Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/2bQYvvsvI-LyvgUbanQiUg1f8cQ.roa
File: 2bQYvvsvI-LyvgUbanQiUg1f8cQ.roa (raw, json)
Hash identifier: 8Y0DqqJQrlehL6zwX56zvK53dYx2WnNrxvCXA5R2SKM=
Subject key identifier: D9:B4:18:BE:FB:2F:23:E2:F2:BE:05:1B:6A:74:22:52:0D:5F:F1:C4
Certificate issuer: /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial: 0476AA60
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/2bQYvvsvI-LyvgUbanQiUg1f8cQ.roa
Signing time: Wed 08 Jun 2022 12:16:02 +0000
ROA not before: Wed 08 Jun 2022 12:16:02 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 197518
IP address blocks: 185.225.20.0/22 maxlen: 22
185.199.212.0/22 maxlen: 24
45.157.208.0/22 maxlen: 22
185.251.228.0/22 maxlen: 24
185.108.204.0/22 maxlen: 22
194.5.64.0/22 maxlen: 22
45.155.252.0/22 maxlen: 24
185.255.200.0/22 maxlen: 22
194.146.92.0/23 maxlen: 23
45.90.16.0/22 maxlen: 22
185.250.24.0/22 maxlen: 24
185.218.20.0/22 maxlen: 22
188.95.248.0/21 maxlen: 21
185.221.24.0/22 maxlen: 22
193.58.144.0/22 maxlen: 22
176.125.248.0/22 maxlen: 22
45.147.224.0/22 maxlen: 22
194.147.16.0/23 maxlen: 23
185.214.108.0/22 maxlen: 22
130.193.104.0/21 maxlen: 21
185.36.204.0/22 maxlen: 22
2a03:680::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 74885728 (0x476aa60)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Validity
Not Before: Jun 8 12:16:02 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=d9b418befb2f23e2f2be051b6a7422520d5ff1c4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:0a:66:3c:99:53:e5:a7:4d:05:5a:c7:e3:58:
35:9f:d2:9d:e7:ef:1b:98:89:05:09:19:76:cf:e7:
0d:aa:74:d1:25:15:4e:25:a3:ea:fb:82:1b:b8:0c:
01:19:48:ac:23:9a:3f:98:f3:39:39:99:93:b5:c0:
aa:47:9a:2c:cf:28:6d:16:a8:4e:0f:e4:59:c1:e7:
d1:09:ce:77:46:60:37:02:cd:e5:81:36:f0:f7:d7:
37:bc:cc:3d:cc:38:10:70:ed:7c:6e:4c:fc:16:fc:
aa:24:53:a1:39:25:20:88:eb:ff:ce:76:13:0b:2c:
43:e2:4b:81:8c:4b:79:be:7c:74:99:59:a1:15:1f:
7f:7b:03:66:8e:db:be:f3:81:eb:fd:d6:22:f4:76:
f1:3a:39:96:67:76:f0:ef:17:80:01:7d:f6:70:e9:
09:fa:99:cd:af:7e:04:f7:40:7f:60:87:51:42:5e:
ac:6a:93:5f:81:6f:67:d9:16:32:98:a9:ff:6a:0b:
ed:69:56:2f:e9:2d:31:83:86:5e:79:64:b0:56:43:
d2:0e:3e:5c:1d:03:89:cc:0e:b1:cc:55:05:1e:cd:
58:28:0e:78:55:7e:12:42:37:de:eb:0f:d9:62:20:
bc:71:5f:23:6e:60:f3:06:99:ff:67:1a:79:16:ad:
8f:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:B4:18:BE:FB:2F:23:E2:F2:BE:05:1B:6A:74:22:52:0D:5F:F1:C4
X509v3 Authority Key Identifier:
keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/2bQYvvsvI-LyvgUbanQiUg1f8cQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.90.16.0/22
45.147.224.0/22
45.155.252.0/22
45.157.208.0/22
130.193.104.0/21
176.125.248.0/22
185.36.204.0/22
185.108.204.0/22
185.199.212.0/22
185.214.108.0/22
185.218.20.0/22
185.221.24.0/22
185.225.20.0/22
185.250.24.0/22
185.251.228.0/22
185.255.200.0/22
188.95.248.0/21
