Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/F1WCfJikEJYidGN-XwiekbvutS4.roa
File: F1WCfJikEJYidGN-XwiekbvutS4.roa (raw, json)
Hash identifier: 9A5nObleiWbECm6QX2+dtVzaalZJF5SAopki+1XalN4=
Subject key identifier: 17:55:82:7C:98:A4:10:96:22:74:63:7E:5F:08:9E:91:BB:EE:B5:2E
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01973F9DD653F014920E0507CD0FD812DCD8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/F1WCfJikEJYidGN-XwiekbvutS4.roa
Signing time: Thu 05 Jun 2025 10:23:18 +0000
ROA not before: Thu 05 Jun 2025 10:23:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2.59.253.0/24 maxlen: 24
5.252.132.0/22 maxlen: 24
31.13.211.0/24 maxlen: 24
45.8.93.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.12.253.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.81.39.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.141.159.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.89.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.22.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.70.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.45.0/24 maxlen: 24
93.123.47.0/24 maxlen: 24
93.123.85.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
94.103.125.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.167.0/24 maxlen: 24
94.156.232.0/24 maxlen: 24
94.156.239.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
171.22.73.0/24 maxlen: 24
171.22.74.0/23 maxlen: 24
178.215.227.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
193.35.18.0/24 maxlen: 24
193.222.96.0/24 maxlen: 24
193.222.98.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
195.178.111.0/24 maxlen: 24
212.115.41.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:3f:9d:d6:53:f0:14:92:0e:05:07:cd:0f:d8:12:dc:d8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jun 5 10:23:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1755827c98a410962274637e5f089e91bbeeb52e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:ec:e0:d6:a5:0a:98:77:e9:fe:14:5a:3c:4c:
1f:8f:52:7a:bb:07:6d:b4:ab:a1:d7:49:ca:1a:e3:
99:1f:b8:c0:28:d5:e6:bf:c7:c1:9c:5b:30:e8:2e:
50:44:9f:e3:eb:94:ce:78:aa:d9:a6:06:4a:2f:6d:
ea:ae:7b:8e:3a:ed:e4:5a:ef:fa:c3:cf:b2:60:c7:
85:b4:4e:2a:6d:37:ae:60:91:91:e8:cb:a8:1d:ea:
c7:29:2b:61:4c:dd:a0:b2:14:84:44:55:84:bb:24:
83:d8:3b:ba:ea:fd:b6:53:69:9f:b2:19:74:e0:3f:
53:27:48:f2:f6:59:60:04:1d:ea:c0:8f:c2:0f:00:
2a:3f:25:39:d8:44:06:06:b5:ec:07:e3:4f:3a:a5:
8b:24:c0:a1:7c:91:a0:dc:40:be:be:e4:7c:62:21:
c1:cb:84:03:ec:ad:8a:23:ee:e4:8e:7a:56:c0:59:
55:df:b9:c2:51:5a:9a:3b:a7:40:33:90:b2:3f:34:
49:58:50:83:13:cd:3c:2e:87:99:f6:0e:0d:73:02:
cc:4c:31:89:67:89:28:ea:97:ac:c9:c5:5e:51:a5:
31:1c:25:eb:33:03:5e:61:54:8d:39:91:84:34:6a:
3f:6d:11:75:6b:2a:14:14:dd:73:5b:5f:4e:b4:3a:
7e:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
17:55:82:7C:98:A4:10:96:22:74:63:7E:5F:08:9E:91:BB:EE:B5:2E
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/F1WCfJikEJYidGN-XwiekbvutS4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.253.0/24
5.252.132.0/22
31.13.211.0/24
45.8.93.0/24
45.9.157.0/24
45.12.253.0/24
45.66.228.0/24
45.66.231.0/24
45.81.39.0/24
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/23
45.151.90.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.89.0/24
