Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/U1sCpMjO5UScVNCNexK_8xZrfqs.roa
File: U1sCpMjO5UScVNCNexK_8xZrfqs.roa (raw, json)
Hash identifier: 0+G7Kdp1HqXiZCGWfqic5ldqmeRYX/amRYLcB4LcUGk=
Subject key identifier: 53:5B:02:A4:C8:CE:E5:44:9C:54:D0:8D:7B:12:BF:F3:16:6B:7E:AB
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01975E9738A0D90EBFFDB18D69AB701A50F8
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/U1sCpMjO5UScVNCNexK_8xZrfqs.roa
Signing time: Wed 11 Jun 2025 10:44:18 +0000
ROA not before: Wed 11 Jun 2025 10:44:18 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2.59.253.0/24 maxlen: 24
5.252.132.0/22 maxlen: 24
31.13.211.0/24 maxlen: 24
45.8.93.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.12.253.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.81.39.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.141.159.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.89.0/24 maxlen: 24
87.120.126.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.20.0/23 maxlen: 23
87.121.22.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.70.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.45.0/24 maxlen: 24
93.123.47.0/24 maxlen: 24
93.123.85.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
94.103.125.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.232.0/24 maxlen: 24
94.156.239.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
171.22.73.0/24 maxlen: 24
171.22.74.0/23 maxlen: 24
178.215.227.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
193.35.18.0/24 maxlen: 24
193.222.96.0/24 maxlen: 24
193.222.98.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
195.178.111.0/24 maxlen: 24
212.115.41.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:97:5e:97:38:a0:d9:0e:bf:fd:b1:8d:69:ab:70:1a:50:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jun 11 10:44:18 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=535b02a4c8cee5449c54d08d7b12bff3166b7eab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9c:d6:83:96:22:57:65:bd:6e:46:f7:c0:8e:21:
a3:45:47:23:32:aa:37:5a:b1:46:2c:03:56:57:8c:
f8:f9:94:6d:8c:8f:27:13:9e:44:9a:78:7c:cf:fa:
61:a7:0c:36:59:c5:7d:86:75:7a:06:b3:5d:4f:35:
66:a4:c1:0f:50:73:33:1e:69:3b:29:a5:86:39:66:
6a:09:47:59:ce:5a:be:0f:0b:69:30:c9:06:cd:eb:
3b:9f:76:f3:80:b7:89:0e:b6:38:ee:7c:3a:c8:2b:
46:6e:c8:e8:0e:6a:33:b5:97:ad:2f:a6:9c:e9:2b:
a9:02:25:1c:aa:10:99:eb:c4:70:b9:5a:75:52:70:
65:ae:92:d7:2e:cd:dc:e8:27:80:88:bd:dc:1c:77:
82:0d:fb:ff:22:31:41:e3:ab:ec:78:e5:d2:dd:4c:
58:92:6f:8f:01:06:90:89:3a:75:a2:23:30:33:13:
cd:95:2b:de:e3:32:bb:ec:09:da:4f:5d:6f:5e:e7:
d3:28:1b:bd:49:0f:f2:f2:e3:38:41:49:6d:c7:ec:
23:1f:41:5f:6d:82:be:56:2a:98:76:90:32:85:51:
9d:85:7e:c6:49:b9:ee:41:99:37:67:11:34:c8:40:
c2:ce:cb:3c:57:26:09:6c:86:99:cb:0f:b5:73:94:
7e:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:5B:02:A4:C8:CE:E5:44:9C:54:D0:8D:7B:12:BF:F3:16:6B:7E:AB
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/U1sCpMjO5UScVNCNexK_8xZrfqs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.253.0/24
5.252.132.0/22
31.13.211.0/24
45.8.93.0/24
45.9.157.0/24
45.12.253.0/24
45.66.228.0/24
45.66.231.0/24
45.81.39.0/24
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/23
