Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Ky8dqAT_MSrkp_-RSeKyQOOmBqI.roa
File: Ky8dqAT_MSrkp_-RSeKyQOOmBqI.roa (raw, json)
Hash identifier: /0kKJM1K7/8LZArDNJ9WNqsdmyX9fh7lYuTccW+0UnA=
Subject key identifier: 2B:2F:1D:A8:04:FF:31:2A:E4:A7:FF:91:49:E2:B2:40:E3:A6:06:A2
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0194FFF4D55C240DE4687302A28C33A10F3C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Ky8dqAT_MSrkp_-RSeKyQOOmBqI.roa
Signing time: Thu 13 Feb 2025 15:37:02 +0000
ROA not before: Thu 13 Feb 2025 15:37:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.88.88.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
81.161.230.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.39.0/24 maxlen: 24
93.123.85.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.104.0/24 maxlen: 24
94.156.106.0/24 maxlen: 32
94.156.166.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.48.251.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:ff:f4:d5:5c:24:0d:e4:68:73:02:a2:8c:33:a1:0f:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 13 15:37:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=2b2f1da804ff312ae4a7ff9149e2b240e3a606a2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:fc:fb:a6:a5:e7:52:5f:95:86:c9:9b:7f:23:
c8:4e:b8:f1:22:e5:28:64:38:ae:34:10:ef:18:43:
9b:53:79:09:1b:a2:6d:ca:b4:53:8c:1a:cf:9a:69:
1a:8e:6c:f6:bc:04:9d:9e:a0:7b:cb:f3:08:f4:e5:
81:02:ae:64:39:7a:9c:f1:45:ae:8c:4b:ce:72:73:
ec:fe:bf:1c:45:cf:c0:b5:07:d9:b6:e8:e9:d3:77:
28:74:4d:bc:55:0e:82:f1:51:0f:a5:76:99:72:62:
8b:d5:fa:97:1a:a8:ef:ee:30:07:02:45:9a:70:62:
b8:c5:72:ee:e6:29:d0:b0:1a:45:b9:aa:9e:e4:9c:
14:34:61:26:41:c2:2a:ab:01:f4:f2:00:b0:a4:99:
70:2c:57:da:15:26:26:13:9e:1b:06:79:ac:94:39:
45:e3:ab:b7:f3:43:89:b3:b6:b7:e4:86:b6:b0:20:
60:76:23:47:45:47:87:01:3a:a5:b9:77:9d:b3:6c:
ca:4d:fa:2a:d5:dc:bc:57:8d:c9:bc:13:f5:98:7e:
6e:63:19:fb:c1:73:aa:8d:6d:61:bb:a8:b5:d1:04:
81:d3:84:e8:75:93:d0:33:f8:71:cb:9a:ba:18:54:
c3:0e:5b:28:d8:61:9a:8f:98:2f:f4:d5:60:d6:7d:
3f:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
2B:2F:1D:A8:04:FF:31:2A:E4:A7:FF:91:49:E2:B2:40:E3:A6:06:A2
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Ky8dqAT_MSrkp_-RSeKyQOOmBqI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.88.88.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
81.161.230.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0-87.120.127.255
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.39.0/24
93.123.85.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.104.0/24
94.156.106.0/24
94.156.166.0/24
94.156.179.0/24
94.156.248.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.48.251.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
