Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aEwmcRT8-xo-SEb56yZfSEK6H10.roa
File: aEwmcRT8-xo-SEb56yZfSEK6H10.roa (raw, json)
Hash identifier: tape68w2wINUbJ1ickTfHzGrVD2YPcomiFp1WItBLOc=
Subject key identifier: 68:4C:26:71:14:FC:FB:1A:3E:48:46:F9:EB:26:5F:48:42:BA:1F:5D
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0196194CE79976B2FC85F372DBDBA399E95F
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aEwmcRT8-xo-SEb56yZfSEK6H10.roa
Signing time: Wed 09 Apr 2025 06:46:32 +0000
ROA not before: Wed 09 Apr 2025 06:46:32 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2.59.253.0/24 maxlen: 24
5.252.132.0/22 maxlen: 24
31.13.211.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.12.253.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.81.39.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.141.159.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.18.0/24 maxlen: 24
87.121.22.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.70.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.249.50.0/24 maxlen: 24
93.123.45.0/24 maxlen: 24
93.123.47.0/24 maxlen: 24
93.123.85.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
94.103.125.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.92.0/24 maxlen: 24
94.156.232.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.73.0/24 maxlen: 24
171.22.74.0/23 maxlen: 24
178.215.224.0/24 maxlen: 24
178.215.227.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
193.35.18.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:19:4c:e7:99:76:b2:fc:85:f3:72:db:db:a3:99:e9:5f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 9 06:46:32 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=684c267114fcfb1a3e4846f9eb265f4842ba1f5d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:e1:82:5f:df:0f:bf:24:a6:59:98:a0:51:aa:
b4:d1:37:c5:b4:f2:fd:c3:35:61:66:7f:a8:72:bd:
33:ec:32:4a:39:f4:5e:89:9c:00:61:36:70:ad:3c:
00:de:62:8d:ce:94:fa:1e:69:6e:94:43:30:60:80:
57:68:22:9c:55:40:c6:a7:b7:ee:a1:b2:bc:96:47:
70:b4:e2:a6:7b:52:90:61:bb:a9:74:92:f6:37:18:
42:7f:a7:5f:eb:5a:a0:5e:58:73:0b:2f:f3:51:cc:
5d:49:fa:84:6b:99:71:13:36:40:58:41:4a:d7:3a:
f5:95:6d:c7:46:b0:90:40:9d:24:1c:51:90:50:e0:
39:ab:b2:d2:87:0e:f6:12:d8:bd:d8:e4:b0:98:7b:
b6:72:81:4b:f6:68:3d:ef:48:60:98:e7:18:fe:02:
61:90:68:80:8b:06:e8:b6:c7:7f:48:57:fb:58:4f:
da:0c:b0:e5:3c:1e:18:ce:f0:0e:9d:17:db:86:f3:
f9:58:b9:bc:e3:14:a1:df:af:e4:bb:b0:54:0d:b7:
d5:9b:d1:e2:e6:e5:9f:19:76:b9:f9:9e:5b:dd:94:
08:23:4a:40:45:be:15:5b:d6:d9:cd:bb:4e:60:8c:
19:02:f0:e8:53:e6:6a:38:47:36:44:4d:69:43:a4:
5b:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:4C:26:71:14:FC:FB:1A:3E:48:46:F9:EB:26:5F:48:42:BA:1F:5D
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aEwmcRT8-xo-SEb56yZfSEK6H10.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.253.0/24
5.252.132.0/22
31.13.211.0/24
45.9.157.0/24
45.12.253.0/24
45.66.228.0/24
45.66.230.0/23
45.81.39.0/24
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/23
45.151.90.0/24
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.125.0/24
87.120.166.0/24