87.120.126.0/23
87.120.166.0/24
87.121.22.0/24
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.165.0/24
91.92.70.0/24
92.119.196.0/23
92.249.50.0/24
93.123.45.0/24
93.123.47.0/24
93.123.85.0/24
93.123.109.0/24
93.123.117.0/24
93.123.119.0/24
94.103.125.0/24
94.154.160.0/22
94.156.64.0/21
94.156.167.0/24
94.156.232.0/24
94.156.239.0/24
141.98.1.0/24
141.98.6.0/24
171.22.73.0-171.22.75.255
178.215.227.0/24
185.216.84.0/22
193.25.216.0/24
193.35.18.0/24
193.222.96.0/24
193.222.98.0/24
194.55.186.0/24
194.169.175.0/24
195.178.111.0/24
212.115.41.0/24
Signature Algorithm: sha256WithRSAEncryption
41:c2:64:1d:e3:85:cf:2d:61:8d:d2:96:9e:61:28:7d:c7:94:
9e:af:bf:4d:c9:2f:19:e1:a4:ad:04:15:ce:6d:58:5f:e8:5e:
f1:90:3f:e3:09:d6:5f:ce:63:f7:23:ee:67:32:45:dd:f9:64:
04:cc:57:65:aa:ef:25:80:e9:5d:19:14:e4:c5:06:61:ce:a7:
6f:ff:89:3b:76:3b:ba:f1:a9:ba:bc:5f:49:b7:e0:1f:8a:8a:
fe:6e:8f:32:c7:57:13:e5:cf:eb:2b:c9:58:2d:25:e8:d3:e7:
cd:3b:58:06:89:3b:5f:36:0b:02:22:58:43:29:3d:98:e0:23:
4a:dc:f5:e5:b1:01:23:76:b2:06:0b:27:7b:fe:25:70:f3:03:
6b:bc:12:77:f2:57:c8:62:b7:dc:fd:e1:2b:0f:96:47:e8:1b:
db:9d:09:fe:a5:4d:b8:aa:13:1d:79:22:ea:d1:14:64:6a:50:
c2:f6:5a:fa:af:a9:a5:b2:dd:63:85:bf:0d:72:4d:a3:98:3d:
c9:c8:25:61:62:29:16:02:ca:6d:bd:2d:60:bf:88:59:39:ae:
a4:a0:6f:bc:bb:1f:53:c7:1b:99:ca:51:4c:bc:77:75:bd:14:
bb:7f:d8:02:e3:a0:a4:ba:13:d3:40:3b:6c:ff:90:d3:ff:49:
b8:50:21:cb
-----BEGIN CERTIFICATE-----
MIIGUzCCBTugAwIBAgISAZc/ndZT8BSSDgUHzQ/YEtzYMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNjA1MTAyMzE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNzU1ODI3Yzk4YTQxMDk2MjI3NDYzN2U1ZjA4OWU5MWJiZWViNTJlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxOzg1qUKmHfp/hRaPEwfj1J6uwdt
tKuh10nKGuOZH7jAKNXmv8fBnFsw6C5QRJ/j65TOeKrZpgZKL23qrnuOOu3kWu/6
w8+yYMeFtE4qbTeuYJGR6MuoHerHKSthTN2gshSERFWEuySD2Du66v22U2mfshl0
4D9TJ0jy9llgBB3qwI/CDwAqPyU52EQGBrXsB+NPOqWLJMChfJGg3EC+vuR8YiHB
y4QD7K2KI+7kjnpWwFlV37nCUVqaO6dAM5CyPzRJWFCDE808LoeZ9g4NcwLMTDGJ
Z4ko6pesycVeUaUxHCXrMwNeYVSNOZGENGo/bRF1ayoUFN1zW19OtDp+OwIDAQAB
o4IDXzCCA1swHQYDVR0OBBYEFBdVgnyYpBCWInRjfl8InpG77rUuMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRjFXQ2ZKaWtFSllpZEdOLVh3aWVrYnZ1dFM0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBcwYIKwYBBQUHAQcBAf8EggFiMIIBXjCCAVoEAgABMIIB
UgMEAAI7/QMEAgX8hAMEAB8N0wMEAC0IXQMEAC0JnQMEAC0M/QMEAC1C5AMEAC1C
5wMEAC1RJwMEAC1YQAMEAC1Z9wMEAC1aWQMEAC2LagMEAS2NngMEAC2XWgMEAFGh
7gMEAFPbYQMEAFQ2MAMEAFd4VwMEAFd4WQMEAVd4fgMEAFd4pgMEAFd5FgMEAFd5
JgMEAFd5LQMEAFd5VwMEAFd5pQMEAFtcRgMEAVx3xAMEAFz5MgMEAF17LQMEAF17
LwMEAF17VQMEAF17bQMEAF17dQMEAF17dwMEAF5nfQMEAl6aoAMEA16cQAMEAF6c
pwMEAF6c6AMEAF6c7wMEAI1iAQMEAI1iBjAMAwQAqxZJAwQCqxZIAwQAstfjAwQC
udhUAwQAwRnYAwQAwSMSAwQAwd5gAwQAwd5iAwQAwje6AwQAwqmvAwQAw7JvAwQA
1HMpMA0GCSqGSIb3DQEBCwUAA4IBAQBBwmQd44XPLWGN0paeYSh9x5Ser79NyS8Z
4aStBBXObVhf6F7xkD/jCdZfzmP3I+5nMkXd+WQEzFdlqu8lgOldGRTkxQZhzqdv
/4k7dju68am6vF9Jt+Afior+bo8yx1cT5c/rK8lYLSXo0+fNO1gGiTtfNgsCIlhD
KT2Y4CNK3PXlsQEjdrIGCyd7/iVw8wNrvBJ38lfIYrfc/eErD5ZH6BvbnQn+pU24
qhMdeSLq0RRkalDC9lr6r6mlst1jhb8Nck2jmD3JyCVhYikWAsptvS1gv4hZOa6k
oG+8ux9TxxuZylFMvHd1vRS7f9gC46CkuhPTQDts/5DT/0m4UCHL
-----END CERTIFICATE-----
Generated at Thu Jun 19 08:43:45 2025 by rpki-client