Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Hp9zyX0dUvETExVpYki1CLbwJpQ.roa
File: Hp9zyX0dUvETExVpYki1CLbwJpQ.roa (raw, json)
Hash identifier: TUr6wLQiS/fP58UEMz6W/bLh3KiFursVRHe20m7esA4=
Subject key identifier: 1E:9F:73:C9:7D:1D:52:F1:13:13:15:69:62:48:B5:08:B6:F0:26:94
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01892F7942691BE230C58DFED005D45B268E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Hp9zyX0dUvETExVpYki1CLbwJpQ.roa
Signing time: Fri 07 Jul 2023 08:30:23 +0000
ROA not before: Fri 07 Jul 2023 08:30:23 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.218.84.0/22 maxlen: 24
94.156.239.0/24 maxlen: 24
194.113.36.0/22 maxlen: 24
178.215.236.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.252.176.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
45.95.0.0/22 maxlen: 24
94.103.124.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
87.121.45.0/24 maxlen: 24
194.180.50.0/24 maxlen: 24
185.218.137.0/24 maxlen: 24
194.169.174.0/24 maxlen: 24
94.154.163.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
185.219.126.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:2f:79:42:69:1b:e2:30:c5:8d:fe:d0:05:d4:5b:26:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jul 7 08:30:23 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1e9f73c97d1d52f1131315696248b508b6f02694
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a6:05:6a:b4:ec:9d:73:80:fa:d0:7c:28:cb:1c:
96:51:d8:d1:7a:91:9c:41:72:32:35:79:14:84:fa:
43:3c:37:a7:d7:fa:e4:e1:ff:79:07:da:42:6d:9a:
a4:bb:22:28:b7:eb:23:3d:2f:cb:56:11:52:f0:33:
dc:f1:dd:b9:38:1e:d7:36:2c:c4:5a:fe:0c:e9:e1:
d0:74:6e:52:72:33:1d:23:3a:d7:20:d3:b8:c1:46:
6b:99:b9:fc:20:c0:55:d6:92:43:46:ae:2a:0e:d4:
fa:ff:91:dd:39:20:7e:c7:35:ff:6b:f0:49:8a:e0:
8e:3b:1f:7d:0b:db:c7:4e:3f:30:16:08:49:37:4b:
39:c0:6c:08:bb:5b:f2:48:10:64:32:03:af:72:a6:
56:8f:30:0f:d2:e6:8d:89:9d:2f:08:ef:4f:c0:52:
7a:f4:7a:7d:8b:a8:fc:ed:c0:5d:37:68:bd:da:2d:
ba:d8:6d:ed:04:ee:e0:f5:45:d1:56:0f:0d:a9:af:
f7:6a:03:45:0f:f1:49:78:64:85:78:66:2e:30:1d:
04:7d:df:4c:2a:b5:27:23:5b:ca:ac:a8:89:79:7e:
8e:28:6e:25:47:72:c5:91:83:05:6b:d0:3f:97:c6:
5f:1e:8f:88:b9:12:ef:c8:fd:a4:40:7f:88:19:61:
86:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1E:9F:73:C9:7D:1D:52:F1:13:13:15:69:62:48:B5:08:B6:F0:26:94
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Hp9zyX0dUvETExVpYki1CLbwJpQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.95.0.0/22
45.151.89.0/24
87.121.45.0/24
92.119.196.0/23
94.103.124.0/24
94.154.161.0-94.154.163.255
