Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MKF5G9Qbe7ywKE0mhSY2ZfaqQmI.roa
File: MKF5G9Qbe7ywKE0mhSY2ZfaqQmI.roa (raw, json)
Hash identifier: oUq3QKyDKXyVVSrXZxos5oPAlE+OdICdHK6GymH41pw=
Subject key identifier: 30:A1:79:1B:D4:1B:7B:BC:B0:28:4D:26:85:26:36:65:F6:AA:42:62
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195A3D96CE3D09C59115DB61AD3FF5620CC
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MKF5G9Qbe7ywKE0mhSY2ZfaqQmI.roa
Signing time: Mon 17 Mar 2025 11:24:50 +0000
ROA not before: Mon 17 Mar 2025 11:24:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.105.0/24 maxlen: 24
94.156.106.0/24 maxlen: 32
94.156.167.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
195.178.121.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:a3:d9:6c:e3:d0:9c:59:11:5d:b6:1a:d3:ff:56:20:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 17 11:24:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=30a1791bd41b7bbcb0284d2685263665f6aa4262
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cb:36:14:b6:39:b7:e4:3d:c9:ce:78:1c:00:56:
16:6f:9d:38:60:94:e0:95:0f:71:b0:a3:d8:dd:a9:
cb:76:14:da:2b:2c:ef:5d:73:d4:d4:31:01:4a:17:
49:d4:0a:73:46:44:df:9f:6d:3f:68:06:ff:5f:43:
d0:58:e5:52:25:42:4e:51:06:93:ae:e6:51:6a:49:
96:2b:8c:dd:41:23:5c:81:c4:96:34:ac:ca:d8:d1:
b2:f3:d9:d7:5a:c4:f7:86:dd:45:0e:f2:9d:37:2d:
47:8b:37:37:ff:b9:e7:18:63:34:65:51:42:03:90:
7e:a6:41:86:67:6f:0c:65:4e:d8:83:e6:1b:81:00:
5e:47:b2:65:fe:9e:7e:3a:b6:65:18:9c:a2:6f:f4:
04:09:b1:92:a3:e3:38:27:0d:a1:29:fb:5c:08:50:
2a:da:ac:dc:62:62:cf:e1:87:8c:00:4e:5b:2e:29:
d4:64:e8:fe:39:73:dd:d2:47:81:e0:7f:15:c2:3f:
58:aa:ba:18:27:25:ad:0e:6c:a0:3e:a5:40:02:3e:
52:64:ec:b2:b6:bd:1a:63:68:7a:b4:ab:4f:c1:5d:
7a:cc:d5:77:5b:dd:a6:2e:70:76:61:a4:d9:61:7a:
26:5c:f5:42:5e:1a:83:b1:da:c5:61:5d:20:8b:b2:
19:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:A1:79:1B:D4:1B:7B:BC:B0:28:4D:26:85:26:36:65:F6:AA:42:62
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/MKF5G9Qbe7ywKE0mhSY2ZfaqQmI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0-87.120.127.255
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.109.0/24
94.154.160.0/22
94.156.64.0/21
94.156.105.0-94.156.106.255
94.156.167.0/24
94.156.179.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.55.186.0/24
194.169.175.0/24
195.178.121.0/24
Signature Algorithm: sha256WithRSAEncryption
87:5e:a3:de:89:2e:ed:fc:d5:59:a3:4d:96:a3:a5:df:60:df:
0f:65:48:aa:c5:66:4c:b5:fe:36:00:30:70:17:07:22:19:d5:
d8:b8:87:de:a6:10:7d:1a:da:fa:09:93:c2:4c:72:20:eb:11:
2d:0a:39:f8:02:0e:7f:76:e4:a7:52:88:24:49:29:9b:a0:fb:
6b:9e:26:e8:c6:24:8b:6b:c1:5f:49:3b:03:97:98:ac:fe:31:
df:56:cc:5d:86:5e:8b:92:6f:65:ac:90:2a:62:b2:01:08:b4:
7e:6f:37:21:93:a8:13:4f:7f:88:e4:5b:8a:f3:c8:03:70:5a:
67:e5:ca:f9:ce:f3:8e:cd:fd:89:90:72:73:f2:15:f2:71:8f:
93:f9:fe:e4:a0:11:06:83:06:39:f9:1b:c4:fb:42:44:2e:fc:
cd:a5:e9:80:2b:cb:7d:4f:22:40:8d:ab:39:04:08:b9:f0:1c:
8a:f8:e0:16:40:95:2e:84:1b:cd:d5:d0:69:18:5c:f7:69:e3:
5d:d5:7d:54:ee:a1:f1:bb:db:bf:84:f7:21:86:18:37:d6:50:
e7:a9:d5:b1:b3:bb:94:72:dc:97:2c:06:5a:a2:1d:43:04:4f:
86:cb:e2:7b:fb:20:94:e7:b8:4c:b3:ed:f9:c2:48:14:96:f0:
2d:01:e2:a7
-----BEGIN CERTIFICATE-----
MIIGNTCCBR2gAwIBAgISAZWj2Wzj0JxZEV22GtP/ViDMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzE3MTEyNDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMGExNzkxYmQ0MWI3YmJjYjAyODRkMjY4NTI2MzY2NWY2YWE0MjYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyzYUtjm35D3JzngcAFYWb504YJTg
lQ9xsKPY3anLdhTaKyzvXXPU1DEBShdJ1ApzRkTfn20/aAb/X0PQWOVSJUJOUQaT
ruZRakmWK4zdQSNcgcSWNKzK2NGy89nXWsT3ht1FDvKdNy1Hizc3/7nnGGM0ZVFC
A5B+pkGGZ28MZU7Yg+YbgQBeR7Jl/p5+OrZlGJyib/QECbGSo+M4Jw2hKftcCFAq
2qzcYmLP4YeMAE5bLinUZOj+OXPd0keB4H8Vwj9YqroYJyWtDmygPqVAAj5SZOyy
tr0aY2h6tKtPwV16zNV3W92mLnB2YaTZYXomXPVCXhqDsdrFYV0gi7IZkQIDAQAB
o4IDQTCCAz0wHQYDVR0OBBYEFDCheRvUG3u8sChNJoUmNmX2qkJiMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTUtGNUc5UWJlN3l3S0UwbWhTWTJaZmFxUW1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBVQYIKwYBBQUHAQcBAf8EggFEMIIBQDCCATwEAgABMIIB
NAMEAgX8hAMEAS0JnAMEAC0OpAMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1a
WQMEAC2LagMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAUaHuAwQAU9thAwQA
VDYwAwQAV3hXMAwDBARXeHADBAFXeHQDBAFXeHgwDAMEAFd4fQMEB1d4AAMEAFd4
pgMEAFd5LQMEAFd5VwMEAVd5fAMEAFd5ogMEAFd5pQMEBFtc8AMEAVx3xAMEAFz5
MgMEAF17bQMEAl6aoAMEA16cQDAMAwQAXpxpAwQAXpxqAwQAXpynAwQAXpyzAwQA
bc7tAwQAjWIBAwQAjWIGAwQAk05kAwQCqxZIAwQAstfgAwQCudhUAwQCudpUAwQA
wRnYAwQAwje6AwQAwqmvAwQAw7J5MA0GCSqGSIb3DQEBCwUAA4IBAQCHXqPeiS7t
/NVZo02Wo6XfYN8PZUiqxWZMtf42ADBwFwciGdXYuIfephB9Gtr6CZPCTHIg6xEt
Cjn4Ag5/duSnUogkSSmboPtrniboxiSLa8FfSTsDl5is/jHfVsxdhl6Lkm9lrJAq
YrIBCLR+bzchk6gTT3+I5FuK88gDcFpn5cr5zvOOzf2JkHJz8hXycY+T+f7koBEG
gwY5+RvE+0JELvzNpemAK8t9TyJAjas5BAi58ByK+OAWQJUuhBvN1dBpGFz3aeNd
1X1U7qHxu9u/hPchhhg31lDnqdWxs7uUctyXLAZaoh1DBE+Gy+J7+yCU57hMs+35
wkgUlvAtAeKn
-----END CERTIFICATE-----
Generated at Mon Apr 28 14:28:47 2025 by rpki-client