Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CEi7Lh-IKhyWGpNBrkjii01q6cM.roa
File: CEi7Lh-IKhyWGpNBrkjii01q6cM.roa (raw, json)
Hash identifier: jd4Gwo/zwIrR8fjCZVP/GOMtIkESrH04jCjUIY6k/lg=
Subject key identifier: 08:48:BB:2E:1F:88:2A:1C:96:1A:93:41:AE:48:E2:8B:4D:6A:E9:C3
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 019493DC2A2D2D52893318D6C963A9256399
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CEi7Lh-IKhyWGpNBrkjii01q6cM.roa
Signing time: Thu 23 Jan 2025 15:51:06 +0000
ROA not before: Thu 23 Jan 2025 15:51:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.209.133.0/24 maxlen: 24
87.120.84.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.120.187.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.48.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.173.0/24 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.114.0/24 maxlen: 24
94.156.170.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.237.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:93:dc:2a:2d:2d:52:89:33:18:d6:c9:63:a9:25:63:99
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 23 15:51:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0848bb2e1f882a1c961a9341ae48e28b4d6ae9c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:1e:02:ec:2a:f4:ae:67:c7:39:5a:76:4c:65:
77:11:8a:66:99:77:73:32:55:e5:11:f6:5f:be:bc:
be:37:38:bd:bf:b2:b1:39:f6:cb:75:ca:5f:61:1f:
a6:7f:21:30:1b:5a:84:b4:ca:11:ba:f3:41:7f:f1:
ae:3d:39:59:64:8c:af:ff:87:38:04:8f:7e:94:7d:
c2:61:a6:d8:2c:17:de:b9:50:87:b9:03:68:05:7a:
db:5b:b4:90:1b:2d:ec:8c:eb:40:c3:dc:92:3d:bb:
8e:bd:19:de:c3:f0:5a:5c:0d:e5:8a:1d:93:b3:f9:
12:b4:88:43:31:3c:c3:5e:6f:06:2f:de:01:db:8a:
97:0c:cd:7a:d6:3f:18:53:84:fb:f3:5e:4a:96:21:
e9:90:f1:62:1a:e0:80:56:c5:d5:bf:0a:e9:83:25:
8c:9d:32:4b:68:3b:53:9f:3a:3e:db:fd:6c:80:18:
72:38:82:ed:3b:30:e5:8b:39:3c:94:e0:a3:4b:df:
12:32:d4:62:b5:f8:08:1c:3c:d7:dd:66:8b:cf:0d:
f1:fe:a5:ec:0b:35:72:55:c0:bf:6a:d0:3c:18:6c:
dc:eb:0b:ae:b7:de:b5:d7:93:9a:86:6f:f5:36:6e:
d1:43:60:44:49:22:cd:c4:c8:b6:93:40:7f:e0:2c:
f6:27
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
08:48:BB:2E:1F:88:2A:1C:96:1A:93:41:AE:48:E2:8B:4D:6A:E9:C3
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/CEi7Lh-IKhyWGpNBrkjii01q6cM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/24
45.88.64.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
83.219.97.0/24
84.54.48.0/24
85.209.133.0/24
87.120.84.0/24
87.120.87.0/24
87.120.166.0/24
87.120.187.0/24
87.121.45.0/24
87.121.87.0/24
87.121.105.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.48.0/24
92.249.50.0/24
94.154.160.0/22
94.154.173.0/24
94.156.11.0/24
94.156.64.0/21
94.156.114.0/24
