Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GC10fx763M-Q-b2SFks7H3zujt8.roa
File: GC10fx763M-Q-b2SFks7H3zujt8.roa (raw, json)
Hash identifier: bcN+7m3kBmpw5ZlqxqfBqnkOMr+d36tQ8WAMnLvBfQQ=
Subject key identifier: 18:2D:74:7F:1E:FA:DC:CF:90:F9:BD:92:16:4B:3B:1F:7C:EE:8E:DF
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 019484F095287B4D6BAC46B122A11589C0C6
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GC10fx763M-Q-b2SFks7H3zujt8.roa
Signing time: Mon 20 Jan 2025 18:19:06 +0000
ROA not before: Mon 20 Jan 2025 18:19:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
81.161.239.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.209.133.0/24 maxlen: 24
87.120.84.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.48.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.173.0/24 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.102.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.237.0/24 maxlen: 24
185.216.71.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:84:f0:95:28:7b:4d:6b:ac:46:b1:22:a1:15:89:c0:c6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 20 18:19:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=182d747f1efadccf90f9bd92164b3b1f7cee8edf
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c7:2b:fb:88:f9:07:e5:88:3d:3a:53:63:6d:ca:
59:df:a1:2d:c2:d5:aa:6b:86:66:12:e5:75:76:f3:
51:c7:0a:00:fe:41:b7:b9:49:a4:5b:dd:e3:1a:7b:
93:08:80:ef:63:92:a6:60:ce:92:5d:0c:72:82:20:
b5:35:f2:bd:3c:49:59:80:1c:34:0e:ce:56:ce:ff:
ac:7f:80:bb:82:9a:39:20:42:3e:67:09:94:c1:f0:
f5:e9:2a:dc:66:0b:f6:a9:ca:44:19:c9:10:66:69:
a0:09:1d:d3:1d:a7:a0:07:73:35:2d:37:8c:6b:70:
52:82:e4:95:f5:c3:f9:00:f4:11:cf:ab:7a:1f:28:
74:c5:e3:66:14:7b:dc:f9:4a:6e:b1:7f:8e:83:76:
e8:56:d0:60:e0:16:b1:27:f5:21:8c:39:98:af:8c:
22:bc:c7:c9:f7:7e:af:ea:00:ca:fe:c7:b0:fd:7d:
49:f7:00:c0:75:7c:7c:0b:3a:22:fb:67:e9:1b:7c:
b9:5d:0e:2f:f4:9c:99:ab:64:74:62:30:d1:e7:38:
fa:2f:f6:87:4b:23:42:41:19:2e:01:ed:ff:1a:e9:
c5:2b:5f:7f:48:e7:b3:27:8a:4c:e8:67:1d:d6:46:
5d:a3:72:ac:9b:69:77:9d:98:c8:1e:35:20:e8:50:
69:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:2D:74:7F:1E:FA:DC:CF:90:F9:BD:92:16:4B:3B:1F:7C:EE:8E:DF
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GC10fx763M-Q-b2SFks7H3zujt8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/23
45.12.255.0/24
45.14.164.0/24
45.66.228.0/24
45.66.230.0/24
45.88.64.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
81.161.239.0/24
83.219.97.0/24
84.54.48.0/24
85.209.133.0/24
87.120.84.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.105.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.48.0/24
92.249.50.0/24
94.154.160.0/22
94.154.173.0/24
94.156.11.0/24
94.156.64.0/21
