Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zy4phYOgHkAVoM5B7bpvZJVZLOg.roa
File: zy4phYOgHkAVoM5B7bpvZJVZLOg.roa (raw, json)
Hash identifier: w+Vpan+Z+YnfAvVTn8WPuJvAa66GqgxLijmcgkWtC94=
Subject key identifier: CF:2E:29:85:83:A0:1E:40:15:A0:CE:41:ED:BA:6F:64:95:59:2C:E8
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018ACB4B329413A42931C905726387C63297
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zy4phYOgHkAVoM5B7bpvZJVZLOg.roa
Signing time: Mon 25 Sep 2023 07:43:37 +0000
ROA not before: Mon 25 Sep 2023 07:43:37 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.218.84.0/22 maxlen: 24
91.92.24.0/23 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.59.0/24 maxlen: 24
194.180.50.0/24 maxlen: 24
194.169.174.0/24 maxlen: 24
94.156.78.0/24 maxlen: 24
94.154.163.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
178.215.224.0/24 maxlen: 24
94.156.239.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.252.176.0/24 maxlen: 24
94.156.177.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
185.216.84.0/22 maxlen: 24
87.120.87.0/24 maxlen: 24
93.123.116.0/24 maxlen: 24
185.219.126.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:cb:4b:32:94:13:a4:29:31:c9:05:72:63:87:c6:32:97
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Sep 25 07:43:37 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=cf2e298583a01e4015a0ce41edba6f6495592ce8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:1b:ce:3a:4e:ed:e6:5d:56:4c:a5:97:a8:40:
ae:20:05:94:81:a3:e8:34:22:c4:7a:1d:e9:5e:ec:
1e:42:2e:f1:97:c0:78:01:9d:83:2c:08:cf:95:fd:
5d:84:f8:8c:dc:45:85:f6:f1:56:2e:35:b8:91:15:
6b:4c:15:af:6a:1f:c8:40:ad:4d:c4:29:0c:08:b1:
58:6e:00:2e:9b:0b:da:97:fd:2d:c1:ae:dc:b7:8f:
ff:a2:1c:ac:0e:45:01:1d:8a:00:88:cd:af:7a:ce:
0e:df:f5:71:69:ef:be:2e:8d:ce:af:0b:53:da:9b:
e0:40:be:5e:c1:ab:07:61:d3:83:87:f8:1f:7d:39:
ba:1e:c3:1b:2b:62:1e:d1:3c:7c:31:12:ed:1f:a5:
e7:f5:c4:59:b9:78:6f:88:58:ce:fb:35:e9:ea:03:
be:37:11:3b:cc:93:72:de:63:cf:73:6c:4b:cd:bc:
5d:be:e3:f6:97:3f:73:51:23:ef:dc:96:74:16:f8:
79:ef:92:cf:86:fe:48:f5:06:ca:d5:d7:ae:06:31:
be:da:b9:62:2b:92:f6:c9:fe:f6:32:32:0e:44:57:
3a:7e:2a:97:e2:c7:41:2e:a8:d9:e5:c5:bb:72:a0:
bf:45:b6:1c:60:c2:21:c8:58:b2:a6:6c:3e:96:90:
9d:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:2E:29:85:83:A0:1E:40:15:A0:CE:41:ED:BA:6F:64:95:59:2C:E8
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/zy4phYOgHkAVoM5B7bpvZJVZLOg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.89.0/24
87.120.87.0/24
87.121.45.0/24
87.121.59.0/24
91.92.24.0/23
92.119.196.0/23
93.123.116.0/24
94.154.161.0-94.154.163.255
