Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iZNvuNKDSuOkIjZzm2A-_3n_rvU.roa
File: iZNvuNKDSuOkIjZzm2A-_3n_rvU.roa (raw, json)
Hash identifier: MueYishRGBbsFvqJTZTTr3J1WaqCQjBx2rZss9WzGEk=
Subject key identifier: 89:93:6F:B8:D2:83:4A:E3:A4:22:36:73:9B:60:3E:FF:79:FF:AE:F5
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01946F99A27A7DE48B140C9000E04C486C59
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iZNvuNKDSuOkIjZzm2A-_3n_rvU.roa
Signing time: Thu 16 Jan 2025 14:52:07 +0000
ROA not before: Thu 16 Jan 2025 14:52:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 45.9.157.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
81.161.239.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.209.133.0/24 maxlen: 24
87.120.84.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.48.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.173.0/24 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.102.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.237.0/24 maxlen: 24
185.216.71.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:6f:99:a2:7a:7d:e4:8b:14:0c:90:00:e0:4c:48:6c:59
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 16 14:52:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=89936fb8d2834ae3a42236739b603eff79ffaef5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:9e:39:57:9b:2a:a9:80:1e:20:41:3c:2f:f1:
f4:2c:0a:c7:d3:1e:e0:30:c4:33:10:37:8b:7f:2a:
c1:6b:86:98:3a:ba:38:d7:64:41:d5:e5:41:6c:97:
58:93:79:b7:b8:8e:7d:8f:ea:f4:93:f7:c7:96:c8:
3d:0f:39:57:dc:af:ef:d0:90:44:c4:8b:1f:5d:ca:
88:19:43:f5:84:73:ba:70:e9:8d:2d:bf:66:e9:cb:
24:cc:02:a2:f4:f4:97:e9:b8:a1:c4:73:a4:1b:a1:
31:ab:e4:70:ba:43:2d:33:ec:7d:5d:80:ae:8e:55:
64:61:2f:ed:ec:7d:06:d4:3c:b3:06:e5:ad:d1:24:
e1:e9:55:63:d4:db:ff:81:a2:5a:3e:0a:b3:72:7a:
3f:40:fc:89:c4:aa:30:e2:e9:75:53:74:cb:d8:d2:
a4:87:a5:63:4e:34:a9:25:af:2c:8f:de:d0:f3:13:
e8:f3:e2:4a:ea:d3:b9:0a:ed:e5:57:db:66:65:4c:
e2:98:fb:94:dd:91:eb:4f:b3:16:39:05:c2:ae:30:
32:4f:fe:c7:b6:3f:02:f4:f2:71:6b:82:14:53:6c:
5a:e1:75:04:ab:ec:d5:b8:9e:34:81:00:bf:a0:00:
23:73:e3:2c:53:5e:11:5a:32:f2:44:cc:9c:24:98:
44:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:93:6F:B8:D2:83:4A:E3:A4:22:36:73:9B:60:3E:FF:79:FF:AE:F5
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/iZNvuNKDSuOkIjZzm2A-_3n_rvU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.157.0/24
45.12.255.0/24
45.14.164.0/24
45.66.228.0/24
45.66.230.0/24
45.88.64.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
81.161.239.0/24
83.219.97.0/24
84.54.48.0/24
85.209.133.0/24
87.120.84.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.105.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.48.0/24
92.249.50.0/24
94.154.160.0/22
94.154.173.0/24
