Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5kuLcphgTzdvZAr44cKu8m8o_lY.roa
File: 5kuLcphgTzdvZAr44cKu8m8o_lY.roa (raw, json)
Hash identifier: mWE0eshLKaZBgVnoc3oAsHV79PmcK1gY33Cme8rXesI=
Subject key identifier: E6:4B:8B:72:98:60:4F:37:6F:64:0A:F8:E1:C2:AE:F2:6F:28:FE:56
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0194FA7CFE2DC8038A868531F9C85C8ECA27
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5kuLcphgTzdvZAr44cKu8m8o_lY.roa
Signing time: Wed 12 Feb 2025 14:08:03 +0000
ROA not before: Wed 12 Feb 2025 14:08:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.85.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.106.0/24 maxlen: 32
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:fa:7c:fe:2d:c8:03:8a:86:85:31:f9:c8:5c:8e:ca:27
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 12 14:08:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=e64b8b7298604f376f640af8e1c2aef26f28fe56
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:ab:7e:4c:e9:56:e6:59:55:c3:a7:9d:f4:8c:
2b:49:de:14:e3:bd:8d:68:ae:fd:e1:42:3d:89:43:
99:92:72:49:d7:5e:c7:8b:3b:3b:eb:14:dc:4e:50:
05:42:d1:68:39:d3:89:7a:12:f6:dc:a5:b9:04:07:
1f:bb:f8:69:0f:3c:a3:cb:f6:12:a7:a9:29:ea:d6:
8a:c5:62:42:83:70:6b:df:b8:f3:94:aa:c0:b1:3b:
ad:78:b2:16:96:be:50:3a:c2:f0:8d:a7:b8:ff:fe:
f4:0b:7f:f2:9a:b8:02:69:0b:bb:4e:77:d2:df:8f:
fd:38:a0:02:a7:ae:51:51:65:dc:17:f8:23:76:a0:
e2:30:0e:ee:6b:52:42:a5:86:3a:49:2f:a7:4a:b2:
57:b8:f3:69:cf:82:5d:eb:3d:99:88:4b:c9:4f:2b:
dd:a8:c2:7d:b6:78:89:a7:8b:d9:31:78:4e:1b:14:
8e:83:83:96:ff:43:fc:f7:5c:4b:77:b9:54:a7:7e:
28:d6:af:20:74:b7:37:65:13:33:07:67:1f:34:29:
c4:83:9b:81:29:a6:e1:3e:3c:2f:0f:5a:c7:77:4a:
e0:f9:da:cc:19:f9:4e:28:4e:45:d0:03:36:ac:6e:
c4:ed:b2:d6:45:b3:46:00:0c:e4:7e:90:eb:44:b8:
40:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E6:4B:8B:72:98:60:4F:37:6F:64:0A:F8:E1:C2:AE:F2:6F:28:FE:56
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/5kuLcphgTzdvZAr44cKu8m8o_lY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.85.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.106.0/24
94.156.179.0/24
94.156.248.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
48:f2:06:45:4f:f0:6b:86:9d:95:c2:b4:c9:64:ae:68:6b:bc:
33:be:3f:94:04:27:47:c5:bc:f5:7e:0c:5a:4a:bc:0c:b7:f8:
9b:15:2c:35:b4:df:71:14:e9:18:5d:04:f1:ef:01:1a:9b:b8:
