Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/wIwzLGsveNolsTa9UL24i2TVMPY.roa
File: wIwzLGsveNolsTa9UL24i2TVMPY.roa (raw, json)
Hash identifier: QUpm1ol1CFv2Xdwbxz12V5rp1lIHxhwtkgK7hMiN9Ms=
Subject key identifier: C0:8C:33:2C:6B:2F:78:DA:25:B1:36:BD:50:BD:B8:8B:64:D5:30:F6
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01938BF4B4EECE37642224F89EC5005864F4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/wIwzLGsveNolsTa9UL24i2TVMPY.roa
Signing time: Tue 03 Dec 2024 09:58:10 +0000
ROA not before: Tue 03 Dec 2024 09:58:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 31.13.246.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.84.90.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.88.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
93.123.24.0/24 maxlen: 24
93.123.84.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.6.0/24 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.179.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
185.226.174.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:8b:f4:b4:ee:ce:37:64:22:24:f8:9e:c5:00:58:64:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Dec 3 09:58:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c08c332c6b2f78da25b136bd50bdb88b64d530f6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:df:62:d2:1d:04:4a:21:f1:8d:6f:18:3e:2c:bd:
20:ee:c8:a5:f9:b3:a7:a0:05:67:a2:74:6e:bd:ff:
ee:a2:4f:f7:64:79:a3:3b:fa:b5:19:89:90:3d:9d:
13:c2:bc:d5:3a:b4:d5:b4:2b:98:55:40:28:e6:9f:
c2:ec:f7:f8:e7:8f:16:cb:d8:13:f3:0b:4d:01:d1:
9d:e1:ef:ac:e6:60:1a:73:76:ac:df:3e:51:ab:f4:
9b:c2:dd:cc:b7:37:b6:b6:d9:a7:6a:0d:7f:28:14:
e1:80:76:98:80:5e:ef:28:49:fe:2f:a4:68:21:3b:
b9:33:28:7b:38:5d:9c:74:e1:55:3f:61:51:6f:0d:
14:c9:84:70:c7:a0:27:1e:26:66:4a:f4:20:b6:75:
45:69:67:6e:9b:91:fd:da:10:65:a4:4d:16:c0:84:
e0:89:93:82:26:24:46:40:28:85:e0:3a:02:30:23:
52:94:06:69:5d:e3:ad:26:09:bf:39:17:a9:2a:9a:
bd:a7:f4:d8:25:8d:b9:0e:77:6a:12:a6:8c:7c:22:
5e:08:b5:41:81:41:96:bd:51:14:69:29:38:f9:ae:
70:7d:ba:f6:b7:84:52:7a:ab:5f:22:b0:86:42:8f:
93:ff:ee:b6:1e:71:58:a3:ee:8f:d0:8f:90:69:89:
c9:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C0:8C:33:2C:6B:2F:78:DA:25:B1:36:BD:50:BD:B8:8B:64:D5:30:F6
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/wIwzLGsveNolsTa9UL24i2TVMPY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.13.246.0/24
45.12.255.0/24
45.14.164.0/24
45.66.228.0/24
45.84.90.0/24
45.88.64.0/24
45.90.88.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
93.123.24.0/24
93.123.84.0/24
94.154.160.0/22
94.156.6.0/24
94.156.11.0/24
94.156.64.0/21
