Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Jn6XJzNxihz7O7FeoY_djQRB5RA.roa
File: Jn6XJzNxihz7O7FeoY_djQRB5RA.roa (raw, json)
Hash identifier: 41hZsYZ16KiN2Wlj2EZsSZiqGNrvxyhTA204fgZDqWo=
Subject key identifier: 26:7E:97:27:33:71:8A:1C:FB:3B:B1:5E:A1:8F:DD:8D:04:41:E5:10
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195EC72A19FAD509E8A5F67E038FCCDCD41
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Jn6XJzNxihz7O7FeoY_djQRB5RA.roa
Signing time: Mon 31 Mar 2025 13:44:50 +0000
ROA not before: Mon 31 Mar 2025 13:44:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.157.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.128.96.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.141.159.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.18.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.70.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.92.0/24 maxlen: 24
94.156.113.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:ec:72:a1:9f:ad:50:9e:8a:5f:67:e0:38:fc:cd:cd:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 31 13:44:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=267e972733718a1cfb3bb15ea18fdd8d0441e510
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:98:c7:82:41:14:9c:60:bb:d5:8d:d8:95:fd:
40:40:94:50:75:ee:71:43:0e:e5:ce:04:62:3a:45:
6e:3f:80:fd:d3:3b:b2:ef:65:15:1a:e8:60:e7:1d:
dc:3c:cf:90:d5:26:38:42:80:b3:c6:43:1c:00:83:
5e:17:09:1c:4e:f7:6a:dd:cd:c9:85:58:fe:0c:87:
5e:2a:5e:4b:c2:a4:6e:16:0c:60:6c:73:42:f1:3f:
f3:a6:9e:02:64:92:58:58:d7:94:5b:d2:9e:4a:00:
f3:af:7f:75:40:8a:a4:2d:72:e4:5e:5f:6e:06:9b:
30:e7:d7:08:a2:53:b7:28:a5:1b:be:f8:82:7f:81:
84:e5:d5:b3:65:59:c1:77:d5:81:8e:5d:fe:30:e7:
d5:2b:ab:29:7a:c9:ac:c6:76:40:ab:c5:ab:f0:d7:
c6:e7:26:be:aa:2a:ab:99:49:62:7c:f9:cc:a7:c1:
41:7e:92:5d:4a:13:86:60:48:fd:a8:c5:d3:77:60:
80:e5:39:75:44:8e:0a:61:5a:a6:ed:fa:6e:3a:06:
ca:7b:b5:52:82:7b:1c:9c:6f:49:a7:7e:5b:f2:91:
8a:b3:d5:d1:60:39:46:c5:e6:14:d5:f1:1b:fb:5d:
6c:ee:46:11:0a:fd:75:87:83:7a:49:aa:a0:04:15:
91:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
26:7E:97:27:33:71:8A:1C:FB:3B:B1:5E:A1:8F:DD:8D:04:41:E5:10
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Jn6XJzNxihz7O7FeoY_djQRB5RA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.157.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.128.96.0/24
45.139.106.0/24
45.141.158.0/23
45.151.90.0/23
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0/24
87.120.166.0/24
87.121.18.0/24
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.70.0/24
91.92.240.0/20
92.249.50.0/24
93.123.109.0/24
94.154.160.0/22
94.156.64.0/21
94.156.92.0/24