68:a6:dc:cd:50:48:53:9f:58:37:2e:e0:1d:d9:64:a7:de:91:
3b:00:f5:09:ab:4a:b2:e3:b9:33:4b:7a:0d:25:10:f2:79:d0:
84:a3:7c:42:7d:2d:16:7d:1f:36:20:11:c8:c1:89:e2:f4:4a:
81:de:bd:16:2b:44:4e:4d:b4:7a:63:be:f1:f3:c2:21:50:eb:
75:65:d8:6b:4b:04:af:ed:40:ea:8f:99:94:8f:31:53:c0:f0:
35:4b:9f:e6:c3:7e:11:ef:d6:c1:7e:fe:d0:08:26:dc:ed:50:
ce:f2:c4:ba:11:1c:cc:03:c4:2a:a8:a6:9e:1e:59:f8:c7:26:
f3:27:9e:e3:54:38:94:5d:8f:44:41:3a:69:b5:d7:fe:19:e5:
bf:a5:41:8d:02:b6:f7:1b:26:10:b2:76:96:09:d0:da:10:3e:
ad:ad:2b:c8:a2:f8:b4:4f:f5:ca:80:c5:0c:76:09:d4:51:f3:
95:f1:3b:37:48:5e:bb:86:32:2b:6d:1a:d3:75:94:8d:50:2f:
ef:a8:61:20
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgISAZT6fP4tyAOKhoUx+chcjsonMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMjEyMTQwODAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlNjRiOGI3Mjk4NjA0ZjM3NmY2NDBhZjhlMWMyYWVmMjZmMjhmZTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5qt+TOlW5llVw6ed9IwrSd4U472N
aK794UI9iUOZknJJ117Hizs76xTcTlAFQtFoOdOJehL23KW5BAcfu/hpDzyjy/YS
p6kp6taKxWJCg3Br37jzlKrAsTuteLIWlr5QOsLwjae4//70C3/ymrgCaQu7TnfS
34/9OKACp65RUWXcF/gjdqDiMA7ua1JCpYY6SS+nSrJXuPNpz4Jd6z2ZiEvJTyvd
qMJ9tniJp4vZMXhOGxSOg4OW/0P891xLd7lUp34o1q8gdLc3ZRMzB2cfNCnEg5uB
KabhPjwvD1rHd0rg+drMGflOKE5F0AM2rG7E7bLWRbNGAAzkfpDrRLhAQwIDAQAB
o4IDETCCAw0wHQYDVR0OBBYEFOZLi3KYYE83b2QK+OHCrvJvKP5WMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNWt1TGNwaGdUemR2WkFyNDRjS3U4bThvX2xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBJQYIKwYBBQUHAQcBAf8EggEUMIIBEDCCAQwEAgABMIIB
BAMEAgX8hAMEAS0JnAMEAC0OpAMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1a
WQMEAC2LagMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQAU9thAwQA
VDYwAwQAV3hXAwQAV3imAwQAV3ktAwQAV3lXAwQBV3l8AwQAV3miAwQAV3mlAwQE
W1zwAwQBXHfEAwQAXPkyAwQAXXtVAwQCXpqgAwQAXpwLAwQDXpxAAwQAXpxqAwQA
XpyzAwQAXpz4AwQAjWIBAwQAjWIGAwQAk05kAwQCqxZIAwQCudhUAwQCudpUAwQA
wRnYAwQAwjFeAwQAwje6AwQAwqmvMA0GCSqGSIb3DQEBCwUAA4IBAQBI8gZFT/Br
hp2VwrTJZK5oa7wzvj+UBCdHxbz1fgxaSrwMt/ibFSw1tN9xFOkYXQTx7wEam7ho
ptzNUEhTn1g3LuAd2WSn3pE7APUJq0qy47kzS3oNJRDyedCEo3xCfS0WfR82IBHI
wYni9EqB3r0WK0ROTbR6Y77x88IhUOt1ZdhrSwSv7UDqj5mUjzFTwPA1S5/mw34R
79bBfv7QCCbc7VDO8sS6ERzMA8QqqKaeHln4xybzJ57jVDiUXY9EQTpptdf+GeW/
pUGNArb3GyYQsnaWCdDaED6trSvIovi0T/XKgMUMdgnUUfOV8Ts3SF67hjIrbRrT
dZSNUC/vqGEg
-----END CERTIFICATE-----
Generated at Thu Jun 19 19:32:19 2025 by rpki-client