94.156.102.0/24
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.237.0/24
185.216.71.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
4f:15:a7:60:30:8a:cd:8c:5b:82:33:80:cf:b4:79:b1:a1:66:
99:90:eb:33:45:ba:e2:f6:90:11:57:66:67:41:81:ef:77:e2:
eb:58:b9:1f:62:08:38:bb:41:ce:75:91:c8:bd:60:12:a4:70:
03:cb:ab:58:c6:1f:bb:38:ab:fd:e1:ad:7e:b8:83:cb:67:3c:
bd:df:07:df:16:ab:6d:91:fa:fc:eb:ff:db:eb:7e:54:99:74:
19:19:0d:32:c2:e1:9d:19:8c:cb:a6:84:8b:4a:f2:47:79:d6:
28:ca:fd:b2:f8:25:81:8c:b6:54:28:23:dd:0e:04:6b:a3:88:
1c:7d:72:ce:e7:5b:6b:e4:bd:e6:f9:0f:4c:f2:67:34:92:85:
6c:22:dc:fe:01:d9:eb:26:06:b9:42:67:91:1e:75:a2:14:c7:
13:d4:5b:25:f8:8f:d6:06:86:09:08:be:11:da:01:d4:31:6d:
19:e5:0d:d9:18:38:ce:3e:65:b3:87:e8:27:c2:2b:05:37:08:
c1:81:e4:9c:52:c8:ca:66:16:03:03:87:01:20:df:3e:1b:87:
ef:39:83:0e:8b:26:1b:28:71:4f:b6:cc:df:03:16:15:35:3f:
0f:68:23:1f:9b:98:64:a4:e7:62:a9:2d:df:db:c0:3e:0f:bc:
7d:66:22:21
-----BEGIN CERTIFICATE-----
MIIGLzCCBRegAwIBAgISAZSE8JUoe01rrEaxIqEVicDGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTIwMTgxOTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODJkNzQ3ZjFlZmFkY2NmOTBmOWJkOTIxNjRiM2IxZjdjZWU4ZWRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxyv7iPkH5Yg9OlNjbcpZ36EtwtWq
a4ZmEuV1dvNRxwoA/kG3uUmkW93jGnuTCIDvY5KmYM6SXQxygiC1NfK9PElZgBw0
Ds5Wzv+sf4C7gpo5IEI+ZwmUwfD16SrcZgv2qcpEGckQZmmgCR3THaegB3M1LTeM
a3BSguSV9cP5APQRz6t6Hyh0xeNmFHvc+UpusX+Og3boVtBg4BaxJ/UhjDmYr4wi
vMfJ936v6gDK/sew/X1J9wDAdXx8Czoi+2fpG3y5XQ4v9JyZq2R0YjDR5zj6L/aH
SyNCQRkuAe3/GunFK19/SOezJ4pM6Gcd1kZdo3Ksm2l3nZjIHjUg6FBpgQIDAQAB
o4IDOzCCAzcwHQYDVR0OBBYEFBgtdH8e+tzPkPm9khZLOx987o7fMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvR0MxMGZ4NzYzTS1RLWIyU0ZrczdIM3p1anQ4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBTwYIKwYBBQUHAQcBAf8EggE+MIIBOjCCATYEAgABMIIB
LgMEAS0JnAMEAC0M/wMEAC0OpAMEAC1C5AMEAC1C5gMEAC1YQAMEAC1aWQMEAC2L
agMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQAUaHvAwQAU9thAwQA
VDYwAwQAVdGFAwQAV3hUAwQAV3hXAwQAV3imAwQAV3ktAwQAV3lXAwQAV3lpAwQB
V3l8AwQAV3miAwQAV3mlAwQEW1zwAwQBXHfEAwQAXPkwAwQAXPkyAwQCXpqgAwQA
XpqtAwQAXpwLAwQDXpxAAwQAXpxmAwQAXpyzAwQAXpz4AwQAX9YbAwQAjWIBAwQA
jWIGAwQAk05kAwQCqxZIAwQAstftAwQAudhHAwQCudhUAwQCudpUAwQAwRnYAwQA
wjFeAwQAwje6AwQAwqmvMA0GCSqGSIb3DQEBCwUAA4IBAQBPFadgMIrNjFuCM4DP
tHmxoWaZkOszRbri9pARV2ZnQYHvd+LrWLkfYgg4u0HOdZHIvWASpHADy6tYxh+7
OKv94a1+uIPLZzy93wffFqttkfr86//b635UmXQZGQ0ywuGdGYzLpoSLSvJHedYo
yv2y+CWBjLZUKCPdDgRro4gcfXLO51tr5L3m+Q9M8mc0koVsItz+AdnrJga5QmeR
HnWiFMcT1Fsl+I/WBoYJCL4R2gHUMW0Z5Q3ZGDjOPmWzh+gnwisFNwjBgeScUsjK
ZhYDA4cBIN8+G4fvOYMOiyYbKHFPtszfAxYVNT8PaCMfm5hkpOdiqS3f28A+D7x9
ZiIh
-----END CERTIFICATE-----
Generated at Thu Apr 17 10:19:37 2025 by rpki-client