Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9OCGVqF6zhb0RAZcpGMNLSQnF8A.roa
File: 9OCGVqF6zhb0RAZcpGMNLSQnF8A.roa (raw, json)
Hash identifier: wwT5i0Qw78lhsZH07wPwMqwM5LJTYTy5Hns0gK4+D5k=
Subject key identifier: F4:E0:86:56:A1:7A:CE:16:F4:44:06:5C:A4:63:0D:2D:24:27:17:C0
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 018EF077CA158615A546F9A45A99381AB77E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9OCGVqF6zhb0RAZcpGMNLSQnF8A.roa
Signing time: Thu 18 Apr 2024 09:09:26 +0000
ROA not before: Thu 18 Apr 2024 09:09:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.9.156.0/24 maxlen: 24
45.88.88.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.21.174.0/23 maxlen: 24
85.209.133.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.86.0/23 maxlen: 24
87.121.221.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.163.0/24 maxlen: 24
94.156.72.0/23 maxlen: 24
94.156.239.0/24 maxlen: 24
95.214.25.0/24 maxlen: 24
95.214.26.0/24 maxlen: 24
147.78.102.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.42.32.0/23 maxlen: 24
194.48.248.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.55.224.0/24 maxlen: 24
194.59.31.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:f0:77:ca:15:86:15:a5:46:f9:a4:5a:99:38:1a:b7:7e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 18 09:09:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f4e08656a17ace16f444065ca4630d2d242717c0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:9f:9b:99:82:1a:d7:db:7e:e7:e1:dc:ef:1c:
ef:09:5c:43:71:3c:ee:55:7d:05:a9:7f:e5:5a:4d:
d6:44:dd:08:5e:a5:1f:17:0b:e7:49:76:eb:d1:a4:
7a:97:19:fd:08:e4:27:19:9e:ea:21:51:68:f2:3b:
42:e3:7a:de:1a:03:d0:86:0b:35:40:40:7d:db:42:
29:7d:32:cd:9b:ce:32:c7:c9:ad:ee:1f:76:d1:8d:
19:22:30:83:56:f3:aa:31:6d:fa:72:af:b2:06:8c:
65:a7:76:b0:fb:3b:00:3c:24:92:41:56:4e:15:9e:
65:c5:83:69:d1:ce:2d:88:c1:40:49:e2:c7:31:e8:
81:2a:bc:46:3a:4e:97:97:ea:0f:ea:28:39:67:e4:
07:38:63:62:93:50:b2:79:1c:ad:05:66:7c:04:12:
62:76:af:51:c6:3f:61:26:58:62:dc:c2:f3:e0:74:
7b:be:53:32:20:32:1b:3b:eb:78:8d:fd:0d:70:7e:
8f:d2:d1:67:f2:c9:f2:71:f5:5b:db:29:d3:40:57:
73:8f:f1:ac:c0:56:58:65:e2:1f:f5:1f:66:a1:e3:
83:16:2f:dc:03:f1:e1:6f:fd:d3:b5:ea:eb:95:e7:
f9:16:10:72:f4:80:95:91:c2:79:9f:c7:af:22:7d:
6c:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:E0:86:56:A1:7A:CE:16:F4:44:06:5C:A4:63:0D:2D:24:27:17:C0
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/9OCGVqF6zhb0RAZcpGMNLSQnF8A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/24
45.88.88.0/24
45.151.89.0/24
79.110.62.0/24
83.219.97.0/24
84.21.174.0/23
85.209.133.0/24
87.120.87.0/24
87.121.45.0/24
87.121.86.0/23
87.121.221.0/24
