Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/REfgYGpWoUmZz957Hu4jLEecwjs.roa
File: REfgYGpWoUmZz957Hu4jLEecwjs.roa (raw, json)
Hash identifier: vUbDEY+VCNJZ1Kd1nZdDu6v8jiGvl5OleL3jyYSY5RU=
Subject key identifier: 44:47:E0:60:6A:56:A1:49:99:CF:DE:7B:1E:EE:23:2C:47:9C:C2:3B
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195EB77C6401E634F00757750682CD7EEC4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/REfgYGpWoUmZz957Hu4jLEecwjs.roa
Signing time: Mon 31 Mar 2025 09:10:50 +0000
ROA not before: Mon 31 Mar 2025 09:10:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.157.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.128.96.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.18.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.70.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.92.0/24 maxlen: 24
94.156.113.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
194.180.38.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:eb:77:c6:40:1e:63:4f:00:75:77:50:68:2c:d7:ee:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 31 09:10:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4447e0606a56a14999cfde7b1eee232c479cc23b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:dd:89:88:cb:81:ec:4b:cf:45:04:2d:7a:4e:
ea:e7:bd:58:c9:71:98:8c:c3:5c:05:23:85:a5:b2:
f4:56:6f:ea:a3:b7:b9:ff:a8:7a:a2:92:d8:c4:30:
cd:a7:95:8a:11:96:41:79:e0:a1:f1:85:41:57:14:
21:12:b4:ef:e1:4e:d4:f7:e0:0b:da:64:47:a7:df:
b2:14:1d:a7:45:41:97:49:47:e4:9b:17:eb:a4:41:
43:4f:6a:a1:4c:3a:a1:85:c9:ee:7c:f9:a5:23:72:
c8:f2:36:2a:99:fd:77:85:ac:ee:a2:5d:7f:0f:88:
c8:06:b6:d4:d7:d0:69:74:64:ea:41:8f:32:84:0a:
93:b3:10:a7:f2:8c:88:ab:f3:0b:85:26:a7:f1:7b:
e6:5a:47:07:94:63:3f:90:ed:cc:4c:53:c4:c2:0f:
6f:49:9d:d0:d4:de:8c:91:f8:3e:17:4e:d0:67:69:
ca:1e:a4:ff:bf:59:8e:93:fc:16:74:0e:20:61:84:
15:22:ca:7c:e6:f2:50:cd:e4:13:94:48:3f:86:49:
cc:08:69:a2:3b:2c:83:5e:d6:c8:9e:49:16:0e:3d:
7c:87:e2:93:e0:6f:40:36:c0:a9:2a:ea:e2:e3:47:
5a:a3:ae:78:ef:3b:21:57:66:96:54:70:37:13:19:
fe:dd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
44:47:E0:60:6A:56:A1:49:99:CF:DE:7B:1E:EE:23:2C:47:9C:C2:3B
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/REfgYGpWoUmZz957Hu4jLEecwjs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.157.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.128.96.0/24
45.139.106.0/24
45.141.158.0/24
45.151.90.0/23
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0/24
87.120.166.0/24
87.121.18.0/24
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.70.0/24
91.92.240.0/20
92.249.50.0/24
93.123.109.0/24
94.154.160.0/22
94.156.64.0/21
94.156.92.0/24
94.156.113.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