94.156.113.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
193.25.216.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
10:a6:4e:e8:3b:68:09:f5:28:29:e9:75:63:03:92:9a:ce:57:
ef:7f:e3:58:f4:6c:84:69:50:4b:65:b3:5a:1c:49:80:29:c7:
a5:44:a0:bc:21:d7:1d:52:5f:c5:c9:09:c0:cf:07:d5:97:50:
0c:0f:74:73:f5:94:23:cd:9f:6f:d7:cf:4e:82:93:65:5d:44:
c7:b5:fb:89:4f:4d:1c:31:be:ed:3e:9d:91:78:1d:f6:a9:c5:
75:fc:90:c7:a0:fa:02:da:00:ea:b5:17:3c:fa:07:35:f7:a9:
d7:dd:49:12:79:d5:04:f7:c4:e8:3c:b7:ed:22:f0:22:d0:85:
56:9c:24:9f:3b:88:be:28:21:26:f5:69:31:b9:ed:19:e6:d4:
bf:07:00:7a:e8:e6:21:61:a8:78:df:0f:3a:68:f6:ed:6f:49:
e5:88:22:e8:7f:71:f5:13:97:3a:73:54:33:be:36:92:6a:34:
9e:62:22:15:06:cb:98:80:e7:16:f1:b4:79:eb:a1:9a:13:d6:
9d:6d:43:40:bf:93:2e:2e:c5:7d:8e:ba:0f:bc:70:94:72:cd:
bd:66:ef:a3:60:a7:e5:55:f9:25:f3:9f:6c:f9:7e:05:34:58:
4a:bf:90:90:66:3b:03:67:e6:fd:1a:dc:61:b5:d4:07:20:41:
eb:65:69:50
-----BEGIN CERTIFICATE-----
MIIGFzCCBP+gAwIBAgISAZXscqGfrVCeil9n4Dj8zc1BMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzMxMTM0NDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNjdlOTcyNzMzNzE4YTFjZmIzYmIxNWVhMThmZGQ4ZDA0NDFlNTEwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5jHgkEUnGC71Y3Ylf1AQJRQde5x
Qw7lzgRiOkVuP4D90zuy72UVGuhg5x3cPM+Q1SY4QoCzxkMcAINeFwkcTvdq3c3J
hVj+DIdeKl5LwqRuFgxgbHNC8T/zpp4CZJJYWNeUW9KeSgDzr391QIqkLXLkXl9u
Bpsw59cIolO3KKUbvviCf4GE5dWzZVnBd9WBjl3+MOfVK6spesmsxnZAq8Wr8NfG
5ya+qiqrmUlifPnMp8FBfpJdShOGYEj9qMXTd2CA5Tl1RI4KYVqm7fpuOgbKe7VS
gnscnG9Jp35b8pGKs9XRYDlGxeYU1fEb+11s7kYRCv11h4N6SaqgBBWR5wIDAQAB
o4IDIzCCAx8wHQYDVR0OBBYEFCZ+lyczcYoc+zuxXqGP3Y0EQeUQMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvSm42WEp6TnhpaHo3TzdGZW9ZX2RqUVJCNVJBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBNwYIKwYBBQUHAQcBAf8EggEmMIIBIjCCAR4EAgABMIIB
FgMEAgX8hAMEAC0JnQMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1aWQMEAC2A
YAMEAC2LagMEAS2NngMEAS2XWgMEAE9uMgMEAFGh7gMEAFPbYQMEAFQ2MAMEAFd4
VzAMAwQEV3hwAwQBV3h0AwQBV3h4AwQAV3h9AwQAV3imAwQAV3kSAwQAV3kmAwQA
V3ktAwQAV3lXAwQBV3l8AwQAV3miAwQAV3mlAwQAW1xGAwQEW1zwAwQAXPkyAwQA
XXttAwQCXpqgAwQDXpxAAwQAXpxcAwQAXpxxAwQAbc7tAwQAjWIBAwQAjWIGAwQA
k05kAwQCqxZIAwQAstfgAwQCudhUAwQAwRnYAwQAwje6AwQAwqmvMA0GCSqGSIb3
DQEBCwUAA4IBAQAQpk7oO2gJ9Sgp6XVjA5Kazlfvf+NY9GyEaVBLZbNaHEmAKcel
RKC8IdcdUl/FyQnAzwfVl1AMD3Rz9ZQjzZ9v189OgpNlXUTHtfuJT00cMb7tPp2R
eB32qcV1/JDHoPoC2gDqtRc8+gc196nX3UkSedUE98ToPLftIvAi0IVWnCSfO4i+
KCEm9Wkxue0Z5tS/BwB66OYhYah43w86aPbtb0nliCLof3H1E5c6c1QzvjaSajSe
YiIVBsuYgOcW8bR566GaE9adbUNAv5MuLsV9jroPvHCUcs29Zu+jYKflVfkl859s
+X4FNFhKv5CQZjsDZ+b9GtxhtdQHIEHrZWlQ
-----END CERTIFICATE-----
Generated at Tue Apr 29 04:55:19 2025 by rpki-client