87.121.18.0/24
87.121.22.0/24
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.70.0/24
91.92.240.0/20
92.249.50.0/24
93.123.45.0/24
93.123.47.0/24
93.123.85.0/24
93.123.109.0/24
93.123.117.0/24
93.123.119.0/24
94.103.125.0/24
94.154.160.0/22
94.156.64.0/21
94.156.92.0/24
94.156.232.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.73.0-171.22.75.255
178.215.224.0/24
178.215.227.0/24
185.216.84.0/22
193.25.216.0/24
193.35.18.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
78:a5:f7:cc:f9:81:94:6d:80:e6:e9:e8:0e:76:f8:b9:c3:af:
99:b2:13:f9:13:09:75:01:77:71:4c:27:47:4d:a3:90:ed:c0:
4b:3a:5a:c9:5b:47:71:19:aa:d4:26:09:11:01:08:97:c2:83:
fa:7b:11:fc:65:ea:91:1a:a5:1e:94:7a:6b:7a:29:61:c4:40:
c1:0c:3a:da:e9:c8:e5:ca:5f:db:77:58:c5:af:28:52:9d:81:
fb:16:99:f2:0b:d2:d2:14:04:43:8f:63:25:f2:c5:11:95:ea:
6c:19:c1:69:ac:8f:20:70:2e:3e:17:5e:b1:b5:a9:0e:11:41:
4f:79:be:7e:03:9b:da:f0:83:28:a5:c3:8d:5a:4b:93:4d:45:
10:ec:37:2d:06:eb:e6:b6:88:35:71:e7:42:2d:67:71:e1:d2:
98:0f:58:20:2e:73:d6:bc:85:8b:35:f1:95:29:23:c0:a7:bd:
45:ae:1f:e8:86:15:8d:e7:65:ff:0f:15:aa:7c:f7:e9:39:a7:
91:66:80:e3:a7:ea:2e:94:5f:44:78:08:63:09:93:eb:14:73:
0f:1b:97:f0:b3:69:0f:7e:06:e5:09:e8:e2:8e:5d:07:1e:c5:
28:0d:d0:5e:5c:aa:a2:19:59:5b:e6:00:ab:fd:f0:5a:69:d6:
8e:fb:6a:31
-----BEGIN CERTIFICATE-----
MIIGUzCCBTugAwIBAgISAZYZTOeZdrL8hfNy29ujmelfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNDA5MDY0NjMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODRjMjY3MTE0ZmNmYjFhM2U0ODQ2ZjllYjI2NWY0ODQyYmExZjVkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt+GCX98PvySmWZigUaq00TfFtPL9
wzVhZn+ocr0z7DJKOfReiZwAYTZwrTwA3mKNzpT6HmlulEMwYIBXaCKcVUDGp7fu
obK8lkdwtOKme1KQYbupdJL2NxhCf6df61qgXlhzCy/zUcxdSfqEa5lxEzZAWEFK
1zr1lW3HRrCQQJ0kHFGQUOA5q7LShw72Eti92OSwmHu2coFL9mg970hgmOcY/gJh
kGiAiwbotsd/SFf7WE/aDLDlPB4YzvAOnRfbhvP5WLm84xSh36/ku7BUDbfVm9Hi
5uWfGXa5+Z5b3ZQII0pARb4VW9bZzbtOYIwZAvDoU+ZqOEc2RE1pQ6RbBQIDAQAB
o4IDXzCCA1swHQYDVR0OBBYEFGhMJnEU/PsaPkhG+esmX0hCuh9dMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvYUV3bWNSVDgteG8tU0ViNTZ5WmZTRUs2SDEwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBcwYIKwYBBQUHAQcBAf8EggFiMIIBXjCCAVoEAgABMIIB
UgMEAAI7/QMEAgX8hAMEAB8N0wMEAC0JnQMEAC0M/QMEAC1C5AMEAS1C5gMEAC1R
JwMEAC1YQAMEAC1Z9wMEAC1aWQMEAC2LagMEAS2NngMEAC2XWgMEAE9uMgMEAFGh
7gMEAFPbYQMEAFQ2MAMEAFd4VwMEAFd4fQMEAFd4pgMEAFd5EgMEAFd5FgMEAFd5
JgMEAFd5LQMEAFd5VwMEAVd5fAMEAFd5ogMEAFd5pQMEAFtcRgMEBFtc8AMEAFz5
MgMEAF17LQMEAF17LwMEAF17VQMEAF17bQMEAF17dQMEAF17dwMEAF5nfQMEAl6a
oAMEA16cQAMEAF6cXAMEAF6c6AMEAG3O7QMEAI1iAQMEAI1iBgMEAJNOZDAMAwQA
qxZJAwQCqxZIAwQAstfgAwQAstfjAwQCudhUAwQAwRnYAwQAwSMSAwQAwje6AwQA
wqmvMA0GCSqGSIb3DQEBCwUAA4IBAQB4pffM+YGUbYDm6egOdvi5w6+ZshP5Ewl1
AXdxTCdHTaOQ7cBLOlrJW0dxGarUJgkRAQiXwoP6exH8ZeqRGqUelHpreilhxEDB
DDra6cjlyl/bd1jFryhSnYH7FpnyC9LSFARDj2Ml8sURlepsGcFprI8gcC4+F16x
takOEUFPeb5+A5va8IMopcONWkuTTUUQ7DctBuvmtog1cedCLWdx4dKYD1ggLnPW
vIWLNfGVKSPAp71Frh/ohhWN52X/DxWqfPfpOaeRZoDjp+oulF9EeAhjCZPrFHMP
G5fws2kPfgblCejijl0HHsUoDdBeXKqiGVlb5gCr/fBaadaO+2ox
-----END CERTIFICATE-----
Generated at Tue Apr 29 19:54:45 2025 by rpki-client