Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CRYxHaMjQf7tQwAip-yjf03o2Hg.roa
File: CRYxHaMjQf7tQwAip-yjf03o2Hg.roa (raw, json)
Hash identifier: sMPCMQuY8xjlN5v+3ISBY4fAX4XdIAnkQNK6FUHs2Vg=
Subject key identifier: 09:16:31:1D:A3:23:41:FE:ED:43:00:22:A7:EC:A3:7F:4D:E8:D8:78
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0187C1999A5594B91DC15258E2A3401D7914
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CRYxHaMjQf7tQwAip-yjf03o2Hg.roa
Signing time: Thu 27 Apr 2023 07:24:41 +0000
ROA not before: Thu 27 Apr 2023 07:24:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.218.84.0/22 maxlen: 24
94.156.8.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
185.246.223.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
87.120.64.0/23 maxlen: 24
185.216.84.0/22 maxlen: 24
94.103.126.0/24 maxlen: 24
185.218.137.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
185.219.126.0/24 maxlen: 24
94.154.172.0/24 maxlen: 24
87.121.220.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:c1:99:9a:55:94:b9:1d:c1:52:58:e2:a3:40:1d:79:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 27 07:24:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0916311da32341feed430022a7eca37f4de8d878
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:1b:03:2b:58:02:12:14:91:70:e8:32:b5:9c:
47:ba:af:ba:ec:6b:f3:47:ca:89:b0:95:f4:ca:2c:
2f:76:f0:e3:53:11:7f:93:24:ac:37:58:fa:6b:28:
5d:ed:c5:cf:3f:eb:b3:6e:f2:ad:bd:77:d4:ab:8d:
c9:06:7c:da:af:3e:74:4a:02:45:85:12:6e:b3:e5:
52:04:c2:05:51:66:6a:bf:44:9a:67:87:59:67:14:
da:5a:ad:b1:a7:4b:2c:fe:a9:7b:69:1e:3d:be:0a:
c5:65:70:fe:7c:c5:ef:cd:c3:f6:ca:7b:a2:58:02:
bc:63:e4:63:8e:6d:d1:fb:dc:55:d9:b4:35:71:a7:
36:6f:46:d8:05:83:9b:ed:01:ad:a5:de:32:55:2e:
c8:05:8d:32:d9:c2:a7:e2:b3:55:2c:41:a3:32:0f:
33:07:40:eb:46:08:5e:d2:ff:67:16:ec:c7:35:73:
c8:ea:50:07:93:1e:aa:c4:b8:91:43:df:4f:a2:bb:
9b:37:09:49:87:99:17:99:79:b9:98:3c:24:ef:4f:
53:64:4e:86:2b:68:8f:98:24:67:ed:6c:20:d7:bb:
d4:3e:13:4a:7e:67:b8:2d:5f:3b:3f:88:59:4a:ed:
ef:39:b6:5b:3c:40:26:6d:d0:28:38:6d:5f:b6:c3:
76:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:16:31:1D:A3:23:41:FE:ED:43:00:22:A7:EC:A3:7F:4D:E8:D8:78
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CRYxHaMjQf7tQwAip-yjf03o2Hg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.151.89.0/24
87.120.64.0/23
87.121.220.0/24
92.119.196.0/23
94.103.126.0/24
94.154.161.0-94.154.163.255
94.154.172.0/24
94.156.8.0/24
