Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Ksu95WQRDhyvhczhWCjh-EkalgQ.roa
File: Ksu95WQRDhyvhczhWCjh-EkalgQ.roa (raw, json)
Hash identifier: FEEdKOfcenb19wYqRkrO4PtaOSvlpZ6q8d+feBCon8U=
Subject key identifier: 2A:CB:BD:E5:64:11:0E:1C:AF:85:CC:E1:58:28:E1:F8:49:1A:96:04
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0196CEF78958106B059F7DC02FE391E816B4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Ksu95WQRDhyvhczhWCjh-EkalgQ.roa
Signing time: Wed 14 May 2025 13:24:11 +0000
ROA not before: Wed 14 May 2025 13:24:11 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2.59.253.0/24 maxlen: 24
5.252.132.0/22 maxlen: 24
31.13.211.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.12.253.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.81.39.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.141.159.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.31.192.0/22 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.89.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.22.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.70.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.16.0/24 maxlen: 24
93.123.45.0/24 maxlen: 24
93.123.47.0/24 maxlen: 24
93.123.85.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
94.103.125.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.105.0/24 maxlen: 24
94.156.167.0/24 maxlen: 24
94.156.232.0/24 maxlen: 24
94.156.239.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
171.22.73.0/24 maxlen: 24
171.22.74.0/23 maxlen: 24
178.215.227.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
193.35.18.0/24 maxlen: 24
193.222.96.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.172.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
195.178.111.0/24 maxlen: 24
212.115.41.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:ce:f7:89:58:10:6b:05:9f:7d:c0:2f:e3:91:e8:16:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: May 14 13:24:11 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2acbbde564110e1caf85cce15828e1f8491a9604
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:da:20:94:4f:9f:ce:81:59:b3:a7:b6:e9:52:
23:90:ca:4f:4c:86:77:25:da:70:33:7c:5e:31:f2:
a1:5d:bd:89:1c:6c:3e:f9:3e:cd:ed:a5:75:b3:7e:
7c:1d:0c:70:df:2d:b8:00:77:25:10:4b:82:bb:ac:
7b:c4:ef:03:3b:6a:2d:1f:b6:92:83:6d:79:af:6b:
74:fb:bd:f6:ca:f2:e6:72:3a:80:4f:a4:08:13:20:
8c:89:55:98:b5:35:02:e7:9a:18:5d:9a:0b:e2:69:
37:36:99:2e:55:47:46:25:ef:55:9f:bd:6d:45:94:
38:d4:95:89:6d:26:47:21:49:62:a3:ab:f4:86:8c:
b3:84:03:ed:19:91:d2:5e:07:e1:0d:a4:18:46:79:
c2:16:34:e7:9b:89:60:85:c6:bc:7a:9b:41:23:4d:
ec:f8:a6:25:2b:cd:79:00:12:9f:f3:dc:5f:57:0f:
17:53:6b:1d:93:0f:b5:3e:8c:14:51:9a:91:bf:b2:
1f:6c:82:6a:3d:cc:1a:12:38:6d:92:98:36:1a:0b:
da:a8:e4:db:33:8d:9f:c2:1f:32:e0:ce:ed:50:83:
ae:0b:0b:71:40:b9:5a:0f:85:d0:dc:f3:35:fc:00:
be:45:94:19:7a:ac:a5:6a:08:80:63:35:e7:0b:3b:
0a:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2A:CB:BD:E5:64:11:0E:1C:AF:85:CC:E1:58:28:E1:F8:49:1A:96:04
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Ksu95WQRDhyvhczhWCjh-EkalgQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.253.0/24
5.252.132.0/22
31.13.211.0/24
45.9.157.0/24
45.12.253.0/24
45.66.228.0/24
45.66.231.0/24
45.81.39.0/24
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/23
45.151.90.0/24
79.110.50.0/24
