Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/St-1_Zhk1e-B6QIAaZ6NXDCrhEM.roa
File: St-1_Zhk1e-B6QIAaZ6NXDCrhEM.roa (raw, json)
Hash identifier: 5UVaWdflZf1MRq51ayDE0sDx1F/ecyZ2T/Gg3FWbffI=
Subject key identifier: 4A:DF:B5:FD:98:64:D5:EF:81:E9:02:00:69:9E:8D:5C:30:AB:84:43
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0194949D56B2E37A42A130D20A0FCD070636
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/St-1_Zhk1e-B6QIAaZ6NXDCrhEM.roa
Signing time: Thu 23 Jan 2025 19:22:06 +0000
ROA not before: Thu 23 Jan 2025 19:22:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.209.133.0/24 maxlen: 24
87.120.84.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.120.187.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.48.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.114.0/24 maxlen: 24
94.156.170.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.237.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:94:9d:56:b2:e3:7a:42:a1:30:d2:0a:0f:cd:07:06:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 23 19:22:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4adfb5fd9864d5ef81e90200699e8d5c30ab8443
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:43:83:1c:de:35:d8:d4:36:ce:5e:54:4b:5e:
c2:d9:2d:23:53:0c:19:e5:be:f6:b5:79:4c:70:5f:
a9:84:d5:4a:c8:20:37:a7:ef:d3:ff:3c:fa:bf:13:
a6:b8:9b:5b:ea:92:43:7b:35:8e:33:65:5b:66:db:
e6:f9:98:b3:25:ef:a2:de:50:8b:02:5e:b7:f6:bb:
00:bb:9b:0d:7b:e4:38:11:e0:fd:3f:78:a9:67:98:
6a:e8:34:c6:0c:61:f3:98:73:16:b6:dd:b0:35:28:
b9:44:01:4f:3f:e3:46:23:5b:5b:9e:93:54:2c:eb:
72:7f:3b:b7:51:db:79:9e:fc:2d:d7:6d:a2:94:66:
8c:66:43:86:62:9e:c1:3f:74:4d:ab:eb:b3:85:4b:
eb:92:d4:69:8f:d4:7f:82:6b:7c:7c:fc:43:7d:e8:
a4:8c:c2:c1:42:e7:09:1d:9b:22:77:c8:8d:39:1f:
3a:a1:4d:84:fd:d0:c6:ba:64:dd:01:17:5d:d6:23:
2b:e7:06:e7:ba:c1:61:6c:57:47:ee:65:d2:55:34:
03:8c:9f:d5:52:30:79:78:74:13:0e:b6:c9:30:bc:
5f:8d:aa:e7:d0:91:7f:bf:6e:77:96:89:17:5e:74:
a2:b5:f2:8a:e5:b3:fc:2d:39:74:a8:76:37:5a:53:
96:53
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:DF:B5:FD:98:64:D5:EF:81:E9:02:00:69:9E:8D:5C:30:AB:84:43
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/St-1_Zhk1e-B6QIAaZ6NXDCrhEM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/24
45.88.64.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
83.219.97.0/24
84.54.48.0/24
85.209.133.0/24
87.120.84.0/24
87.120.87.0/24
87.120.166.0/24
87.120.187.0/24
87.121.45.0/24
87.121.87.0/24
87.121.105.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.48.0/24
92.249.50.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.114.0/24
94.156.170.0/24
