Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JyA9u4ijEKLhIz_WMrIwAvCGt3c.roa
File: JyA9u4ijEKLhIz_WMrIwAvCGt3c.roa (raw, json)
Hash identifier: lPAoKVDkc3sHGWr/bCugJ4g/KCzru6hwmzz+8AdrF3E=
Subject key identifier: 27:20:3D:BB:88:A3:10:A2:E1:23:3F:D6:32:B2:30:02:F0:86:B7:77
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018F19127F0B00637B4589FC914FF93F04A8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JyA9u4ijEKLhIz_WMrIwAvCGt3c.roa
Signing time: Fri 26 Apr 2024 06:23:13 +0000
ROA not before: Fri 26 Apr 2024 06:23:13 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.9.156.0/24 maxlen: 24
45.88.88.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.21.174.0/23 maxlen: 24
87.120.87.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.86.0/23 maxlen: 24
87.121.221.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.239.0/24 maxlen: 24
95.214.25.0/24 maxlen: 24
95.214.26.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
185.246.223.0/24 maxlen: 24
193.42.32.0/23 maxlen: 24
194.48.248.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
194.59.31.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:19:12:7f:0b:00:63:7b:45:89:fc:91:4f:f9:3f:04:a8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 26 06:23:13 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=27203dbb88a310a2e1233fd632b23002f086b777
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:ee:be:20:98:e7:18:95:c4:a3:47:44:e0:27:
5a:b3:1b:a8:c3:53:ef:2e:ef:3c:3b:b2:86:3f:1b:
50:12:ba:8d:f0:ba:fa:76:e1:38:be:97:5c:50:2d:
7c:6c:f1:6f:47:4c:2b:fd:ba:f4:53:fb:7c:0c:9d:
3d:9a:21:60:03:cb:8f:cf:21:1c:37:9d:d7:8b:7d:
a6:b1:2c:81:1f:6d:d0:1a:73:c7:ac:37:97:92:9f:
98:6e:21:2c:31:3a:b7:ea:23:ac:37:85:1c:cf:ac:
cb:16:85:01:40:97:8e:7a:b0:20:9e:a5:45:2d:e0:
d6:5f:4c:28:2b:45:4a:d5:b5:12:b9:10:87:bb:3e:
ed:81:8a:30:19:ed:21:96:35:e0:2b:b5:0f:da:f6:
1f:d5:d4:1d:b8:49:76:f5:53:3d:d0:8a:dc:1f:90:
9b:ae:3b:85:f5:92:30:19:f9:f0:28:c0:e8:84:c2:
46:c5:9b:21:d1:2a:38:da:02:98:f0:9f:45:2c:34:
90:b1:74:44:a4:a6:d0:b1:eb:35:b4:f7:bf:e3:a4:
bc:5a:48:3d:31:57:73:13:11:f0:df:7e:65:d3:61:
84:43:50:0c:02:7f:22:6e:3f:b3:08:35:c8:0e:49:
d6:be:d8:e8:bf:fd:5a:be:3e:0f:40:ee:3f:83:ff:
b0:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:20:3D:BB:88:A3:10:A2:E1:23:3F:D6:32:B2:30:02:F0:86:B7:77
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/JyA9u4ijEKLhIz_WMrIwAvCGt3c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/24
45.88.88.0/24
45.151.89.0/24
83.219.97.0/24
84.21.174.0/23
87.120.87.0/24
87.121.45.0/24
87.121.86.0/23
87.121.221.0/24
92.119.196.0/23
94.154.160.0/22
