Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/nJUweqNHBSsoehYliEgbtn0zQJQ.roa
File: nJUweqNHBSsoehYliEgbtn0zQJQ.roa (raw, json)
Hash identifier: mRBbsdojw5uvC0BDvt5D1J9GWc30LBQ9AQ1+Pn55bgg=
Subject key identifier: 9C:95:30:7A:A3:47:05:2B:28:7A:16:25:88:48:1B:B6:7D:33:40:94
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018D8DDF440454F68DA319FDA06FCD2582F0
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/nJUweqNHBSsoehYliEgbtn0zQJQ.roa
Signing time: Fri 09 Feb 2024 12:37:15 +0000
ROA not before: Fri 09 Feb 2024 12:37:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.84.89.0/24 maxlen: 24
45.88.90.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.221.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.172.0/24 maxlen: 24
94.156.239.0/24 maxlen: 24
95.214.24.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
185.226.173.0/24 maxlen: 24
185.252.176.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:8d:df:44:04:54:f6:8d:a3:19:fd:a0:6f:cd:25:82:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 9 12:37:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9c95307aa347052b287a162588481bb67d334094
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:03:ce:44:cb:82:88:e4:43:d6:2e:90:f6:d0:
92:12:c8:69:67:0c:ed:97:79:22:f1:4e:d7:98:d7:
37:c9:fd:4f:56:f0:08:ab:f7:b3:38:50:e5:9e:13:
07:12:b8:9a:98:35:e4:d4:57:1c:e2:be:9c:c3:f1:
7f:83:84:1d:28:b0:e7:82:5e:02:fc:52:23:91:10:
9e:50:7b:04:82:26:db:fc:e5:17:53:ad:75:7e:b3:
e8:3d:33:f0:79:59:42:b3:e3:71:c3:62:27:76:1b:
26:04:e8:53:10:83:de:cc:1e:67:d0:6a:9f:c9:9b:
14:95:63:d6:3c:b0:d7:69:ea:5c:d1:78:17:56:53:
bf:79:e7:f0:55:d5:84:53:ee:7f:19:15:58:a6:b0:
49:a9:b1:2b:07:5b:4b:08:a7:12:af:30:9c:c7:06:
c1:fd:b9:9e:47:2e:a1:45:e6:3a:97:86:ee:24:a4:
c3:09:35:6a:43:6e:d3:c5:63:83:da:41:2c:dd:8a:
87:32:1d:52:16:91:ad:48:4e:b2:41:fa:e0:18:53:
cc:d2:69:2e:3f:b8:ff:6e:35:78:ce:e2:71:c5:15:
03:a8:ed:1f:81:56:18:c8:d7:c9:cd:4f:a4:5e:ee:
d3:66:5f:ea:8e:4b:c9:67:7b:99:68:79:2c:02:12:
f9:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:95:30:7A:A3:47:05:2B:28:7A:16:25:88:48:1B:B6:7D:33:40:94
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/nJUweqNHBSsoehYliEgbtn0zQJQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.84.89.0/24
45.88.90.0/24
45.151.89.0/24
87.120.87.0/24
87.121.45.0/24
87.121.221.0/24
92.119.196.0/23
94.154.160.0/22
94.154.172.0/24
94.156.239.0/24
95.214.24.0/24
147.78.101.0-147.78.102.255
171.22.72.0/22
