Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VIhNhzTBYsOiFd_wJoIyB8CydtU.roa
File: VIhNhzTBYsOiFd_wJoIyB8CydtU.roa (raw, json)
Hash identifier: J6xZNofaPnHITmVt/RU4EBy/3ktfJddYYECBa21fGXI=
Subject key identifier: 54:88:4D:87:34:C1:62:C3:A2:15:DF:F0:26:82:32:07:C0:B2:76:D5
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0196425590C8BB95ED3416F84F6C128CC52C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VIhNhzTBYsOiFd_wJoIyB8CydtU.roa
Signing time: Thu 17 Apr 2025 06:00:26 +0000
ROA not before: Thu 17 Apr 2025 06:00:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2.59.253.0/24 maxlen: 24
5.252.132.0/22 maxlen: 24
31.13.211.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.12.253.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.81.39.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.141.159.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.22.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.84.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.70.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.45.0/24 maxlen: 24
93.123.47.0/24 maxlen: 24
93.123.85.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
94.103.125.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.232.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.73.0/24 maxlen: 24
171.22.74.0/23 maxlen: 24
178.215.227.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
193.35.18.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
194.180.48.0/24 maxlen: 24
194.180.49.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:42:55:90:c8:bb:95:ed:34:16:f8:4f:6c:12:8c:c5:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 17 06:00:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=54884d8734c162c3a215dff026823207c0b276d5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:2e:8e:5b:41:1c:45:22:56:29:c8:93:65:e1:
be:d5:71:8d:70:da:44:c1:68:88:81:27:7d:61:3f:
df:ff:b2:f4:9c:c6:34:78:13:29:d7:8c:ed:07:71:
19:c8:23:e0:82:c5:6f:23:b4:53:f0:97:44:bb:32:
af:b3:ac:3e:a5:26:ee:10:64:be:e8:1b:6e:2d:bf:
fd:97:02:7a:0e:fe:d7:b2:bc:87:b7:f7:ce:d4:c8:
56:39:f1:7f:ff:6c:fb:c3:3d:ac:da:e0:dd:c8:70:
9f:8c:15:c2:5e:7e:89:80:e2:f4:6c:5a:a8:78:0b:
5b:29:16:10:c1:83:06:2c:3e:f8:7f:05:64:aa:ea:
15:d6:eb:46:00:16:75:f8:8e:0e:e9:22:9c:7a:83:
41:42:1c:32:97:d5:c5:cf:8c:4d:1f:eb:57:c1:4d:
b6:85:17:77:dd:ab:09:8a:61:ab:63:c0:0b:e2:4a:
4c:68:97:97:54:13:ad:91:6f:2f:92:3a:64:95:d8:
cd:ea:98:d4:e5:3d:f7:49:39:56:aa:d8:ef:44:d6:
1a:b1:af:93:64:0a:ae:48:5b:3d:99:3d:47:be:44:
f2:46:a2:a9:90:a2:b0:01:91:1c:0f:1d:c7:3c:d4:
04:5e:44:79:84:92:6f:28:dd:71:08:07:ec:b5:d8:
f6:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
54:88:4D:87:34:C1:62:C3:A2:15:DF:F0:26:82:32:07:C0:B2:76:D5
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/VIhNhzTBYsOiFd_wJoIyB8CydtU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.253.0/24
5.252.132.0/22
31.13.211.0/24
45.9.157.0/24
45.12.253.0/24
45.66.228.0/24
45.66.230.0/23
45.81.39.0/24
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/23
45.151.90.0/24
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.166.0/24
