Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_4kwJ4HMLaEmc3iinVraJWR5iyA.roa
File: _4kwJ4HMLaEmc3iinVraJWR5iyA.roa (raw, json)
Hash identifier: AMBKApy6z79GDc+RnA/lYPVa8lQc1WTG6RMZE2kmHI8=
Subject key identifier: FF:89:30:27:81:CC:2D:A1:26:73:78:A2:9D:5A:DA:25:64:79:8B:20
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 019519A6E619B11A3BF22E410505D8E55E9B
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_4kwJ4HMLaEmc3iinVraJWR5iyA.roa
Signing time: Tue 18 Feb 2025 15:22:03 +0000
ROA not before: Tue 18 Feb 2025 15:22:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
31.13.224.0/24 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.88.88.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.149.241.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
80.76.51.0/24 maxlen: 24
81.161.230.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.31.47.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.79.0/24 maxlen: 24
87.121.86.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.39.0/24 maxlen: 24
93.123.85.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.103.125.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.104.0/24 maxlen: 24
94.156.105.0/24 maxlen: 24
94.156.106.0/24 maxlen: 32
94.156.166.0/24 maxlen: 24
94.156.167.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.48.251.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:19:a6:e6:19:b1:1a:3b:f2:2e:41:05:05:d8:e5:5e:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 18 15:22:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ff89302781cc2da1267378a29d5ada2564798b20
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:87:08:06:52:42:42:ae:6a:11:91:01:25:6b:
c0:89:23:33:a8:7a:4e:7f:5d:8e:dc:d3:10:f0:a6:
cb:f5:bf:bd:6b:4e:68:92:cd:e9:d2:27:64:65:70:
f4:ba:97:89:99:1a:c4:79:27:07:73:ea:2a:44:10:
0e:4f:0e:58:ee:17:05:2f:1c:4e:93:02:e8:3a:eb:
98:53:27:69:38:64:75:54:be:e8:1e:99:03:d5:9f:
7f:50:e3:68:46:49:d6:43:94:af:3d:cb:f1:f1:bb:
3a:1d:a2:51:28:9b:c1:7d:92:88:bb:79:ca:ff:92:
66:ec:29:bd:2f:5e:25:0c:cf:a1:10:81:9f:b8:35:
6c:60:8a:ba:b3:3c:95:90:a7:e3:43:31:30:0b:31:
dd:53:12:26:e9:de:8d:c4:bd:0e:06:57:f8:d7:97:
50:b7:4a:42:4a:b5:7a:4e:82:b9:78:61:b9:16:30:
d6:62:2f:43:81:71:10:63:0b:9e:49:1b:95:0d:26:
e9:f1:e9:0c:06:35:35:a7:74:b9:64:dc:8e:80:06:
12:c4:54:fc:ff:8f:0a:5e:3c:c1:51:bf:69:21:e9:
ac:2d:80:90:eb:e9:76:fd:36:fb:a7:4a:53:25:ad:
fb:90:41:dd:c0:d3:15:dc:a9:29:67:45:43:62:c7:
cf:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:89:30:27:81:CC:2D:A1:26:73:78:A2:9D:5A:DA:25:64:79:8B:20
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_4kwJ4HMLaEmc3iinVraJWR5iyA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
31.13.224.0/24
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.88.88.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.149.241.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
80.76.51.0/24
81.161.230.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
85.31.47.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0-87.120.127.255
87.120.166.0/24
87.121.45.0/24
