Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8m0ESRBeuf08RVfEiv-WMP4FTV4.roa
File: 8m0ESRBeuf08RVfEiv-WMP4FTV4.roa (raw, json)
Hash identifier: 7KW8ZTmnyvf8LBZRlGObgxTHBtsxpxaHXa7TwUGJmB0=
Subject key identifier: F2:6D:04:49:10:5E:B9:FD:3C:45:57:C4:8A:FF:96:30:FE:05:4D:5E
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01890C3C7D7A3BA7EB8E02DDFB16ACEA7CEA
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8m0ESRBeuf08RVfEiv-WMP4FTV4.roa
Signing time: Fri 30 Jun 2023 12:17:18 +0000
ROA not before: Fri 30 Jun 2023 12:17:18 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.218.84.0/22 maxlen: 24
94.156.239.0/24 maxlen: 24
194.113.36.0/22 maxlen: 24
178.215.236.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.252.176.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
45.95.0.0/22 maxlen: 24
94.103.124.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.137.0/24 maxlen: 24
194.169.174.0/24 maxlen: 24
94.154.163.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
185.219.126.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:0c:3c:7d:7a:3b:a7:eb:8e:02:dd:fb:16:ac:ea:7c:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jun 30 12:17:18 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f26d0449105eb9fd3c4557c48aff9630fe054d5e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:da:73:dd:75:86:af:b4:80:8a:2d:b5:f8:3d:
8a:2d:ec:1b:da:a7:65:83:6c:5d:d4:f4:52:83:4e:
f8:3d:20:0e:34:6c:3f:50:28:61:a9:e0:69:02:e0:
c7:3e:ed:1a:cc:3d:ce:0e:30:d4:51:5c:5f:c6:d8:
6c:fb:c4:ed:73:84:42:41:52:9b:af:2d:5d:b8:1c:
e8:a9:31:5c:72:d5:54:02:39:df:a2:ed:62:02:17:
e6:69:15:36:31:50:5c:85:c7:15:3d:4e:ff:52:92:
11:1d:1d:e7:b8:b2:64:2a:8b:49:71:65:8a:6b:5a:
32:bf:1c:a9:08:db:9a:33:fa:e2:62:8f:bf:ae:0a:
5e:93:cf:60:3c:7a:31:4f:66:c4:bd:0c:16:c9:3c:
b2:8c:87:84:60:06:a9:a8:9e:7e:e2:d8:25:93:22:
05:d7:2b:31:cb:e8:46:67:b3:f4:f8:26:f1:74:99:
a6:f4:65:93:ed:28:91:a7:13:27:cd:e0:bc:e2:49:
80:68:54:67:5a:75:a0:e2:2f:15:47:14:36:98:77:
ef:dd:9e:0b:44:19:68:c5:e6:25:99:86:39:5b:f5:
40:4b:2a:8a:19:70:0c:ba:10:fa:75:1a:2a:ce:9f:
5a:9c:1b:59:0a:5f:90:ac:d4:cf:78:f4:3c:ef:dc:
c1:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:6D:04:49:10:5E:B9:FD:3C:45:57:C4:8A:FF:96:30:FE:05:4D:5E
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/8m0ESRBeuf08RVfEiv-WMP4FTV4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.95.0.0/22
45.151.89.0/24
92.119.196.0/23
94.103.124.0/24
94.154.161.0-94.154.163.255
94.156.239.0/24