94.156.170.0/24
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.237.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
36:37:bd:05:58:e1:92:70:f7:4a:c0:5c:c7:a1:ed:03:32:fc:
a2:18:d3:95:af:53:43:3c:04:fe:77:ad:07:b0:9d:ea:37:2f:
31:d2:91:e8:f1:24:04:35:8d:49:f0:b0:c6:b5:8f:7a:1e:a3:
6b:fe:c3:c6:65:6d:c9:7d:2c:83:3a:e3:2e:bf:0b:0f:18:69:
ed:f3:2c:7b:d4:b3:57:b2:96:15:8d:f6:da:93:55:03:64:15:
38:04:b3:a9:e4:76:08:6e:79:0f:13:76:85:42:45:7b:ca:84:
fb:49:45:b1:cc:dc:cc:86:29:ac:14:b2:0d:fe:32:7f:fb:e7:
61:f3:09:2a:90:54:4d:ab:0d:53:ee:6b:ae:14:6b:2d:6f:64:
8f:47:a3:ee:a8:1d:e9:c9:24:fd:f9:6c:d8:ae:a4:b2:88:fd:
1c:a8:70:17:a2:cb:e4:70:04:39:37:36:c9:f4:ca:1e:c9:01:
fb:4f:02:81:dd:00:90:ba:48:a6:d5:8e:d7:d1:08:f5:b7:82:
c1:f7:32:a9:2f:9b:bb:1a:51:94:4e:38:33:04:4d:f6:06:33:
94:f8:a0:41:89:59:be:a2:37:c1:ce:de:c8:6f:72:a0:78:7a:
56:41:76:1f:58:eb:b0:b0:45:8d:58:74:c3:a5:c5:fc:59:b6:
ad:56:0d:17
-----BEGIN CERTIFICATE-----
MIIGKTCCBRGgAwIBAgISAZST3CotLVKJMxjWyWOpJWOZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTIzMTU1MTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwODQ4YmIyZTFmODgyYTFjOTYxYTkzNDFhZTQ4ZTI4YjRkNmFlOWMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1R4C7Cr0rmfHOVp2TGV3EYpmmXdz
MlXlEfZfvry+Nzi9v7KxOfbLdcpfYR+mfyEwG1qEtMoRuvNBf/GuPTlZZIyv/4c4
BI9+lH3CYabYLBfeuVCHuQNoBXrbW7SQGy3sjOtAw9ySPbuOvRnew/BaXA3lih2T
s/kStIhDMTzDXm8GL94B24qXDM161j8YU4T7815KliHpkPFiGuCAVsXVvwrpgyWM
nTJLaDtTnzo+2/1sgBhyOILtOzDlizk8lOCjS98SMtRitfgIHDzX3WaLzw3x/qXs
CzVyVcC/atA8GGzc6wuut96115Oahm/1Nm7RQ2BESSLNxMi2k0B/4Cz2JwIDAQAB
o4IDNTCCAzEwHQYDVR0OBBYEFAhIuy4fiCoclhqTQa5I4otNaunDMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQ0VpN0xoLUlLaHlXR3BOQnJramlpMDFxNmNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBSQYIKwYBBQUHAQcBAf8EggE4MIIBNDCCATAEAgABMIIB
KAMEAS0JnAMEAC0OpAMEAC1C5AMEAC1C5gMEAC1YQAMEAC1aWQMEAC2LagMEAC2N
njAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQAU9thAwQAVDYwAwQAVdGFAwQA
V3hUAwQAV3hXAwQAV3imAwQAV3i7AwQAV3ktAwQAV3lXAwQAV3lpAwQBV3l8AwQA
V3miAwQAV3mlAwQEW1zwAwQBXHfEAwQAXPkwAwQAXPkyAwQCXpqgAwQAXpqtAwQA
XpwLAwQDXpxAAwQAXpxyAwQAXpyqAwQAXpyzAwQAXpz4AwQAX9YbAwQAjWIBAwQA
jWIGAwQAk05kAwQCqxZIAwQAstftAwQCudhUAwQCudpUAwQAwRnYAwQAwjFeAwQA
wje6AwQAwqmvMA0GCSqGSIb3DQEBCwUAA4IBAQA2N70FWOGScPdKwFzHoe0DMvyi
GNOVr1NDPAT+d60HsJ3qNy8x0pHo8SQENY1J8LDGtY96HqNr/sPGZW3JfSyDOuMu
vwsPGGnt8yx71LNXspYVjfbak1UDZBU4BLOp5HYIbnkPE3aFQkV7yoT7SUWxzNzM
himsFLIN/jJ/++dh8wkqkFRNqw1T7muuFGstb2SPR6PuqB3pyST9+WzYrqSyiP0c
qHAXosvkcAQ5NzbJ9MoeyQH7TwKB3QCQukim1Y7X0Qj1t4LB9zKpL5u7GlGUTjgz
BE32BjOU+KBBiVm+ojfBzt7Ib3KgeHpWQXYfWOuwsEWNWHTDpcX8WbatVg0X
-----END CERTIFICATE-----
Generated at Sun May 4 01:24:56 2025 by rpki-client