87.121.22.0/24
87.121.38.0/24
87.121.45.0/24
87.121.84.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.70.0/24
92.249.50.0/24
93.123.45.0/24
93.123.47.0/24
93.123.85.0/24
93.123.109.0/24
93.123.117.0/24
93.123.119.0/24
94.103.125.0/24
94.154.160.0/22
94.156.64.0/21
94.156.232.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.73.0-171.22.75.255
178.215.227.0/24
185.216.84.0/22
193.25.216.0/24
193.35.18.0/24
194.55.186.0/24
194.169.175.0/24
194.180.48.0/23
Signature Algorithm: sha256WithRSAEncryption
50:e0:12:00:0d:87:93:2e:46:be:42:d8:48:66:b3:20:37:95:
72:cf:77:a6:98:23:85:a9:e5:e4:73:e5:85:a3:81:10:cd:28:
34:ae:23:32:b7:d7:a6:84:fe:34:71:9d:a1:83:7c:e2:74:b2:
45:ea:39:aa:d1:9d:58:36:8f:d4:48:6a:3c:47:a4:29:a2:46:
1e:d7:28:b4:96:1a:15:40:f1:58:01:c7:06:c7:f6:e5:82:67:
dc:81:e4:41:6b:c1:91:ca:b2:82:dd:51:ab:37:85:bb:4f:e2:
71:6c:41:94:47:90:09:e0:4b:24:f9:8c:7e:ca:12:21:68:b6:
4c:ab:a1:16:5f:45:22:31:23:4e:be:5d:91:88:a2:7f:23:a0:
b4:e5:01:61:db:e4:bf:02:cd:0d:cb:e3:c9:6c:a7:ca:ee:e6:
c2:1d:94:a7:3c:1f:9a:9c:37:83:ae:76:d9:73:58:4d:44:6d:
3f:b0:58:95:b1:79:aa:ca:6f:65:49:64:0f:46:96:80:89:77:
b5:d0:d7:ca:2e:09:56:9f:ed:fd:f3:b6:5c:a4:06:c4:57:89:
7c:be:57:ed:f9:fd:17:70:32:d3:86:e6:bb:17:99:1d:69:10:
5f:7d:c1:c0:48:5a:79:2c:94:5b:14:80:43:48:dd:e2:25:d0:
af:56:35:df
-----BEGIN CERTIFICATE-----
MIIGOzCCBSOgAwIBAgISAZZCVZDIu5XtNBb4T2wSjMUsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNDE3MDYwMDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NDg4NGQ4NzM0YzE2MmMzYTIxNWRmZjAyNjgyMzIwN2MwYjI3NmQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvi6OW0EcRSJWKciTZeG+1XGNcNpE
wWiIgSd9YT/f/7L0nMY0eBMp14ztB3EZyCPggsVvI7RT8JdEuzKvs6w+pSbuEGS+
6BtuLb/9lwJ6Dv7XsryHt/fO1MhWOfF//2z7wz2s2uDdyHCfjBXCXn6JgOL0bFqo
eAtbKRYQwYMGLD74fwVkquoV1utGABZ1+I4O6SKceoNBQhwyl9XFz4xNH+tXwU22
hRd33asJimGrY8AL4kpMaJeXVBOtkW8vkjpkldjN6pjU5T33STlWqtjvRNYasa+T
ZAquSFs9mT1HvkTyRqKpkKKwAZEcDx3HPNQEXkR5hJJvKN1xCAfstdj2WwIDAQAB
o4IDRzCCA0MwHQYDVR0OBBYEFFSITYc0wWLDohXf8CaCMgfAsnbVMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVkloTmh6VEJZc09pRmRfd0pvSXlCOEN5ZHRVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBWwYIKwYBBQUHAQcBAf8EggFKMIIBRjCCAUIEAgABMIIB
OgMEAAI7/QMEAgX8hAMEAB8N0wMEAC0JnQMEAC0M/QMEAC1C5AMEAS1C5gMEAC1R
JwMEAC1YQAMEAC1Z9wMEAC1aWQMEAC2LagMEAS2NngMEAC2XWgMEAE9uMgMEAFGh
7gMEAFPbYQMEAFQ2MAMEAFd4VwMEAFd4pgMEAFd5FgMEAFd5JgMEAFd5LQMEAFd5
VAMEAFd5VwMEAVd5fAMEAFd5ogMEAFd5pQMEAFtcRgMEAFz5MgMEAF17LQMEAF17
LwMEAF17VQMEAF17bQMEAF17dQMEAF17dwMEAF5nfQMEAl6aoAMEA16cQAMEAF6c
6AMEAI1iAQMEAI1iBgMEAJNOZDAMAwQAqxZJAwQCqxZIAwQAstfjAwQCudhUAwQA
wRnYAwQAwSMSAwQAwje6AwQAwqmvAwQBwrQwMA0GCSqGSIb3DQEBCwUAA4IBAQBQ
4BIADYeTLka+QthIZrMgN5Vyz3emmCOFqeXkc+WFo4EQzSg0riMyt9emhP40cZ2h
g3zidLJF6jmq0Z1YNo/USGo8R6QpokYe1yi0lhoVQPFYAccGx/blgmfcgeRBa8GR
yrKC3VGrN4W7T+JxbEGUR5AJ4Esk+Yx+yhIhaLZMq6EWX0UiMSNOvl2RiKJ/I6C0
5QFh2+S/As0Ny+PJbKfK7ubCHZSnPB+anDeDrnbZc1hNRG0/sFiVsXmqym9lSWQP
RpaAiXe10NfKLglWn+3987ZcpAbEV4l8vlft+f0XcDLThua7F5kdaRBffcHASFp5
LJRbFIBDSN3iJdCvVjXf
-----END CERTIFICATE-----
Generated at Thu Jun 19 15:05:11 2025 by rpki-client