Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/nZh8eVzk9RaZtYJZ2135BAm6ymQ.roa
File: nZh8eVzk9RaZtYJZ2135BAm6ymQ.roa (raw, json)
Hash identifier: mBNBAO3FmVRbhkmqtp5vrQL3EthhzdHDYHPK6TC13oc=
Subject key identifier: 9D:98:7C:79:5C:E4:F5:16:99:B5:82:59:DB:5D:F9:04:09:BA:CA:64
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0194CFD4A45A8B0B38D5D921D2A7330E25D5
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/nZh8eVzk9RaZtYJZ2135BAm6ymQ.roa
Signing time: Tue 04 Feb 2025 07:20:06 +0000
ROA not before: Tue 04 Feb 2025 07:20:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.106.0/24 maxlen: 32
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:cf:d4:a4:5a:8b:0b:38:d5:d9:21:d2:a7:33:0e:25:d5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 4 07:20:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9d987c795ce4f51699b58259db5df90409baca64
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:84:2d:26:16:dd:83:31:14:d3:aa:2b:01:3e:
4b:38:bb:14:fe:c8:71:6e:87:34:48:be:f9:8e:c2:
14:05:a1:94:4e:a7:59:a6:69:20:14:f4:3c:fc:b7:
bc:62:73:d9:5b:3f:30:03:9d:ff:56:62:c4:f9:17:
45:68:82:af:03:0a:38:a4:d8:ac:6c:19:94:7c:61:
1b:c1:d4:c0:dd:9e:67:8e:fa:1b:92:70:e5:fb:5d:
93:99:62:9c:99:cc:d3:38:a0:60:50:64:a8:74:55:
3c:45:16:e0:06:14:a8:35:9e:5f:17:f8:29:7d:7d:
f4:a9:25:8e:d6:c5:62:aa:dd:8e:ae:87:f8:94:24:
f2:0e:62:30:4f:59:fb:7f:38:48:13:bc:c5:a0:43:
9d:86:3a:4e:37:18:75:7c:a7:81:8b:5b:b5:f8:c3:
cb:8f:47:d8:fc:9b:93:29:ca:0f:89:05:9f:f7:ba:
a5:03:5e:33:bc:b0:cc:eb:97:f8:39:27:80:57:d7:
a4:83:f5:87:b9:f8:3d:1b:1a:c5:70:1e:42:80:63:
b5:25:af:01:4d:3a:2b:ae:33:6d:b0:3d:eb:4b:02:
b7:6c:3f:69:dc:6c:31:d2:53:42:8a:0f:82:46:f9:
12:65:40:be:1b:b0:0c:c4:ba:4e:9d:39:bb:28:df:
dc:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9D:98:7C:79:5C:E4:F5:16:99:B5:82:59:DB:5D:F9:04:09:BA:CA:64
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/nZh8eVzk9RaZtYJZ2135BAm6ymQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.106.0/24
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
27:7c:cd:9a:b2:fd:ec:db:32:99:a7:70:e6:cf:b7:67:8c:8b:
59:b5:b0:20:32:40:1c:60:0d:8f:38:ac:3d:c1:cc:e9:ea:39:
f0:68:df:d2:7c:d3:6f:66:13:3d:d1:3b:54:38:79:90:2c:ef:
77:88:4b:bd:fb:f7:63:de:c0:c5:3c:d7:99:37:5f:af:ac:29:
54:f9:aa:51:43:f3:64:5d:cb:30:8b:2d:ad:21:4f:00:95:f4:
77:6a:d6:b7:12:a5:4e:58:98:1a:15:7f:67:d7:19:d8:b5:1d:
a3:98:ef:2c:ba:ed:22:3c:01:e5:2e:75:2c:40:56:87:8a:17:
bb:88:08:ed:cc:44:6b:48:2c:76:f4:11:54:3d:8d:de:06:1f:
96:ea:6e:ef:1c:6f:6c:c8:00:45:a8:cf:84:6a:1a:fc:ad:e0:
bb:87:0e:17:a9:b1:87:0d:c3:02:69:b6:cb:a0:7e:fb:9f:fb:
6f:36:4f:63:0b:21:1a:33:0e:21:18:63:15:10:f5:46:ae:9b:
8a:8d:ed:af:57:ce:b4:fc:f0:99:5e:e1:5e:0c:4f:34:db:5e:
df:d1:d6:21:ed:7e:e6:98:a7:94:e2:08:29:6d:fc:8a:66:8b:
6b:42:cf:1e:8f:a6:bd:c9:a9:88:59:68:96:6d:53:45:35:0a:
00:b1:58:21
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgISAZTP1KRaiws41dkh0qczDiXVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMjA0MDcyMDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5ZDk4N2M3OTVjZTRmNTE2OTliNTgyNTlkYjVkZjkwNDA5YmFjYTY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtoQtJhbdgzEU06orAT5LOLsU/shx
boc0SL75jsIUBaGUTqdZpmkgFPQ8/Le8YnPZWz8wA53/VmLE+RdFaIKvAwo4pNis
bBmUfGEbwdTA3Z5njvobknDl+12TmWKcmczTOKBgUGSodFU8RRbgBhSoNZ5fF/gp
fX30qSWO1sViqt2Orof4lCTyDmIwT1n7fzhIE7zFoEOdhjpONxh1fKeBi1u1+MPL
j0fY/JuTKcoPiQWf97qlA14zvLDM65f4OSeAV9ekg/WHufg9GxrFcB5CgGO1Ja8B
TTorrjNtsD3rSwK3bD9p3Gwx0lNCig+CRvkSZUC+G7AMxLpOnTm7KN/c4QIDAQAB
o4IDETCCAw0wHQYDVR0OBBYEFJ2YfHlc5PUWmbWCWdtd+QQJuspkMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvblpoOGVWems5UmFadFlKWjIxMzVCQW02eW1RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBJQYIKwYBBQUHAQcBAf8EggEUMIIBEDCCAQwEAgABMIIB
BAMEAgX8hAMEAS0JnAMEAC0OpAMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1a
WQMEAC2LagMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQAU9thAwQA
VDYwAwQAV3hXAwQAV3imAwQAV3ktAwQAV3lXAwQBV3l8AwQAV3miAwQAV3mlAwQE
W1zwAwQBXHfEAwQAXPkyAwQCXpqgAwQAXpwLAwQDXpxAAwQAXpxqAwQAXpyzAwQA
Xpz4AwQAX9YbAwQAjWIBAwQAjWIGAwQAk05kAwQCqxZIAwQCudhUAwQCudpUAwQA
wRnYAwQAwjFeAwQAwje6AwQAwqmvMA0GCSqGSIb3DQEBCwUAA4IBAQAnfM2asv3s
2zKZp3Dmz7dnjItZtbAgMkAcYA2POKw9wczp6jnwaN/SfNNvZhM90TtUOHmQLO93
iEu9+/dj3sDFPNeZN1+vrClU+apRQ/NkXcswiy2tIU8AlfR3ata3EqVOWJgaFX9n
1xnYtR2jmO8suu0iPAHlLnUsQFaHihe7iAjtzERrSCx29BFUPY3eBh+W6m7vHG9s
yABFqM+Eahr8reC7hw4XqbGHDcMCabbLoH77n/tvNk9jCyEaMw4hGGMVEPVGrpuK
je2vV860/PCZXuFeDE80217f0dYh7X7mmKeU4ggpbfyKZotrQs8ej6a9yamIWWiW
bVNFNQoAsVgh
-----END CERTIFICATE-----
Generated at Sun Apr 27 20:14:33 2025 by rpki-client