Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GWmSgw7Msopy34HB8XrzIeMjXoc.roa
File: GWmSgw7Msopy34HB8XrzIeMjXoc.roa (raw, json)
Hash identifier: reoAbXMkoy4pUuQ/Kqu9PE34UKR05Ft5Zx53mQby1sw=
Subject key identifier: 19:69:92:83:0E:CC:B2:8A:72:DF:81:C1:F1:7A:F3:21:E3:23:5E:87
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01942673A0C14AB74A7BBE12FCE02D1059DE
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GWmSgw7Msopy34HB8XrzIeMjXoc.roa
Signing time: Thu 02 Jan 2025 09:58:19 +0000
ROA not before: Thu 02 Jan 2025 09:58:19 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.9.157.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
81.161.239.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.209.133.0/24 maxlen: 24
87.120.84.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.84.0/23 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.48.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.102.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.237.0/24 maxlen: 24
185.216.71.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:73:a0:c1:4a:b7:4a:7b:be:12:fc:e0:2d:10:59:de
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 2 09:58:19 2025 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=196992830eccb28a72df81c1f17af321e3235e87
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:dd:85:99:6e:8f:8d:a4:c5:87:e9:e5:6e:76:
83:97:10:8d:20:a3:33:43:e5:86:58:fb:f5:ea:34:
5e:ac:7f:9b:d6:e5:c5:b5:5b:4c:0f:ca:b4:b9:db:
ed:ad:4a:61:fa:d1:28:c8:93:46:05:53:80:b3:9b:
58:ee:48:2a:58:58:02:eb:53:9e:db:42:d6:d9:5e:
19:f2:a6:43:89:a6:95:58:69:47:12:11:99:a8:09:
78:0f:05:f1:5b:ed:a1:db:04:d3:ba:b7:15:f1:18:
90:82:51:4c:79:6e:47:7e:e0:b5:53:22:ea:75:4e:
df:f7:35:22:f9:08:f9:7b:88:bb:68:58:ab:3d:33:
a2:3f:08:ab:3b:ad:c2:57:f8:c9:9d:e7:15:26:56:
3e:18:8d:8a:56:66:ee:d8:df:90:28:00:92:ee:c8:
2e:0f:d6:69:3a:e9:a5:a2:ed:cd:89:32:26:41:c2:
e2:4b:94:84:32:bd:a9:b7:04:ee:99:eb:9d:68:6e:
4e:4b:82:12:51:4f:4c:0b:85:3a:8e:fd:bb:32:98:
13:8b:19:36:7d:49:84:78:e6:ac:60:0b:3a:b0:f8:
59:cd:fd:26:5f:49:c4:60:57:e2:8b:ca:28:29:3a:
a0:19:08:5b:ef:72:a8:f9:f9:86:b4:37:42:c1:bb:
01:1f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
19:69:92:83:0E:CC:B2:8A:72:DF:81:C1:F1:7A:F3:21:E3:23:5E:87
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/GWmSgw7Msopy34HB8XrzIeMjXoc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.157.0/24
45.12.255.0/24
45.14.164.0/24
45.66.228.0/24
45.66.230.0/24
45.88.64.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.62.0/24
81.161.239.0/24
83.219.97.0/24
84.54.48.0/24
85.209.133.0/24
87.120.84.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.84.0/23
87.121.87.0/24
87.121.105.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.48.0/24
