Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mMizqjRaUcU6g6Y6Ru5hy3d32xU.roa
File: mMizqjRaUcU6g6Y6Ru5hy3d32xU.roa (raw, json)
Hash identifier: c4cK4OKLOUyb1FTT4tbf+R/RHPYa8669b4fHq5QeXI0=
Subject key identifier: 98:C8:B3:AA:34:5A:51:C5:3A:83:A6:3A:46:EE:61:CB:77:77:DB:15
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01867D9EB2BFECFAAB5A55FCF7A4A399A685
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mMizqjRaUcU6g6Y6Ru5hy3d32xU.roa
Signing time: Thu 23 Feb 2023 09:33:17 +0000
ROA not before: Thu 23 Feb 2023 09:33:17 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 211252
IP address blocks: 45.81.243.0/24 maxlen: 24
45.12.253.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
85.31.44.0/24 maxlen: 24
85.31.46.0/24 maxlen: 24
85.31.45.0/24 maxlen: 24
185.246.221.0/24 maxlen: 24
185.246.220.0/24 maxlen: 24
109.206.241.0/24 maxlen: 24
109.206.243.0/24 maxlen: 24
185.254.37.0/24 maxlen: 24
194.180.48.0/24 maxlen: 24
194.180.49.0/24 maxlen: 24
185.225.73.0/24 maxlen: 24
185.225.74.0/24 maxlen: 24
37.139.128.0/24 maxlen: 24
37.139.129.0/24 maxlen: 24
84.21.172.0/24 maxlen: 24
109.206.240.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
212.87.204.0/24 maxlen: 24
84.54.50.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
85.217.145.0/24 maxlen: 24
85.217.144.0/24 maxlen: 24
45.81.39.0/24 maxlen: 24
80.76.51.0/24 maxlen: 24
94.156.161.0/24 maxlen: 24
193.42.32.0/24 maxlen: 24
45.149.235.0/24 maxlen: 24
185.252.178.0/24 maxlen: 24
193.47.61.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
185.216.71.0/24 maxlen: 24
45.88.67.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
79.110.63.0/24 maxlen: 24
87.121.221.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:7d:9e:b2:bf:ec:fa:ab:5a:55:fc:f7:a4:a3:99:a6:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 23 09:33:17 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=98c8b3aa345a51c53a83a63a46ee61cb7777db15
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:ea:79:bc:9c:84:d4:d5:1a:4b:7a:f0:3c:42:
7e:4c:b6:a2:77:c2:2d:91:0f:c5:36:f1:28:45:ca:
25:82:4f:64:41:ca:09:d9:38:c6:34:26:3e:3c:9a:
98:db:f6:9e:b4:3f:f2:6a:9a:54:dc:dd:75:cf:2e:
41:5a:bd:c1:0d:38:91:df:ea:c4:2d:81:39:56:97:
78:b3:5f:14:82:b8:50:80:93:81:58:ae:d5:c7:fb:
71:0d:48:fd:01:df:70:55:8d:d7:29:83:f0:29:b9:
d7:dd:85:c8:8a:71:e4:fd:54:e7:ce:c4:de:60:c6:
b1:93:98:e0:39:b7:07:dd:0d:73:b2:5e:05:ff:74:
37:1b:c9:b9:99:04:03:70:71:79:0d:5a:e5:76:f3:
dd:3a:0b:72:8d:44:62:5b:8b:db:ce:dd:94:c1:a2:
ad:4b:d6:dc:af:e0:76:73:a2:51:49:dc:3d:a3:e0:
f9:5f:10:01:ac:3d:17:da:93:f1:97:fa:db:4f:be:
89:21:1e:59:b4:e0:6d:8a:9e:0d:9a:b5:e1:3d:cd:
ba:6c:5b:0f:79:71:f0:49:a5:3d:97:a2:cf:51:ec:
41:73:5f:84:a9:73:0c:1e:75:65:5f:54:be:7d:ce:
6c:74:eb:02:ec:7a:9d:32:80:ec:77:d2:b4:09:88:
b3:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
98:C8:B3:AA:34:5A:51:C5:3A:83:A6:3A:46:EE:61:CB:77:77:DB:15
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mMizqjRaUcU6g6Y6Ru5hy3d32xU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.128.0/23
