Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OZ1xSwuIVv3R6ciUHQEB0y4l8Ys.roa
File: OZ1xSwuIVv3R6ciUHQEB0y4l8Ys.roa (raw, json)
Hash identifier: 0JqmpkHPA5EopK/7h05GCh8mAH69gOGHryqRoSsNMVE=
Subject key identifier: 39:9D:71:4B:0B:88:56:FD:D1:E9:C8:94:1D:01:01:D3:2E:25:F1:8B
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195F6D0BE9D99CC9BCBA007BC4FE045BC64
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OZ1xSwuIVv3R6ciUHQEB0y4l8Ys.roa
Signing time: Wed 02 Apr 2025 14:03:50 +0000
ROA not before: Wed 02 Apr 2025 14:03:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2.59.253.0/24 maxlen: 24
5.252.132.0/22 maxlen: 24
31.13.211.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.12.253.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.81.39.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.141.159.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.18.0/24 maxlen: 24
87.121.22.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.70.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.249.50.0/24 maxlen: 24
93.123.45.0/24 maxlen: 24
93.123.47.0/24 maxlen: 24
93.123.85.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
94.103.125.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.92.0/24 maxlen: 24
94.156.232.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.73.0/24 maxlen: 24
171.22.74.0/23 maxlen: 24
178.215.224.0/24 maxlen: 24
178.215.227.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
193.35.18.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:f6:d0:be:9d:99:cc:9b:cb:a0:07:bc:4f:e0:45:bc:64
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 2 14:03:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=399d714b0b8856fdd1e9c8941d0101d32e25f18b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c1:2e:5d:41:41:1c:bb:79:89:97:83:13:87:57:
30:2d:a3:2e:17:81:6a:5a:bb:30:2a:29:ed:9b:f2:
36:b7:5b:49:1e:93:5a:c0:7c:1d:7b:30:5c:f5:2c:
24:9f:c2:50:21:a0:0c:4d:e2:e8:0a:b0:13:75:38:
3f:c1:29:1a:18:e5:34:03:93:a3:38:ee:2a:16:6a:
0a:54:dc:b5:3a:76:a5:fa:c7:d2:56:75:31:78:9d:
28:ba:36:cc:9e:6e:1c:fc:d4:9a:38:bc:b6:30:32:
03:24:93:b5:1f:c0:f1:29:12:c0:15:34:f6:62:e8:
9f:65:d8:16:40:8f:64:e6:4e:8a:f3:1b:48:5c:7e:
b1:0a:71:7e:2d:70:2c:7b:ad:78:d0:95:90:aa:c3:
3f:14:13:12:e0:ba:b8:de:97:35:65:be:c6:cd:7a:
61:c2:65:e8:86:1e:12:e8:05:1e:1d:b2:13:a0:6f:
3d:f2:10:fe:05:a6:ea:19:26:c6:2b:da:63:cf:41:
e9:53:a8:19:82:ac:fd:51:d9:f2:8c:f0:40:38:ac:
b3:6e:f1:8f:11:0f:ce:17:10:11:60:08:46:27:52:
dd:40:d3:29:7b:64:d9:d3:e0:0e:d1:47:04:11:ab:
03:e0:3e:7b:1a:d8:23:eb:25:09:fe:24:9e:2e:33:
10:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
39:9D:71:4B:0B:88:56:FD:D1:E9:C8:94:1D:01:01:D3:2E:25:F1:8B
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OZ1xSwuIVv3R6ciUHQEB0y4l8Ys.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.253.0/24
5.252.132.0/22
31.13.211.0/24
45.9.157.0/24
45.12.253.0/24
45.66.228.0/24
45.66.230.0/23
45.81.39.0/24
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/23
45.151.90.0/23
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0/24
87.120.166.0/24
87.121.18.0/24