94.156.78.0/24
94.156.177.0/24
94.156.239.0/24
147.78.100.0-147.78.102.255
171.22.72.0/22
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.219.126.0/24
185.252.176.0/24
194.169.174.0/24
194.180.50.0/24
Signature Algorithm: sha256WithRSAEncryption
43:0c:6f:30:97:b2:47:dc:5a:fd:5c:87:82:2a:11:9a:c5:56:
df:1e:a6:96:c4:33:3a:55:39:ea:38:10:e6:ec:02:07:83:87:
07:8c:f1:57:2e:7b:d1:85:4c:39:a3:14:4b:b9:46:f9:64:36:
8d:66:91:5c:8c:10:21:a0:98:b5:86:d9:a1:1c:17:37:79:45:
6f:2b:f7:9b:ac:b1:d3:4c:2f:cc:fc:96:17:56:5f:ca:54:44:
96:a4:60:dc:3d:da:fe:4b:39:6b:1c:d2:a6:64:f7:60:cf:e6:
19:6d:dc:35:b3:e0:fe:89:27:fd:52:08:e6:5c:ab:3c:d2:64:
0d:63:db:20:e4:24:ce:15:e2:6d:7b:07:f3:18:99:39:60:c9:
d7:06:d5:8c:e3:7f:ad:bc:8f:13:47:fb:a4:bf:1c:0c:4d:d6:
5e:c2:b6:55:cc:c6:4f:a3:40:25:01:9f:c2:fe:d9:05:f1:fd:
82:25:51:85:ac:88:b2:30:5b:a7:8a:3c:0b:e4:75:3d:34:81:
80:d2:30:12:ed:b9:37:25:22:45:94:1b:86:41:32:b8:7f:6c:
3b:b0:6a:bd:74:e1:dd:df:fc:01:3d:0b:bf:6d:18:61:e0:2f:
18:90:93:37:38:6a:ea:e4:a5:8f:be:8d:e7:48:a0:f9:7f:e1:
f9:26:8b:65
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgISAYrLSzKUE6QpMckFcmOHxjKXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTI1MDc0MzM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjJlMjk4NTgzYTAxZTQwMTVhMGNlNDFlZGJhNmY2NDk1NTkyY2U4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAphvOOk7t5l1WTKWXqECuIAWUgaPo
NCLEeh3pXuweQi7xl8B4AZ2DLAjPlf1dhPiM3EWF9vFWLjW4kRVrTBWvah/IQK1N
xCkMCLFYbgAumwval/0twa7ct4//ohysDkUBHYoAiM2ves4O3/Vxae++Lo3OrwtT
2pvgQL5ewasHYdODh/gffTm6HsMbK2Ie0Tx8MRLtH6Xn9cRZuXhviFjO+zXp6gO+
NxE7zJNy3mPPc2xLzbxdvuP2lz9zUSPv3JZ0Fvh575LPhv5I9QbK1deuBjG+2rli
K5L2yf72MjIORFc6fiqX4sdBLqjZ5cW7cqC/RbYcYMIhyFiypmw+lpCdLwIDAQAB
o4ICljCCApIwHQYDVR0OBBYEFM8uKYWDoB5AFaDOQe26b2SVWSzoMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvenk0cGhZT2dIa0FWb001QjdicHZaSlZaTE9nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGrBggrBgEFBQcBBwEB/wSBmzCBmDCBlQQCAAEwgY4DBAAt
l1kDBABXeFcDBABXeS0DBABXeTsDBAFbXBgDBAFcd8QDBABde3QwDAMEAF6aoQME
Al6aoAMEAF6cTgMEAF6csQMEAF6c7zAMAwQCk05kAwQAk05mAwQCqxZIAwQAstfg
AwQAstfsAwQCudhUAwQCudpUAwQAudt+AwQAufywAwQAwqmuAwQAwrQyMA0GCSqG
SIb3DQEBCwUAA4IBAQBDDG8wl7JH3Fr9XIeCKhGaxVbfHqaWxDM6VTnqOBDm7AIH
g4cHjPFXLnvRhUw5oxRLuUb5ZDaNZpFcjBAhoJi1htmhHBc3eUVvK/ebrLHTTC/M
/JYXVl/KVESWpGDcPdr+SzlrHNKmZPdgz+YZbdw1s+D+iSf9UgjmXKs80mQNY9sg
5CTOFeJtewfzGJk5YMnXBtWM43+tvI8TR/ukvxwMTdZewrZVzMZPo0AlAZ/C/tkF
8f2CJVGFrIiyMFunijwL5HU9NIGA0jAS7bk3JSJFlBuGQTK4f2w7sGq9dOHd3/wB
PQu/bRhh4C8YkJM3OGrq5KWPvo3nSKD5f+H5Jotl
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:17:22 2024 by rpki-client on console-fra.rpki-client.org