Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/YYpFChoAn1bBvlN2BcfWfnRoIkI.roa
File: YYpFChoAn1bBvlN2BcfWfnRoIkI.roa (raw, json)
Hash identifier: 1qNDpBudbJMaSysIoJwUtZA0FnmafZcQDONjxfd3LHI=
Subject key identifier: 61:8A:45:0A:1A:00:9F:56:C1:BE:53:76:05:C7:D6:7E:74:68:22:42
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0194A83F951CD458F4A4F12B3790474B9287
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/YYpFChoAn1bBvlN2BcfWfnRoIkI.roa
Signing time: Mon 27 Jan 2025 14:52:06 +0000
ROA not before: Mon 27 Jan 2025 14:52:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.209.133.0/24 maxlen: 24
87.120.84.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.120.187.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.48.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.114.0/24 maxlen: 24
94.156.170.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.236.0/24 maxlen: 24
178.215.237.0/24 maxlen: 24
178.215.238.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:a8:3f:95:1c:d4:58:f4:a4:f1:2b:37:90:47:4b:92:87
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 27 14:52:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=618a450a1a009f56c1be537605c7d67e74682242
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:2f:ae:af:b7:ae:c4:a6:13:bd:ce:86:d5:cc:
1f:b5:f9:27:e8:79:cf:81:6b:41:f4:f7:e8:72:0b:
92:b6:58:63:6f:72:f9:3b:88:59:5f:08:74:40:14:
d3:45:6e:3d:86:c7:c6:fb:b2:59:0b:8f:b7:37:ac:
5e:aa:31:16:2b:70:f1:fe:14:98:0d:d4:61:00:c9:
c8:00:29:cc:75:70:83:75:83:ca:8f:34:4b:08:08:
6a:90:3f:69:d5:e2:31:fa:71:b1:cb:e2:a2:ef:f2:
92:69:5e:5f:dd:7f:3f:d7:9d:49:76:c6:0a:95:66:
e5:62:be:1b:85:03:14:30:e2:db:72:39:ac:2a:1c:
85:c1:2a:ad:0f:82:f5:2e:eb:54:31:b1:69:1c:b0:
e9:33:3c:ce:7b:8a:b6:0b:7d:de:8c:67:93:7c:5a:
fb:f1:35:36:79:86:3b:a7:e5:28:f0:d3:03:a6:c7:
43:05:c2:4f:15:34:e7:68:34:1a:b6:c3:eb:53:33:
cb:7f:ad:44:4d:a2:0c:ae:4e:f5:61:02:a3:72:84:
83:4d:85:ca:a9:51:23:a5:cb:fd:a3:ea:f5:e3:79:
88:fc:16:9e:1f:07:b7:2d:d1:2d:0b:89:9e:1a:67:
f7:7e:ad:db:d3:fc:c4:b1:df:20:9f:d3:9b:b2:87:
c8:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:8A:45:0A:1A:00:9F:56:C1:BE:53:76:05:C7:D6:7E:74:68:22:42
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/YYpFChoAn1bBvlN2BcfWfnRoIkI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/24
45.88.64.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
83.219.97.0/24
84.54.48.0/24
85.209.133.0/24
87.120.84.0/24
87.120.87.0/24
87.120.166.0/24
87.120.187.0/24
87.121.45.0/24
87.121.87.0/24
87.121.105.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.48.0/24
92.249.50.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.114.0/24
94.156.170.0/24