45.12.253.0/24
45.66.230.0/24
45.81.39.0/24
45.81.243.0/24
45.88.67.0/24
45.149.235.0/24
79.110.62.0/23
80.76.51.0/24
84.21.172.0/24
84.54.50.0/24
85.31.44.0-85.31.46.255
85.217.144.0/23
87.121.221.0/24
94.156.161.0/24
95.214.27.0/24
109.206.240.0/23
109.206.243.0/24
185.216.71.0/24
185.225.73.0-185.225.74.255
185.246.220.0/23
185.252.178.0/24
185.254.37.0/24
193.42.32.0/24
193.47.61.0/24
194.55.186.0/24
194.55.224.0/24
194.180.48.0/23
212.87.204.0/24
Signature Algorithm: sha256WithRSAEncryption
96:8e:d3:c3:33:89:42:11:ef:34:da:71:bb:c5:12:a2:20:bf:
ea:a1:25:35:eb:ba:02:4a:44:10:e4:9d:99:2b:6c:39:b5:01:
bb:c6:1f:3b:e1:db:e8:25:f3:4f:11:fd:d7:27:49:32:34:8b:
fa:94:95:f1:71:5c:22:85:92:c0:0e:1a:6e:fd:60:3b:98:3d:
1b:5f:44:d9:3b:f4:13:7a:79:2f:67:34:48:ee:36:36:87:e9:
e2:fa:28:e9:49:13:6b:1f:17:88:72:68:29:77:2b:5c:e0:20:
d7:01:7c:1d:19:1e:c2:65:7e:b1:30:a4:1d:f9:4b:f9:72:47:
1f:b3:0f:01:9d:2b:c8:68:41:a6:3f:e9:26:fb:7c:1e:e1:dc:
01:56:fc:5a:a8:15:2a:36:e7:67:66:3c:5d:5f:74:f6:e9:6d:
9f:64:2c:12:5c:ea:a4:d8:5d:5a:71:89:ce:46:89:e5:7c:72:
be:a3:6b:65:d6:2f:88:12:e3:10:0c:da:63:78:47:78:eb:62:
76:07:4f:ad:06:0c:a8:85:2a:a9:dc:80:69:1c:63:40:87:64:
19:4b:94:7f:73:e8:dd:56:a8:cf:9d:64:08:45:48:2c:72:7a:
f1:0b:26:67:af:90:a2:6e:13:db:93:56:9e:4b:07:2f:36:6f:
3d:d0:85:67
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgISAYZ9nrK/7PqrWlX896SjmaaFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMjIzMDkzMzE3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5OGM4YjNhYTM0NWE1MWM1M2E4M2E2M2E0NmVlNjFjYjc3NzdkYjE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOp5vJyE1NUaS3rwPEJ+TLaid8It
kQ/FNvEoRcolgk9kQcoJ2TjGNCY+PJqY2/aetD/yappU3N11zy5BWr3BDTiR3+rE
LYE5Vpd4s18UgrhQgJOBWK7Vx/txDUj9Ad9wVY3XKYPwKbnX3YXIinHk/VTnzsTe
YMaxk5jgObcH3Q1zsl4F/3Q3G8m5mQQDcHF5DVrldvPdOgtyjURiW4vbzt2UwaKt
S9bcr+B2c6JRSdw9o+D5XxABrD0X2pPxl/rbT76JIR5ZtOBtip4NmrXhPc26bFsP
eXHwSaU9l6LPUexBc1+EqXMMHnVlX1S+fc5sdOsC7HqdMoDsd9K0CYizzQIDAQAB
o4ICxjCCAsIwHQYDVR0OBBYEFJjIs6o0WlHFOoOmOkbuYct3d9sVMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbU1penFqUmFVY1U2ZzZZNlJ1NWh5M2QzMnhVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHbBggrBgEFBQcBBwEB/wSByzCByDCBxQQCAAEwgb4DBAEl
i4ADBAAtDP0DBAAtQuYDBAAtUScDBAAtUfMDBAAtWEMDBAAtlesDBAFPbj4DBABQ
TDMDBABUFawDBABUNjIwDAMEAlUfLAMEAFUfLgMEAVXZkAMEAFd53QMEAF6coQME
AF/WGwMEAW3O8AMEAG3O8wMEALnYRzAMAwQAueFJAwQAueFKAwQBufbcAwQAufyy
AwQAuf4lAwQAwSogAwQAwS89AwQAwje6AwQAwjfgAwQBwrQwAwQA1FfMMA0GCSqG
SIb3DQEBCwUAA4IBAQCWjtPDM4lCEe802nG7xRKiIL/qoSU167oCSkQQ5J2ZK2w5
tQG7xh874dvoJfNPEf3XJ0kyNIv6lJXxcVwihZLADhpu/WA7mD0bX0TZO/QTenkv
ZzRI7jY2h+ni+ijpSRNrHxeIcmgpdytc4CDXAXwdGR7CZX6xMKQd+Uv5ckcfsw8B
nSvIaEGmP+km+3we4dwBVvxaqBUqNudnZjxdX3T26W2fZCwSXOqk2F1acYnORonl
fHK+o2tl1i+IEuMQDNpjeEd462J2B0+tBgyohSqp3IBpHGNAh2QZS5R/c+jdVqjP
nWQIRUgscnrxCyZnr5CibhPbk1aeSwcvNm890IVn
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:42 2024 by rpki-client on console-ams.rpki-client.org