Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/AWcveTiA-kG33vSCpnNaMKIKtF0.roa
File: AWcveTiA-kG33vSCpnNaMKIKtF0.roa (raw, json)
Hash identifier: B8mGKCK8pbbW50L3Py5poaZv7+HCmWhIsohdkZqNOEg=
Subject key identifier: 01:67:2F:79:38:80:FA:41:B7:DE:F4:82:A6:73:5A:30:A2:0A:B4:5D
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0193B6A4A2DF715DB8196CDD3F163CD5BDAD
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/AWcveTiA-kG33vSCpnNaMKIKtF0.roa
Signing time: Wed 11 Dec 2024 16:54:23 +0000
ROA not before: Wed 11 Dec 2024 16:54:23 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.12.255.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.88.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
93.123.84.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.179.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
194.49.94.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:b6:a4:a2:df:71:5d:b8:19:6c:dd:3f:16:3c:d5:bd:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Dec 11 16:54:23 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=01672f793880fa41b7def482a6735a30a20ab45d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cf:f9:40:a3:be:82:96:2c:0d:5a:9d:b8:13:28:
c2:04:35:70:1e:bd:39:50:93:f4:6f:80:d5:3a:44:
bb:79:9d:84:03:04:4e:60:ba:75:bb:7d:c3:2b:82:
ed:a6:22:c0:65:ef:fa:9d:54:1a:75:ef:11:b8:b8:
33:d6:a3:54:03:33:81:f1:06:25:ac:a7:d9:0e:9b:
ee:7a:f6:31:48:1b:a9:df:96:9e:a4:2c:92:d5:10:
e9:89:9e:31:8d:25:be:76:15:79:49:d6:20:21:fc:
5e:c6:c3:34:11:06:30:66:2c:12:5c:bb:93:58:fb:
c3:30:15:63:c1:ad:f4:8c:29:7a:dd:c4:4d:92:d9:
9f:d6:d4:3b:cf:56:ed:d6:38:d0:de:aa:ab:cd:fc:
99:56:61:00:85:ef:21:28:1f:92:a3:58:96:89:92:
3b:e0:56:e5:b7:58:16:e8:f2:e0:dc:33:cf:81:54:
2b:95:50:1b:81:4a:e4:2c:b4:7c:e1:b8:68:86:c7:
1a:bc:2f:68:f2:0e:e4:69:c2:fd:1d:f1:e4:4f:04:
fd:52:35:94:cf:6b:be:9b:d0:b7:ae:50:2f:0f:8d:
6c:9d:dc:3a:71:90:8a:cb:4f:3d:68:50:c4:15:6d:
0b:29:94:69:7f:d3:06:93:ec:e3:41:b3:9a:aa:18:
35:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:67:2F:79:38:80:FA:41:B7:DE:F4:82:A6:73:5A:30:A2:0A:B4:5D
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/AWcveTiA-kG33vSCpnNaMKIKtF0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.12.255.0/24
45.14.164.0/24
45.66.228.0/24
45.88.64.0/24
45.90.88.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
93.123.84.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.179.0/24
141.98.1.0/24
147.78.100.0/24
171.22.72.0/22
185.216.84.0/22