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.236.0-178.215.238.255
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
84:15:7a:1b:06:cc:dd:ed:38:a1:56:4f:a3:94:0c:f3:e1:49:
57:15:c0:5b:9a:a3:ad:f8:f6:3e:54:f0:5d:f9:11:b9:50:d4:
ce:9a:ed:7f:1c:35:b9:1f:62:5b:3a:e0:87:19:ae:62:4a:77:
7a:71:d7:bb:58:f3:8b:66:29:73:60:7b:b4:fb:0e:91:26:f1:
ac:59:9e:be:d1:14:8e:81:de:1b:e5:82:03:79:79:ba:b4:b4:
6a:a7:0c:f2:8f:3d:b2:c7:1c:11:5e:e3:84:8b:01:5d:87:06:
28:dc:9d:5f:a1:19:f3:77:e8:bc:28:fe:d0:f8:5e:7d:1b:d1:
f4:41:1d:69:82:3c:f0:6d:dd:22:63:28:5d:38:e6:6d:72:e7:
13:7d:ae:b3:f5:47:e6:be:f7:1e:af:05:13:8b:de:db:6e:b7:
02:cc:44:fa:7c:ef:35:b9:f2:24:76:e0:47:9c:63:4a:1e:09:
6d:e8:be:27:5f:f7:34:d7:9d:97:ea:3a:c1:d8:44:e6:69:a9:
f9:2c:31:1d:e6:7b:65:d6:69:e8:e4:25:40:5d:6a:98:3d:f3:
33:c0:1d:11:0c:0a:51:88:a1:2e:c0:ff:af:25:86:15:c3:c8:
82:33:2a:90:f0:84:a1:2a:ce:15:be:c2:2a:00:ab:c9:6a:12:
2a:8d:09:fb
-----BEGIN CERTIFICATE-----
MIIGKzCCBROgAwIBAgISAZSoP5Uc1Fj0pPErN5BHS5KHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTI3MTQ1MjA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MThhNDUwYTFhMDA5ZjU2YzFiZTUzNzYwNWM3ZDY3ZTc0NjgyMjQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4C+ur7euxKYTvc6G1cwftfkn6HnP
gWtB9PfocguStlhjb3L5O4hZXwh0QBTTRW49hsfG+7JZC4+3N6xeqjEWK3Dx/hSY
DdRhAMnIACnMdXCDdYPKjzRLCAhqkD9p1eIx+nGxy+Ki7/KSaV5f3X8/151JdsYK
lWblYr4bhQMUMOLbcjmsKhyFwSqtD4L1LutUMbFpHLDpMzzOe4q2C33ejGeTfFr7
8TU2eYY7p+Uo8NMDpsdDBcJPFTTnaDQatsPrUzPLf61ETaIMrk71YQKjcoSDTYXK
qVEjpcv9o+r143mI/BaeHwe3LdEtC4meGmf3fq3b0/zEsd8gn9ObsofI3wIDAQAB
o4IDNzCCAzMwHQYDVR0OBBYEFGGKRQoaAJ9Wwb5TdgXH1n50aCJCMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWVlwRkNob0FuMWJCdmxOMkJjZldmblJvSWtJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBSwYIKwYBBQUHAQcBAf8EggE6MIIBNjCCATIEAgABMIIB
KgMEAS0JnAMEAC0OpAMEAC1C5AMEAC1C5gMEAC1YQAMEAC1aWQMEAC2LagMEAC2N
njAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQAU9thAwQAVDYwAwQAVdGFAwQA
V3hUAwQAV3hXAwQAV3imAwQAV3i7AwQAV3ktAwQAV3lXAwQAV3lpAwQBV3l8AwQA
V3miAwQAV3mlAwQEW1zwAwQBXHfEAwQAXPkwAwQAXPkyAwQCXpqgAwQAXpwLAwQD
XpxAAwQAXpxyAwQAXpyqAwQAXpyzAwQAXpz4AwQAX9YbAwQAjWIBAwQAjWIGAwQA
k05kAwQCqxZIMAwDBAKy1+wDBACy1+4DBAK52FQDBAK52lQDBADBGdgDBADCMV4D
BADCN7oDBADCqa8wDQYJKoZIhvcNAQELBQADggEBAIQVehsGzN3tOKFWT6OUDPPh
SVcVwFuao6349j5U8F35EblQ1M6a7X8cNbkfYls64IcZrmJKd3px17tY84tmKXNg
e7T7DpEm8axZnr7RFI6B3hvlggN5ebq0tGqnDPKPPbLHHBFe44SLAV2HBijcnV+h
GfN36Lwo/tD4Xn0b0fRBHWmCPPBt3SJjKF045m1y5xN9rrP1R+a+9x6vBROL3ttu
twLMRPp87zW58iR24EecY0oeCW3ovidf9zTXnZfqOsHYROZpqfksMR3me2XWaejk
JUBdapg98zPAHREMClGIoS7A/68lhhXDyIIzKpDwhKEqzhW+wioAq8lqEiqNCfs=
-----END CERTIFICATE-----
Generated at Sun Apr 27 12:50:02 2025 by rpki-client