Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/1VD62gBccUYKcSrVYVERZObL8mE.roa
File: 1VD62gBccUYKcSrVYVERZObL8mE.roa (raw, json)
Hash identifier: WvVcgqtFWNBCXYKKVwApnReJGc48V+N7JU3/3EljL58=
Subject key identifier: D5:50:FA:DA:00:5C:71:46:0A:71:2A:D5:61:51:11:64:E6:CB:F2:61
Certificate issuer: /CN=c8d5e37178d8524c72660a1d796165999e586622
Certificate serial: 018CC3B67D6882478ADB6055084BBE41BBFC
Authority key identifier: C8:D5:E3:71:78:D8:52:4C:72:66:0A:1D:79:61:65:99:9E:58:66:22
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/1VD62gBccUYKcSrVYVERZObL8mE.roa
Signing time: Mon 01 Jan 2024 06:29:25 +0000
ROA not before: Mon 01 Jan 2024 06:29:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.151.204.0/22 maxlen: 24
193.3.158.0/24 maxlen: 24
45.130.204.0/22 maxlen: 24
185.39.11.0/24 maxlen: 24
94.142.164.0/22 maxlen: 22
45.12.44.0/22 maxlen: 24
45.95.140.0/22 maxlen: 24
45.86.192.0/22 maxlen: 22
45.15.52.0/22 maxlen: 22
45.145.192.0/22 maxlen: 24
91.225.0.0/24 maxlen: 24
45.67.44.0/22 maxlen: 22
45.136.60.0/22 maxlen: 24
195.244.14.0/23 maxlen: 23
91.239.24.0/24 maxlen: 24
185.232.89.0/24 maxlen: 24
185.57.176.0/22 maxlen: 22
2.57.180.0/22 maxlen: 24
2.59.116.0/24 maxlen: 24
91.238.217.0/24 maxlen: 24
91.227.240.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c3:b6:7d:68:82:47:8a:db:60:55:08:4b:be:41:bb:fc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=c8d5e37178d8524c72660a1d796165999e586622
Validity
Not Before: Jan 1 06:29:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d550fada005c71460a712ad561511164e6cbf261
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:8f:b9:40:c0:38:a7:7f:2d:95:fe:73:3e:6a:
97:bc:d3:31:6c:5b:4d:68:b6:39:ae:0a:68:17:8e:
88:41:60:81:a8:cc:6f:ff:a9:6e:03:2e:45:73:9c:
12:96:61:06:aa:e9:1d:33:9a:88:df:01:3b:cb:e3:
b3:4a:40:2a:f6:bf:1d:2e:a8:e9:bf:ce:38:86:a9:
21:76:42:c2:6f:f1:19:36:28:d2:4f:c7:aa:b7:9b:
dd:ff:c0:e6:ea:20:55:af:a3:03:ce:a9:40:35:4f:
0f:6f:e7:79:96:eb:e3:ce:53:31:78:80:77:cf:25:
f4:10:af:ec:d6:2d:d6:f7:ca:36:1c:5b:68:e7:9a:
b5:aa:4a:be:c7:4e:3f:83:b2:6f:37:6f:e4:fa:3b:
44:8f:bd:f1:e1:96:e3:20:20:12:22:82:21:a8:75:
82:14:f5:9a:40:88:26:ce:46:6d:2f:ad:2d:46:ac:
90:ea:d0:f0:54:02:33:8d:c3:4c:a3:09:a5:ab:21:
b3:1a:8e:fc:73:1f:b1:70:72:c9:1d:a3:b5:f4:5f:
00:3c:62:97:53:99:ca:bf:e0:28:36:e0:8d:1d:92:
bc:21:4b:d8:75:5c:36:41:c7:fe:cf:e7:6d:c0:3c:
34:6e:9c:c8:56:f4:72:b6:b1:d0:27:a3:ba:ee:17:
4f:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:50:FA:DA:00:5C:71:46:0A:71:2A:D5:61:51:11:64:E6:CB:F2:61
X509v3 Authority Key Identifier:
keyid:C8:D5:E3:71:78:D8:52:4C:72:66:0A:1D:79:61:65:99:9E:58:66:22
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/yNXjcXjYUkxyZgodeWFlmZ5YZiI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/1VD62gBccUYKcSrVYVERZObL8mE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7e/b54ca3-73d5-4984-8782-9e0aed2fb8ec/1/yNXjcXjYUkxyZgodeWFlmZ5YZiI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.57.180.0/22
2.59.116.0/24
45.12.44.0/22
45.15.52.0/22
45.67.44.0/22