94.156.179.0/24
141.98.1.0/24
147.78.100.0/24
171.22.72.0/22
185.216.84.0/22
185.218.84.0/22
185.226.174.0/24
194.49.94.0/24
Signature Algorithm: sha256WithRSAEncryption
a2:d8:e8:62:ce:73:12:60:08:6e:d0:0d:57:ed:49:e8:0d:0b:
bf:2f:6d:e2:bf:15:c9:6f:58:fa:04:80:0a:f0:03:a6:be:46:
c5:e2:b3:68:32:94:54:96:e4:c9:ae:ed:ca:74:0b:1a:67:98:
53:18:6f:51:1c:1c:0e:51:71:65:a0:7a:b2:b9:63:85:a1:db:
0c:a5:5c:bc:f1:c6:d9:3c:75:02:b1:bb:ff:01:34:cb:1d:0c:
fb:90:03:3a:9e:9e:96:93:04:d0:ea:94:f7:41:ed:0d:56:8a:
63:98:9c:65:a8:a3:1e:3d:77:f3:dc:dc:88:6b:f9:8e:a9:c8:
77:04:3f:af:6a:52:29:73:4f:ae:48:18:8b:a4:ab:7a:15:6e:
b1:a1:66:62:2a:c6:77:3d:4b:59:47:b2:da:fc:de:47:d8:48:
f1:8c:80:a9:ef:28:68:84:62:cb:d0:12:af:fa:c0:e0:43:d3:
d7:9a:3e:78:26:35:43:67:8f:89:eb:87:db:25:cc:c7:57:5d:
27:b2:39:0c:25:ef:cf:65:1c:fc:b0:1b:0f:fb:82:2a:57:07:
9c:0f:5f:31:45:e3:b6:2d:ab:64:f5:92:f3:b7:c9:35:fa:bb:
7a:83:c3:f4:81:5c:d3:92:d8:ad:fe:cf:1b:09:97:73:41:e1:
08:54:dd:84
-----BEGIN CERTIFICATE-----
MIIF1jCCBL6gAwIBAgISAZOL9LTuzjdkIiT4nsUAWGT0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMjAzMDk1ODEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDhjMzMyYzZiMmY3OGRhMjViMTM2YmQ1MGJkYjg4YjY0ZDUzMGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA32LSHQRKIfGNbxg+LL0g7sil+bOn
oAVnonRuvf/uok/3ZHmjO/q1GYmQPZ0TwrzVOrTVtCuYVUAo5p/C7Pf4548Wy9gT
8wtNAdGd4e+s5mAac3as3z5Rq/Sbwt3Mtze2ttmnag1/KBThgHaYgF7vKEn+L6Ro
ITu5Myh7OF2cdOFVP2FRbw0UyYRwx6AnHiZmSvQgtnVFaWdum5H92hBlpE0WwITg
iZOCJiRGQCiF4DoCMCNSlAZpXeOtJgm/ORepKpq9p/TYJY25DndqEqaMfCJeCLVB
gUGWvVEUaSk4+a5wfbr2t4RSeqtfIrCGQo+T/+62HnFYo+6P0I+QaYnJ+wIDAQAB
o4IC4jCCAt4wHQYDVR0OBBYEFMCMMyxrL3jaJbE2vVC9uItk1TD2MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvd0l3ekxHc3ZlTm9sc1RhOVVMMjRpMlRWTVBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH3BggrBgEFBQcBBwEB/wSB5zCB5DCB4QQCAAEwgdoDBAAf
DfYDBAAtDP8DBAAtDqQDBAAtQuQDBAAtVFoDBAAtWEADBAAtWlgDBAAti2oDBAAt
jZ4wDAMEAC2XWQMEAi2XWAMEAFPbYQMEAFQ2MAMEAFd4VwMEAFd4pgMEAFd5LQME
AFd5VwMEAVd5fAMEAFd5ogMEAFd5pQMEBFtc8AMEAVx3xAMEAF17GAMEAF17VAME
Al6aoAMEAF6cBgMEAF6cCwMEA16cQAMEAF6cswMEAI1iAQMEAJNOZAMEAqsWSAME
ArnYVAMEArnaVAMEALnirgMEAMIxXjANBgkqhkiG9w0BAQsFAAOCAQEAotjoYs5z
EmAIbtANV+1J6A0Lvy9t4r8VyW9Y+gSACvADpr5GxeKzaDKUVJbkya7tynQLGmeY
UxhvURwcDlFxZaB6srljhaHbDKVcvPHG2Tx1ArG7/wE0yx0M+5ADOp6elpME0OqU
90HtDVaKY5icZaijHj1389zciGv5jqnIdwQ/r2pSKXNPrkgYi6SrehVusaFmYirG
dz1LWUey2vzeR9hI8YyAqe8oaIRiy9ASr/rA4EPT15o+eCY1Q2ePieuH2yXMx1dd
J7I5DCXvz2Uc/LAbD/uCKlcHnA9fMUXjti2rZPWS87fJNfq7eoPD9IFc05LYrf7P
GwmXc0HhCFTdhA==
-----END CERTIFICATE-----
Generated at Tue Apr 29 00:14:41 2025 by rpki-client