Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CJ4VJlaUnVzHmekYCSXNWR7r48g.roa
File: CJ4VJlaUnVzHmekYCSXNWR7r48g.roa (raw, json)
Hash identifier: q5gYkq7fCugKeNZiYJk88jDZNkI7Yfi2zT/mwRpNj1s=
Subject key identifier: 08:9E:15:26:56:94:9D:5C:C7:99:E9:18:09:25:CD:59:1E:EB:E3:C8
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0193DF11A3F13BAB42F516E510ECA9842C42
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CJ4VJlaUnVzHmekYCSXNWR7r48g.roa
Signing time: Thu 19 Dec 2024 13:18:15 +0000
ROA not before: Thu 19 Dec 2024 13:18:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.12.255.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.88.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
93.123.84.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.179.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:df:11:a3:f1:3b:ab:42:f5:16:e5:10:ec:a9:84:2c:42
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Dec 19 13:18:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=089e152656949d5cc799e9180925cd591eebe3c8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:fd:ae:27:f7:8f:02:78:d9:31:0f:09:2c:46:
ee:45:e0:70:ab:12:85:38:5a:3f:d8:25:9e:53:d1:
60:f1:d9:0a:76:39:12:24:87:80:74:5d:2f:bc:7c:
57:16:dc:e5:d4:cd:f4:c2:4c:d0:8d:28:ea:35:2b:
61:f0:74:fb:a9:ab:74:cd:53:b0:96:f6:40:d9:18:
bd:3e:8f:f7:18:1f:85:a7:4f:e7:3b:c9:a5:c8:11:
27:bd:08:e0:11:49:cd:72:6f:dc:50:35:f4:86:6e:
f5:29:e6:fd:0d:e4:b2:06:3b:db:06:74:f5:02:d0:
98:62:df:3f:25:88:4b:52:84:a1:79:ab:d3:2d:2c:
9d:5c:04:ca:9f:0e:82:43:f8:31:fe:8b:4f:33:24:
f7:3c:86:0c:ac:9c:43:e3:b2:d0:d9:4f:3a:8d:34:
5d:0e:4e:4d:9f:0c:19:87:18:93:ee:60:dd:ff:90:
8f:0f:ba:a3:a7:d9:48:69:fb:98:3a:00:0f:20:7f:
14:1b:d9:39:b8:82:17:27:da:f5:36:34:48:8e:d9:
27:ec:ce:94:a5:4b:3b:12:29:94:7a:f1:cc:28:f7:
f6:03:27:df:45:38:88:e9:33:83:89:26:9d:42:a1:
7f:a0:ae:20:14:9c:c0:41:96:97:ba:ab:64:f4:c2:
bc:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:9E:15:26:56:94:9D:5C:C7:99:E9:18:09:25:CD:59:1E:EB:E3:C8
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CJ4VJlaUnVzHmekYCSXNWR7r48g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.12.255.0/24
45.14.164.0/24
45.66.228.0/24
45.88.64.0/24
45.90.88.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
93.123.84.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.179.0/24
141.98.1.0/24
147.78.100.0/24
171.22.72.0/22
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
