Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_ZEhnDfQ9reP2gz2or7U9IRmkng.roa
File: _ZEhnDfQ9reP2gz2or7U9IRmkng.roa (raw, json)
Hash identifier: /D/Hu93T/Ch95iqsS+5n/a50WY/I+HVS8Bt4CcZsV6M=
Subject key identifier: FD:91:21:9C:37:D0:F6:B7:8F:DA:0C:F6:A2:BE:D4:F4:84:66:92:78
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0194EF850BA47CFD26EFF6B4C5CBCB91E53C
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_ZEhnDfQ9reP2gz2or7U9IRmkng.roa
Signing time: Mon 10 Feb 2025 11:01:01 +0000
ROA not before: Mon 10 Feb 2025 11:01:01 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.85.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.106.0/24 maxlen: 32
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:ef:85:0b:a4:7c:fd:26:ef:f6:b4:c5:cb:cb:91:e5:3c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 10 11:01:01 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fd91219c37d0f6b78fda0cf6a2bed4f484669278
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:3d:c9:07:bd:9c:29:1b:45:f1:1f:17:6e:a1:
07:46:3a:12:f0:7a:71:1c:8c:90:89:95:a7:7d:3b:
ec:6e:72:65:41:30:4e:7f:6e:c1:dc:9e:cf:9c:65:
f4:36:90:79:fe:72:be:29:fe:e8:49:b2:2e:f6:5b:
44:7b:61:06:7f:b9:7b:8f:b7:ed:59:b9:73:e5:c7:
40:5d:86:49:b6:3b:75:d7:a3:ef:39:fe:f9:75:9c:
fc:3a:1d:e5:98:74:2e:a8:06:b4:67:46:16:0f:34:
7e:e6:02:fa:7d:57:1d:e9:66:29:e1:f3:7e:ca:27:
a1:8f:81:af:e4:6d:31:06:18:8e:47:c8:c5:45:6d:
63:cb:60:e5:cc:73:54:f0:49:13:7e:87:6b:3d:2b:
32:c6:b1:9d:40:7c:ee:1a:e3:a5:4d:2e:9a:29:3a:
98:70:f6:c8:a5:1a:41:f8:9a:7d:38:cd:42:ea:e6:
46:a9:bb:a9:82:d3:61:a1:dd:df:38:6a:ac:e9:df:
4a:cd:bb:ef:58:2b:35:b1:a7:45:86:02:a4:ae:26:
c6:b8:d4:de:9b:9a:f1:fe:0d:ad:c3:af:57:ca:bb:
85:e9:6a:b3:ca:85:a4:e9:fb:c6:bf:2f:b0:f9:d4:
3b:d4:45:07:21:11:69:e5:1a:66:64:fa:b8:f5:9f:
91:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FD:91:21:9C:37:D0:F6:B7:8F:DA:0C:F6:A2:BE:D4:F4:84:66:92:78
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_ZEhnDfQ9reP2gz2or7U9IRmkng.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.85.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.106.0/24
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
80:37:b5:82:78:16:96:e2:fd:76:e5:6c:32:28:b7:48:32:ac:
8b:72:27:9f:b4:10:9f:5b:3e:2a:b0:0f:08:bc:c7:b7:44:7f:
5e:94:3c:ae:f5:16:21:3d:b7:49:cb:e2:1d:22:20:f6:92:4a:
5c:1f:ca:0e:f5:3d:d2:7a:8f:15:68:cc:9e:25:e3:c5:5c:cf:
21:fa:bc:c8:9b:22:92:66:ba:eb:e3:81:d8:c2:f2:af:3f:ae:
86:5c:57:a0:ba:cd:e0:a9:2b:ff:54:3b:69:60:fb:6a:29:ea:
f1:77:64:f1:09:8e:8f:4a:d5:f0:5e:c2:33:b5:4b:0a:56:d4:
ea:c4:36:2a:26:72:39:e0:13:55:26:a3:b9:e0:0a:a4:e7:2c:
50:74:3f:25:02:3c:c2:a1:36:28:82:95:41:a1:a8:1f:d5:ce:
9f:2f:59:16:e0:5a:5d:6f:e3:17:5b:54:5f:f0:bd:f5:1d:1b:
3f:06:66:e0:0a:57:5f:de:76:ae:38:10:b6:94:fe:97:c1:84:
00:0e:16:b7:6d:fa:a9:5d:93:19:c9:d6:50:ab:a0:2a:00:d3:
5e:cd:19:26:d7:29:0f:8e:7a:2b:4c:f8:ad:0a:e4:a5:71:d7:
85:06:48:33:66:d8:1b:16:d6:c7:5e:b3:2a:94:43:4a:d9:37:
fa:92:f3:da
-----BEGIN CERTIFICATE-----
MIIGCzCCBPOgAwIBAgISAZTvhQukfP0m7/a0xcvLkeU8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMjEwMTEwMTAxWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZDkxMjE5YzM3ZDBmNmI3OGZkYTBjZjZhMmJlZDRmNDg0NjY5Mjc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0j3JB72cKRtF8R8XbqEHRjoS8Hpx
HIyQiZWnfTvsbnJlQTBOf27B3J7PnGX0NpB5/nK+Kf7oSbIu9ltEe2EGf7l7j7ft
Wblz5cdAXYZJtjt116PvOf75dZz8Oh3lmHQuqAa0Z0YWDzR+5gL6fVcd6WYp4fN+
yiehj4Gv5G0xBhiOR8jFRW1jy2DlzHNU8EkTfodrPSsyxrGdQHzuGuOlTS6aKTqY
cPbIpRpB+Jp9OM1C6uZGqbupgtNhod3fOGqs6d9KzbvvWCs1sadFhgKkribGuNTe
m5rx/g2tw69XyruF6WqzyoWk6fvGvy+w+dQ71EUHIRFp5RpmZPq49Z+REwIDAQAB
o4IDFzCCAxMwHQYDVR0OBBYEFP2RIZw30Pa3j9oM9qK+1PSEZpJ4MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvX1pFaG5EZlE5cmVQMmd6Mm9yN1U5SVJta25nLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKwYIKwYBBQUHAQcBAf8EggEaMIIBFjCCARIEAgABMIIB
CgMEAgX8hAMEAS0JnAMEAC0OpAMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1a
WQMEAC2LagMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQAU9thAwQA
VDYwAwQAV3hXAwQAV3imAwQAV3ktAwQAV3lXAwQBV3l8AwQAV3miAwQAV3mlAwQE
W1zwAwQBXHfEAwQAXPkyAwQAXXtVAwQCXpqgAwQAXpwLAwQDXpxAAwQAXpxqAwQA
XpyzAwQAXpz4AwQAX9YbAwQAjWIBAwQAjWIGAwQAk05kAwQCqxZIAwQCudhUAwQC
udpUAwQAwRnYAwQAwjFeAwQAwje6AwQAwqmvMA0GCSqGSIb3DQEBCwUAA4IBAQCA
N7WCeBaW4v125WwyKLdIMqyLcieftBCfWz4qsA8IvMe3RH9elDyu9RYhPbdJy+Id
IiD2kkpcH8oO9T3Seo8VaMyeJePFXM8h+rzImyKSZrrr44HYwvKvP66GXFegus3g
qSv/VDtpYPtqKerxd2TxCY6PStXwXsIztUsKVtTqxDYqJnI54BNVJqO54Aqk5yxQ
dD8lAjzCoTYogpVBoagf1c6fL1kW4Fpdb+MXW1Rf8L31HRs/BmbgCldf3nauOBC2
lP6XwYQADha3bfqpXZMZydZQq6AqANNezRkm1ykPjnorTPitCuSlcdeFBkgzZtgb
FtbHXrMqlENK2Tf6kvPa
-----END CERTIFICATE-----
Generated at Mon Apr 28 05:15:18 2025 by rpki-client