87.121.22.0/24
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.70.0/24
91.92.240.0/20
92.249.50.0/24
93.123.45.0/24
93.123.47.0/24
93.123.85.0/24
93.123.109.0/24
93.123.117.0/24
93.123.119.0/24
94.103.125.0/24
94.154.160.0/22
94.156.64.0/21
94.156.92.0/24
94.156.232.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.73.0-171.22.75.255
178.215.224.0/24
178.215.227.0/24
185.216.84.0/22
193.25.216.0/24
193.35.18.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
86:34:c7:58:5f:25:92:fd:6c:0b:92:fb:24:d5:09:d0:02:6b:
22:14:96:a9:39:35:0c:ca:33:76:dc:9f:d6:96:9a:f2:62:ed:
bb:2f:8e:3e:1c:9a:22:9f:9d:a5:b1:f1:88:cc:dd:cb:2f:1a:
87:cd:09:54:00:72:f2:bb:67:9d:b3:b8:53:1b:c3:ff:89:30:
02:5d:02:0c:75:38:1c:19:08:42:3f:20:49:f7:1f:fb:ff:c4:
f7:99:55:43:2c:4b:bd:09:1f:78:89:52:0e:f1:d6:2d:84:22:
95:78:7b:67:38:4c:ec:83:6b:9f:e2:f4:f7:ca:0e:00:67:15:
a6:88:72:b0:4e:96:b6:bc:5a:b5:c3:9c:d3:d3:78:f0:1d:59:
e9:98:85:ed:85:11:dc:92:88:a9:cb:15:33:60:97:a7:8a:85:
2b:8e:b9:fb:60:8b:88:a3:b7:a6:a4:bd:d8:4e:bd:eb:8a:bb:
c8:68:1b:9e:80:a4:ae:94:d8:b8:b9:fe:f1:7c:79:80:4e:cb:
56:3d:2b:71:97:78:e5:cb:d0:c7:7a:27:3b:4e:6c:77:92:44:
7e:34:36:02:c7:cc:ea:98:e1:89:10:da:f9:9f:56:84:13:eb:
a1:a8:b0:41:30:1a:b8:51:d4:cc:14:55:10:2c:b0:16:15:bc:
83:4f:29:e6
-----BEGIN CERTIFICATE-----
MIIGZzCCBU+gAwIBAgISAZX20L6dmcyby6AHvE/gRbxkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNDAyMTQwMzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOTlkNzE0YjBiODg1NmZkZDFlOWM4OTQxZDAxMDFkMzJlMjVmMThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwS5dQUEcu3mJl4MTh1cwLaMuF4Fq
WrswKintm/I2t1tJHpNawHwdezBc9Swkn8JQIaAMTeLoCrATdTg/wSkaGOU0A5Oj
OO4qFmoKVNy1Onal+sfSVnUxeJ0oujbMnm4c/NSaOLy2MDIDJJO1H8DxKRLAFTT2
YuifZdgWQI9k5k6K8xtIXH6xCnF+LXAse6140JWQqsM/FBMS4Lq43pc1Zb7GzXph
wmXohh4S6AUeHbIToG898hD+BabqGSbGK9pjz0HpU6gZgqz9UdnyjPBAOKyzbvGP
EQ/OFxARYAhGJ1LdQNMpe2TZ0+AO0UcEEasD4D57Gtgj6yUJ/iSeLjMQBQIDAQAB
o4IDczCCA28wHQYDVR0OBBYEFDmdcUsLiFb90enIlB0BAdMuJfGLMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvT1oxeFN3dUlWdjNSNmNpVUhRRUIweTRsOFlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBhwYIKwYBBQUHAQcBAf8EggF2MIIBcjCCAW4EAgABMIIB
ZgMEAAI7/QMEAgX8hAMEAB8N0wMEAC0JnQMEAC0M/QMEAC1C5AMEAS1C5gMEAC1R
JwMEAC1YQAMEAC1Z9wMEAC1aWQMEAC2LagMEAS2NngMEAS2XWgMEAE9uMgMEAFGh
7gMEAFPbYQMEAFQ2MAMEAFd4VzAMAwQEV3hwAwQBV3h0AwQBV3h4AwQAV3h9AwQA
V3imAwQAV3kSAwQAV3kWAwQAV3kmAwQAV3ktAwQAV3lXAwQBV3l8AwQAV3miAwQA
V3mlAwQAW1xGAwQEW1zwAwQAXPkyAwQAXXstAwQAXXsvAwQAXXtVAwQAXXttAwQA
XXt1AwQAXXt3AwQAXmd9AwQCXpqgAwQDXpxAAwQAXpxcAwQAXpzoAwQAbc7tAwQA
jWIBAwQAjWIGAwQAk05kMAwDBACrFkkDBAKrFkgDBACy1+ADBACy1+MDBAK52FQD
BADBGdgDBADBIxIDBADCN7oDBADCqa8wDQYJKoZIhvcNAQELBQADggEBAIY0x1hf
JZL9bAuS+yTVCdACayIUlqk5NQzKM3bcn9aWmvJi7bsvjj4cmiKfnaWx8YjM3csv
GofNCVQAcvK7Z52zuFMbw/+JMAJdAgx1OBwZCEI/IEn3H/v/xPeZVUMsS70JH3iJ
Ug7x1i2EIpV4e2c4TOyDa5/i9PfKDgBnFaaIcrBOlra8WrXDnNPTePAdWemYhe2F
EdySiKnLFTNgl6eKhSuOuftgi4ijt6akvdhOveuKu8hoG56ApK6U2Li5/vF8eYBO
y1Y9K3GXeOXL0Md6JztObHeSRH40NgLHzOqY4YkQ2vmfVoQT66GosEEwGrhR1MwU
VRAssBYVvINPKeY=
-----END CERTIFICATE-----
Generated at Sun Apr 27 16:30:38 2025 by rpki-client