94.156.239.0/24
147.78.100.0/23
171.22.72.0/22
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.218.137.0/24
185.219.126.0/24
185.252.176.0/24
194.113.36.0/22
194.169.174.0/24
194.180.50.0/24
Signature Algorithm: sha256WithRSAEncryption
2a:5b:78:eb:d8:d5:f5:fa:14:f7:48:aa:39:80:b7:6d:49:2f:
6e:d8:05:57:64:04:d1:34:50:75:a0:fe:26:de:2c:a6:45:88:
75:ca:4d:3b:09:0d:fc:4e:78:06:dc:b8:f1:d1:d9:9e:70:8a:
9e:68:9b:80:73:66:ea:17:c9:66:16:75:e0:c7:44:3d:2e:11:
c8:c9:12:36:0a:f9:d1:5b:a4:0a:b7:a4:18:44:93:e0:4b:c8:
f0:f5:66:87:32:88:48:19:ce:7d:87:12:84:86:72:17:f8:e5:
44:5a:fd:7e:3a:51:71:56:40:a0:1c:68:16:f2:c5:2f:53:85:
ef:02:72:b3:b9:25:38:b4:fe:84:f8:32:c1:c4:44:24:f2:2b:
74:6a:b1:22:98:2b:45:8a:56:32:90:95:7d:d5:4a:5f:f9:ef:
41:11:47:47:86:b0:cb:74:01:e8:19:51:b7:06:83:6d:32:3c:
98:d3:71:b1:9b:49:61:04:34:61:5f:12:6e:da:34:ed:e8:5b:
d9:b6:a8:44:13:ed:9f:6c:8f:b1:08:6f:91:38:47:9c:ed:67:
7a:f0:80:07:9a:2d:3a:9b:09:9c:1f:53:c0:72:26:53:3f:be:
72:11:c1:65:1b:7b:a0:3e:91:9c:23:57:a8:42:99:c4:15:f3:
5d:0b:56:ad
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAYkveUJpG+IwxY3+0AXUWyaOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNzA3MDgzMDIzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZTlmNzNjOTdkMWQ1MmYxMTMxMzE1Njk2MjQ4YjUwOGI2ZjAyNjk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApgVqtOydc4D60HwoyxyWUdjRepGc
QXIyNXkUhPpDPDen1/rk4f95B9pCbZqkuyIot+sjPS/LVhFS8DPc8d25OB7XNizE
Wv4M6eHQdG5ScjMdIzrXINO4wUZrmbn8IMBV1pJDRq4qDtT6/5HdOSB+xzX/a/BJ
iuCOOx99C9vHTj8wFghJN0s5wGwIu1vySBBkMgOvcqZWjzAP0uaNiZ0vCO9PwFJ6
9Hp9i6j87cBdN2i92i262G3tBO7g9UXRVg8Nqa/3agNFD/FJeGSFeGYuMB0Efd9M
KrUnI1vKrKiJeX6OKG4lR3LFkYMFa9A/l8ZfHo+IuRLvyP2kQH+IGWGGCwIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFB6fc8l9HVLxExMVaWJItQi28CaUMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSHA5enlYMGRVdkVURXhWcFlraTFDTGJ3SnBRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwegQCAAEwdAMEAi1fAAME
AC2XWQMEAFd5LQMEAVx3xAMEAF5nfDAMAwQAXpqhAwQCXpqgAwQAXpzvAwQBk05k
AwQCqxZIAwQAstfsAwQCudhUAwQCudpUAwQAudqJAwQAudt+AwQAufywAwQCwnEk
AwQAwqmuAwQAwrQyMA0GCSqGSIb3DQEBCwUAA4IBAQAqW3jr2NX1+hT3SKo5gLdt
SS9u2AVXZATRNFB1oP4m3iymRYh1yk07CQ38TngG3Ljx0dmecIqeaJuAc2bqF8lm
FnXgx0Q9LhHIyRI2CvnRW6QKt6QYRJPgS8jw9WaHMohIGc59hxKEhnIX+OVEWv1+
OlFxVkCgHGgW8sUvU4XvAnKzuSU4tP6E+DLBxEQk8it0arEimCtFilYykJV91Upf
+e9BEUdHhrDLdAHoGVG3BoNtMjyY03Gxm0lhBDRhXxJu2jTt6FvZtqhEE+2fbI+x
CG+ROEec7Wd68IAHmi06mwmcH1PAciZTP75yEcFlG3ugPpGcI1eoQpnEFfNdC1at
-----END CERTIFICATE-----
Generated at Tue May 13 18:05:30 2025 by rpki-client