Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yJI1nWT0t6FiPXVuQX5FKNLtEo8.roa
File: yJI1nWT0t6FiPXVuQX5FKNLtEo8.roa (raw, json)
Hash identifier: VeyMZD1UnuI3I18erg5jzE3T7KTPVtv5lHtju53zv4w=
Subject key identifier: C8:92:35:9D:64:F4:B7:A1:62:3D:75:6E:41:7E:45:28:D2:ED:12:8F
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0187B1E1DD464F7533EB4A0A5686D97D4096
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yJI1nWT0t6FiPXVuQX5FKNLtEo8.roa
Signing time: Mon 24 Apr 2023 06:09:42 +0000
ROA not before: Mon 24 Apr 2023 06:09:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.218.84.0/22 maxlen: 24
178.215.236.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
193.148.56.0/22 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
185.246.223.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
87.120.64.0/23 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.137.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
185.219.126.0/24 maxlen: 24
94.154.172.0/24 maxlen: 24
87.121.220.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:b1:e1:dd:46:4f:75:33:eb:4a:0a:56:86:d9:7d:40:96
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 24 06:09:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c892359d64f4b7a1623d756e417e4528d2ed128f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:59:5a:a1:8c:88:80:c6:6a:63:97:3a:76:88:
fe:34:d7:68:6b:47:e1:9b:45:91:a4:4c:d5:ee:ee:
85:7d:a9:08:76:f0:d8:86:e7:4c:26:8d:ba:93:77:
96:0e:1d:9b:cf:29:08:ff:97:31:3c:fb:16:bc:32:
aa:fe:31:06:c1:bd:36:a1:96:bd:d7:93:f4:ac:95:
0d:1c:17:d1:a9:31:a6:23:13:00:0d:4d:7e:58:71:
8a:52:40:af:e3:b2:fa:3f:c5:0d:70:84:fb:29:79:
34:07:87:ac:c4:93:4c:ba:0f:78:87:86:79:a1:e6:
31:0a:04:7a:c4:63:8b:36:ac:fa:56:02:cb:ef:ef:
09:dc:53:07:98:0b:4a:d0:fc:93:ca:2c:1b:46:43:
7f:83:90:b1:7a:75:47:b7:d7:05:d0:bc:a1:06:7d:
86:f2:a0:c5:56:fe:7c:f3:de:f8:fc:76:98:23:6a:
72:71:c6:2f:c7:94:39:cc:3b:af:0b:e2:3f:53:c5:
0d:7e:06:4f:c8:a8:32:58:45:95:a9:1a:a7:c6:b8:
17:33:95:32:1d:22:1e:27:72:52:69:33:d2:42:12:
f7:9b:a7:93:a4:47:62:fe:b9:0e:98:dd:dd:f5:0b:
7d:54:5b:64:20:cb:1e:5c:a6:ac:23:3b:16:52:32:
2d:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:92:35:9D:64:F4:B7:A1:62:3D:75:6E:41:7E:45:28:D2:ED:12:8F
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/yJI1nWT0t6FiPXVuQX5FKNLtEo8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.89.0/24
87.120.64.0/23
87.121.220.0/24
92.119.196.0/23
94.154.161.0-94.154.163.255
94.154.172.0/24
147.78.100.0/23
171.22.72.0/22
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.218.137.0/24
185.219.126.0/24
185.246.223.0/24
193.148.56.0/22
Signature Algorithm: sha256WithRSAEncryption
46:5c:12:78:ff:d9:4c:f3:aa:6c:0f:5d:16:88:e5:9b:a7:28:
b7:90:c9:47:51:22:f0:63:5b:0c:f8:6e:01:13:ae:00:9d:c5:
42:1e:2c:69:8a:e0:67:35:43:32:7e:12:87:7f:c7:b4:6b:65:
41:8b:2f:d2:c6:b2:ef:82:2d:18:fc:90:c3:8a:bc:4e:42:a7:
ca:06:12:9e:e5:23:74:df:ba:9e:49:a2:42:40:39:93:85:06:
f3:6a:a9:fa:45:73:1c:87:35:ef:46:ae:3a:1a:34:f0:7c:fd:
25:22:c8:8f:ce:83:62:3a:f5:e8:4f:5c:04:ed:fd:fc:e3:e0:
d7:2c:76:3c:47:95:53:ef:85:69:94:e7:4f:3a:c2:d6:24:34:
98:b0:ed:aa:93:e1:c0:9e:ad:eb:96:bb:0e:58:ba:3e:54:1d:
2c:e9:0e:7b:f6:aa:2b:eb:bf:19:12:b2:91:c5:ec:d5:0c:0c:
94:13:db:2f:19:7b:eb:ac:1d:d0:16:22:a4:90:53:7a:44:b3:
aa:fa:38:2f:86:d3:0b:a2:da:3b:aa:3c:cc:8c:55:3d:e8:b9:
9c:71:fe:94:e1:9c:d0:dc:90:4e:c0:ef:45:32:d3:94:ce:72:
11:34:4f:32:c9:0b:db:70:df:48:64:2d:5e:91:e9:76:e7:f4:
bf:97:2a:c3
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAYex4d1GT3Uz60oKVobZfUCWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDI0MDYwOTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODkyMzU5ZDY0ZjRiN2ExNjIzZDc1NmU0MTdlNDUyOGQyZWQxMjhmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApVlaoYyIgMZqY5c6doj+NNdoa0fh
m0WRpEzV7u6FfakIdvDYhudMJo26k3eWDh2bzykI/5cxPPsWvDKq/jEGwb02oZa9
15P0rJUNHBfRqTGmIxMADU1+WHGKUkCv47L6P8UNcIT7KXk0B4esxJNMug94h4Z5
oeYxCgR6xGOLNqz6VgLL7+8J3FMHmAtK0PyTyiwbRkN/g5CxenVHt9cF0LyhBn2G
8qDFVv588974/HaYI2pyccYvx5Q5zDuvC+I/U8UNfgZPyKgyWEWVqRqnxrgXM5Uy
HSIeJ3JSaTPSQhL3m6eTpEdi/rkOmN3d9Qt9VFtkIMseXKasIzsWUjItoQIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFMiSNZ1k9LehYj11bkF+RSjS7RKPMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveUpJMW5XVDB0NkZpUFhWdVFYNUZLTkx0RW84LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBoBAIAATBiAwQALZdZAwQB
V3hAAwQAV3ncAwQBXHfEMAwDBABemqEDBAJemqADBABemqwDBAGTTmQDBAKrFkgD
BACy1+wDBAK52FQDBAK52lQDBAC52okDBAC5234DBAC59t8DBALBlDgwDQYJKoZI
hvcNAQELBQADggEBAEZcEnj/2UzzqmwPXRaI5ZunKLeQyUdRIvBjWwz4bgETrgCd
xUIeLGmK4Gc1QzJ+Eod/x7RrZUGLL9LGsu+CLRj8kMOKvE5Cp8oGEp7lI3Tfup5J
okJAOZOFBvNqqfpFcxyHNe9GrjoaNPB8/SUiyI/Og2I69ehPXATt/fzj4NcsdjxH
lVPvhWmU5086wtYkNJiw7aqT4cCereuWuw5Yuj5UHSzpDnv2qivrvxkSspHF7NUM
DJQT2y8Ze+usHdAWIqSQU3pEs6r6OC+G0wui2juqPMyMVT3ouZxx/pThnNDckE7A
70Uy05TOchE0TzLJC9tw30hkLV6R6Xbn9L+XKsM=
-----END CERTIFICATE-----
Generated at Tue May 13 18:03:52 2025 by rpki-client