Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aGIyOYnRZ3gl3cpN1uPx1jKQQdE.roa
File: aGIyOYnRZ3gl3cpN1uPx1jKQQdE.roa (raw, json)
Hash identifier: /n3DL9Q2SpivEsC8KYaiYG5998ySvC0KsY/jUYcvg8E=
Subject key identifier: 68:62:32:39:89:D1:67:78:25:DD:CA:4D:D6:E3:F1:D6:32:90:41:D1
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195A2D1C0A49752D13CC156EB4B499D39CD
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aGIyOYnRZ3gl3cpN1uPx1jKQQdE.roa
Signing time: Mon 17 Mar 2025 06:36:50 +0000
ROA not before: Mon 17 Mar 2025 06:36:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.31.47.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.105.0/24 maxlen: 24
94.156.106.0/24 maxlen: 32
94.156.167.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:a2:d1:c0:a4:97:52:d1:3c:c1:56:eb:4b:49:9d:39:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 17 06:36:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=6862323989d1677825ddca4dd6e3f1d6329041d1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a0:cc:19:88:1c:ee:a6:44:55:59:bd:0e:74:36:
ea:e8:ff:f5:55:e4:51:ea:95:9f:18:08:f1:46:e5:
c2:53:f5:2b:30:c8:f4:87:29:e1:04:b0:97:84:90:
4b:8a:32:83:f1:7c:3b:b2:52:53:60:2d:29:c4:05:
3e:c4:41:6d:51:09:a7:c4:66:a7:a5:a5:7e:9a:a8:
a1:83:a2:11:e5:f6:bc:12:ae:1c:ba:19:f3:e4:f1:
e8:e9:2b:9d:cc:42:cb:06:67:ff:69:c8:e3:26:23:
e8:05:b8:56:e8:05:9d:d3:ff:eb:70:bc:9b:0c:b4:
ed:5d:33:10:79:a4:c7:13:c3:fb:b1:55:3d:fc:f9:
02:ef:3c:37:59:24:7d:b6:1d:8d:93:e5:7f:ca:4b:
63:12:73:6f:65:e9:d4:6c:c1:2a:9e:5d:fa:54:50:
6c:96:53:de:10:be:e2:c9:77:4b:1a:2d:d3:4e:b0:
63:c0:84:93:53:2b:60:64:41:14:6f:81:65:32:02:
45:3d:98:e3:cb:29:1c:57:1b:cd:cb:18:9c:3a:08:
f7:b5:ee:7f:5f:c8:29:04:09:91:44:f2:51:d3:ff:
76:66:7f:ed:87:d7:25:45:17:6f:33:ef:9e:b7:98:
2f:96:c3:f1:4b:79:2b:88:92:23:87:f2:c7:53:04:
d4:9f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
68:62:32:39:89:D1:67:78:25:DD:CA:4D:D6:E3:F1:D6:32:90:41:D1
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/aGIyOYnRZ3gl3cpN1uPx1jKQQdE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
85.31.47.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0-87.120.127.255
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.109.0/24
94.154.160.0/22
94.156.64.0/21
94.156.105.0-94.156.106.255
94.156.167.0/24
94.156.179.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
86:eb:3e:94:8f:b6:5f:65:ba:f7:38:11:7c:72:b3:a6:35:46:
47:f4:39:ab:63:0b:f7:31:0b:9d:de:76:d9:1f:d5:f0:c2:13:
bc:a7:e9:5d:aa:7d:ce:d5:08:9f:b4:b4:7e:80:78:66:af:21:
fb:a8:a9:d5:e3:3e:5a:40:fb:04:c3:8a:2d:36:32:33:14:75:
35:93:91:4a:66:0b:7d:23:17:bc:68:99:5d:db:81:e1:d3:41:
7f:21:d4:bf:54:e8:f5:08:b2:4b:7a:bc:8d:1c:28:78:d9:3a:
02:43:56:b3:9e:6a:c1:8f:07:db:33:59:4a:4c:73:78:ce:de:
9f:f5:99:3b:3e:bf:51:13:45:d1:25:44:f9:27:51:c9:1c:9d:
60:bf:fd:e9:05:e0:8f:0f:d8:af:cd:d6:ba:3f:40:f9:64:67:
18:b3:63:03:31:d7:62:ff:6d:57:a7:fc:b0:53:10:17:26:d6:
e4:43:55:0a:0f:4d:dd:cc:b0:e6:e5:39:93:7f:11:7a:25:26:
a3:ee:14:75:96:59:70:83:8d:aa:2d:3c:a1:d1:b8:73:fc:03:
22:54:20:54:30:85:32:12:c8:64:94:5a:4b:aa:db:4b:af:2e:
ee:5c:9e:fa:3f:1e:1d:89:ea:a0:b9:c8:3a:66:d1:09:7d:c3:
76:4c:95:d2
-----BEGIN CERTIFICATE-----
MIIGNTCCBR2gAwIBAgISAZWi0cCkl1LRPMFW60tJnTnNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzE3MDYzNjUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ODYyMzIzOTg5ZDE2Nzc4MjVkZGNhNGRkNmUzZjFkNjMyOTA0MWQxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoMwZiBzupkRVWb0OdDbq6P/1VeRR
6pWfGAjxRuXCU/UrMMj0hynhBLCXhJBLijKD8Xw7slJTYC0pxAU+xEFtUQmnxGan
paV+mqihg6IR5fa8Eq4cuhnz5PHo6SudzELLBmf/acjjJiPoBbhW6AWd0//rcLyb
DLTtXTMQeaTHE8P7sVU9/PkC7zw3WSR9th2Nk+V/yktjEnNvZenUbMEqnl36VFBs
llPeEL7iyXdLGi3TTrBjwISTUytgZEEUb4FlMgJFPZjjyykcVxvNyxicOgj3te5/
X8gpBAmRRPJR0/92Zn/th9clRRdvM++et5gvlsPxS3kriJIjh/LHUwTUnwIDAQAB
o4IDQTCCAz0wHQYDVR0OBBYEFGhiMjmJ0Wd4Jd3KTdbj8dYykEHRMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvYUdJeU9ZblJaM2dsM2NwTjF1UHgxaktRUWRFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBVQYIKwYBBQUHAQcBAf8EggFEMIIBQDCCATwEAgABMIIB
NAMEAgX8hAMEAS0JnAMEAC0OpAMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1a
WQMEAC2LagMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAUaHuAwQAU9thAwQA
VDYwAwQAVR8vAwQAV3hXMAwDBARXeHADBAFXeHQDBAFXeHgwDAMEAFd4fQMEB1d4
AAMEAFd4pgMEAFd5LQMEAFd5VwMEAVd5fAMEAFd5ogMEAFd5pQMEBFtc8AMEAVx3
xAMEAFz5MgMEAF17bQMEAl6aoAMEA16cQDAMAwQAXpxpAwQAXpxqAwQAXpynAwQA
XpyzAwQAbc7tAwQAjWIBAwQAjWIGAwQAk05kAwQCqxZIAwQAstfgAwQCudhUAwQC
udpUAwQAwRnYAwQAwje6AwQAwqmvMA0GCSqGSIb3DQEBCwUAA4IBAQCG6z6Uj7Zf
Zbr3OBF8crOmNUZH9DmrYwv3MQud3nbZH9XwwhO8p+ldqn3O1QiftLR+gHhmryH7
qKnV4z5aQPsEw4otNjIzFHU1k5FKZgt9Ixe8aJld24Hh00F/IdS/VOj1CLJLeryN
HCh42ToCQ1aznmrBjwfbM1lKTHN4zt6f9Zk7Pr9RE0XRJUT5J1HJHJ1gv/3pBeCP
D9ivzda6P0D5ZGcYs2MDMddi/21Xp/ywUxAXJtbkQ1UKD03dzLDm5TmTfxF6JSaj
7hR1lllwg42qLTyh0bhz/AMiVCBUMIUyEshklFpLqttLry7uXJ76Px4dieqgucg6
ZtEJfcN2TJXS
-----END CERTIFICATE-----
Generated at Thu May 1 04:29:05 2025 by rpki-client