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.237.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
ad:8b:0c:3c:a8:7f:fe:f1:3a:68:59:5d:16:79:94:f4:dd:8c:
bd:02:2e:1a:5f:96:66:7c:f3:67:91:6b:27:9a:6e:91:9d:42:
28:ec:3b:ab:0e:93:38:4b:19:ea:2f:3a:44:f1:f2:79:1d:e1:
2c:29:63:da:b2:b9:63:21:d4:7e:b1:00:1a:fd:69:3d:8d:7f:
f9:14:16:18:92:b3:49:aa:93:40:56:2e:c3:bf:2b:d7:46:24:
04:c9:aa:e6:37:9a:bd:63:c0:0d:0c:82:96:6b:59:84:0b:33:
7c:e6:46:50:11:0a:b4:4b:6c:61:4e:3f:46:6d:5f:16:31:60:
7c:85:cb:c2:f9:27:33:95:53:f9:b1:b0:ac:37:88:59:09:0b:
30:f5:2b:86:e3:f5:75:26:59:8d:b6:35:0a:4e:b6:e9:5d:7d:
28:0d:0d:a6:dd:71:d4:27:04:57:ee:d1:80:7e:a6:39:1e:93:
08:f2:4c:1d:97:14:f7:e7:fb:bd:75:4b:87:d9:fc:4b:da:9e:
28:72:b4:38:56:b2:d6:bb:6f:88:47:a4:5c:0e:ea:9d:fa:71:
13:14:4a:f5:84:67:f0:b6:7e:08:2a:80:30:09:3a:43:e9:4e:
02:75:f9:75:cc:88:08:8b:c2:4c:74:d7:84:71:08:f5:86:54:
93:f6:63:36
-----BEGIN CERTIFICATE-----
MIIGIzCCBQugAwIBAgISAZSUnVay43pCoTDSCg/NBwY2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTIzMTkyMjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWRmYjVmZDk4NjRkNWVmODFlOTAyMDA2OTllOGQ1YzMwYWI4NDQzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0ODHN412NQ2zl5US17C2S0jUwwZ
5b72tXlMcF+phNVKyCA3p+/T/zz6vxOmuJtb6pJDezWOM2VbZtvm+ZizJe+i3lCL
Al639rsAu5sNe+Q4EeD9P3ipZ5hq6DTGDGHzmHMWtt2wNSi5RAFPP+NGI1tbnpNU
LOtyfzu3Udt5nvwt122ilGaMZkOGYp7BP3RNq+uzhUvrktRpj9R/gmt8fPxDfeik
jMLBQucJHZsid8iNOR86oU2E/dDGumTdARdd1iMr5wbnusFhbFdH7mXSVTQDjJ/V
UjB5eHQTDrbJMLxfjarn0JF/v253lokXXnSitfKK5bP8LTl0qHY3WlOWUwIDAQAB
o4IDLzCCAyswHQYDVR0OBBYEFErftf2YZNXvgekCAGmejVwwq4RDMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvU3QtMV9aaGsxZS1CNlFJQWFaNk5YRENyaEVNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBQwYIKwYBBQUHAQcBAf8EggEyMIIBLjCCASoEAgABMIIB
IgMEAS0JnAMEAC0OpAMEAC1C5AMEAC1C5gMEAC1YQAMEAC1aWQMEAC2LagMEAC2N
njAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQAU9thAwQAVDYwAwQAVdGFAwQA
V3hUAwQAV3hXAwQAV3imAwQAV3i7AwQAV3ktAwQAV3lXAwQAV3lpAwQBV3l8AwQA
V3miAwQAV3mlAwQEW1zwAwQBXHfEAwQAXPkwAwQAXPkyAwQCXpqgAwQAXpwLAwQD
XpxAAwQAXpxyAwQAXpyqAwQAXpyzAwQAXpz4AwQAX9YbAwQAjWIBAwQAjWIGAwQA
k05kAwQCqxZIAwQAstftAwQCudhUAwQCudpUAwQAwRnYAwQAwjFeAwQAwje6AwQA
wqmvMA0GCSqGSIb3DQEBCwUAA4IBAQCtiww8qH/+8TpoWV0WeZT03Yy9Ai4aX5Zm
fPNnkWsnmm6RnUIo7DurDpM4SxnqLzpE8fJ5HeEsKWPasrljIdR+sQAa/Wk9jX/5
FBYYkrNJqpNAVi7DvyvXRiQEyarmN5q9Y8ANDIKWa1mECzN85kZQEQq0S2xhTj9G
bV8WMWB8hcvC+SczlVP5sbCsN4hZCQsw9SuG4/V1JlmNtjUKTrbpXX0oDQ2m3XHU
JwRX7tGAfqY5HpMI8kwdlxT35/u9dUuH2fxL2p4ocrQ4VrLWu2+IR6RcDuqd+nET
FEr1hGfwtn4IKoAwCTpD6U4Cdfl1zIgIi8JMdNeEcQj1hlST9mM2
-----END CERTIFICATE-----
Generated at Sun Apr 27 15:40:15 2025 by rpki-client