Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/knTf1sRH5YzLteAH37U6UJdUOT0.roa
File: knTf1sRH5YzLteAH37U6UJdUOT0.roa (raw, json)
Hash identifier: nNpDoE2aHres9tNN3CuUDbsG2QvyLWsQSr488f7bTMw=
Subject key identifier: 92:74:DF:D6:C4:47:E5:8C:CB:B5:E0:07:DF:B5:3A:50:97:54:39:3D
Certificate issuer: /CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Certificate serial: 04B80AC1
Authority key identifier: 36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/knTf1sRH5YzLteAH37U6UJdUOT0.roa
Signing time: Fri 01 Jul 2022 11:29:25 +0000
ROA not before: Fri 01 Jul 2022 11:29:25 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 197518
IP address blocks: 185.225.20.0/22 maxlen: 22
185.199.212.0/22 maxlen: 24
45.157.208.0/22 maxlen: 22
185.251.228.0/22 maxlen: 24
185.108.204.0/22 maxlen: 22
194.5.64.0/22 maxlen: 22
45.155.252.0/22 maxlen: 24
185.255.200.0/22 maxlen: 22
194.146.92.0/23 maxlen: 23
45.90.16.0/22 maxlen: 22
185.250.24.0/22 maxlen: 24
185.218.20.0/22 maxlen: 22
188.95.248.0/21 maxlen: 21
185.221.24.0/22 maxlen: 22
193.58.144.0/22 maxlen: 22
176.125.248.0/22 maxlen: 22
45.147.224.0/22 maxlen: 22
194.147.16.0/23 maxlen: 23
185.214.108.0/22 maxlen: 22
130.193.104.0/21 maxlen: 21
2a03:680::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 79170241 (0x4b80ac1)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=368bfb8a5eee49082ea628df25a4a5d50f3aa9b3
Validity
Not Before: Jul 1 11:29:25 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=9274dfd6c447e58ccbb5e007dfb53a509754393d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:fa:b2:17:52:a6:e7:de:b1:59:57:1c:18:8d:
e6:14:4b:89:2a:36:3f:e3:41:88:3b:35:f2:40:df:
4e:5c:a4:08:f9:cb:31:68:d4:a2:86:59:7d:8d:2f:
06:07:d3:3f:65:81:76:bd:68:a1:69:12:45:7f:9b:
e1:0b:b1:06:83:33:0d:57:e9:ad:de:10:f6:cc:44:
d8:52:11:f2:a6:bc:03:5b:f8:c5:c1:42:4d:d2:5b:
d1:b6:5e:49:b4:7d:ad:99:a4:19:ef:b2:11:27:46:
89:43:45:19:c5:a6:4c:40:45:51:da:ae:da:0e:1f:
52:56:7a:ec:6d:23:f1:eb:1d:91:9c:ad:ce:da:b7:
52:5b:1f:e5:c2:29:fb:1c:3a:6d:33:01:29:26:01:
2a:dd:ad:57:5e:17:3d:9a:ee:44:c6:a8:6a:fb:90:
d5:a7:e1:2c:11:8b:24:29:f5:5a:d7:05:32:6f:2e:
c5:5b:6a:ef:d3:4d:cb:fb:36:73:89:01:10:c1:cb:
13:ac:cd:b1:0c:01:21:0e:a1:59:cb:ba:ea:30:99:
76:b6:8a:07:69:ae:09:d4:18:94:d6:db:d9:63:b7:
51:e2:fe:af:a1:56:d3:5c:2e:9a:59:a0:dc:d4:74:
8b:d8:a0:f5:2f:7c:44:81:84:4d:1a:18:3f:ff:b5:
1b:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:74:DF:D6:C4:47:E5:8C:CB:B5:E0:07:DF:B5:3A:50:97:54:39:3D
X509v3 Authority Key Identifier:
keyid:36:8B:FB:8A:5E:EE:49:08:2E:A6:28:DF:25:A4:A5:D5:0F:3A:A9:B3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Nov7il7uSQgupijfJaSl1Q86qbM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/knTf1sRH5YzLteAH37U6UJdUOT0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/35/aa58c3-e706-4a49-a7c5-0ae2e922a292/1/Nov7il7uSQgupijfJaSl1Q86qbM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.90.16.0/22
45.147.224.0/22
45.155.252.0/22
45.157.208.0/22
130.193.104.0/21
176.125.248.0/22
185.108.204.0/22