193.25.216.0/24
194.55.186.0/24
194.169.175.0/24
194.180.38.0/24
Signature Algorithm: sha256WithRSAEncryption
9f:c8:ab:ed:79:8a:c3:1e:15:d0:a8:f6:14:9a:78:09:c2:6b:
c2:2d:1c:af:0d:24:57:88:18:0b:0c:25:54:60:44:1d:d4:44:
81:f8:14:14:aa:2f:94:67:85:6f:97:a8:02:03:f7:1a:72:41:
03:56:5c:46:0f:a4:9d:d4:77:c9:8e:6e:19:4e:3f:c7:7c:54:
d0:5f:a1:d8:b5:f2:b3:60:e0:93:02:52:a7:21:3c:9a:5b:b5:
63:9b:91:2f:5f:95:37:33:ed:c7:03:35:e5:12:fc:56:74:ac:
51:41:03:e4:9a:6f:5d:ba:f8:93:89:fa:ca:88:70:c8:70:41:
06:5d:80:31:45:6c:0c:81:37:3a:40:39:c6:d7:6f:2b:57:d7:
d3:de:b6:1e:80:b9:1b:28:32:c7:4f:14:19:8c:1d:56:e0:12:
9f:ee:b7:f2:83:1e:99:ae:fe:4d:18:4a:b6:ec:a2:08:fb:9a:
38:5c:c7:ec:5a:07:c7:84:b6:13:2f:c2:b5:2a:3f:f2:63:b9:
50:eb:97:4d:5c:b8:9a:0e:e3:14:c4:e6:35:da:78:54:08:c4:
60:19:41:c5:99:71:40:83:df:56:c5:c8:36:ad:76:2a:99:f4:
53:4a:6f:ca:11:ca:c8:95:1e:9f:25:9d:e8:d9:c4:0e:79:66:
40:57:bc:ad
-----BEGIN CERTIFICATE-----
MIIGHTCCBQWgAwIBAgISAZXrd8ZAHmNPAHV3UGgs1+7EMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzMxMDkxMDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0NDQ3ZTA2MDZhNTZhMTQ5OTljZmRlN2IxZWVlMjMyYzQ3OWNjMjNiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4t2JiMuB7EvPRQQtek7q571YyXGY
jMNcBSOFpbL0Vm/qo7e5/6h6opLYxDDNp5WKEZZBeeCh8YVBVxQhErTv4U7U9+AL
2mRHp9+yFB2nRUGXSUfkmxfrpEFDT2qhTDqhhcnufPmlI3LI8jYqmf13hazuol1/
D4jIBrbU19BpdGTqQY8yhAqTsxCn8oyIq/MLhSan8XvmWkcHlGM/kO3MTFPEwg9v
SZ3Q1N6Mkfg+F07QZ2nKHqT/v1mOk/wWdA4gYYQVIsp85vJQzeQTlEg/hknMCGmi
OyyDXtbInkkWDj18h+KT4G9ANsCpKuri40dao6547zshV2aWVHA3Exn+3QIDAQAB
o4IDKTCCAyUwHQYDVR0OBBYEFERH4GBqVqFJmc/eex7uIyxHnMI7MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUkVmZ1lHcFdvVW1aejk1N0h1NGpMRWVjd2pzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBPQYIKwYBBQUHAQcBAf8EggEsMIIBKDCCASQEAgABMIIB
HAMEAgX8hAMEAC0JnQMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1aWQMEAC2A
YAMEAC2LagMEAC2NngMEAS2XWgMEAE9uMgMEAFGh7gMEAFPbYQMEAFQ2MAMEAFd4
VzAMAwQEV3hwAwQBV3h0AwQBV3h4AwQAV3h9AwQAV3imAwQAV3kSAwQAV3kmAwQA
V3ktAwQAV3lXAwQBV3l8AwQAV3miAwQAV3mlAwQAW1xGAwQEW1zwAwQAXPkyAwQA
XXttAwQCXpqgAwQDXpxAAwQAXpxcAwQAXpxxAwQAbc7tAwQAjWIBAwQAjWIGAwQA
k05kAwQCqxZIAwQAstfgAwQCudhUAwQAwRnYAwQAwje6AwQAwqmvAwQAwrQmMA0G
CSqGSIb3DQEBCwUAA4IBAQCfyKvteYrDHhXQqPYUmngJwmvCLRyvDSRXiBgLDCVU
YEQd1ESB+BQUqi+UZ4Vvl6gCA/cackEDVlxGD6Sd1HfJjm4ZTj/HfFTQX6HYtfKz
YOCTAlKnITyaW7Vjm5EvX5U3M+3HAzXlEvxWdKxRQQPkmm9duviTifrKiHDIcEEG
XYAxRWwMgTc6QDnG128rV9fT3rYegLkbKDLHTxQZjB1W4BKf7rfygx6Zrv5NGEq2
7KII+5o4XMfsWgfHhLYTL8K1Kj/yY7lQ65dNXLiaDuMUxOY12nhUCMRgGUHFmXFA
g99Wxcg2rXYqmfRTSm/KEcrIlR6fJZ3o2cQOeWZAV7yt
-----END CERTIFICATE-----
Generated at Tue Apr 29 15:09:47 2025 by rpki-client