5d:db:14:f8:a7:09:78:
4f:8c:6b:e3:ba:e7:bd:5d:b4:6b:6c:ab:12:61:73:f2:56:24:
79:27:ea:9b:cc:ec:13:b2:87:0c:3e:3f:14:4e:fc:18:d3:38:
77:55:cb:ac
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgISAZOHGIK8O/2Lb0LMTjMc6mMEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMjAyMTExOTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWI4ZDkxYmY0NGY1MzVkYTAzMWU3MmUyMmZhNmMzMDRiNWQzNDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6YjWnRIpHqjjKZoY3jFNPoM+fYBe
RJx2rFHO2hfz7QUqoJKu7fWXKzBDY5bhLNY/HY812VCfKzsSEHqAaQdFL6tCqa5z
xAogdCXiPuj8DXSoy7uceebik+71C3PHAElGudbntOtFyzNm5tfWVe49xJS0Uatj
t8Y95fJCYzwsuj68qjUR1hv1W5c3mdTpTtliFi35IMLFOx93VpvQXW2FqiM3gAvb
Bprf3qnXvUehelvtk5MmF4BSQGchjsy2eOH51ErnGfYuQCgjKstJKF385+U4xe0L
D9IoDw7bGyf5RLVUF3b45QyXjmKUEBiTBxKjdabIj34LuXY8NCpBup7vqwIDAQAB
o4ICyjCCAsYwHQYDVR0OBBYEFMq42Rv0T1NdoDHnLiL6bDBLXTQbMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveXJqWkdfUlBVMTJnTWVjdUl2cHNNRXRkTkJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHfBggrBgEFBQcBBwEB/wSBzzCBzDCByQQCAAEwgcIDBAAf
DfYDBAAtDqQDBAAtQuQDBAAtWEADBAAtWlgDBAAti2oDBAAtjZ4wDAMEAC2XWQME
Ai2XWAMEAFPbYQMEAFQ2MAMEAFd4VwMEAFd4pgMEAFd5LQMEAFd5VwMEAVd5fAME
AFd5ogMEAFd5pQMEBFtc8AMEAVx3xAMEAF17GAMEAF17VAMEAl6aoAMEAF6cCwME
A16cQAMEAF6cswMEAI1iAQMEAJNOZAMEAqsWSAMEArnYVAMEArnaVAMEALnirjAN
BgkqhkiG9w0BAQsFAAOCAQEALr4d8RbXlSgkxc1TRgpIBdVmmDEjknvwqKA6FJXh
yzOsg75GvQnAKBUCU97yRRs+jQ6vlcgIb8QKWcNQXcT0qRr7LpHHqyyfV1wY8JmF
jYaJC3FTZDelXYqgfyBXK3ymoeiXcy2+iwTBKrzRwccKEMtdse9gjFz/F1EqSa2Q
3y9ED4Af2zdMqHPfqxK9KKLsU8M1xMdAeweg/7WtOcRLDT2DNcmIqFqa2upnvsaX
uqU3XRTK+GYBZlV8XNz9FtOj5CQF1rY1ZtFZtCV07Yx59Ahd2xT4pwl4T4xr47rn
vV20a2yrEmFz8lYkeSfqm8zsE7KHDD4/FE78GNM4d1XLrA==
-----END CERTIFICATE-----
Generated at Wed Apr 16 19:53:53 2025 by rpki-client