Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OwlAOATvIcz3AdzpTOZG7bnBi8A.roa
File: OwlAOATvIcz3AdzpTOZG7bnBi8A.roa (raw, json)
Hash identifier: D6E4kxJr4Defn65AxdR+ufd9GDGqbT7jZiR2DQ5L8Ek=
Subject key identifier: 3B:09:40:38:04:EF:21:CC:F7:01:DC:E9:4C:E6:46:ED:B9:C1:8B:C0
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01961B14D846FABC01B47F8F2BEDAA329B75
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OwlAOATvIcz3AdzpTOZG7bnBi8A.roa
Signing time: Wed 09 Apr 2025 15:04:32 +0000
ROA not before: Wed 09 Apr 2025 15:04:32 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2.59.253.0/24 maxlen: 24
5.252.132.0/22 maxlen: 24
31.13.211.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.12.253.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.81.39.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.141.159.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.18.0/24 maxlen: 24
87.121.22.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.70.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.45.0/24 maxlen: 24
93.123.47.0/24 maxlen: 24
93.123.85.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
94.103.125.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.92.0/24 maxlen: 24
94.156.232.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.73.0/24 maxlen: 24
171.22.74.0/23 maxlen: 24
178.215.224.0/24 maxlen: 24
178.215.227.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
193.35.18.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:1b:14:d8:46:fa:bc:01:b4:7f:8f:2b:ed:aa:32:9b:75
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 9 15:04:32 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3b09403804ef21ccf701dce94ce646edb9c18bc0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:e5:0b:b6:b0:3b:b9:3e:ab:b8:19:44:c8:d2:
c4:cf:92:ad:00:3f:54:d7:c2:cc:00:5d:c0:51:47:
2a:74:01:48:c6:5f:db:c2:eb:ee:d7:c9:36:2d:de:
ec:34:26:5a:1a:4c:9d:99:de:cb:f5:23:cc:af:ed:
69:3b:ab:2c:73:f8:88:87:98:bc:09:e4:70:16:a9:
ae:9a:21:02:e5:85:7c:34:e7:62:46:47:d1:1e:07:
03:9d:b7:96:fa:a1:04:34:1b:c8:2a:71:32:cc:09:
0f:22:6a:2c:cc:0d:21:bc:e5:b3:54:5b:63:7d:8a:
7b:97:07:8b:18:f9:6f:00:89:5d:c9:8d:75:e5:8b:
80:b6:54:6e:fb:ee:66:6d:6c:11:4e:aa:1a:bb:64:
8b:e5:b4:74:90:e2:91:2b:4e:bd:26:0e:5e:83:9e:
06:4d:66:b0:55:7f:5b:19:ed:3f:e7:c6:22:e9:3e:
36:52:f5:de:0a:f0:1b:2f:c0:f3:6a:7e:46:f7:84:
aa:af:85:1a:a2:20:95:03:42:1b:69:8d:34:7b:db:
29:67:99:61:45:7d:d6:4a:04:9c:29:9b:5d:db:db:
07:ed:86:6c:18:b1:e7:1f:0e:62:fc:32:b6:8a:4a:
e4:68:3f:d7:23:f5:f9:8c:8d:a5:bb:7c:c9:af:f6:
e3:63
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3B:09:40:38:04:EF:21:CC:F7:01:DC:E9:4C:E6:46:ED:B9:C1:8B:C0
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/OwlAOATvIcz3AdzpTOZG7bnBi8A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.253.0/24
5.252.132.0/22
31.13.211.0/24
45.9.157.0/24
45.12.253.0/24
45.66.228.0/24
45.66.230.0/23
45.81.39.0/24
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/23
45.151.90.0/24
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.125.0/24
87.120.166.0/24
