Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3oW9bK7L8nhxucrLb6aY2oLaPQY.roa
File: 3oW9bK7L8nhxucrLb6aY2oLaPQY.roa (raw, json)
Hash identifier: 34oSJFsHANCjKjYgBLsOgyVfi7IDXf2fKg4u1rfjQxw=
Subject key identifier: DE:85:BD:6C:AE:CB:F2:78:71:B9:CA:CB:6F:A6:98:DA:82:DA:3D:06
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018920DC6099CC62FFA990B0578B90A923B3
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3oW9bK7L8nhxucrLb6aY2oLaPQY.roa
Signing time: Tue 04 Jul 2023 12:24:20 +0000
ROA not before: Tue 04 Jul 2023 12:24:20 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.218.84.0/22 maxlen: 24
94.156.239.0/24 maxlen: 24
194.113.36.0/22 maxlen: 24
178.215.236.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.252.176.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
45.95.0.0/22 maxlen: 24
94.103.124.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
87.121.45.0/24 maxlen: 24
185.218.137.0/24 maxlen: 24
194.169.174.0/24 maxlen: 24
94.154.163.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
185.219.126.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:20:dc:60:99:cc:62:ff:a9:90:b0:57:8b:90:a9:23:b3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jul 4 12:24:20 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=de85bd6caecbf27871b9cacb6fa698da82da3d06
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dd:c6:14:c4:c6:b7:7b:b7:b4:b3:3c:c5:af:ca:
82:2f:46:d1:1e:70:93:cd:3f:5b:6c:03:14:8f:23:
33:41:28:1f:ec:ac:8f:cc:28:be:bf:0d:12:fd:b1:
fb:f4:7f:da:6d:05:4a:06:c3:e5:2a:c8:68:c3:3f:
ae:96:c7:42:0f:13:1f:17:23:91:74:dd:ca:75:99:
19:f3:66:0a:71:a7:f6:a9:e0:95:5d:0e:fe:50:e0:
a9:75:28:46:eb:3d:ec:2a:ff:0c:25:1e:e3:70:7d:
35:2a:65:69:fc:93:a1:86:0e:16:24:9d:6b:34:49:
50:b6:43:cf:b2:ef:02:0c:51:50:12:62:31:a0:41:
2c:15:0a:1e:46:28:ab:ff:dc:dc:5a:1e:fa:c0:79:
d1:ce:6b:4c:c6:66:9a:e8:53:f3:50:36:f8:91:ce:
ae:e1:1c:27:38:a8:1c:90:07:78:d9:d0:e4:d8:3d:
9c:f9:d1:a9:de:be:fd:37:79:45:98:55:78:a9:76:
1a:f1:c6:b7:44:51:1c:09:37:7c:ac:ea:5e:cf:7d:
69:ec:07:6e:07:11:61:9c:fe:4d:6c:a9:02:64:a5:
c8:e0:42:ef:ad:8f:80:8a:73:1f:55:a9:0e:72:fd:
cd:dd:49:a1:3f:63:06:18:b2:16:cf:1e:9c:34:12:
8f:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:85:BD:6C:AE:CB:F2:78:71:B9:CA:CB:6F:A6:98:DA:82:DA:3D:06
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3oW9bK7L8nhxucrLb6aY2oLaPQY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.95.0.0/22
45.151.89.0/24
87.121.45.0/24
92.119.196.0/23
94.103.124.0/24
94.154.161.0-94.154.163.255