185.218.84.0/22
194.49.94.0/24
Signature Algorithm: sha256WithRSAEncryption
20:d5:dc:b1:07:67:c1:74:eb:dc:9f:19:5c:e6:eb:24:e2:14:
f7:14:77:9b:cc:4d:00:be:b9:f4:4b:b3:ee:8a:54:2b:b2:bb:
34:dd:52:90:cf:67:61:dc:5d:c7:2a:3a:36:51:b7:27:92:e1:
97:f6:03:6b:97:74:d1:07:35:17:23:fa:02:46:a2:b5:cf:0d:
f6:0c:76:9f:ab:31:c5:f9:09:a6:66:2f:a5:60:33:7b:da:6e:
76:24:ef:fa:09:0d:08:51:94:66:86:44:f0:34:1f:ea:4b:64:
c6:f2:84:d8:c0:f7:fa:35:db:cd:11:4d:56:87:a3:52:d5:a4:
1b:3f:6b:80:4f:c6:fa:fa:41:26:9e:2c:7a:7a:51:23:53:67:
cf:fa:74:7c:71:f3:d2:2f:74:40:d0:f3:25:2a:b8:22:b7:0a:
1f:5d:33:eb:a8:e2:d5:a1:0a:bd:e1:ae:4b:54:c7:65:ee:26:
7a:5b:b9:b5:66:0c:76:74:07:e5:58:21:4b:1a:a0:9f:56:7d:
c7:20:8c:62:f0:69:06:69:10:88:17:50:51:bd:a3:de:77:ce:
e6:19:f7:20:05:c5:21:e5:5e:c7:c4:21:73:4d:2a:8c:7f:37:
cf:6e:c9:4e:81:c1:2f:55:5f:b0:ee:ef:0b:87:ef:06:ac:57:
ce:e2:45:a6
-----BEGIN CERTIFICATE-----
MIIFuDCCBKCgAwIBAgISAZO2pKLfcV24GWzdPxY81b2tMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMjExMTY1NDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTY3MmY3OTM4ODBmYTQxYjdkZWY0ODJhNjczNWEzMGEyMGFiNDVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz/lAo76CliwNWp24EyjCBDVwHr05
UJP0b4DVOkS7eZ2EAwROYLp1u33DK4LtpiLAZe/6nVQade8RuLgz1qNUAzOB8QYl
rKfZDpvuevYxSBup35aepCyS1RDpiZ4xjSW+dhV5SdYgIfxexsM0EQYwZiwSXLuT
WPvDMBVjwa30jCl63cRNktmf1tQ7z1bt1jjQ3qqrzfyZVmEAhe8hKB+So1iWiZI7
4Fblt1gW6PLg3DPPgVQrlVAbgUrkLLR84bhohscavC9o8g7kacL9HfHkTwT9UjWU
z2u+m9C3rlAvD41sndw6cZCKy089aFDEFW0LKZRpf9MGk+zjQbOaqhg1sQIDAQAB
o4ICxDCCAsAwHQYDVR0OBBYEFAFnL3k4gPpBt970gqZzWjCiCrRdMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQVdjdmVUaUEta0czM3ZTQ3BuTmFNS0lLdEYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHZBggrBgEFBQcBBwEB/wSByTCBxjCBwwQCAAEwgbwDBAAt
DP8DBAAtDqQDBAAtQuQDBAAtWEADBAAtWlgDBAAti2oDBAAtjZ4wDAMEAC2XWQME
Ai2XWAMEAFPbYQMEAFQ2MAMEAFd4VwMEAFd4pgMEAFd5LQMEAFd5VwMEAVd5fAME
AFd5ogMEAFd5pQMEBFtc8AMEAVx3xAMEAF17VAMEAl6aoAMEAF6cCwMEA16cQAME
AF6cswMEAI1iAQMEAJNOZAMEAqsWSAMEArnYVAMEArnaVAMEAMIxXjANBgkqhkiG
9w0BAQsFAAOCAQEAINXcsQdnwXTr3J8ZXObrJOIU9xR3m8xNAL659Euz7opUK7K7
NN1SkM9nYdxdxyo6NlG3J5Lhl/YDa5d00Qc1FyP6Akaitc8N9gx2n6sxxfkJpmYv
pWAze9pudiTv+gkNCFGUZoZE8DQf6ktkxvKE2MD3+jXbzRFNVoejUtWkGz9rgE/G
+vpBJp4senpRI1Nnz/p0fHHz0i90QNDzJSq4IrcKH10z66ji1aEKveGuS1THZe4m
elu5tWYMdnQH5VghSxqgn1Z9xyCMYvBpBmkQiBdQUb2j3nfO5hn3IAXFIeVex8Qh
c00qjH83z27JToHBL1VfsO7vC4fvBqxXzuJFpg==
-----END CERTIFICATE-----
Generated at Wed Apr 16 19:22:09 2025 by rpki-client