Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/B8qc35gXn15H6idhWkqOqx3kcyA.roa
File: B8qc35gXn15H6idhWkqOqx3kcyA.roa (raw, json)
Hash identifier: lAtdb+QkwHSEGPaZig9dVU8hu9ySOwEFEmM1D7aoGQ0=
Subject key identifier: 07:CA:9C:DF:98:17:9F:5E:47:EA:27:61:5A:4A:8E:AB:1D:E4:73:20
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195D1B191D005D86A4A72BF79D5C60456BD
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/B8qc35gXn15H6idhWkqOqx3kcyA.roa
Signing time: Wed 26 Mar 2025 09:03:50 +0000
ROA not before: Wed 26 Mar 2025 09:03:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.157.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.128.96.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.113.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:d1:b1:91:d0:05:d8:6a:4a:72:bf:79:d5:c6:04:56:bd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 26 09:03:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=07ca9cdf98179f5e47ea27615a4a8eab1de47320
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:cb:73:3e:30:25:af:5f:41:d1:80:d9:32:b5:
9e:e5:d1:b4:fb:66:4a:fd:af:55:75:4d:bc:92:1f:
38:aa:01:ed:d8:fa:42:95:6b:e8:61:c4:ae:17:75:
30:6e:58:da:68:92:a7:5e:ac:fa:a0:a7:a0:b7:85:
8b:5c:c3:5c:8e:68:0a:93:a7:62:af:c2:d9:ed:68:
92:2b:1d:29:8c:87:ef:1c:07:cf:8e:8b:f7:63:0d:
ac:0c:9d:c6:8e:da:03:08:22:2c:ae:e5:4a:85:d5:
7b:f4:7e:80:62:5b:b6:16:2b:ed:c8:c2:54:19:c3:
ec:8a:4d:2f:2b:6d:09:ca:3a:1b:c4:91:2b:9b:a9:
fe:a2:5c:dc:e1:51:21:e8:99:63:19:ed:de:7e:45:
45:ca:3d:5c:62:f4:21:b0:ae:d5:a9:12:a6:ea:ae:
c3:38:d7:b0:56:a6:d5:8f:b8:88:f3:bf:54:21:72:
d9:ad:7e:19:3c:f8:91:96:2d:6f:1f:3e:6b:de:9f:
3a:13:11:9a:57:43:38:28:96:11:55:fd:ea:34:56:
25:6e:6d:08:37:d1:a8:3f:82:9c:62:bb:df:ba:a3:
97:84:75:56:23:50:7f:74:e5:d9:c7:d1:38:54:a6:
89:1a:a1:a4:59:41:c4:94:aa:ef:06:4f:df:45:96:
c6:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
07:CA:9C:DF:98:17:9F:5E:47:EA:27:61:5A:4A:8E:AB:1D:E4:73:20
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/B8qc35gXn15H6idhWkqOqx3kcyA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.157.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.128.96.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0-87.120.127.255
87.120.166.0/24
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.249.50.0/24
93.123.109.0/24
94.154.160.0/22
94.156.64.0/21
94.156.113.0/24
94.156.179.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
193.25.216.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
63:89:81:63:75:5a:4e:c6:51:98:0b:64:d0:a7:bd:9f:df:dd:
52:b9:85:1f:03:00:a9:a1:0b:46:03:c1:cc:af:40:c1:5b:7b:
b3:b5:a3:ba:7a:91:2e:d2:06:46:cd:2a:53:30:01:17:2c:7e:
24:fe:5d:01:77:19:14:82:48:d2:b2:e9:42:e8:5f:9b:39:5c:
a9:12:cc:1b:26:cd:1c:f7:b9:9c:35:32:11:fa:72:9c:bb:3e:
ea:12:72:68:3d:a5:39:00:02:9a:08:5e:9f:24:88:b6:a5:76:
9a:4a:f7:97:6c:b4:dc:7b:85:8e:fa:63:28:a6:66:eb:c1:cf:
4d:43:78:eb:b6:e9:86:3b:02:4f:f1:02:6a:31:67:4b:f5:ad:
d6:87:78:5d:65:9c:57:13:32:27:37:9b:5f:0d:fa:ce:51:b1:
85:be:c7:2c:64:c0:b4:ee:ec:8e:bb:56:33:8f:da:20:0d:ab:
be:bc:fc:e7:7e:72:4e:1b:ca:e1:2d:16:69:59:75:a0:04:bc:
e9:78:54:32:5b:20:52:2f:e4:8f:b5:89:ec:a9:c1:04:45:cf:
33:ac:46:54:a3:36:8f:01:6a:eb:dd:a0:97:66:16:6d:df:a0:
28:8a:30:4d:04:cd:be:1e:fd:d1:31:75:94:ac:10:77:fe:18:
22:2d:04:4a
-----BEGIN CERTIFICATE-----
MIIGGzCCBQOgAwIBAgISAZXRsZHQBdhqSnK/edXGBFa9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzI2MDkwMzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwN2NhOWNkZjk4MTc5ZjVlNDdlYTI3NjE1YTRhOGVhYjFkZTQ3MzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi8tzPjAlr19B0YDZMrWe5dG0+2ZK
/a9VdU28kh84qgHt2PpClWvoYcSuF3UwbljaaJKnXqz6oKegt4WLXMNcjmgKk6di
r8LZ7WiSKx0pjIfvHAfPjov3Yw2sDJ3GjtoDCCIsruVKhdV79H6AYlu2FivtyMJU
GcPsik0vK20JyjobxJErm6n+olzc4VEh6JljGe3efkVFyj1cYvQhsK7VqRKm6q7D
ONewVqbVj7iI879UIXLZrX4ZPPiRli1vHz5r3p86ExGaV0M4KJYRVf3qNFYlbm0I
N9GoP4KcYrvfuqOXhHVWI1B/dOXZx9E4VKaJGqGkWUHElKrvBk/fRZbGhQIDAQAB
o4IDJzCCAyMwHQYDVR0OBBYEFAfKnN+YF59eR+onYVpKjqsd5HMgMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQjhxYzM1Z1huMTVINmlkaFdrcU9xeDNrY3lBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBOwYIKwYBBQUHAQcBAf8EggEqMIIBJjCCASIEAgABMIIB
GgMEAgX8hAMEAC0JnQMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1aWQMEAC2A
YAMEAC2LagMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAUaHuAwQAU9thAwQA
VDYwAwQAV3hXMAwDBARXeHADBAFXeHQDBAFXeHgwDAMEAFd4fQMEB1d4AAMEAFd4
pgMEAFd5JgMEAFd5LQMEAFd5VwMEAVd5fAMEAFd5ogMEAFd5pQMEBFtc8AMEAFz5
MgMEAF17bQMEAl6aoAMEA16cQAMEAF6ccQMEAF6cswMEAG3O7QMEAI1iAQMEAI1i
BgMEAJNOZAMEAqsWSAMEALLX4AMEArnYVAMEAMEZ2AMEAMI3ugMEAMKprzANBgkq
hkiG9w0BAQsFAAOCAQEAY4mBY3VaTsZRmAtk0Ke9n9/dUrmFHwMAqaELRgPBzK9A
wVt7s7WjunqRLtIGRs0qUzABFyx+JP5dAXcZFIJI0rLpQuhfmzlcqRLMGybNHPe5
nDUyEfpynLs+6hJyaD2lOQACmghenySItqV2mkr3l2y03HuFjvpjKKZm68HPTUN4
67bphjsCT/ECajFnS/Wt1od4XWWcVxMyJzebXw36zlGxhb7HLGTAtO7sjrtWM4/a
IA2rvrz8535yThvK4S0WaVl1oAS86XhUMlsgUi/kj7WJ7KnBBEXPM6xGVKM2jwFq
692gl2YWbd+gKIowTQTNvh790TF1lKwQd/4YIi0ESg==
-----END CERTIFICATE-----
Generated at Tue May 13 17:17:24 2025 by rpki-client