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.226.173.0/24
185.252.176.0/24
194.55.224.0/24
Signature Algorithm: sha256WithRSAEncryption
6d:1b:a7:30:7f:8d:05:e4:8f:a5:8f:bc:42:8f:c9:33:bb:5f:
ce:c9:77:f1:93:77:9f:f2:47:bb:33:25:49:d4:76:1e:2c:8b:
42:d1:69:05:4c:9e:e5:41:1b:ae:08:18:74:d0:74:d2:6b:de:
bf:c2:9d:32:59:5a:47:8f:e9:1f:6f:a0:ff:e9:1e:61:ce:b6:
42:aa:91:11:89:ec:18:e3:50:cc:fc:15:d2:82:77:2f:31:90:
0b:68:46:9b:7e:d9:1e:fd:19:bc:07:73:38:ed:71:cd:23:01:
22:e0:e6:d2:4f:20:f0:e0:87:ab:7b:1f:3b:7c:04:38:ee:2c:
07:7f:8a:d2:3b:a1:6f:0f:76:16:8c:37:85:00:13:ab:16:63:
81:25:68:98:05:f0:74:11:e8:be:06:72:0b:b0:c8:90:d5:c4:
82:89:51:56:11:d7:05:f6:e7:97:e6:21:2d:a1:56:f8:58:13:
b9:4e:f1:9a:9a:3d:36:a6:fc:d7:47:d9:1d:48:9b:ae:2c:7f:
e6:3b:f6:82:65:85:c7:e6:ad:ee:10:cd:ee:a8:b7:7f:d5:79:
ec:9d:b0:1b:49:56:0d:38:f7:a8:0c:c3:9a:ac:30:93:2e:4a:
34:d2:af:66:28:b1:e8:6e:75:c6:47:8e:8b:5b:39:2d:b7:25:
0c:e7:40:b0
-----BEGIN CERTIFICATE-----
MIIFfDCCBGSgAwIBAgISAY2N30QEVPaNoxn9oG/NJYLwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwMjA5MTIzNzE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Yzk1MzA3YWEzNDcwNTJiMjg3YTE2MjU4ODQ4MWJiNjdkMzM0MDk0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhAPORMuCiORD1i6Q9tCSEshpZwzt
l3ki8U7XmNc3yf1PVvAIq/ezOFDlnhMHEriamDXk1Fcc4r6cw/F/g4QdKLDngl4C
/FIjkRCeUHsEgibb/OUXU611frPoPTPweVlCs+Nxw2IndhsmBOhTEIPezB5n0Gqf
yZsUlWPWPLDXaepc0XgXVlO/eefwVdWEU+5/GRVYprBJqbErB1tLCKcSrzCcxwbB
/bmeRy6hReY6l4buJKTDCTVqQ27TxWOD2kEs3YqHMh1SFpGtSE6yQfrgGFPM0mku
P7j/bjV4zuJxxRUDqO0fgVYYyNfJzU+kXu7TZl/qjkvJZ3uZaHksAhL5dQIDAQAB
o4ICiDCCAoQwHQYDVR0OBBYEFJyVMHqjRwUrKHoWJYhIG7Z9M0CUMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbkpVd2VxTkhCU3NvZWhZbGlFZ2J0bjB6UUpRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGdBggrBgEFBQcBBwEB/wSBjTCBijCBhwQCAAEwgYADBAAt
VFkDBAAtWFoDBAAtl1kDBABXeFcDBABXeS0DBABXed0DBAFcd8QDBAJemqADBABe
mqwDBABenO8DBABf1hgwDAMEAJNOZQMEAJNOZgMEAqsWSAMEALLX4AMEALLX7AME
ArnYVAMEArnaVAMEALnirQMEALn8sAMEAMI34DANBgkqhkiG9w0BAQsFAAOCAQEA
bRunMH+NBeSPpY+8Qo/JM7tfzsl38ZN3n/JHuzMlSdR2HiyLQtFpBUye5UEbrggY
dNB00mvev8KdMllaR4/pH2+g/+keYc62QqqREYnsGONQzPwV0oJ3LzGQC2hGm37Z
Hv0ZvAdzOO1xzSMBIuDm0k8g8OCHq3sfO3wEOO4sB3+K0juhbw92Fow3hQATqxZj
gSVomAXwdBHovgZyC7DIkNXEgolRVhHXBfbnl+YhLaFW+FgTuU7xmpo9Nqb810fZ
HUibrix/5jv2gmWFx+at7hDN7qi3f9V57J2wG0lWDTj3qAzDmqwwky5KNNKvZiix
6G51xkeOi1s5LbclDOdAsA==
-----END CERTIFICATE-----
Generated at Wed Apr 30 11:44:59 2025 by rpki-client