Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qsPWoDRgPfvseeRlpOpzksKi408.roa
File: qsPWoDRgPfvseeRlpOpzksKi408.roa (raw, json)
Hash identifier: HmRwMguZaw3JTCvXePC8kExcPROEXmRNGc7QoRKhVGI=
Subject key identifier: AA:C3:D6:A0:34:60:3D:FB:EC:79:E4:65:A4:EA:73:92:C2:A2:E3:4F
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 019610038C90C870BE2A19D3984E2473CB7D
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qsPWoDRgPfvseeRlpOpzksKi408.roa
Signing time: Mon 07 Apr 2025 11:29:50 +0000
ROA not before: Mon 07 Apr 2025 11:29:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2.59.253.0/24 maxlen: 24
5.252.132.0/22 maxlen: 24
31.13.211.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.12.253.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.81.39.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.141.159.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.18.0/24 maxlen: 24
87.121.22.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.70.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.249.50.0/24 maxlen: 24
93.123.45.0/24 maxlen: 24
93.123.47.0/24 maxlen: 24
93.123.85.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
94.103.125.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.92.0/24 maxlen: 24
94.156.232.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.73.0/24 maxlen: 24
171.22.74.0/23 maxlen: 24
178.215.224.0/24 maxlen: 24
178.215.227.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
193.35.18.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:96:10:03:8c:90:c8:70:be:2a:19:d3:98:4e:24:73:cb:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 7 11:29:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=aac3d6a034603dfbec79e465a4ea7392c2a2e34f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:57:c3:c3:d6:52:7d:e6:46:4c:d5:b3:c8:06:
82:ca:56:7f:07:cb:6b:af:6e:08:6f:c0:1d:80:1f:
7d:a9:e2:09:dd:5b:7b:8d:64:3f:1b:95:ac:46:80:
27:26:90:72:38:f7:30:51:ca:47:c4:44:19:2c:e3:
5b:05:d2:f1:6f:93:b2:6b:d6:12:9d:37:d7:6e:78:
13:4a:8f:06:04:3d:f8:d4:a0:45:35:51:5d:e8:d5:
99:44:cd:6d:17:6c:10:1b:d8:24:4d:d0:0b:52:c7:
06:61:05:78:65:24:65:55:56:fd:76:e2:0d:6a:f6:
7c:df:b7:61:bf:07:ef:bf:8d:e6:a9:82:ee:33:32:
cc:e8:0c:08:1b:95:be:5e:00:cc:f5:5b:ab:c2:26:
63:df:42:0e:da:40:07:f6:d6:bd:5d:db:16:0c:9d:
e6:b4:1b:1e:bf:59:f4:f2:cb:1a:14:0e:34:24:cb:
86:ed:b4:8a:1e:b6:d1:c9:ed:ce:9b:62:f4:2c:13:
3d:dd:1f:cb:32:c9:cc:f5:3b:ea:5d:82:af:61:62:
f3:a2:90:82:b8:b0:f0:2d:4c:b1:b6:a7:25:6f:52:
4a:cb:6e:d0:13:63:ea:a0:9c:25:85:f8:f3:fb:60:
3a:f8:01:cd:66:95:9e:e7:d3:c4:0e:42:e9:0a:37:
4b:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:C3:D6:A0:34:60:3D:FB:EC:79:E4:65:A4:EA:73:92:C2:A2:E3:4F
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/qsPWoDRgPfvseeRlpOpzksKi408.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.253.0/24
5.252.132.0/22
31.13.211.0/24
45.9.157.0/24
45.12.253.0/24
45.66.228.0/24
45.66.230.0/23
45.81.39.0/24
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/23
45.151.90.0/24
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0/24
87.120.166.0/24
87.121.18.0/24
