Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3Qcg5irXtFjiFFysRAlo5JgmVtQ.roa
File: 3Qcg5irXtFjiFFysRAlo5JgmVtQ.roa (raw, json)
Hash identifier: zQb7uZEvYFjDOsm+tptUiwUt5p5Q10DpsSzgqVrjPtA=
Subject key identifier: DD:07:20:E6:2A:D7:B4:58:E2:14:5C:AC:44:09:68:E4:98:26:56:D4
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01873263CD18D71DE03E8FAFEB754F60B2AF
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3Qcg5irXtFjiFFysRAlo5JgmVtQ.roa
Signing time: Thu 30 Mar 2023 12:00:14 +0000
ROA not before: Thu 30 Mar 2023 12:00:14 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 25369
IP address blocks: 171.22.31.0/24 maxlen: 24
45.90.88.0/22 maxlen: 24
141.98.4.0/24 maxlen: 24
194.55.227.0/24 maxlen: 24
45.12.254.0/24 maxlen: 24
193.58.120.0/24 maxlen: 24
193.222.98.0/23 maxlen: 24
45.149.241.0/24 maxlen: 24
194.48.248.0/24 maxlen: 24
171.22.18.0/24 maxlen: 24
194.31.204.0/24 maxlen: 24
185.221.67.0/24 maxlen: 24
79.110.48.0/23 maxlen: 24
195.178.121.0/24 maxlen: 24
194.169.174.0/24 maxlen: 24
194.169.173.0/24 maxlen: 24
194.49.86.0/24 maxlen: 24
193.25.218.0/24 maxlen: 24
109.206.239.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:32:63:cd:18:d7:1d:e0:3e:8f:af:eb:75:4f:60:b2:af
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 30 12:00:14 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dd0720e62ad7b458e2145cac440968e4982656d4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:d5:04:7c:bc:13:a0:11:16:1b:cc:33:c1:52:
dc:f0:2e:75:0d:c7:34:76:57:bf:2e:6d:41:90:1e:
e4:3b:c5:ec:c2:8f:f0:e9:00:7a:34:c9:9b:0a:8a:
cf:0c:f7:55:21:49:55:2b:62:a4:87:02:3d:8d:e1:
62:d6:cd:a8:d1:20:2e:de:6c:bf:82:22:e7:69:bb:
44:df:03:fb:9c:2c:1f:0c:cb:5e:39:a1:58:82:db:
b2:40:e3:01:3f:11:37:b7:a3:80:80:57:ca:6e:48:
45:1f:8f:8f:b5:41:46:38:3b:e3:71:9f:f0:34:f8:
d5:8e:b8:e3:59:6a:a2:0b:9a:04:44:3c:17:61:dd:
e9:7c:3f:41:d1:13:22:94:41:f4:23:4b:21:88:0e:
17:92:53:6e:a7:c5:ce:3f:01:7f:cb:ef:bf:55:49:
d3:dc:e7:37:6f:a7:d2:30:4f:ee:4a:29:ca:1d:7b:
e1:6f:87:56:c8:46:7a:7c:31:98:9b:bd:74:a4:f8:
ee:1d:80:24:16:e5:ff:e1:7c:70:bf:5a:ed:b1:d7:
0e:5c:15:9d:45:fe:ab:e8:53:a1:c2:bc:7a:21:5f:
84:f7:c6:75:d1:f7:a1:17:a8:61:49:30:e6:e5:20:
36:16:a7:0a:b0:a0:68:23:0d:ec:75:ee:b8:3a:bc:
b1:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:07:20:E6:2A:D7:B4:58:E2:14:5C:AC:44:09:68:E4:98:26:56:D4
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3Qcg5irXtFjiFFysRAlo5JgmVtQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.12.254.0/24
45.90.88.0/22
45.149.241.0/24
79.110.48.0/23
109.206.239.0/24