94.156.239.0/24
147.78.100.0/23
171.22.72.0/22
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.218.137.0/24
185.219.126.0/24
185.252.176.0/24
194.113.36.0/22
194.169.174.0/24
Signature Algorithm: sha256WithRSAEncryption
4f:af:31:74:62:70:be:50:66:8f:a2:fc:91:03:fd:bb:7b:6d:
4c:60:c1:f6:ed:91:57:f3:35:e1:ff:b2:da:5e:fc:4a:a7:20:
0e:fd:38:8b:77:03:2d:90:e6:c3:dc:a3:0b:24:65:ee:ce:28:
ea:12:cf:13:e7:28:78:2a:65:26:08:26:cf:05:e1:f9:f4:0b:
63:22:8d:9e:22:12:3c:9f:81:1f:e6:49:fd:b1:51:ea:ce:db:
07:c4:cf:d3:81:da:8a:89:cb:2e:dd:eb:c0:51:83:e1:76:be:
2a:1a:e3:f7:56:26:ad:6b:3e:30:4b:64:e9:ad:0c:31:95:75:
db:78:db:fd:f1:a5:72:98:19:06:54:07:e1:55:b0:6c:f0:a4:
89:ed:a3:bb:a5:d9:a3:ca:a9:72:be:83:8c:32:9d:10:37:9c:
ce:35:6d:dd:6b:c0:47:14:53:10:31:61:c2:0a:6f:34:a0:d5:
20:eb:6a:59:39:ea:8c:f1:ff:f2:2d:d4:cf:42:c8:78:e0:1c:
bc:b8:fc:49:25:d8:a9:7e:4a:da:d3:73:07:38:9a:a1:78:a3:
8f:48:eb:77:ac:d0:a1:06:cf:27:db:1c:66:31:8e:04:20:6b:
d9:5c:56:bb:d8:c2:9d:06:75:3a:3b:fa:4f:38:26:bd:2b:b9:
9c:c1:19:48
-----BEGIN CERTIFICATE-----
MIIFZjCCBE6gAwIBAgISAYkg3GCZzGL/qZCwV4uQqSOzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzA0MTIyNDIwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTg1YmQ2Y2FlY2JmMjc4NzFiOWNhY2I2ZmE2OThkYTgyZGEzZDA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3cYUxMa3e7e0szzFr8qCL0bRHnCT
zT9bbAMUjyMzQSgf7KyPzCi+vw0S/bH79H/abQVKBsPlKshowz+ulsdCDxMfFyOR
dN3KdZkZ82YKcaf2qeCVXQ7+UOCpdShG6z3sKv8MJR7jcH01KmVp/JOhhg4WJJ1r
NElQtkPPsu8CDFFQEmIxoEEsFQoeRiir/9zcWh76wHnRzmtMxmaa6FPzUDb4kc6u
4RwnOKgckAd42dDk2D2c+dGp3r79N3lFmFV4qXYa8ca3RFEcCTd8rOpez31p7Adu
BxFhnP5NbKkCZKXI4ELvrY+AinMfVakOcv3N3UmhP2MGGLIWzx6cNBKPCQIDAQAB
o4ICcjCCAm4wHQYDVR0OBBYEFN6FvWyuy/J4cbnKy2+mmNqC2j0GMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvM29XOWJLN0w4bmh4dWNyTGI2YVkyb0xhUFFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGHBggrBgEFBQcBBwEB/wR4MHYwdAQCAAEwbgMEAi1fAAME
AC2XWQMEAFd5LQMEAVx3xAMEAF5nfDAMAwQAXpqhAwQCXpqgAwQAXpzvAwQBk05k
AwQCqxZIAwQAstfsAwQCudhUAwQCudpUAwQAudqJAwQAudt+AwQAufywAwQCwnEk
AwQAwqmuMA0GCSqGSIb3DQEBCwUAA4IBAQBPrzF0YnC+UGaPovyRA/27e21MYMH2
7ZFX8zXh/7LaXvxKpyAO/TiLdwMtkObD3KMLJGXuzijqEs8T5yh4KmUmCCbPBeH5
9AtjIo2eIhI8n4Ef5kn9sVHqztsHxM/TgdqKicsu3evAUYPhdr4qGuP3Viataz4w
S2TprQwxlXXbeNv98aVymBkGVAfhVbBs8KSJ7aO7pdmjyqlyvoOMMp0QN5zONW3d
a8BHFFMQMWHCCm80oNUg62pZOeqM8f/yLdTPQsh44By8uPxJJdipfkra03MHOJqh
eKOPSOt3rNChBs8n2xxmMY4EIGvZXFa72MKdBnU6O/pPOCa9K7mcwRlI
-----END CERTIFICATE-----
Generated at Tue May 13 18:19:16 2025 by rpki-client