45.151.90.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.89.0/24
87.120.126.0/24
87.120.166.0/24
87.121.20.0-87.121.22.255
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.165.0/24
91.92.70.0/24
92.119.196.0/23
92.249.50.0/24
93.123.45.0/24
93.123.47.0/24
93.123.85.0/24
93.123.109.0/24
93.123.117.0/24
93.123.119.0/24
94.103.125.0/24
94.154.160.0/22
94.156.232.0/24
94.156.239.0/24
141.98.1.0/24
141.98.6.0/24
171.22.73.0-171.22.75.255
178.215.227.0/24
185.216.84.0/22
193.25.216.0/24
193.35.18.0/24
193.222.96.0/24
193.222.98.0/24
194.55.186.0/24
194.169.175.0/24
195.178.111.0/24
212.115.41.0/24
Signature Algorithm: sha256WithRSAEncryption
9e:03:cb:c9:74:fd:8a:97:33:e4:df:b6:0c:5f:34:99:a2:77:
e1:c1:09:ce:b7:fc:b2:27:f9:89:4d:f1:f9:19:b0:05:3a:33:
c3:c5:63:6a:59:ab:f4:b8:27:76:1f:9f:07:cf:ea:f1:15:41:
0a:6a:69:22:8c:10:87:8e:09:8f:46:18:6e:8b:89:0b:9b:e5:
f1:ed:ea:b6:76:cf:c5:c3:e0:74:43:1e:f9:e5:9e:8f:f1:0b:
40:4e:68:9c:9b:95:d0:19:1b:8d:e4:18:77:4f:2e:50:79:de:
6b:77:a1:b3:03:cf:4f:1b:71:08:ad:07:6b:14:77:00:b2:55:
0a:6c:35:b5:e2:44:2d:96:91:0c:35:b1:4c:e4:d4:f6:ab:02:
c4:c6:80:af:74:10:64:04:ef:42:c4:5e:b7:22:b2:7f:90:93:
02:cc:c4:f1:9f:c5:bd:f3:32:53:d2:27:b8:59:0d:8a:7f:48:
03:37:c6:bc:4e:22:7e:31:09:d7:3f:18:67:95:ca:69:e8:0c:
3e:17:f2:4e:ca:9c:eb:94:f4:6a:73:e6:08:69:2c:1c:b9:50:
1d:aa:da:5c:e5:39:11:28:9a:4f:d3:85:e7:5b:48:59:7a:4c:
38:6c:09:ca:2b:79:f9:d8:73:7e:80:e3:22:30:1b:7e:96:6e:
14:f1:b4:f2
-----BEGIN CERTIFICATE-----
MIIGTzCCBTegAwIBAgISAZdelzig2Q6//bGNaatwGlD4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNjExMTA0NDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzViMDJhNGM4Y2VlNTQ0OWM1NGQwOGQ3YjEyYmZmMzE2NmI3ZWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnNaDliJXZb1uRvfAjiGjRUcjMqo3
WrFGLANWV4z4+ZRtjI8nE55Emnh8z/phpww2WcV9hnV6BrNdTzVmpMEPUHMzHmk7
KaWGOWZqCUdZzlq+DwtpMMkGzes7n3bzgLeJDrY47nw6yCtGbsjoDmoztZetL6ac
6SupAiUcqhCZ68RwuVp1UnBlrpLXLs3c6CeAiL3cHHeCDfv/IjFB46vseOXS3UxY
km+PAQaQiTp1oiMwMxPNlSve4zK77AnaT11vXufTKBu9SQ/y8uM4QUltx+wjH0Ff
bYK+ViqYdpAyhVGdhX7GSbnuQZk3ZxE0yEDCzss8VyYJbIaZyw+1c5R+pwIDAQAB
o4IDWzCCA1cwHQYDVR0OBBYEFFNbAqTIzuVEnFTQjXsSv/MWa36rMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVTFzQ3BNak81VVNjVk5DTmV4S184eFpyZnFzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBbwYIKwYBBQUHAQcBAf8EggFeMIIBWjCCAVYEAgABMIIB
TgMEAAI7/QMEAgX8hAMEAB8N0wMEAC0IXQMEAC0JnQMEAC0M/QMEAC1C5AMEAC1C
5wMEAC1RJwMEAC1YQAMEAC1Z9wMEAC1aWQMEAC2LagMEAS2NngMEAC2XWgMEAFGh
7gMEAFPbYQMEAFQ2MAMEAFd4VwMEAFd4WQMEAFd4fgMEAFd4pjAMAwQCV3kUAwQA
V3kWAwQAV3kmAwQAV3ktAwQAV3lXAwQAV3mlAwQAW1xGAwQBXHfEAwQAXPkyAwQA
XXstAwQAXXsvAwQAXXtVAwQAXXttAwQAXXt1AwQAXXt3AwQAXmd9AwQCXpqgAwQA
XpzoAwQAXpzvAwQAjWIBAwQAjWIGMAwDBACrFkkDBAKrFkgDBACy1+MDBAK52FQD
BADBGdgDBADBIxIDBADB3mADBADB3mIDBADCN7oDBADCqa8DBADDsm8DBADUcykw
DQYJKoZIhvcNAQELBQADggEBAJ4Dy8l0/YqXM+TftgxfNJmid+HBCc63/LIn+YlN
8fkZsAU6M8PFY2pZq/S4J3YfnwfP6vEVQQpqaSKMEIeOCY9GGG6LiQub5fHt6rZ2
z8XD4HRDHvnlno/xC0BOaJybldAZG43kGHdPLlB53mt3obMDz08bcQitB2sUdwCy
VQpsNbXiRC2WkQw1sUzk1ParAsTGgK90EGQE70LEXrcisn+QkwLMxPGfxb3zMlPS
J7hZDYp/SAM3xrxOIn4xCdc/GGeVymnoDD4X8k7KnOuU9Gpz5ghpLBy5UB2q2lzl
OREomk/ThedbSFl6TDhsCcorefnYc36A4yIwG36WbhTxtPI=
-----END CERTIFICATE-----
Generated at Mon Jun 16 05:39:16 2025 by rpki-client