147.78.100.0/23
171.22.72.0/22
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.218.137.0/24
185.219.126.0/24
185.246.223.0/24
Signature Algorithm: sha256WithRSAEncryption
96:82:32:44:1b:f2:e4:38:5e:91:44:4b:5b:00:17:8e:46:02:
09:95:e6:f2:20:5c:7f:1f:e4:f2:96:c7:9b:a7:6d:e6:c6:0d:
60:ff:e3:e0:c8:ef:1f:72:43:e4:7e:ad:85:0c:c9:29:43:71:
ba:9c:10:74:5b:cb:d8:4b:0e:b2:10:10:53:ed:8c:3d:22:15:
b6:51:71:f2:30:c6:d0:7b:07:d4:c7:93:33:5a:5b:b3:01:3e:
f3:0d:ed:74:f4:e3:d9:55:b1:d3:4e:84:1c:19:85:00:aa:12:
24:ff:24:bc:16:af:0f:17:48:1a:97:43:42:62:ce:cc:79:d9:
4c:15:a3:4f:b2:42:09:22:a3:ad:95:6f:e9:50:34:ba:d5:21:
5a:69:f0:b2:c6:8b:01:b2:b5:ca:14:b9:69:66:27:8d:d0:c2:
96:68:73:c3:0c:4c:b5:32:19:ee:fa:60:48:bb:c3:b4:a4:d5:
e2:e9:38:9f:6c:1e:01:15:c7:6e:e2:c7:8b:91:e9:39:7b:bb:
2c:98:f7:03:9c:2d:c8:ce:ad:fe:30:0d:43:ee:e4:03:ea:da:
04:a6:20:41:3a:30:bc:b2:9a:6f:0d:a4:2b:25:42:d8:9b:8c:
71:67:93:f1:69:54:90:ca:f1:4d:78:24:6d:0c:fc:da:0f:3d:
8e:12:5e:06
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAYfBmZpVlLkdwVJY4qNAHXkUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNDI3MDcyNDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTE2MzExZGEzMjM0MWZlZWQ0MzAwMjJhN2VjYTM3ZjRkZThkODc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiRsDK1gCEhSRcOgytZxHuq+67Gvz
R8qJsJX0yiwvdvDjUxF/kySsN1j6ayhd7cXPP+uzbvKtvXfUq43JBnzarz50SgJF
hRJus+VSBMIFUWZqv0SaZ4dZZxTaWq2xp0ss/ql7aR49vgrFZXD+fMXvzcP2ynui
WAK8Y+Rjjm3R+9xV2bQ1cac2b0bYBYOb7QGtpd4yVS7IBY0y2cKn4rNVLEGjMg8z
B0DrRghe0v9nFuzHNXPI6lAHkx6qxLiRQ99PorubNwlJh5kXmXm5mDwk709TZE6G
K2iPmCRn7Wwg17vUPhNKfme4LV87P4hZSu3vObZbPEAmbdAoOG1ftsN2IQIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFAkWMR2jI0H+7UMAIqfso39N6Nh4MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQ1JZeEhhTWpRZjd0UXdBaXAteWpmMDNvMkhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwbgQCAAEwaAMEAC2XWQME
AVd4QAMEAFd53AMEAVx3xAMEAF5nfjAMAwQAXpqhAwQCXpqgAwQAXpqsAwQAXpwI
AwQBk05kAwQCqxZIAwQAstfsAwQCudhUAwQCudpUAwQAudqJAwQAudt+AwQAufbf
MA0GCSqGSIb3DQEBCwUAA4IBAQCWgjJEG/LkOF6RREtbABeORgIJlebyIFx/H+Ty
lsebp23mxg1g/+PgyO8fckPkfq2FDMkpQ3G6nBB0W8vYSw6yEBBT7Yw9IhW2UXHy
MMbQewfUx5MzWluzAT7zDe109OPZVbHTToQcGYUAqhIk/yS8Fq8PF0gal0NCYs7M
edlMFaNPskIJIqOtlW/pUDS61SFaafCyxosBsrXKFLlpZieN0MKWaHPDDEy1Mhnu
+mBIu8O0pNXi6TifbB4BFcdu4seLkek5e7ssmPcDnC3Izq3+MA1D7uQD6toEpiBB
OjC8sppvDaQrJULYm4xxZ5PxaVSQyvFNeCRtDPzaDz2OEl4G
-----END CERTIFICATE-----
Generated at Mon Apr 28 16:22:23 2025 by rpki-client