147.78.100.0/23
171.22.72.0/22
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.218.137.0/24
185.219.126.0/24
185.252.176.0/24
194.113.36.0/22
194.169.174.0/24
Signature Algorithm: sha256WithRSAEncryption
b5:06:3e:d8:fa:78:29:be:45:fd:66:ac:e8:19:f7:75:35:7e:
f4:c0:ef:7a:29:d1:42:c0:ef:8d:fa:8c:1c:05:9f:73:70:c5:
48:b9:d1:8d:76:ad:15:5d:d7:e0:23:cc:9c:b8:cb:c5:b9:01:
b3:a4:ce:74:2b:a9:17:48:7c:f1:9c:98:2f:27:69:c0:b4:ac:
9f:f4:1c:1e:ef:95:22:44:18:12:a3:c6:92:01:77:f9:ef:9c:
31:6f:0c:cd:fb:a7:27:80:cf:a7:bd:fd:3f:b2:71:9f:aa:f2:
f2:39:05:a2:f8:c5:d4:9c:70:b4:0e:a8:2b:1a:ea:0b:84:6b:
c2:d0:be:b3:d5:9a:80:25:df:5b:a3:0d:b7:46:67:f6:10:2b:
16:9f:03:07:da:01:14:61:a1:95:90:ac:38:96:04:a1:96:48:
56:15:66:dd:d0:62:10:e5:b6:db:2e:a3:e0:7a:73:5e:6d:c1:
11:d6:0a:f0:fa:be:11:d8:b7:dc:90:2a:50:ed:a1:96:f7:aa:
14:54:b3:e3:72:62:e3:6a:29:b2:4a:53:c9:3d:7e:c3:44:c7:
e2:18:41:71:a6:3f:f6:f3:2e:b6:ae:f4:0e:12:aa:56:b3:75:
ba:c0:0e:4f:8b:1f:74:0d:9d:20:98:dd:d3:04:8f:aa:00:4e:
3a:ca:06:97
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAYkMPH16O6frjgLd+xas6nzqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNjMwMTIxNzE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjZkMDQ0OTEwNWViOWZkM2M0NTU3YzQ4YWZmOTYzMGZlMDU0ZDVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh9pz3XWGr7SAii21+D2KLewb2qdl
g2xd1PRSg074PSAONGw/UChhqeBpAuDHPu0azD3ODjDUUVxfxths+8Ttc4RCQVKb
ry1duBzoqTFcctVUAjnfou1iAhfmaRU2MVBchccVPU7/UpIRHR3nuLJkKotJcWWK
a1oyvxypCNuaM/riYo+/rgpek89gPHoxT2bEvQwWyTyyjIeEYAapqJ5+4tglkyIF
1ysxy+hGZ7P0+CbxdJmm9GWT7SiRpxMnzeC84kmAaFRnWnWg4i8VRxQ2mHfv3Z4L
RBloxeYlmYY5W/VASyqKGXAMuhD6dRoqzp9anBtZCl+QrNTPePQ879zB4QIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFPJtBEkQXrn9PEVXxIr/ljD+BU1eMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvOG0wRVNSQmV1ZjA4UlZmRWl2LVdNUDRGVFY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwbgQCAAEwaAMEAi1fAAME
AC2XWQMEAVx3xAMEAF5nfDAMAwQAXpqhAwQCXpqgAwQAXpzvAwQBk05kAwQCqxZI
AwQAstfsAwQCudhUAwQCudpUAwQAudqJAwQAudt+AwQAufywAwQCwnEkAwQAwqmu
MA0GCSqGSIb3DQEBCwUAA4IBAQC1Bj7Y+ngpvkX9ZqzoGfd1NX70wO96KdFCwO+N
+owcBZ9zcMVIudGNdq0VXdfgI8ycuMvFuQGzpM50K6kXSHzxnJgvJ2nAtKyf9Bwe
75UiRBgSo8aSAXf575wxbwzN+6cngM+nvf0/snGfqvLyOQWi+MXUnHC0DqgrGuoL
hGvC0L6z1ZqAJd9bow23Rmf2ECsWnwMH2gEUYaGVkKw4lgShlkhWFWbd0GIQ5bbb
LqPgenNebcER1grw+r4R2LfckCpQ7aGW96oUVLPjcmLjaimySlPJPX7DRMfiGEFx
pj/28y62rvQOEqpWs3W6wA5Pix90DZ0gmN3TBI+qAE46ygaX
-----END CERTIFICATE-----
Generated at Tue May 13 20:38:22 2025 by rpki-client