Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ytCMX-Rsm076bPga9gldUo4089Y.roa
File: ytCMX-Rsm076bPga9gldUo4089Y.roa (raw, json)
Hash identifier: oRaNZ4q9ETjVlG7foSLPHMuzXm/KBe5q45NhhpQwA/0=
Subject key identifier: CA:D0:8C:5F:E4:6C:9B:4E:FA:6C:F8:1A:F6:09:5D:52:8E:34:F3:D6
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01853EECC41EB9A0044BA6F2555AF004819A
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ytCMX-Rsm076bPga9gldUo4089Y.roa
Signing time: Fri 23 Dec 2022 12:19:42 +0000
ROA not before: Fri 23 Dec 2022 12:19:42 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 50225
IP address blocks: 194.55.224.0/24 maxlen: 24
84.54.50.0/24 maxlen: 24
178.215.226.0/24 maxlen: 24
194.55.225.0/24 maxlen: 24
185.222.161.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
193.42.34.0/24 maxlen: 24
193.47.63.0/24 maxlen: 24
193.47.60.0/24 maxlen: 24
45.84.91.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.88.65.0/24 maxlen: 24
194.180.38.0/24 maxlen: 24
194.180.39.0/24 maxlen: 24
83.219.96.0/24 maxlen: 24
94.154.162.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:3e:ec:c4:1e:b9:a0:04:4b:a6:f2:55:5a:f0:04:81:9a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Dec 23 12:19:42 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=cad08c5fe46c9b4efa6cf81af6095d528e34f3d6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:9a:d0:d2:66:8e:c6:8b:57:8e:9e:35:7d:48:
a4:fa:7c:4d:e0:36:89:7e:49:79:eb:ec:ab:b9:2e:
7a:81:d7:1c:9c:6e:ad:67:f2:a2:ab:ee:51:15:e6:
16:7f:60:fa:95:66:27:63:ed:a5:f7:dd:77:02:7c:
ad:8f:ff:54:ed:fd:43:f5:99:b2:72:dc:52:92:2b:
85:b8:ac:bd:08:53:5b:5e:ff:a8:4c:12:56:86:3d:
fd:98:09:f3:9a:7e:a5:f0:72:db:30:4f:79:de:ce:
a9:37:7a:69:2b:44:f8:08:c7:5b:4b:b9:d7:eb:76:
d5:88:01:08:97:f0:eb:52:c0:20:8c:e1:cd:92:4b:
23:23:1c:ac:cf:eb:62:82:d6:99:42:24:f5:3e:15:
1d:1b:1b:e6:90:3a:be:cd:a6:d1:a2:e5:73:14:78:
20:e1:0b:d1:c0:e5:b9:56:bb:8b:5a:ab:cb:8e:bd:
2b:3a:52:8f:50:55:6e:de:a8:a7:4d:df:4e:ae:43:
53:08:ba:ae:58:e0:19:56:97:63:b7:96:be:73:22:
f8:2b:6e:71:bc:64:b6:7f:d8:88:b5:17:f3:59:30:
51:04:d9:b6:23:53:5a:f2:7b:21:22:c9:d7:7c:ef:
61:42:fe:25:7d:87:a6:fd:6e:0c:7b:fe:35:e5:5b:
86:bf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:D0:8C:5F:E4:6C:9B:4E:FA:6C:F8:1A:F6:09:5D:52:8E:34:F3:D6
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ytCMX-Rsm076bPga9gldUo4089Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.12.255.0/24
45.84.91.0/24
45.88.64.0/23
83.219.96.0/24