141.98.4.0/24
171.22.18.0/24
171.22.31.0/24
185.221.67.0/24
193.25.218.0/24
193.58.120.0/24
193.222.98.0/23
194.31.204.0/24
194.48.248.0/24
194.49.86.0/24
194.55.227.0/24
194.169.173.0-194.169.174.255
195.178.121.0/24
Signature Algorithm: sha256WithRSAEncryption
3b:a2:dc:1d:de:95:d2:73:2a:85:5d:39:98:aa:bc:8c:f8:9b:
43:03:3d:4d:4e:17:5e:75:fd:50:4f:5a:cb:02:08:58:30:df:
39:59:f7:e0:b9:5a:d8:b8:ec:a0:a9:7c:fd:62:b5:79:3a:65:
5a:9d:56:e5:d7:1c:76:59:6c:16:d5:0b:f3:64:96:41:db:95:
f8:b5:1b:25:6a:c5:05:37:9a:c8:0c:19:fb:28:f7:9d:2f:90:
35:40:01:0d:05:2d:66:8a:94:b0:81:14:ac:21:e4:36:d3:12:
79:64:ea:37:38:2a:13:9c:7e:ed:8a:cb:a6:a9:52:39:c5:db:
2d:6f:60:60:80:1c:25:c9:36:40:b1:dc:ed:7a:07:eb:2a:d0:
07:5c:a5:d6:72:bb:cf:2f:3f:5e:ab:bf:64:11:53:1e:d7:e7:
e0:83:15:4b:0c:74:21:73:17:85:be:a4:ab:c4:20:95:15:d3:
66:39:df:f5:e0:fc:1e:c5:f1:44:65:1f:e7:45:75:b2:28:aa:
29:8b:01:79:9b:10:0d:01:e0:ce:4f:33:e7:68:2b:43:14:7c:
a1:8f:a1:13:52:c6:75:d1:ac:4c:e5:58:c8:b1:b4:53:4f:58:
e9:bc:2f:f7:59:8f:42:4f:8d:eb:80:6f:81:1a:6a:93:43:62:
cb:ca:70:68
-----BEGIN CERTIFICATE-----
MIIFbDCCBFSgAwIBAgISAYcyY80Y1x3gPo+v63VPYLKvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwMzMwMTIwMDE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDA3MjBlNjJhZDdiNDU4ZTIxNDVjYWM0NDA5NjhlNDk4MjY1NmQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqNUEfLwToBEWG8wzwVLc8C51Dcc0
dle/Lm1BkB7kO8Xswo/w6QB6NMmbCorPDPdVIUlVK2KkhwI9jeFi1s2o0SAu3my/
giLnabtE3wP7nCwfDMteOaFYgtuyQOMBPxE3t6OAgFfKbkhFH4+PtUFGODvjcZ/w
NPjVjrjjWWqiC5oERDwXYd3pfD9B0RMilEH0I0shiA4XklNup8XOPwF/y++/VUnT
3Oc3b6fSME/uSinKHXvhb4dWyEZ6fDGYm710pPjuHYAkFuX/4Xxwv1rtsdcOXBWd
Rf6r6FOhwrx6IV+E98Z10fehF6hhSTDm5SA2FqcKsKBoIw3sde64OryxuQIDAQAB
o4ICeDCCAnQwHQYDVR0OBBYEFN0HIOYq17RY4hRcrEQJaOSYJlbUMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvM1FjZzVpclh0RmppRkZ5c1JBbG81SmdtVnRRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGNBggrBgEFBQcBBwEB/wR+MHwwegQCAAEwdAMEAC0M/gME
Ai1aWAMEAC2V8QMEAU9uMAMEAG3O7wMEAI1iBAMEAKsWEgMEAKsWHwMEALndQwME
AMEZ2gMEAME6eAMEAcHeYgMEAMIfzAMEAMIw+AMEAMIxVgMEAMI34zAMAwQAwqmt
AwQAwqmuAwQAw7J5MA0GCSqGSIb3DQEBCwUAA4IBAQA7otwd3pXScyqFXTmYqryM
+JtDAz1NThdedf1QT1rLAghYMN85WffguVrYuOygqXz9YrV5OmVanVbl1xx2WWwW
1QvzZJZB25X4tRslasUFN5rIDBn7KPedL5A1QAENBS1mipSwgRSsIeQ20xJ5ZOo3
OCoTnH7tisumqVI5xdstb2BggBwlyTZAsdztegfrKtAHXKXWcrvPLz9eq79kEVMe
1+fggxVLDHQhcxeFvqSrxCCVFdNmOd/14PwexfFEZR/nRXWyKKopiwF5mxANAeDO
TzPnaCtDFHyhj6ETUsZ10axM5VjIsbRTT1jpvC/3WY9CT43rgG+BGmqTQ2LLynBo
-----END CERTIFICATE-----
Generated at Thu May 15 06:55:02 2025 by rpki-client