Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zKDqL4EZMb3oJCLKaAiAB2utO5E.roa
File: zKDqL4EZMb3oJCLKaAiAB2utO5E.roa (raw, json)
Hash identifier: szLLfIUVbbkSKxKeshArWWI8A0L5lWd2+KKCAYqhipc=
Subject key identifier: CC:A0:EA:2F:81:19:31:BD:E8:24:22:CA:68:08:80:07:6B:AD:3B:91
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01862FB88FABD69C87B72BD0C4A0D9FC4D18
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zKDqL4EZMb3oJCLKaAiAB2utO5E.roa
Signing time: Wed 08 Feb 2023 06:31:09 +0000
ROA not before: Wed 08 Feb 2023 06:31:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209371
IP address blocks: 185.216.70.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
178.215.239.0/24 maxlen: 24
45.128.96.0/22 maxlen: 24
85.31.47.0/24 maxlen: 24
193.42.32.0/24 maxlen: 24
45.139.107.0/24 maxlen: 24
45.84.89.0/24 maxlen: 24
193.35.19.0/24 maxlen: 24
94.154.172.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:2f:b8:8f:ab:d6:9c:87:b7:2b:d0:c4:a0:d9:fc:4d:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 8 06:31:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cca0ea2f811931bde82422ca680880076bad3b91
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:57:1d:fa:9c:e0:60:cc:7d:a9:c7:f2:d4:3c:
f8:1a:0d:c8:1c:42:bc:d3:4a:6b:c4:5a:7f:c2:81:
39:dc:43:ff:d2:2c:73:29:83:c2:8d:74:16:99:3d:
f2:17:82:a4:d4:2b:e4:74:55:e8:15:53:76:44:d8:
8a:92:1c:46:02:11:3c:1e:e2:98:42:4e:05:77:f2:
08:bc:96:0b:7a:f1:fd:3e:f1:3d:6e:83:55:7a:26:
3d:79:17:a3:c5:67:ca:4e:be:41:29:c2:19:d4:05:
04:d3:f0:a8:ad:22:82:cc:2d:a8:9d:a2:a7:5f:bf:
d9:e7:f0:f6:ac:26:38:c1:2c:c2:5e:eb:fc:06:62:
e5:21:da:16:09:e8:94:2b:26:f1:75:8e:f0:8e:ed:
05:92:3f:a7:15:28:45:6c:2f:a2:65:0e:06:c6:63:
3f:8d:44:87:7f:83:a9:db:7f:3d:ec:cf:0c:fb:87:
39:77:59:ea:66:6a:ee:68:2f:5d:e8:00:2b:4e:aa:
10:e8:42:d0:fd:eb:54:eb:de:0d:49:dd:38:09:00:
c8:0e:46:e2:7c:a1:61:68:08:f0:e8:99:df:36:41:
63:22:de:a9:b7:8b:a3:91:67:69:b7:78:6c:77:1a:
f9:98:18:89:69:c0:a5:ac:bf:7f:ff:7c:26:de:d3:
0b:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CC:A0:EA:2F:81:19:31:BD:E8:24:22:CA:68:08:80:07:6B:AD:3B:91
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zKDqL4EZMb3oJCLKaAiAB2utO5E.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.84.89.0/24
45.128.96.0/22
45.139.107.0/24
85.31.47.0/24
94.154.172.0/24
178.215.239.0/24
185.216.70.0/24
193.35.19.0/24
193.42.32.0/24
194.55.224.0/24
Signature Algorithm: sha256WithRSAEncryption
84:bf:9f:9d:91:9a:23:86:f2:e8:0d:98:a7:ab:96:77:a5:63:
9d:1e:af:e5:81:5b:22:cf:eb:1e:18:ce:82:14:3a:00:3a:51:
8e:f0:00:7a:4e:07:d3:0e:a7:ff:b6:14:5d:1b:57:f6:68:ab:
5d:a5:2a:8a:0d:d3:2e:60:a0:6c:99:37:5f:3d:d8:1b:25:e9:
23:bf:1f:cd:c6:d9:3c:45:9e:3a:f3:14:0c:23:b0:ef:e8:d0:
d8:91:4a:97:f6:61:dd:81:ce:fb:12:40:a0:ed:d0:33:ea:3e:
38:9e:f0:4f:df:1a:b4:40:30:4d:41:1f:5d:21:a2:c9:36:65:
b9:6e:e5:ca:58:57:9c:01:1b:6a:b9:27:e2:2c:10:eb:ab:8b:
e2:3d:6b:b4:12:f9:5e:9c:91:b5:f2:19:2c:39:f4:5e:6f:6d:
96:6d:c2:ca:15:e4:94:9b:27:09:cd:a2:89:7b:77:9e:6d:6f:
fc:77:d2:81:55:a6:fd:a7:c7:eb:9e:1e:2a:60:e3:9b:b9:cf:
aa:93:ed:ff:6a:32:1b:23:98:a7:fe:56:e0:d8:62:e7:5b:bf:
b1:69:ee:16:35:58:86:53:72:0c:87:cb:d7:ab:ed:06:ac:d8:
58:77:42:99:c9:3a:8c:0f:19:60:11:17:3d:7b:ef:cb:da:1e:
20:a7:10:9e
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYYvuI+r1pyHtyvQxKDZ/E0YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMjA4MDYzMTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjY2EwZWEyZjgxMTkzMWJkZTgyNDIyY2E2ODA4ODAwNzZiYWQzYjkxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFcd+pzgYMx9qcfy1Dz4Gg3IHEK8
00prxFp/woE53EP/0ixzKYPCjXQWmT3yF4Kk1CvkdFXoFVN2RNiKkhxGAhE8HuKY
Qk4Fd/IIvJYLevH9PvE9boNVeiY9eRejxWfKTr5BKcIZ1AUE0/CorSKCzC2onaKn
X7/Z5/D2rCY4wSzCXuv8BmLlIdoWCeiUKybxdY7wju0Fkj+nFShFbC+iZQ4GxmM/
jUSHf4Op23897M8M+4c5d1nqZmruaC9d6AArTqoQ6ELQ/etU694NSd04CQDIDkbi
fKFhaAjw6JnfNkFjIt6pt4ujkWdpt3hsdxr5mBiJacClrL9//3wm3tML7QIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFMyg6i+BGTG96CQiymgIgAdrrTuRMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvektEcUw0RVpNYjNvSkNMS2FBaUFCMnV0TzVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALVRZAwQC
LYBgAwQALYtrAwQAVR8vAwQAXpqsAwQAstfvAwQAudhGAwQAwSMTAwQAwSogAwQA
wjfgMA0GCSqGSIb3DQEBCwUAA4IBAQCEv5+dkZojhvLoDZinq5Z3pWOdHq/lgVsi
z+seGM6CFDoAOlGO8AB6TgfTDqf/thRdG1f2aKtdpSqKDdMuYKBsmTdfPdgbJekj
vx/Nxtk8RZ468xQMI7Dv6NDYkUqX9mHdgc77EkCg7dAz6j44nvBP3xq0QDBNQR9d
IaLJNmW5buXKWFecARtquSfiLBDrq4viPWu0EvlenJG18hksOfReb22WbcLKFeSU
mycJzaKJe3eebW/8d9KBVab9p8frnh4qYOObuc+qk+3/ajIbI5in/lbg2GLnW7+x
ae4WNViGU3IMh8vXq+0GrNhYd0KZyTqMDxlgERc9e+/L2h4gpxCe
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:44 2023 by rpki-client on console-ams.rpki-client.org