Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_ZkLz9MQz4FlFdJeHdecGRqBvRM.roa
File: _ZkLz9MQz4FlFdJeHdecGRqBvRM.roa (raw, json)
Hash identifier: 6xzF4Qmo1/491/iBlOUhn2W5Q/1kbGPEKcHsUzE9Kyg=
Subject key identifier: FD:99:0B:CF:D3:10:CF:81:65:15:D2:5E:1D:D7:9C:19:1A:81:BD:13
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018AA714C2FB0547D169870CB028D0B5F109
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_ZkLz9MQz4FlFdJeHdecGRqBvRM.roa
Signing time: Mon 18 Sep 2023 06:57:50 +0000
ROA not before: Mon 18 Sep 2023 06:57:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.218.84.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
94.156.239.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.252.176.0/24 maxlen: 24
193.222.96.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
185.216.84.0/22 maxlen: 24
87.121.45.0/24 maxlen: 24
194.180.50.0/24 maxlen: 24
194.169.174.0/24 maxlen: 24
94.156.78.0/24 maxlen: 24
94.154.163.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
185.219.126.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:a7:14:c2:fb:05:47:d1:69:87:0c:b0:28:d0:b5:f1:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Sep 18 06:57:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=fd990bcfd310cf816515d25e1dd79c191a81bd13
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ac:ea:0b:8e:fa:ff:6a:d1:06:6f:40:70:b4:f9:
f5:5f:5d:b4:ba:b9:bd:86:57:8d:ed:b2:a1:67:30:
0d:41:17:6f:a5:b7:26:a4:17:51:77:02:a4:a8:ae:
53:d7:61:ad:98:fe:d5:57:c7:43:52:3c:48:09:60:
ad:4f:49:35:62:08:2c:87:90:c7:32:ea:ba:14:48:
da:35:11:d9:84:93:09:49:4e:b6:2e:84:15:2e:1f:
06:9a:df:6b:58:e8:60:05:93:25:c5:c9:9d:93:d5:
5d:01:16:db:27:6f:d7:08:73:5a:59:2a:4e:2d:8e:
b7:78:a6:66:f0:28:fb:a3:31:6c:f2:1c:ed:c6:fa:
f7:c8:b7:6c:70:d9:b7:75:0a:0c:4c:f2:02:90:fb:
f8:8d:49:17:4e:97:9f:de:c6:e4:38:42:03:93:c6:
e6:1d:df:63:f4:90:6a:f9:4f:02:2e:87:74:b8:f8:
01:3a:06:c6:cb:4d:9f:fa:b7:08:1e:13:8a:47:79:
82:a5:ba:db:82:51:4a:e6:51:87:36:cb:49:06:12:
e2:a1:a3:56:7e:17:e9:11:b7:70:f2:96:58:6f:4c:
78:f2:ae:02:23:3b:0d:68:b4:a3:8e:92:14:b0:59:
3c:b1:de:0a:6f:d9:d8:27:4a:6d:8b:04:f2:19:9b:
7a:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:99:0B:CF:D3:10:CF:81:65:15:D2:5E:1D:D7:9C:19:1A:81:BD:13
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_ZkLz9MQz4FlFdJeHdecGRqBvRM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.89.0/24
87.121.45.0/24
92.119.196.0/23
94.154.161.0-94.154.163.255
94.156.78.0/24
94.156.239.0/24
147.78.100.0-147.78.102.255