81.31.192.0/22
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.89.0/24
87.120.126.0/23
87.120.166.0/24
87.121.22.0/24
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.165.0/24
91.92.70.0/24
92.119.196.0/23
92.249.50.0/24
93.123.16.0/24
93.123.45.0/24
93.123.47.0/24
93.123.85.0/24
93.123.109.0/24
93.123.117.0/24
93.123.119.0/24
94.103.125.0/24
94.154.160.0/22
94.156.64.0/21
94.156.105.0/24
94.156.167.0/24
94.156.232.0/24
94.156.239.0/24
141.98.1.0/24
141.98.6.0/24
171.22.73.0-171.22.75.255
178.215.227.0/24
185.216.84.0/22
193.25.216.0/24
193.35.18.0/24
193.222.96.0/24
194.55.186.0/24
194.169.172.0/24
194.169.175.0/24
195.178.111.0/24
212.115.41.0/24
Signature Algorithm: sha256WithRSAEncryption
19:64:2d:99:4c:21:b4:91:fb:74:b9:e0:fb:60:54:62:9d:17:
68:70:94:40:31:5a:6c:fb:ed:f8:86:08:b7:59:a6:e4:f6:19:
a4:ab:1c:4c:75:d5:2f:a9:65:98:40:ea:62:20:ea:d7:58:2a:
83:ba:ff:c8:db:42:91:91:f1:3b:41:d9:f4:ef:3c:a2:90:fa:
fe:ad:ab:da:92:61:19:c5:ff:89:16:8a:b2:f0:39:35:da:7d:
fe:a8:cb:9f:8a:ea:1b:b8:41:cf:1c:1b:98:00:e0:9e:ca:29:
ff:a6:a2:97:5c:fe:f3:26:39:5e:5f:bf:8c:12:fe:be:a4:65:
fb:e8:6c:38:5a:4b:e8:33:ba:03:9f:b6:60:f0:39:af:ce:9c:
f5:4c:64:3b:fd:48:b5:e0:8f:b3:b0:8a:7f:94:c1:57:ee:78:
e6:57:10:33:14:4f:9d:7e:3a:21:48:f5:6a:7f:1f:0b:7e:2f:
89:83:08:c3:1f:0b:fe:68:c1:12:59:00:a4:9f:4d:2b:93:2b:
4f:28:6b:c7:e0:32:72:47:62:46:6f:b0:8c:19:57:14:ed:7d:
23:47:13:4f:be:e3:31:d0:3f:3c:0a:10:d2:47:8d:53:a6:83:
23:ec:fc:9a:f1:eb:32:72:07:4c:1b:3d:19:96:b4:1d:3d:6a:
07:88:7d:ed
-----BEGIN CERTIFICATE-----
MIIGazCCBVOgAwIBAgISAZbO94lYEGsFn33AL+OR6Ba0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNTE0MTMyNDExWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYWNiYmRlNTY0MTEwZTFjYWY4NWNjZTE1ODI4ZTFmODQ5MWE5NjA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyNoglE+fzoFZs6e26VIjkMpPTIZ3
JdpwM3xeMfKhXb2JHGw++T7N7aV1s358HQxw3y24AHclEEuCu6x7xO8DO2otH7aS
g215r2t0+732yvLmcjqAT6QIEyCMiVWYtTUC55oYXZoL4mk3NpkuVUdGJe9Vn71t
RZQ41JWJbSZHIUlio6v0hoyzhAPtGZHSXgfhDaQYRnnCFjTnm4lghca8eptBI03s
+KYlK815ABKf89xfVw8XU2sdkw+1PowUUZqRv7IfbIJqPcwaEjhtkpg2GgvaqOTb
M42fwh8y4M7tUIOuCwtxQLlaD4XQ3PM1/AC+RZQZeqylagiAYzXnCzsK/wIDAQAB
o4IDdzCCA3MwHQYDVR0OBBYEFCrLveVkEQ4cr4XM4Vgo4fhJGpYEMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvS3N1OTVXUVJEaHl2aGN6aFdDamgtRWthbGdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBiwYIKwYBBQUHAQcBAf8EggF6MIIBdjCCAXIEAgABMIIB
agMEAAI7/QMEAgX8hAMEAB8N0wMEAC0JnQMEAC0M/QMEAC1C5AMEAC1C5wMEAC1R
JwMEAC1YQAMEAC1Z9wMEAC1aWQMEAC2LagMEAS2NngMEAC2XWgMEAE9uMgMEAlEf
wAMEAFGh7gMEAFPbYQMEAFQ2MAMEAFd4VwMEAFd4WQMEAVd4fgMEAFd4pgMEAFd5
FgMEAFd5JgMEAFd5LQMEAFd5VwMEAVd5fAMEAFd5pQMEAFtcRgMEAVx3xAMEAFz5
MgMEAF17EAMEAF17LQMEAF17LwMEAF17VQMEAF17bQMEAF17dQMEAF17dwMEAF5n
fQMEAl6aoAMEA16cQAMEAF6caQMEAF6cpwMEAF6c6AMEAF6c7wMEAI1iAQMEAI1i
BjAMAwQAqxZJAwQCqxZIAwQAstfjAwQCudhUAwQAwRnYAwQAwSMSAwQAwd5gAwQA
wje6AwQAwqmsAwQAwqmvAwQAw7JvAwQA1HMpMA0GCSqGSIb3DQEBCwUAA4IBAQAZ
ZC2ZTCG0kft0ueD7YFRinRdocJRAMVps++34hgi3Wabk9hmkqxxMddUvqWWYQOpi
IOrXWCqDuv/I20KRkfE7Qdn07zyikPr+ravakmEZxf+JFoqy8Dk12n3+qMufiuob
uEHPHBuYAOCeyin/pqKXXP7zJjleX7+MEv6+pGX76Gw4WkvoM7oDn7Zg8Dmvzpz1
TGQ7/Ui14I+zsIp/lMFX7njmVxAzFE+dfjohSPVqfx8Lfi+JgwjDHwv+aMESWQCk
n00rkytPKGvH4DJyR2JGb7CMGVcU7X0jRxNPvuMx0D88ChDSR41TpoMj7Pya8esy
cgdMGz0ZlrQdPWoHiH3t
-----END CERTIFICATE-----
Generated at Wed Jun 18 20:44:33 2025 by rpki-client