Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/cmCg_H4GfDI660NWtzSG6mtAPOA.roa
File: cmCg_H4GfDI660NWtzSG6mtAPOA.roa (raw, json)
Hash identifier: ApSTGDM42r4crczUYDtSphzm0NkofCv+tMiOBOeL9IM=
Subject key identifier: 72:60:A0:FC:7E:06:7C:32:3A:EB:43:56:B7:34:86:EA:6B:40:3C:E0
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018709601FACC98D4CE5FBE31B620415D0BF
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/cmCg_H4GfDI660NWtzSG6mtAPOA.roa
Signing time: Wed 22 Mar 2023 12:51:46 +0000
ROA not before: Wed 22 Mar 2023 12:51:46 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.218.84.0/22 maxlen: 24
45.128.233.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
185.218.137.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.172.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
164.40.185.0/24 maxlen: 24
84.54.49.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
178.215.237.0/24 maxlen: 24
141.98.7.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
45.149.233.0/24 maxlen: 24
171.22.19.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
87.120.64.0/23 maxlen: 24
94.103.125.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
194.49.87.0/24 maxlen: 24
185.219.126.0/24 maxlen: 24
87.121.220.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:09:60:1f:ac:c9:8d:4c:e5:fb:e3:1b:62:04:15:d0:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 22 12:51:46 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7260a0fc7e067c323aeb4356b73486ea6b403ce0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:03:c3:af:56:78:52:d8:5e:4e:de:4c:06:9f:
27:fd:ef:31:6f:af:77:09:5c:4f:fe:b1:df:0a:f1:
ff:8e:6c:fb:47:b8:97:b7:26:50:a1:1e:22:c9:fc:
24:a9:67:5f:7e:66:df:c9:a1:18:e8:19:66:06:b5:
35:a8:bd:00:0f:95:44:28:39:bc:7b:a9:e4:59:63:
3e:a2:2c:39:7c:c9:3b:4e:1d:d8:0e:83:3a:06:d0:
a1:6e:7f:40:b8:a8:33:18:44:39:24:97:30:8d:db:
5e:5e:a5:a2:65:08:d5:af:22:2c:46:b9:d6:13:ac:
51:b6:fd:fc:6b:d9:d7:9a:83:8a:88:e3:42:1e:51:
ac:99:d4:00:2d:87:f8:61:a1:ba:b4:f8:02:9f:25:
6a:3e:de:80:8c:6c:00:cf:e0:b7:7e:a4:6d:eb:01:
3f:8a:fd:c6:63:50:4d:1b:a4:16:2f:15:22:ad:eb:
63:03:35:6b:ad:1f:be:5d:55:83:9e:ce:51:1f:5f:
3f:81:d2:5b:8f:63:3b:23:71:f6:d2:69:0e:81:3a:
94:76:36:d3:ad:5a:92:48:7d:35:95:ee:85:81:b4:
e1:30:3f:54:72:30:0e:f5:4c:d8:3c:16:f5:85:1c:
a5:0b:16:62:1b:25:43:36:38:d2:02:d1:97:fc:0f:
59:87
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:60:A0:FC:7E:06:7C:32:3A:EB:43:56:B7:34:86:EA:6B:40:3C:E0
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/cmCg_H4GfDI660NWtzSG6mtAPOA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.128.233.0/24
45.149.233.0/24
45.151.89.0/24
84.54.49.0/24
87.120.64.0/23
87.121.124.0/23