94.156.11.0/24
94.156.64.0/21
94.156.102.0/24
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.237.0/24
185.216.71.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
93:37:c7:4f:82:32:da:2c:7e:20:de:e5:cc:5b:95:db:8c:87:
f0:01:ee:41:bf:ca:29:92:9b:83:fe:a4:cc:0d:e5:f7:75:60:
8f:a4:71:ec:8f:c5:34:43:ad:99:21:82:ee:e9:43:df:7d:30:
5e:eb:12:d2:b2:51:76:67:03:bc:8b:b5:02:8d:3e:67:e1:2d:
3d:8b:bc:b9:2c:1b:c0:62:01:c7:86:5b:4a:c6:31:ca:97:b6:
a7:32:26:4a:59:02:9c:8d:25:f2:2b:39:c5:59:82:3b:20:17:
0e:26:61:06:7c:d5:3a:be:c3:07:8e:e3:21:cf:8e:76:d4:1c:
07:32:ba:9b:90:cd:d4:aa:db:c5:f1:bd:8b:2d:3c:f9:ad:76:
87:05:a9:d5:50:2d:51:3d:e1:61:5d:49:7f:c4:50:b0:e0:8b:
21:66:4f:f5:81:6e:5f:34:b0:62:7c:80:24:79:65:c9:16:ba:
c1:f7:d7:d1:c9:4d:7d:a1:c7:7b:50:2f:7d:a4:39:04:f3:31:
9f:0a:90:70:8d:f6:c1:09:be:f5:3e:de:4d:ca:28:6e:43:ff:
97:fc:43:51:e0:f1:f8:1e:cf:d4:69:e1:9f:61:6e:ad:7c:76:
b0:4d:9b:ae:47:6f:ec:49:ef:73:28:8a:e0:ae:54:02:6e:d4:
d1:d1:51:95
-----BEGIN CERTIFICATE-----
MIIGLzCCBRegAwIBAgISAZRvmaJ6feSLFAyQAOBMSGxZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTE2MTQ1MjA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTkzNmZiOGQyODM0YWUzYTQyMjM2NzM5YjYwM2VmZjc5ZmZhZWY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlp45V5sqqYAeIEE8L/H0LArH0x7g
MMQzEDeLfyrBa4aYOro412RB1eVBbJdYk3m3uI59j+r0k/fHlsg9DzlX3K/v0JBE
xIsfXcqIGUP1hHO6cOmNLb9m6cskzAKi9PSX6bihxHOkG6Exq+RwukMtM+x9XYCu
jlVkYS/t7H0G1DyzBuWt0STh6VVj1Nv/gaJaPgqzcno/QPyJxKow4ul1U3TL2NKk
h6VjTjSpJa8sj97Q8xPo8+JK6tO5Cu3lV9tmZUzimPuU3ZHrT7MWOQXCrjAyT/7H
tj8C9PJxa4IUU2xa4XUEq+zVuJ40gQC/oAAjc+MsU14RWjLyRMycJJhEkQIDAQAB
o4IDOzCCAzcwHQYDVR0OBBYEFImTb7jSg0rjpCI2c5tgPv95/671MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvaVpOdnVOS0RTdU9rSWpaem0yQS1fM25fcnZVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBTwYIKwYBBQUHAQcBAf8EggE+MIIBOjCCATYEAgABMIIB
LgMEAC0JnQMEAC0M/wMEAC0OpAMEAC1C5AMEAC1C5gMEAC1YQAMEAC1aWQMEAC2L
agMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQAUaHvAwQAU9thAwQA
VDYwAwQAVdGFAwQAV3hUAwQAV3hXAwQAV3imAwQAV3ktAwQAV3lXAwQAV3lpAwQB
V3l8AwQAV3miAwQAV3mlAwQEW1zwAwQBXHfEAwQAXPkwAwQAXPkyAwQCXpqgAwQA
XpqtAwQAXpwLAwQDXpxAAwQAXpxmAwQAXpyzAwQAXpz4AwQAX9YbAwQAjWIBAwQA
jWIGAwQAk05kAwQCqxZIAwQAstftAwQAudhHAwQCudhUAwQCudpUAwQAwRnYAwQA
wjFeAwQAwje6AwQAwqmvMA0GCSqGSIb3DQEBCwUAA4IBAQCTN8dPgjLaLH4g3uXM
W5XbjIfwAe5Bv8opkpuD/qTMDeX3dWCPpHHsj8U0Q62ZIYLu6UPffTBe6xLSslF2
ZwO8i7UCjT5n4S09i7y5LBvAYgHHhltKxjHKl7anMiZKWQKcjSXyKznFWYI7IBcO
JmEGfNU6vsMHjuMhz4521BwHMrqbkM3UqtvF8b2LLTz5rXaHBanVUC1RPeFhXUl/
xFCw4IshZk/1gW5fNLBifIAkeWXJFrrB99fRyU19ocd7UC99pDkE8zGfCpBwjfbB
Cb71Pt5NyihuQ/+X/ENR4PH4Hs/UaeGfYW6tfHawTZuuR2/sSe9zKIrgrlQCbtTR
0VGV
-----END CERTIFICATE-----
Generated at Tue Apr 29 00:36:38 2025 by rpki-client