87.121.22.0/24
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.70.0/24
91.92.240.0/20
92.249.50.0/24
93.123.45.0/24
93.123.47.0/24
93.123.85.0/24
93.123.109.0/24
93.123.117.0/24
93.123.119.0/24
94.103.125.0/24
94.154.160.0/22
94.156.64.0/21
94.156.92.0/24
94.156.232.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.73.0-171.22.75.255
178.215.224.0/24
178.215.227.0/24
185.216.84.0/22
193.25.216.0/24
193.35.18.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
84:a5:73:00:ba:2b:0b:82:c7:b4:e8:c9:56:4a:f7:88:15:80:
96:57:a2:b7:fb:7f:fc:d3:43:c5:02:ba:db:13:69:e4:a4:9d:
f0:ef:93:0c:2a:da:9d:78:20:fa:b3:5f:14:b5:64:a4:a5:b4:
fd:fb:e7:3e:5d:a8:c3:4b:20:54:9d:4f:67:d3:5a:cf:11:89:
a2:6a:9d:5d:62:2f:50:85:0a:fe:7c:50:14:f2:36:3d:ce:db:
37:ad:f1:c8:09:e0:3e:79:c9:3b:ee:22:96:15:01:7f:c1:78:
d1:17:4c:6f:9c:b5:a5:b3:fc:90:57:7c:6e:5e:a7:d6:d8:0b:
87:96:fb:b9:73:eb:25:ee:14:78:0e:44:21:9e:83:da:46:be:
83:d5:a7:88:29:97:fa:f3:16:e9:f0:79:e3:dd:dc:25:12:11:
83:30:18:4a:b5:e6:6b:8b:f7:13:87:34:13:44:e2:50:44:be:
26:e3:94:9a:2a:20:ad:31:47:ff:f9:46:cc:b4:47:03:ca:5e:
b7:aa:5a:6d:f7:12:0c:46:0e:be:ca:f4:c9:0c:d7:a6:1b:88:
ba:51:b3:45:0c:b6:db:df:bf:88:30:92:17:14:36:4d:d9:21:
d8:d0:f5:12:7d:1b:af:5f:fe:6b:30:cb:a6:a6:42:4f:6b:a1:
fb:6e:91:20
-----BEGIN CERTIFICATE-----
MIIGZzCCBU+gAwIBAgISAZYQA4yQyHC+KhnTmE4kc8t9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNDA3MTEyOTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWMzZDZhMDM0NjAzZGZiZWM3OWU0NjVhNGVhNzM5MmMyYTJlMzRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp1fDw9ZSfeZGTNWzyAaCylZ/B8tr
r24Ib8AdgB99qeIJ3Vt7jWQ/G5WsRoAnJpByOPcwUcpHxEQZLONbBdLxb5Oya9YS
nTfXbngTSo8GBD341KBFNVFd6NWZRM1tF2wQG9gkTdALUscGYQV4ZSRlVVb9duIN
avZ837dhvwfvv43mqYLuMzLM6AwIG5W+XgDM9VurwiZj30IO2kAH9ta9XdsWDJ3m
tBsev1n08ssaFA40JMuG7bSKHrbRye3Om2L0LBM93R/LMsnM9TvqXYKvYWLzopCC
uLDwLUyxtqclb1JKy27QE2PqoJwlhfjz+2A6+AHNZpWe59PEDkLpCjdL0wIDAQAB
o4IDczCCA28wHQYDVR0OBBYEFKrD1qA0YD377HnkZaTqc5LCouNPMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcXNQV29EUmdQZnZzZWVSbHBPcHprc0tpNDA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBhwYIKwYBBQUHAQcBAf8EggF2MIIBcjCCAW4EAgABMIIB
ZgMEAAI7/QMEAgX8hAMEAB8N0wMEAC0JnQMEAC0M/QMEAC1C5AMEAS1C5gMEAC1R
JwMEAC1YQAMEAC1Z9wMEAC1aWQMEAC2LagMEAS2NngMEAC2XWgMEAE9uMgMEAFGh
7gMEAFPbYQMEAFQ2MAMEAFd4VzAMAwQEV3hwAwQBV3h0AwQBV3h4AwQAV3h9AwQA
V3imAwQAV3kSAwQAV3kWAwQAV3kmAwQAV3ktAwQAV3lXAwQBV3l8AwQAV3miAwQA
V3mlAwQAW1xGAwQEW1zwAwQAXPkyAwQAXXstAwQAXXsvAwQAXXtVAwQAXXttAwQA
XXt1AwQAXXt3AwQAXmd9AwQCXpqgAwQDXpxAAwQAXpxcAwQAXpzoAwQAbc7tAwQA
jWIBAwQAjWIGAwQAk05kMAwDBACrFkkDBAKrFkgDBACy1+ADBACy1+MDBAK52FQD
BADBGdgDBADBIxIDBADCN7oDBADCqa8wDQYJKoZIhvcNAQELBQADggEBAISlcwC6
KwuCx7ToyVZK94gVgJZXorf7f/zTQ8UCutsTaeSknfDvkwwq2p14IPqzXxS1ZKSl
tP375z5dqMNLIFSdT2fTWs8RiaJqnV1iL1CFCv58UBTyNj3O2zet8cgJ4D55yTvu
IpYVAX/BeNEXTG+ctaWz/JBXfG5ep9bYC4eW+7lz6yXuFHgORCGeg9pGvoPVp4gp
l/rzFunweePd3CUSEYMwGEq15muL9xOHNBNE4lBEvibjlJoqIK0xR//5Rsy0RwPK
XreqWm33EgxGDr7K9MkM16YbiLpRs0UMttvfv4gwkhcUNk3ZIdjQ9RJ9G69f/msw
y6amQk9roftukSA=
-----END CERTIFICATE-----
Generated at Tue Apr 29 07:50:14 2025 by rpki-client