45.86.192.0/22
45.95.140.0/22
45.130.204.0/22
45.136.60.0/22
45.145.192.0/22
45.151.204.0/22
91.225.0.0/24
91.227.240.0/23
91.238.217.0/24
91.239.24.0/24
94.142.164.0/22
185.39.11.0/24
185.57.176.0/22
185.232.89.0/24
193.3.158.0/24
195.244.14.0/23
Signature Algorithm: sha256WithRSAEncryption
40:d3:4d:a7:09:22:91:99:37:b7:72:e9:2e:9c:71:33:8b:05:
52:3f:d4:64:3f:83:33:34:25:b8:42:95:fa:54:d4:ab:db:49:
73:6d:77:e8:2b:60:5e:b8:5d:f9:20:13:92:8b:ec:c4:df:06:
42:e4:23:72:5f:26:23:55:53:ee:f7:66:78:72:7e:66:58:62:
c7:3b:89:80:06:65:43:88:3a:4e:39:f3:8e:05:82:c1:76:6e:
0e:66:e7:71:84:2b:b6:4b:cd:29:12:2e:b0:32:3e:ee:6b:c3:
ce:15:85:c1:ca:c1:d2:06:3b:52:d7:37:42:88:f2:ce:67:d0:
b9:51:9d:34:01:25:a0:97:57:c9:bd:23:11:76:b0:f1:10:e5:
b0:97:a9:ff:f3:81:9d:e4:c5:33:26:25:f2:60:45:c6:85:f1:
72:40:6a:11:c7:d4:6b:54:69:c6:25:7c:0c:e5:b1:c2:60:8d:
dd:c6:f8:5c:28:f3:1d:55:1a:62:c2:49:12:a0:31:d9:27:e7:
77:ae:d5:f7:b0:f1:57:58:d1:ae:3e:e9:f8:ca:18:db:c6:7c:
cc:8a:cb:88:7c:af:4a:fe:86:b7:71:21:fa:fe:a2:56:d8:08:
6b:41:8c:5d:69:d4:0b:30:a6:c5:30:36:93:8e:4d:f9:b7:f2:
07:51:90:64
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAYzDtn1ogkeK22BVCEu+Qbv8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM4ZDVlMzcxNzhkODUyNGM3MjY2MGExZDc5NjE2NTk5OWU1
ODY2MjIwHhcNMjQwMTAxMDYyOTI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTUwZmFkYTAwNWM3MTQ2MGE3MTJhZDU2MTUxMTE2NGU2Y2JmMjYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl4+5QMA4p38tlf5zPmqXvNMxbFtN
aLY5rgpoF46IQWCBqMxv/6luAy5Fc5wSlmEGqukdM5qI3wE7y+OzSkAq9r8dLqjp
v844hqkhdkLCb/EZNijST8eqt5vd/8Dm6iBVr6MDzqlANU8Pb+d5luvjzlMxeIB3
zyX0EK/s1i3W98o2HFto55q1qkq+x04/g7JvN2/k+jtEj73x4ZbjICASIoIhqHWC
FPWaQIgmzkZtL60tRqyQ6tDwVAIzjcNMowmlqyGzGo78cx+xcHLJHaO19F8APGKX
U5nKv+AoNuCNHZK8IUvYdVw2Qcf+z+dtwDw0bpzIVvRytrHQJ6O67hdPEwIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFNVQ+toAXHFGCnEq1WFREWTmy/JhMB8GA1UdIwQY
MBaAFMjV43F42FJMcmYKHXlhZZmeWGYiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveU5YamNYallVa3h5WmdvZGVXRmxtWjVZWmlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZS9iNTRjYTMtNzNkNS00OTg0LTg3ODIt
OWUwYWVkMmZiOGVjLzEvMVZENjJnQmNjVVlLY1NyVllWRVJaT2JMOG1FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZS9iNTRjYTMtNzNkNS00OTg0LTg3ODItOWUwYWVkMmZiOGVj
LzEveU5YamNYallVa3h5WmdvZGVXRmxtWjVZWmlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzCBhAQCAAEwfgMEAgI5
tAMEAAI7dAMEAi0MLAMEAi0PNAMEAi1DLAMEAi1WwAMEAi1fjAMEAi2CzAMEAi2I
PAMEAi2RwAMEAi2XzAMEAFvhAAMEAVvj8AMEAFvu2QMEAFvvGAMEAl6OpAMEALkn
CwMEArk5sAMEALnoWQMEAMEDngMEAcP0DjANBgkqhkiG9w0BAQsFAAOCAQEAQNNN
pwkikZk3t3LpLpxxM4sFUj/UZD+DMzQluEKV+lTUq9tJc2136CtgXrhd+SATkovs
xN8GQuQjcl8mI1VT7vdmeHJ+ZlhixzuJgAZlQ4g6TjnzjgWCwXZuDmbncYQrtkvN
KRIusDI+7mvDzhWFwcrB0gY7Utc3QojyzmfQuVGdNAEloJdXyb0jEXaw8RDlsJep
//OBneTFMyYl8mBFxoXxckBqEcfUa1RpxiV8DOWxwmCN3cb4XCjzHVUaYsJJEqAx
2Sfnd67V97DxV1jRrj7p+MoY28Z8zIrLiHyvSv6Gt3Eh+v6iVtgIa0GMXWnUCzCm
xTA2k45N+bfyB1GQZA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:02 2024 by rpki-client on console-ams.rpki-client.org