92.249.50.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.102.0/24
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.237.0/24
185.216.71.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
8a:29:3a:65:c9:80:f2:73:40:3b:46:b7:9b:b3:21:18:44:3a:
cf:89:5e:41:9b:7f:a8:ff:d5:22:af:81:98:cb:2a:31:ae:ed:
23:5d:c7:35:56:71:b8:8e:50:c6:8b:4b:fe:b7:75:3f:0f:93:
0c:80:e9:76:82:60:a1:a9:fa:6c:0b:e4:d3:12:59:8a:79:9b:
3e:0c:9a:59:5e:b8:8f:49:53:64:0f:03:4c:5c:08:8a:bc:07:
50:60:b6:6b:bb:ec:7d:5f:19:60:4a:a5:07:4d:e2:07:7b:99:
54:cf:b1:7c:58:59:d0:6b:f2:c1:a1:01:81:6b:eb:3c:ab:13:
1f:99:27:94:4a:8d:65:30:94:11:44:5d:45:d3:d5:b7:38:cd:
25:8f:45:01:56:31:14:de:cf:a5:06:4e:b5:37:8e:3c:e8:00:
6d:c1:74:92:a3:09:61:5b:bc:93:17:fb:e6:b8:8b:0a:be:a1:
89:2b:e0:39:a0:8e:8e:b9:e2:11:e6:2a:ac:cb:e5:c8:af:41:
0d:81:75:79:9a:49:83:56:68:a3:d4:15:57:8d:ee:20:ab:0f:
6c:a2:1a:5b:0f:26:c7:db:4e:30:44:1d:7c:7a:41:bc:db:88:
ff:af:53:a3:bd:d9:ca:aa:d7:ff:54:02:9e:93:54:7d:cd:c9:
4a:3b:84:02
-----BEGIN CERTIFICATE-----
MIIGIzCCBQugAwIBAgISAZQmc6DBSrdKe74S/OAtEFneMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAyMDk1ODE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxOTY5OTI4MzBlY2NiMjhhNzJkZjgxYzFmMTdhZjMyMWUzMjM1ZTg3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0d2FmW6PjaTFh+nlbnaDlxCNIKMz
Q+WGWPv16jRerH+b1uXFtVtMD8q0udvtrUph+tEoyJNGBVOAs5tY7kgqWFgC61Oe
20LW2V4Z8qZDiaaVWGlHEhGZqAl4DwXxW+2h2wTTurcV8RiQglFMeW5HfuC1UyLq
dU7f9zUi+Qj5e4i7aFirPTOiPwirO63CV/jJnecVJlY+GI2KVmbu2N+QKACS7sgu
D9ZpOumlou3NiTImQcLiS5SEMr2ptwTumeudaG5OS4ISUU9MC4U6jv27MpgTixk2
fUmEeOasYAs6sPhZzf0mX0nEYFfii8ooKTqgGQhb73Ko+fmGtDdCwbsBHwIDAQAB
o4IDLzCCAyswHQYDVR0OBBYEFBlpkoMOzLKKct+BwfF68yHjI16HMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvR1dtU2d3N01zb3B5MzRIQjhYcnpJZU1qWG9jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBQwYIKwYBBQUHAQcBAf8EggEyMIIBLjCCASoEAgABMIIB
IgMEAC0JnQMEAC0M/wMEAC0OpAMEAC1C5AMEAC1C5gMEAC1YQAMEAC2LagMEAC2N
njAMAwQALZdZAwQCLZdYAwQAT24+AwQAUaHvAwQAU9thAwQAVDYwAwQAVdGFAwQA
V3hUAwQAV3hXAwQAV3imAwQAV3ktAwQBV3lUAwQAV3lXAwQAV3lpAwQBV3l8AwQA
V3miAwQAV3mlAwQEW1zwAwQBXHfEAwQAXPkwAwQAXPkyAwQCXpqgAwQAXpwLAwQD
XpxAAwQAXpxmAwQAXpyzAwQAXpz4AwQAX9YbAwQAjWIBAwQAjWIGAwQAk05kAwQC
qxZIAwQAstftAwQAudhHAwQCudhUAwQCudpUAwQAwRnYAwQAwjFeAwQAwje6AwQA
wqmvMA0GCSqGSIb3DQEBCwUAA4IBAQCKKTplyYDyc0A7RrebsyEYRDrPiV5Bm3+o
/9Uir4GYyyoxru0jXcc1VnG4jlDGi0v+t3U/D5MMgOl2gmChqfpsC+TTElmKeZs+
DJpZXriPSVNkDwNMXAiKvAdQYLZru+x9XxlgSqUHTeIHe5lUz7F8WFnQa/LBoQGB
a+s8qxMfmSeUSo1lMJQRRF1F09W3OM0lj0UBVjEU3s+lBk61N4486ABtwXSSowlh
W7yTF/vmuIsKvqGJK+A5oI6OueIR5iqsy+XIr0ENgXV5mkmDVmij1BVXje4gqw9s
ohpbDybH204wRB18ekG824j/r1OjvdnKqtf/VAKek1R9zclKO4QC
-----END CERTIFICATE-----
Generated at Wed Apr 30 00:46:13 2025 by rpki-client