Signature Algorithm: sha256WithRSAEncryption
83:ca:22:fe:24:24:17:f0:45:73:d9:df:51:e8:d0:ee:e1:8c:
ad:46:26:f7:8c:04:82:fe:74:ba:52:1f:a7:00:1b:88:c1:e0:
c7:9f:02:14:1a:13:87:69:a9:2b:9c:b3:cb:6e:02:55:b0:e0:
62:fd:c8:e8:f8:eb:af:fb:70:0d:15:26:73:95:b9:7e:9a:04:
db:13:c2:20:4d:ff:9b:4c:25:99:49:c6:36:0c:55:29:58:13:
45:1a:dd:ff:2b:84:fb:7d:8a:92:8b:56:d6:db:d9:e7:20:12:
3f:4d:09:0f:17:1a:c8:b6:0e:cc:d2:71:57:38:b1:c2:d3:3d:
12:24:62:5d:8d:7f:ad:2a:e6:55:5c:2b:72:01:67:22:78:14:
de:0c:4b:3e:17:b7:d0:34:b2:c2:b6:2d:d0:a9:e4:8c:37:4b:
87:30:2f:19:39:74:80:9a:82:5d:67:70:ba:50:3d:8e:48:33:
51:b8:74:3b:ac:52:3b:80:77:bf:3a:e4:fc:04:60:5c:4a:35:
90:37:04:ab:c6:39:70:67:07:d3:43:74:3b:3a:81:6a:9f:1b:
5a:c2:ed:5f:f9:e5:1c:de:d2:4d:74:87:3f:42:e1:46:90:4e:
81:5f:35:2a:4f:37:8a:b3:1d:fd:6e:ac:26:2e:18:73:0e:51:
9a:6c:df:19
-----BEGIN CERTIFICATE-----
MIIFvjCCBKagAwIBAgISAZPfEaPxO6tC9RblEOyphCxCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMjE5MTMxODE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODllMTUyNjU2OTQ5ZDVjYzc5OWU5MTgwOTI1Y2Q1OTFlZWJlM2M4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuf2uJ/ePAnjZMQ8JLEbuReBwqxKF
OFo/2CWeU9Fg8dkKdjkSJIeAdF0vvHxXFtzl1M30wkzQjSjqNSth8HT7qat0zVOw
lvZA2Ri9Po/3GB+Fp0/nO8mlyBEnvQjgEUnNcm/cUDX0hm71Keb9DeSyBjvbBnT1
AtCYYt8/JYhLUoSheavTLSydXATKnw6CQ/gx/otPMyT3PIYMrJxD47LQ2U86jTRd
Dk5NnwwZhxiT7mDd/5CPD7qjp9lIafuYOgAPIH8UG9k5uIIXJ9r1NjRIjtkn7M6U
pUs7EimUevHMKPf2AyffRTiI6TODiSadQqF/oK4gFJzAQZaXuqtk9MK8uQIDAQAB
o4ICyjCCAsYwHQYDVR0OBBYEFAieFSZWlJ1cx5npGAklzVke6+PIMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQ0o0VkpsYVVuVnpIbWVrWUNTWE5XUjdyNDhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHfBggrBgEFBQcBBwEB/wSBzzCBzDCByQQCAAEwgcIDBAAt
DP8DBAAtDqQDBAAtQuQDBAAtWEADBAAtWlgDBAAti2oDBAAtjZ4wDAMEAC2XWQME
Ai2XWAMEAFPbYQMEAFQ2MAMEAFd4VwMEAFd4pgMEAFd5LQMEAFd5VwMEAVd5fAME
AFd5ogMEAFd5pQMEBFtc8AMEAVx3xAMEAF17VAMEAl6aoAMEAF6cCwMEA16cQAME
AF6cswMEAI1iAQMEAJNOZAMEAqsWSAMEArnYVAMEArnaVAMEAMEZ2AMEAMIxXjAN
BgkqhkiG9w0BAQsFAAOCAQEAg8oi/iQkF/BFc9nfUejQ7uGMrUYm94wEgv50ulIf
pwAbiMHgx58CFBoTh2mpK5yzy24CVbDgYv3I6Pjrr/twDRUmc5W5fpoE2xPCIE3/
m0wlmUnGNgxVKVgTRRrd/yuE+32KkotW1tvZ5yASP00JDxcayLYOzNJxVzixwtM9
EiRiXY1/rSrmVVwrcgFnIngU3gxLPhe30DSywrYt0KnkjDdLhzAvGTl0gJqCXWdw
ulA9jkgzUbh0O6xSO4B3vzrk/ARgXEo1kDcEq8Y5cGcH00N0OzqBap8bWsLtX/nl
HN7STXSHP0LhRpBOgV81Kk83irMd/W6sJi4Ycw5RmmzfGQ==
-----END CERTIFICATE-----
Generated at Sun Apr 27 12:43:25 2025 by rpki-client