171.22.72.0/22
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.219.126.0/24
185.252.176.0/24
193.222.96.0/24
194.169.174.0/24
194.180.50.0/24
Signature Algorithm: sha256WithRSAEncryption
4a:e2:c6:db:b9:aa:9a:4e:03:a7:7d:98:fb:23:2f:d8:44:6e:
d2:f2:37:12:49:bb:cf:a3:f2:29:bd:17:2d:66:e6:66:e4:1f:
a0:eb:95:a9:41:99:e1:25:6a:bc:e0:89:38:02:76:1d:1f:16:
c6:61:0e:fe:00:77:37:cf:86:f1:5c:92:c0:59:65:90:e6:8a:
fc:7f:ab:08:b3:79:9b:75:86:bb:32:75:89:19:72:f4:ce:37:
18:21:1b:fe:a8:c0:b2:ad:a4:85:69:5f:0c:bf:b6:90:78:4b:
e9:45:dc:c2:e6:cd:be:07:06:48:54:d7:ad:51:1e:7b:90:29:
88:27:c7:0f:29:09:3b:88:75:84:e7:7d:87:99:7a:38:96:34:
b5:8f:9b:c1:b4:dc:78:59:70:d1:3d:ca:ee:40:50:90:c8:c6:
55:93:88:49:54:bc:09:80:6e:54:e6:87:88:4e:f6:14:7a:10:
d5:c6:fb:f7:b2:eb:e1:f7:e5:47:10:b9:e6:f0:65:13:6d:a5:
b7:43:c0:72:62:30:ac:dc:6c:14:47:33:ff:9e:eb:8c:0b:f9:
f6:84:7e:69:64:4f:93:16:d3:a3:0c:f8:87:6c:f9:39:fe:44:
8c:4e:22:de:f6:dc:91:24:d8:56:e6:b0:2b:c6:fb:48:86:66:
4f:cf:7b:a3
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAYqnFML7BUfRaYcMsCjQtfEJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwOTE4MDY1NzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDk5MGJjZmQzMTBjZjgxNjUxNWQyNWUxZGQ3OWMxOTFhODFiZDEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArOoLjvr/atEGb0BwtPn1X120urm9
hleN7bKhZzANQRdvpbcmpBdRdwKkqK5T12GtmP7VV8dDUjxICWCtT0k1Yggsh5DH
Muq6FEjaNRHZhJMJSU62LoQVLh8Gmt9rWOhgBZMlxcmdk9VdARbbJ2/XCHNaWSpO
LY63eKZm8Cj7ozFs8hztxvr3yLdscNm3dQoMTPICkPv4jUkXTpef3sbkOEIDk8bm
Hd9j9JBq+U8CLod0uPgBOgbGy02f+rcIHhOKR3mCpbrbglFK5lGHNstJBhLioaNW
fhfpEbdw8pZYb0x48q4CIzsNaLSjjpIUsFk8sd4Kb9nYJ0ptiwTyGZt6sQIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFP2ZC8/TEM+BZRXSXh3XnBkagb0TMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvX1prTHo5TVF6NEZsRmRKZUhkZWNHUnFCdlJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MHwEAgABMHYDBAAtl1kD
BABXeS0DBAFcd8QwDAMEAF6aoQMEAl6aoAMEAF6cTgMEAF6c7zAMAwQCk05kAwQA
k05mAwQCqxZIAwQAstfgAwQAstfsAwQCudhUAwQCudpUAwQAudt+AwQAufywAwQA
wd5gAwQAwqmuAwQAwrQyMA0GCSqGSIb3DQEBCwUAA4IBAQBK4sbbuaqaTgOnfZj7
Iy/YRG7S8jcSSbvPo/IpvRctZuZm5B+g65WpQZnhJWq84Ik4AnYdHxbGYQ7+AHc3
z4bxXJLAWWWQ5or8f6sIs3mbdYa7MnWJGXL0zjcYIRv+qMCyraSFaV8Mv7aQeEvp
RdzC5s2+BwZIVNetUR57kCmIJ8cPKQk7iHWE532HmXo4ljS1j5vBtNx4WXDRPcru
QFCQyMZVk4hJVLwJgG5U5oeITvYUehDVxvv3suvh9+VHELnm8GUTbaW3Q8ByYjCs
3GwURzP/nuuMC/n2hH5pZE+TFtOjDPiHbPk5/kSMTiLe9tyRJNhW5rArxvtIhmZP
z3uj
-----END CERTIFICATE-----
Generated at Tue Apr 29 19:21:41 2025 by rpki-client