87.121.18.0/24
87.121.22.0/24
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.70.0/24
92.249.50.0/24
93.123.45.0/24
93.123.47.0/24
93.123.85.0/24
93.123.109.0/24
93.123.117.0/24
93.123.119.0/24
94.103.125.0/24
94.154.160.0/22
94.156.64.0/21
94.156.92.0/24
94.156.232.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.73.0-171.22.75.255
178.215.224.0/24
178.215.227.0/24
185.216.84.0/22
193.25.216.0/24
193.35.18.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
1e:c4:de:8f:ef:52:8b:31:a8:b7:8f:f4:2d:1b:74:dd:40:65:
8c:c3:4e:94:30:39:59:e6:0e:73:1b:2c:52:7c:c4:35:a4:37:
53:14:33:ab:35:60:94:31:c8:d8:ef:95:95:dd:f0:d4:c5:94:
fc:1b:7e:50:17:79:6d:8e:81:73:64:4b:60:40:d1:71:ab:92:
59:12:77:99:39:43:f9:8e:a4:5f:03:0e:fb:18:25:c3:48:81:
58:37:a2:c3:e6:df:a3:88:2a:57:33:ac:88:e6:8a:58:a8:69:
f7:26:f8:a4:d8:28:72:c3:9f:c4:4c:4c:a2:0e:c0:be:be:c9:
48:11:90:2d:2a:f9:6d:e0:e5:f5:8c:4e:43:08:29:fd:2d:2b:
d3:8b:95:f2:de:c5:18:04:28:6f:70:f3:0a:52:17:44:8a:35:
e2:ab:2f:88:be:c2:b3:29:d4:6a:80:63:c7:96:b3:0f:a1:df:
10:7f:46:ec:ca:f4:6e:2d:8f:0c:67:66:15:72:92:8d:de:fd:
42:f7:22:93:f0:fb:4d:78:bb:a9:bc:7d:7a:5e:6d:ae:0e:7e:
13:cb:91:d6:af:fd:ca:83:f3:a5:5e:be:94:bb:50:bc:89:1e:
92:e4:bb:92:06:ff:23:04:aa:92:60:4d:b1:2c:62:d6:a4:fa:
d3:ab:d6:f0
-----BEGIN CERTIFICATE-----
MIIGTTCCBTWgAwIBAgISAZYbFNhG+rwBtH+PK+2qMpt1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNDA5MTUwNDMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzYjA5NDAzODA0ZWYyMWNjZjcwMWRjZTk0Y2U2NDZlZGI5YzE4YmMwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjeULtrA7uT6ruBlEyNLEz5KtAD9U
18LMAF3AUUcqdAFIxl/bwuvu18k2Ld7sNCZaGkydmd7L9SPMr+1pO6ssc/iIh5i8
CeRwFqmumiEC5YV8NOdiRkfRHgcDnbeW+qEENBvIKnEyzAkPImoszA0hvOWzVFtj
fYp7lweLGPlvAIldyY115YuAtlRu++5mbWwRTqoau2SL5bR0kOKRK069Jg5eg54G
TWawVX9bGe0/58Yi6T42UvXeCvAbL8Dzan5G94Sqr4UaoiCVA0IbaY00e9spZ5lh
RX3WSgScKZtd29sH7YZsGLHnHw5i/DK2ikrkaD/XI/X5jI2lu3zJr/bjYwIDAQAB
o4IDWTCCA1UwHQYDVR0OBBYEFDsJQDgE7yHM9wHc6UzmRu25wYvAMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvT3dsQU9BVHZJY3ozQWR6cFRPWkc3Ym5CaThBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBbQYIKwYBBQUHAQcBAf8EggFcMIIBWDCCAVQEAgABMIIB
TAMEAAI7/QMEAgX8hAMEAB8N0wMEAC0JnQMEAC0M/QMEAC1C5AMEAS1C5gMEAC1R
JwMEAC1YQAMEAC1Z9wMEAC1aWQMEAC2LagMEAS2NngMEAC2XWgMEAE9uMgMEAFGh
7gMEAFPbYQMEAFQ2MAMEAFd4VwMEAFd4fQMEAFd4pgMEAFd5EgMEAFd5FgMEAFd5
JgMEAFd5LQMEAFd5VwMEAVd5fAMEAFd5ogMEAFd5pQMEAFtcRgMEAFz5MgMEAF17
LQMEAF17LwMEAF17VQMEAF17bQMEAF17dQMEAF17dwMEAF5nfQMEAl6aoAMEA16c
QAMEAF6cXAMEAF6c6AMEAG3O7QMEAI1iAQMEAI1iBgMEAJNOZDAMAwQAqxZJAwQC
qxZIAwQAstfgAwQAstfjAwQCudhUAwQAwRnYAwQAwSMSAwQAwje6AwQAwqmvMA0G
CSqGSIb3DQEBCwUAA4IBAQAexN6P71KLMai3j/QtG3TdQGWMw06UMDlZ5g5zGyxS
fMQ1pDdTFDOrNWCUMcjY75WV3fDUxZT8G35QF3ltjoFzZEtgQNFxq5JZEneZOUP5
jqRfAw77GCXDSIFYN6LD5t+jiCpXM6yI5opYqGn3Jvik2Chyw5/ETEyiDsC+vslI
EZAtKvlt4OX1jE5DCCn9LSvTi5Xy3sUYBChvcPMKUhdEijXiqy+IvsKzKdRqgGPH
lrMPod8Qf0bsyvRuLY8MZ2YVcpKN3v1C9yKT8PtNeLupvH16Xm2uDn4Ty5HWr/3K
g/OlXr6Uu1C8iR6S5LuSBv8jBKqSYE2xLGLWpPrTq9bw
-----END CERTIFICATE-----
Generated at Tue Apr 29 11:27:47 2025 by rpki-client