84.54.50.0/24
94.154.162.0/24
178.215.226.0/24
185.222.161.0/24
193.42.34.0/24
193.47.60.0/24
193.47.63.0/24
194.55.224.0/23
194.180.38.0/23
Signature Algorithm: sha256WithRSAEncryption
47:25:26:cf:51:de:ed:c7:d3:14:c6:59:29:8b:6f:42:d3:9f:
29:e3:fd:63:b1:7a:08:92:a7:3b:64:c8:68:a0:64:4c:5b:12:
23:4e:08:03:7e:84:52:43:c8:ba:09:56:71:40:dc:a9:ba:b5:
2f:6e:16:22:9d:11:43:d4:bd:06:63:f2:96:54:2b:86:33:70:
fd:ad:38:f7:47:09:27:9a:e2:79:0e:ac:f9:64:eb:4c:2b:5a:
ee:9a:5d:cb:aa:52:77:7c:8c:3a:c9:09:7e:b6:3b:c7:04:5a:
7a:15:64:ef:f7:50:f6:00:dc:88:9a:cc:c5:f4:d5:53:7d:6a:
2c:6a:c0:3a:00:da:e0:18:02:fd:f8:99:14:71:d5:95:c6:4a:
a9:8e:6e:03:3a:5d:ac:02:04:e9:18:7b:10:78:1f:73:0e:db:
8b:fb:4a:12:89:3e:f8:92:40:aa:7f:e8:1c:32:75:da:b5:94:
2c:1e:65:38:d7:90:0c:e9:98:0c:79:bb:f5:9d:42:1b:07:0a:
b9:9b:9f:c2:06:eb:14:23:5f:73:ff:3a:51:d4:07:f5:07:7d:
c4:e1:57:44:99:8f:46:25:6e:9a:3a:e7:3a:6c:c2:47:28:50:
f0:76:ec:fa:ae:a2:2f:ce:98:9b:f1:ef:81:58:71:7a:c7:e1:
8d:17:9b:b4
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYU+7MQeuaAES6byVVrwBIGaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjIxMjIzMTIxOTQyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYWQwOGM1ZmU0NmM5YjRlZmE2Y2Y4MWFmNjA5NWQ1MjhlMzRmM2Q2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlZrQ0maOxotXjp41fUik+nxN4DaJ
fkl56+yruS56gdccnG6tZ/Kiq+5RFeYWf2D6lWYnY+2l9913Anytj/9U7f1D9Zmy
ctxSkiuFuKy9CFNbXv+oTBJWhj39mAnzmn6l8HLbME953s6pN3ppK0T4CMdbS7nX
63bViAEIl/DrUsAgjOHNkksjIxysz+tigtaZQiT1PhUdGxvmkDq+zabRouVzFHgg
4QvRwOW5VruLWqvLjr0rOlKPUFVu3qinTd9OrkNTCLquWOAZVpdjt5a+cyL4K25x
vGS2f9iItRfzWTBRBNm2I1Na8nshIsnXfO9hQv4lfYem/W4Me/415VuGvwIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFMrQjF/kbJtO+mz4GvYJXVKONPPWMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveXRDTVgtUnNtMDc2YlBnYTlnbGRVbzQwODlZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQALQz/AwQA
LVRbAwQBLVhAAwQAU9tgAwQAVDYyAwQAXpqiAwQAstfiAwQAud6hAwQAwSoiAwQA
wS88AwQAwS8/AwQBwjfgAwQBwrQmMA0GCSqGSIb3DQEBCwUAA4IBAQBHJSbPUd7t
x9MUxlkpi29C058p4/1jsXoIkqc7ZMhooGRMWxIjTggDfoRSQ8i6CVZxQNypurUv
bhYinRFD1L0GY/KWVCuGM3D9rTj3RwknmuJ5Dqz5ZOtMK1ruml3LqlJ3fIw6yQl+
tjvHBFp6FWTv91D2ANyImszF9NVTfWosasA6ANrgGAL9+JkUcdWVxkqpjm4DOl2s
AgTpGHsQeB9zDtuL+0oSiT74kkCqf+gcMnXatZQsHmU415AM6ZgMebv1nUIbBwq5
m5/CBusUI19z/zpR1Af1B33E4VdEmY9GJW6aOuc6bMJHKFDwduz6rqIvzpib8e+B
WHF6x+GNF5u0
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:46:44 2023 by rpki-client on console-ams.rpki-client.org