87.121.220.0/24
92.119.196.0/23
94.103.125.0/24
94.154.161.0-94.154.163.255
94.154.172.0/24
141.98.7.0/24
147.78.100.0/23
164.40.185.0/24
171.22.19.0/24
171.22.72.0/22
178.215.236.0/23
185.216.84.0/22
185.218.84.0/22
185.218.137.0/24
185.219.126.0/24
194.49.87.0/24
Signature Algorithm: sha256WithRSAEncryption
48:c5:00:7e:e8:be:ff:de:14:f4:3d:94:0f:aa:01:90:e3:72:
c2:24:8a:c5:0b:cc:ee:57:a2:97:b7:00:da:fe:96:2d:c1:08:
13:87:e2:1a:4f:2c:f6:99:f4:f3:b5:c5:6a:67:d7:8f:d5:72:
c6:6d:63:c1:db:60:4b:cf:54:83:33:fd:89:9f:cb:57:d1:dc:
0f:41:68:34:93:39:a0:49:59:47:13:ad:74:eb:b7:b8:bb:57:
a5:1c:e3:06:90:89:c4:d1:4d:78:ca:7e:08:07:03:0f:32:0d:
e7:03:f5:88:d8:ac:0b:72:20:7c:08:fb:d3:ba:b2:da:44:aa:
b0:0c:64:c1:cd:a8:0b:34:5a:37:9c:03:bf:3b:7c:15:a0:cd:
1e:c4:67:69:31:4d:dd:66:fe:36:87:95:b1:58:98:5c:b7:e6:
40:3f:a2:64:75:14:f0:79:d3:d6:dc:ee:2c:72:93:9b:6c:bf:
d9:d4:01:2e:f9:18:8a:f8:1b:45:eb:24:60:41:e0:e3:8f:e2:
2c:b5:5d:db:52:65:3d:f4:87:88:b0:bb:49:f0:df:90:48:ce:
fa:d4:91:c4:38:fd:6b:86:8a:5e:b5:4c:5d:1f:cd:1a:0f:70:
4f:9c:b1:20:a1:13:61:a9:1c:17:e4:65:31:7b:8e:c1:46:75:
4e:6b:ad:76
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAYcJYB+syY1M5fvjG2IEFdC/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMzIyMTI1MTQ2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjYwYTBmYzdlMDY3YzMyM2FlYjQzNTZiNzM0ODZlYTZiNDAzY2UwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAigPDr1Z4UtheTt5MBp8n/e8xb693
CVxP/rHfCvH/jmz7R7iXtyZQoR4iyfwkqWdffmbfyaEY6BlmBrU1qL0AD5VEKDm8
e6nkWWM+oiw5fMk7Th3YDoM6BtChbn9AuKgzGEQ5JJcwjdteXqWiZQjVryIsRrnW
E6xRtv38a9nXmoOKiONCHlGsmdQALYf4YaG6tPgCnyVqPt6AjGwAz+C3fqRt6wE/
iv3GY1BNG6QWLxUiretjAzVrrR++XVWDns5RH18/gdJbj2M7I3H20mkOgTqUdjbT
rVqSSH01le6FgbThMD9UcjAO9UzYPBb1hRylCxZiGyVDNjjSAtGX/A9ZhwIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFHJgoPx+BnwyOutDVrc0huprQDzgMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvY21DZ19INEdmREk2NjBOV3R6U0c2bXRBUE9BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGpBggrBgEFBQcBBwEB/wSBmTCBljCBkwQCAAEwgYwDBAAt
gOkDBAAtlekDBAAtl1kDBABUNjEDBAFXeEADBAFXeXwDBABXedwDBAFcd8QDBABe
Z30wDAMEAF6aoQMEAl6aoAMEAF6arAMEAI1iBwMEAZNOZAMEAKQouQMEAKsWEwME
AqsWSAMEAbLX7AMEArnYVAMEArnaVAMEALnaiQMEALnbfgMEAMIxVzANBgkqhkiG
9w0BAQsFAAOCAQEASMUAfui+/94U9D2UD6oBkONywiSKxQvM7leil7cA2v6WLcEI
E4fiGk8s9pn087XFamfXj9Vyxm1jwdtgS89UgzP9iZ/LV9HcD0FoNJM5oElZRxOt
dOu3uLtXpRzjBpCJxNFNeMp+CAcDDzIN5wP1iNisC3IgfAj707qy2kSqsAxkwc2o
CzRaN5wDvzt8FaDNHsRnaTFN3Wb+NoeVsViYXLfmQD+iZHUU8HnT1tzuLHKTm2y/
2dQBLvkYivgbReskYEHg44/iLLVd21JlPfSHiLC7SfDfkEjO+tSRxDj9a4aKXrVM
XR/NGg9wT5yxIKETYakcF+RlMXuOwUZ1Tmutdg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:38 2024 by rpki-client on console-ams.rpki-client.org