185.199.212.0/22
185.214.108.0/22
185.218.20.0/22
185.221.24.0/22
185.225.20.0/22
185.250.24.0/22
185.251.228.0/22
185.255.200.0/22
188.95.248.0/21
193.58.144.0/22
194.5.64.0/22
194.146.92.0/23
194.147.16.0/23
IPv6:
2a03:680::/32
Signature Algorithm: sha256WithRSAEncryption
b7:25:6f:2b:a0:05:c1:e0:98:e5:02:49:85:ac:8f:8a:f2:57:
52:eb:38:af:28:b3:72:f3:23:ca:08:78:f9:ef:69:dc:ac:56:
a5:24:72:9a:0f:48:78:3f:c3:92:8f:2d:3a:4a:7a:49:cb:54:
f0:de:7e:d2:f7:e7:40:82:f0:ee:d2:db:21:18:5d:5d:5b:ef:
5b:25:9d:de:ca:7d:57:5d:8c:d7:de:fb:e4:41:77:d8:4f:f0:
c8:73:e0:7d:9b:53:1b:bf:11:54:54:1d:4a:bc:01:a2:71:c7:
ed:08:49:3b:15:63:84:38:fc:b8:50:74:b5:a2:84:3f:e6:1c:
29:c1:27:d4:a6:b3:55:aa:b3:0e:b5:e7:0d:66:70:14:93:1f:
16:e5:3a:13:83:64:37:76:b0:55:b2:e5:f7:76:da:15:fa:ba:
2a:cb:ae:18:41:86:34:4b:1b:62:bb:92:aa:ea:c2:d8:57:e4:
29:7b:c5:f7:57:76:8e:1d:ef:b9:18:21:10:5b:a3:a2:4b:50:
41:44:0c:bf:91:87:c7:2c:5a:37:e6:3f:74:13:5a:aa:06:7d:
2a:a9:06:cb:b9:d2:29:50:57:e9:c3:7a:39:a3:40:73:57:ac:
9c:b5:c9:dd:7d:36:47:e0:8f:fc:15:60:08:14:57:f1:5a:03:
6f:75:ff:7e
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgIEBLgKwTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygz
NjhiZmI4YTVlZWU0OTA4MmVhNjI4ZGYyNWE0YTVkNTBmM2FhOWIzMB4XDTIyMDcw
MTExMjkyNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTI3NGRmZDZjNDQ3
ZTU4Y2NiYjVlMDA3ZGZiNTNhNTA5NzU0MzkzZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAKD6shdSpufesVlXHBiN5hRLiSo2P+NBiDs18kDfTlykCPnL
MWjUooZZfY0vBgfTP2WBdr1ooWkSRX+b4QuxBoMzDVfprd4Q9sxE2FIR8qa8A1v4
xcFCTdJb0bZeSbR9rZmkGe+yESdGiUNFGcWmTEBFUdqu2g4fUlZ67G0j8esdkZyt
ztq3Ulsf5cIp+xw6bTMBKSYBKt2tV14XPZruRMaoavuQ1afhLBGLJCn1WtcFMm8u
xVtq79NNy/s2c4kBEMHLE6zNsQwBIQ6hWcu66jCZdraKB2muCdQYlNbb2WO3UeL+
r6FW01wumlmg3NR0i9ig9S98RIGETRoYP/+1Gw0CAwEAAaOCAo0wggKJMB0GA1Ud
DgQWBBSSdN/WxEfljMu14AfftTpQl1Q5PTAfBgNVHSMEGDAWgBQ2i/uKXu5JCC6m
KN8lpKXVDzqpszAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L05vdjdpbDd1U1FndXBpamZKYVNsMVE4NnFiTS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzUvYWE1OGMzLWU3MDYtNGE0OS1hN2M1LTBhZTJlOTIyYTI5Mi8x
L2tuVGYxc1JINVl6THRlQUgzN1U2VUpkVU9UMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzUv
YWE1OGMzLWU3MDYtNGE0OS1hN2M1LTBhZTJlOTIyYTI5Mi8xL05vdjdpbDd1U1Fn
dXBpamZKYVNsMVE4NnFiTS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
ogYIKwYBBQUHAQcBAf8EgZIwgY8wfgQCAAEweAMEAi1aEAMEAi2T4AMEAi2b/AME
Ai2d0AMEA4LBaAMEArB9+AMEArlszAMEArnH1AMEArnWbAMEArnaFAMEArndGAME
ArnhFAMEArn6GAMEArn75AMEArn/yAMEA7xf+AMEAsE6kAMEAsIFQAMEAcKSXAME
AcKTEDANBAIAAjAHAwUAKgMGgDANBgkqhkiG9w0BAQsFAAOCAQEAtyVvK6AFweCY
5QJJhayPivJXUus4ryizcvMjygh4+e9p3KxWpSRymg9IeD/Dko8tOkp6SctU8N5+
0vfnQILw7tLbIRhdXVvvWyWd3sp9V12M19775EF32E/wyHPgfZtTG78RVFQdSrwB
onHH7QhJOxVjhDj8uFB0taKEP+YcKcEn1KazVaqzDrXnDWZwFJMfFuU6E4NkN3aw
VbLl93baFfq6KsuuGEGGNEsbYruSqurC2FfkKXvF91d2jh3vuRghEFujoktQQUQM
v5GHxyxaN+Y/dBNaqgZ9KqkGy7nSKVBX6cN6OaNAc1esnLXJ3X02R+CP/BVgCBRX
8VoDb3X/fg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:02:35 2024 by rpki-client on console-ams.rpki-client.org