193.58.144.0/22
194.5.64.0/22
194.146.92.0/23
194.147.16.0/23
IPv6:
2a03:680::/32
Signature Algorithm: sha256WithRSAEncryption
63:f1:b7:ce:e0:f2:b5:69:42:40:dc:91:59:2c:05:b7:bf:24:
6a:d3:9a:38:af:bb:fb:f3:69:50:39:78:1d:b8:11:83:93:c8:
67:2f:fe:00:a2:b8:ce:ec:a9:a6:53:f7:34:33:cc:60:38:12:
e5:76:5c:82:e6:d2:e6:67:d7:db:20:6d:84:b7:99:29:56:92:
d1:81:1c:3a:d2:7d:71:ad:58:de:3a:d7:2c:37:9e:89:ff:27:
99:fe:f8:17:6d:d1:0d:59:4e:3c:7a:27:af:d3:e8:2a:8a:f9:
09:02:b8:d3:bd:28:9e:72:6e:11:bf:54:74:d4:6d:0d:6f:15:
69:23:1c:75:d9:33:42:93:0f:0d:93:28:65:9d:ef:83:3e:4c:
e0:cc:40:01:39:b6:3f:3f:92:66:b1:ac:17:cf:fa:a9:a7:66:
fa:78:fb:8e:4f:da:f5:30:c7:ed:be:1b:da:57:6e:93:84:9c:
d4:c5:76:a6:c8:13:a6:19:a2:d2:11:16:d4:b4:18:00:69:d4:
bb:28:0e:3c:89:a5:50:9b:43:44:58:90:74:8e:fc:ef:05:9c:
ef:90:20:0f:50:60:2e:8f:d6:25:ff:9b:ab:7b:2f:d2:bd:4f:
fc:79:9d:49:5b:ae:47:2c:48:3c:ff:6e:4d:c8:c8:46:67:e6:
2a:a6:a5:47
-----BEGIN CERTIFICATE-----
MIIFejCCBGKgAwIBAgIEBHaqYDANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NjhiZmI4YTVlZWU0OTA4MmVhNjI4ZGYyNWE0YTVkNTBmM2FhOWIzMB4XDTIyMDYw
ODEyMTYwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZDliNDE4YmVmYjJm
MjNlMmYyYmUwNTFiNmE3NDIyNTIwZDVmZjFjNDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAN0KZjyZU+WnTQVax+NYNZ/SnefvG5iJBQkZds/nDap00SUV
TiWj6vuCG7gMARlIrCOaP5jzOTmZk7XAqkeaLM8obRaoTg/kWcHn0QnOd0ZgNwLN
5YE28PfXN7zMPcw4EHDtfG5M/Bb8qiRToTklIIjr/852EwssQ+JLgYxLeb58dJlZ
oRUff3sDZo7bvvOB6/3WIvR28To5lmd28O8XgAF99nDpCfqZza9+BPdAf2CHUUJe
rGqTX4FvZ9kWMpip/2oL7WlWL+ktMYOGXnlksFZD0g4+XB0DicwOscxVBR7NWCgO
eFV+EkI33usP2WIgvHFfI25g8waZ/2caeRatjxECAwEAAaOCApQwggKQMB0GA1Ud
DgQWBBTZtBi++y8j4vK+BRtqdCJSDV/xxDAfBgNVHSMEGDAWgBQ2i/uKXu5JCC6m
KN8lpKXVDzqpszAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05vdjdpbDd1U1FndXBpamZKYVNsMVE4NnFiTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzUvYWE1OGMzLWU3MDYtNGE0OS1hN2M1LTBhZTJlOTIyYTI5Mi8x
LzJiUVl2dnN2SS1MeXZnVWJhblFpVWcxZjhjUS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzUv
YWE1OGMzLWU3MDYtNGE0OS1hN2M1LTBhZTJlOTIyYTI5Mi8xL05vdjdpbDd1U1Fn
dXBpamZKYVNsMVE4NnFiTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
qQYIKwYBBQUHAQcBAf8EgZkwgZYwgYQEAgABMH4DBAItWhADBAItk+ADBAItm/wD
BAItndADBAOCwWgDBAKwffgDBAK5JMwDBAK5bMwDBAK5x9QDBAK51mwDBAK52hQD
BAK53RgDBAK54RQDBAK5+hgDBAK5++QDBAK5/8gDBAO8X/gDBALBOpADBALCBUAD
BAHCklwDBAHCkxAwDQQCAAIwBwMFACoDBoAwDQYJKoZIhvcNAQELBQADggEBAGPx
t87g8rVpQkDckVksBbe/JGrTmjivu/vzaVA5eB24EYOTyGcv/gCiuM7sqaZT9zQz
zGA4EuV2XILm0uZn19sgbYS3mSlWktGBHDrSfXGtWN461yw3non/J5n++Bdt0Q1Z
Tjx6J6/T6CqK+QkCuNO9KJ5ybhG/VHTUbQ1vFWkjHHXZM0KTDw2TKGWd74M+TODM
QAE5tj8/kmaxrBfP+qmnZvp4+45P2vUwx+2+G9pXbpOEnNTFdqbIE6YZotIRFtS0
GABp1LsoDjyJpVCbQ0RYkHSO/O8FnO+QIA9QYC6P1iX/m6t7L9K9T/x5nUlbrkcs
SDz/bk3IyEZn5iqmpUc=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:26 2023 by rpki-client on console-fra.rpki-client.org