94.156.239.0/24
95.214.25.0-95.214.26.255
147.78.102.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
185.218.84.0/22
185.246.223.0/24
193.42.32.0/23
194.48.248.0/24
194.55.186.0/24
194.55.224.0/24
194.59.31.0/24
Signature Algorithm: sha256WithRSAEncryption
10:3d:7c:15:5e:df:fc:8f:ac:bf:1a:fc:4a:89:26:09:e9:f5:
ac:72:df:47:5a:ca:76:5f:ba:bd:a3:d3:e2:8d:55:b1:71:e7:
20:3c:79:bc:d0:79:a9:cf:8c:4d:6b:65:19:54:23:a2:45:d3:
74:05:d9:c5:1d:68:37:c4:a9:80:ba:42:b4:4b:3e:95:46:98:
3b:4a:9f:1f:fb:03:f7:31:cb:1a:a3:08:12:86:60:4a:4a:fe:
10:c7:56:44:42:84:bf:75:cd:f8:a6:c3:d1:b8:3d:59:66:38:
ac:d9:0f:4b:cf:04:f7:ac:dc:c2:9c:a5:16:e3:3f:a8:7f:bb:
51:0c:4c:10:ce:ca:dd:12:a1:6f:93:f1:47:0d:11:94:5f:12:
bd:eb:0c:09:6a:0a:41:87:53:79:95:89:ce:a1:34:3e:25:ef:
d2:78:9a:55:8a:2e:9f:60:5d:33:88:76:13:fe:63:96:d9:e2:
d8:6c:ba:37:2d:88:3d:4e:eb:c5:34:62:42:7e:50:74:f0:28:
6b:65:96:ce:db:2a:9a:f0:d8:64:a2:28:92:c5:98:3d:44:1c:
d9:ae:e6:3c:8f:3f:9b:5d:5c:c7:d9:ad:f2:96:8e:bb:94:71:
17:e3:c9:c0:3f:f4:1d:a3:08:aa:e3:4c:46:02:3a:48:41:68:
f7:b5:73:14
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgISAY8ZEn8LAGN7RYn8kU/5PwSoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNDI2MDYyMzEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzIwM2RiYjg4YTMxMGEyZTEyMzNmZDYzMmIyMzAwMmYwODZiNzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAje6+IJjnGJXEo0dE4Cdasxuow1Pv
Lu88O7KGPxtQErqN8Lr6duE4vpdcUC18bPFvR0wr/br0U/t8DJ09miFgA8uPzyEc
N53Xi32msSyBH23QGnPHrDeXkp+YbiEsMTq36iOsN4Ucz6zLFoUBQJeOerAgnqVF
LeDWX0woK0VK1bUSuRCHuz7tgYowGe0hljXgK7UP2vYf1dQduEl29VM90IrcH5Cb
rjuF9ZIwGfnwKMDohMJGxZsh0So42gKY8J9FLDSQsXREpKbQses1tPe/46S8Wkg9
MVdzExHw335l02GEQ1AMAn8ibj+zCDXIDknWvtjov/1avj4PQO4/g/+w8QIDAQAB
o4ICoDCCApwwHQYDVR0OBBYEFCcgPbuIoxCi4SM/1jKyMALwhrd3MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSnlBOXU0aWpFS0xoSXpfV01ySXdBdkNHdDNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG1BggrBgEFBQcBBwEB/wSBpTCBojCBnwQCAAEwgZgDBAAt
CZwDBAAtWFgDBAAtl1kDBABT22EDBAFUFa4DBABXeFcDBABXeS0DBAFXeVYDBABX
ed0DBAFcd8QDBAJemqADBABenO8wDAMEAF/WGQMEAF/WGgMEAJNOZgMEAqsWSAME
ALLX4AMEArnYVAMEArnaVAMEALn23wMEAcEqIAMEAMIw+AMEAMI3ugMEAMI34AME
AMI7HzANBgkqhkiG9w0BAQsFAAOCAQEAED18FV7f/I+svxr8SokmCen1rHLfR1rK
dl+6vaPT4o1VsXHnIDx5vNB5qc+MTWtlGVQjokXTdAXZxR1oN8SpgLpCtEs+lUaY
O0qfH/sD9zHLGqMIEoZgSkr+EMdWREKEv3XN+KbD0bg9WWY4rNkPS88E96zcwpyl
FuM/qH+7UQxMEM7K3RKhb5PxRw0RlF8SvesMCWoKQYdTeZWJzqE0PiXv0niaVYou
n2BdM4h2E/5jltni2Gy6Ny2IPU7rxTRiQn5QdPAoa2WWztsqmvDYZKIoksWYPUQc
2a7mPI8/m11cx9mt8paOu5RxF+PJwD/0HaMIquNMRgI6SEFo97VzFA==
-----END CERTIFICATE-----
Generated at Tue May 13 17:50:38 2025 by rpki-client