87.121.79.0/24
87.121.86.0/23
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.39.0/24
93.123.85.0/24
93.123.109.0/24
94.103.125.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.104.0-94.156.106.255
94.156.166.0/23
94.156.179.0/24
94.156.248.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.48.251.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
83:60:4d:f2:28:59:35:e8:85:93:4b:72:c7:a1:d7:f2:9b:a9:
bf:c2:74:92:ee:83:9b:3e:04:c4:ca:96:da:b1:57:da:9e:68:
c0:56:06:57:d7:c5:86:b1:a7:66:ce:2a:ea:30:79:99:c3:41:
10:47:1e:cd:44:08:47:af:3b:e4:d8:18:c8:ad:93:8d:e6:9b:
94:1c:7b:79:15:88:2a:92:a0:cb:a8:c8:38:a9:ea:fb:df:6f:
ba:01:b4:55:9a:95:f7:51:7e:b3:a3:50:9b:8e:4c:7d:c4:e1:
6a:9f:3e:cd:a7:19:80:cf:80:67:79:ac:c3:51:a4:80:8b:e5:
98:55:1f:39:b9:36:07:42:c5:c4:67:d2:a8:52:69:dc:81:5f:
62:a7:28:98:36:c9:4b:6a:ee:e0:e1:0a:c3:f1:f4:05:a8:d7:
68:f1:17:53:26:8a:43:3b:0f:c2:e2:49:32:eb:05:6a:f5:44:
35:ef:34:17:06:44:d3:bc:36:70:3b:0c:71:cf:14:41:81:d3:
d7:c0:9f:86:79:90:be:af:96:f7:f6:e6:1b:eb:f4:6f:b4:68:
c9:2c:18:91:03:04:1f:90:5f:79:93:bc:f3:31:39:2a:01:a7:
f2:70:c5:52:fa:c8:4e:d6:bc:6f:17:90:a1:40:23:57:49:16:
b0:09:9e:8a
-----BEGIN CERTIFICATE-----
MIIGiTCCBXGgAwIBAgISAZUZpuYZsRo78i5BBQXY5V6bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMjE4MTUyMjAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZjg5MzAyNzgxY2MyZGExMjY3Mzc4YTI5ZDVhZGEyNTY0Nzk4YjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnYcIBlJCQq5qEZEBJWvAiSMzqHpO
f12O3NMQ8KbL9b+9a05oks3p0idkZXD0upeJmRrEeScHc+oqRBAOTw5Y7hcFLxxO
kwLoOuuYUydpOGR1VL7oHpkD1Z9/UONoRknWQ5SvPcvx8bs6HaJRKJvBfZKIu3nK
/5Jm7Cm9L14lDM+hEIGfuDVsYIq6szyVkKfjQzEwCzHdUxIm6d6NxL0OBlf415dQ
t0pCSrV6ToK5eGG5FjDWYi9DgXEQYwueSRuVDSbp8ekMBjU1p3S5ZNyOgAYSxFT8
/48KXjzBUb9pIemsLYCQ6+l2/Tb7p0pTJa37kEHdwNMV3KkpZ0VDYsfPAwIDAQAB
o4IDlTCCA5EwHQYDVR0OBBYEFP+JMCeBzC2hJnN4op1a2iVkeYsgMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvXzRrd0o0SE1MYUVtYzNpaW5WcmFKV1I1aXlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBqQYIKwYBBQUHAQcBAf8EggGYMIIBlDCCAZAEAgABMIIB
iAMEAgX8hAMEAB8N4AMEAS0JnAMEAC0OpAMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Y
WAMEAC1Z9wMEAC1aWQMEAC2LagMEAC2NngMEAC2V8TAMAwQALZdZAwQCLZdYAwQA
T24yAwQAT24+AwQAUEwzAwQAUaHmAwQAUaHuAwQAU9thAwQAVDYwAwQAVR8vAwQA
V3hXMAwDBARXeHADBAFXeHQDBAFXeHgwDAMEAFd4fQMEB1d4AAMEAFd4pgMEAFd5
LQMEAFd5TwMEAVd5VgMEAVd5fAMEAFd5ogMEAFd5pQMEBFtc8AMEAVx3xAMEAFz5
MgMEAF17JwMEAF17VQMEAF17bQMEAF5nfQMEAl6aoAMEAF6cCwMEA16cQDAMAwQD
XpxoAwQAXpxqAwQBXpymAwQAXpyzAwQAXpz4AwQAbc7tAwQAjWIBAwQAjWIGAwQA
k05kAwQCqxZIAwQAstfgAwQCudhUAwQCudpUAwQAwRnYAwQAwjD7AwQAwjFeAwQA
wje6AwQAwqmvMA0GCSqGSIb3DQEBCwUAA4IBAQCDYE3yKFk16IWTS3LHodfym6m/
wnSS7oObPgTEypbasVfanmjAVgZX18WGsadmzirqMHmZw0EQRx7NRAhHrzvk2BjI
rZON5puUHHt5FYgqkqDLqMg4qer732+6AbRVmpX3UX6zo1Cbjkx9xOFqnz7NpxmA
z4BneazDUaSAi+WYVR85uTYHQsXEZ9KoUmncgV9ipyiYNslLau7g4QrD8fQFqNdo
8RdTJopDOw/C4kky6wVq9UQ17zQXBkTTvDZwOwxxzxRBgdPXwJ+GeZC+r5b39uYb
6/RvtGjJLBiRAwQfkF95k7zzMTkqAafycMVS+shO1rxvF5ChQCNXSRawCZ6K
-----END CERTIFICATE-----
Generated at Tue May 13 17:09:13 2025 by rpki-client