92.119.196.0/23
94.154.160.0/22
94.156.72.0/23
94.156.239.0/24
95.214.25.0-95.214.26.255
147.78.102.0/24
171.22.72.0/22
178.215.224.0/24
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
193.42.32.0/23
194.48.248.0/24
194.55.186.0/24
194.55.224.0/24
194.59.31.0/24
Signature Algorithm: sha256WithRSAEncryption
9f:39:17:4c:c4:f7:e7:2b:7a:16:b8:d1:29:de:a9:1c:6e:7b:
33:4a:89:35:10:12:75:64:be:b0:d0:eb:d3:56:27:ae:3d:2f:
40:4c:30:86:96:5f:35:3e:ce:d2:89:ca:8e:82:b7:cd:11:0a:
c7:1c:b1:e1:06:8a:df:32:67:a2:fb:88:30:f5:7c:90:0f:01:
d8:17:63:73:a9:6d:e5:1b:89:e6:0f:81:e1:77:d9:12:3c:bb:
52:ba:f1:93:30:37:55:fd:04:6a:b9:56:15:df:30:f3:77:f5:
0c:66:f7:2a:fe:29:af:3e:8e:ed:66:da:aa:66:47:8a:b8:ea:
43:29:79:f0:77:35:3a:e1:f5:c4:41:ce:d1:6e:c5:2e:af:13:
d4:c5:ac:12:5b:69:c5:ca:6b:05:7f:15:98:01:8b:d2:4d:d7:
e4:0d:d4:79:43:16:85:aa:da:7c:f0:07:a3:c6:f8:12:16:18:
2d:1a:1c:9f:df:98:60:33:99:b7:19:30:72:12:5c:ba:e2:99:
b0:44:07:e3:09:76:42:c1:99:8a:4b:7f:24:ab:f2:26:5e:5d:
45:b6:2f:15:81:a5:59:cb:5f:da:87:11:31:0e:7a:db:d6:90:
04:8e:16:d2:cc:82:4a:2c:11:d7:0c:5b:56:7d:d8:d2:2f:e2:
56:2a:0c:97
-----BEGIN CERTIFICATE-----
MIIFpjCCBI6gAwIBAgISAY7wd8oVhhWlRvmkWpk4Grd+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQwNDE4MDkwOTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGUwODY1NmExN2FjZTE2ZjQ0NDA2NWNhNDYzMGQyZDI0MjcxN2MwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh5+bmYIa19t+5+Hc7xzvCVxDcTzu
VX0FqX/lWk3WRN0IXqUfFwvnSXbr0aR6lxn9COQnGZ7qIVFo8jtC43reGgPQhgs1
QEB920IpfTLNm84yx8mt7h920Y0ZIjCDVvOqMW36cq+yBoxlp3aw+zsAPCSSQVZO
FZ5lxYNp0c4tiMFASeLHMeiBKrxGOk6Xl+oP6ig5Z+QHOGNik1CyeRytBWZ8BBJi
dq9Rxj9hJlhi3MLz4HR7vlMyIDIbO+t4jf0NcH6P0tFn8snycfVb2ynTQFdzj/Gs
wFZYZeIf9R9moeODFi/cA/Hhb/3Tterrlef5FhBy9ICVkcJ5n8evIn1sqQIDAQAB
o4ICsjCCAq4wHQYDVR0OBBYEFPTghlahes4W9EQGXKRjDS0kJxfAMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvOU9DR1ZxRjZ6aGIwUkFaY3BHTU5MU1FuRjhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHHBggrBgEFBQcBBwEB/wSBtzCBtDCBsQQCAAEwgaoDBAAt
CZwDBAAtWFgDBAAtl1kDBABPbj4DBABT22EDBAFUFa4DBABV0YUDBABXeFcDBABX
eS0DBAFXeVYDBABXed0DBAFcd8QDBAJemqADBAFenEgDBABenO8wDAMEAF/WGQME
AF/WGgMEAJNOZgMEAqsWSAMEALLX4AMEALLX7AMEArnYVAMEArnaVAMEAcEqIAME
AMIw+AMEAMI3ugMEAMI34AMEAMI7HzANBgkqhkiG9w0BAQsFAAOCAQEAnzkXTMT3
5yt6FrjRKd6pHG57M0qJNRASdWS+sNDr01Ynrj0vQEwwhpZfNT7O0onKjoK3zREK
xxyx4QaK3zJnovuIMPV8kA8B2Bdjc6lt5RuJ5g+B4XfZEjy7UrrxkzA3Vf0EarlW
Fd8w83f1DGb3Kv4prz6O7WbaqmZHirjqQyl58Hc1OuH1xEHO0W7FLq8T1MWsEltp
xcprBX8VmAGL0k3X5A3UeUMWharafPAHo8b4EhYYLRocn9+YYDOZtxkwchJcuuKZ
sEQH4wl2QsGZikt/JKvyJl5dRbYvFYGlWctf2ocRMQ5629aQBI4W0syCSiwR1wxb
Vn3Y0i/iVioMlw==
-----END CERTIFICATE-----
Generated at Thu May 1 16:06:19 2025 by rpki-client