a0:00:45:af:13:57:24:9b:c3:b8:94:62:e1:de:13:97:6f:67:
0f:8b:b7:6f:b1:26:11:9a:9a:cc:5c:03:4b:fa:4c:b9:be:bc:
bd:cd:2c:31:59:91:3d:7b:ec:de:e5:3a:1a:26:63:35:ce:2f:
2e:32:20:c4:77:11:de:c5:51:e4:4c:3f:ce:35:e8:0b:d7:80:
7e:37:1e:eb:8b:a6:55:80:93:3f:88:65:4b:97:1c:29:f5:e2:
4c:65:5d:d3:50:fe:47:4c:ae:b4:af:f9:6b:53:da:87:12:46:
63:8d:47:8d:28:49:bd:76:da:26:77:c0:52:ed:b3:77:d6:3d:
68:97:1a:67:12:3e:cf:27:9c:cb:f1:49:40:4a:fe:09:0f:56:
50:9f:bf:3f:5d:fa:2b:26:98:5c:e0:bf:99:b5:9a:67:fc:81:
6b:9c:85:40:24:f1:e5:0b:d3:8f:05:81:b3:d8:be:f0:32:f1:
50:0a:5e:20:ee:6d:4d:67:bf:4f:c9:2c:bc:e5:7d:55:7d:fc:
5f:c2:06:cf:ba:a4:91:d0:f0:4b:c0:c9:d4:40:8c:3d:49:bb:
f4:49:79:98:e6:c4:39:49:29:be:a8:b8:2b:a9:d2:fa:83:41:
25:7e:2a:83:a4:76:bb:d8:41:2d:61:85:96:d1:5a:08:e5:1b:
46:df:53:80
-----BEGIN CERTIFICATE-----
MIIGSzCCBTOgAwIBAgISAZT/9NVcJA3kaHMCoowzoQ88MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMjEzMTUzNzAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyYjJmMWRhODA0ZmYzMTJhZTRhN2ZmOTE0OWUyYjI0MGUzYTYwNmEyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmfz7pqXnUl+VhsmbfyPITrjxIuUo
ZDiuNBDvGEObU3kJG6JtyrRTjBrPmmkajmz2vASdnqB7y/MI9OWBAq5kOXqc8UWu
jEvOcnPs/r8cRc/AtQfZtujp03codE28VQ6C8VEPpXaZcmKL1fqXGqjv7jAHAkWa
cGK4xXLu5inQsBpFuaqe5JwUNGEmQcIqqwH08gCwpJlwLFfaFSYmE54bBnmslDlF
46u380OJs7a35Ia2sCBgdiNHRUeHATqluXeds2zKTfoq1dy8V43JvBP1mH5uYxn7
wXOqjW1hu6i10QSB04TodZPQM/hxy5q6GFTDDlso2GGaj5gv9NVg1n0/LwIDAQAB
o4IDVzCCA1MwHQYDVR0OBBYEFCsvHagE/zEq5Kf/kUniskDjpgaiMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvS3k4ZHFBVF9NU3JrcF8tUlNlS3lRT09tQnFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBawYIKwYBBQUHAQcBAf8EggFaMIIBVjCCAVIEAgABMIIB
SgMEAgX8hAMEAS0JnAMEAC0OpAMEAC1C5AMEAS1C5gMEAC1YQAMEAC1YWAMEAC1Z
9wMEAC1aWQMEAC2LagMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQA
UaHmAwQAU9thAwQAVDYwAwQAV3hXMAwDBARXeHADBAFXeHQDBAFXeHgwDAMEAFd4
fQMEB1d4AAMEAFd4pgMEAFd5LQMEAFd5VwMEAVd5fAMEAFd5ogMEAFd5pQMEBFtc
8AMEAVx3xAMEAFz5MgMEAF17JwMEAF17VQMEAl6aoAMEAF6cCwMEA16cQAMEAF6c
aAMEAF6cagMEAF6cpgMEAF6cswMEAF6c+AMEAI1iAQMEAI1iBgMEAJNOZAMEAqsW
SAMEArnYVAMEArnaVAMEAMEZ2AMEAMIw+wMEAMIxXgMEAMI3ugMEAMKprzANBgkq
hkiG9w0BAQsFAAOCAQEAoABFrxNXJJvDuJRi4d4Tl29nD4u3b7EmEZqazFwDS/pM
ub68vc0sMVmRPXvs3uU6GiZjNc4vLjIgxHcR3sVR5Ew/zjXoC9eAfjce64umVYCT
P4hlS5ccKfXiTGVd01D+R0yutK/5a1PahxJGY41HjShJvXbaJnfAUu2zd9Y9aJca
ZxI+zyecy/FJQEr+CQ9WUJ+/P136KyaYXOC/mbWaZ/yBa5yFQCTx5QvTjwWBs9i+
8DLxUApeIO5tTWe/T8ksvOV9VX38X8IGz7qkkdDwS8DJ1ECMPUm79El5mObEOUkp
vqi4K6nS+oNBJX4qg6R2u9hBLWGFltFaCOUbRt9TgA==
-----END CERTIFICATE-----
Generated at Sun Apr 27 18:01:27 2025 by rpki-client