Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kc0qLIsusAR8ZPOli4WPUrvdbj4.roa
File: kc0qLIsusAR8ZPOli4WPUrvdbj4.roa (raw, json)
Hash identifier: eha8b8WMN6L0lu/OhO9VR3FvDTRMJzfk1rFgxv1rvJ4=
Subject key identifier: 91:CD:2A:2C:8B:2E:B0:04:7C:64:F3:A5:8B:85:8F:52:BB:DD:6E:3E
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0188F7E67788143C09C92B8905DF744852E2
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kc0qLIsusAR8ZPOli4WPUrvdbj4.roa
Signing time: Mon 26 Jun 2023 13:30:56 +0000
ROA not before: Mon 26 Jun 2023 13:30:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 0
IP address blocks: 185.218.84.0/22 maxlen: 24
94.156.239.0/24 maxlen: 24
194.113.36.0/22 maxlen: 24
194.55.227.0/24 maxlen: 24
178.215.236.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
147.78.101.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
45.95.0.0/22 maxlen: 24
94.103.124.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
195.178.121.0/24 maxlen: 24
185.218.137.0/24 maxlen: 24
194.169.174.0/24 maxlen: 24
194.169.173.0/24 maxlen: 24
94.154.163.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
185.219.126.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:f7:e6:77:88:14:3c:09:c9:2b:89:05:df:74:48:52:e2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jun 26 13:30:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=91cd2a2c8b2eb0047c64f3a58b858f52bbdd6e3e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:2f:db:cb:fe:dc:54:0f:0b:4d:5d:08:83:bd:
9e:d8:9f:c2:38:ae:dd:68:7f:46:b4:d8:ba:66:96:
aa:a5:fc:e7:a2:11:6a:4a:c7:a6:0f:03:b2:59:53:
ab:0c:49:94:47:0c:c8:6f:a7:0f:a1:a4:83:20:19:
bc:2c:a9:1a:68:99:00:76:68:4b:58:23:f0:a3:42:
14:97:1b:ff:35:00:12:f4:d8:31:4a:20:35:be:6a:
fb:c5:e0:78:a0:0e:9e:e5:0a:b5:27:46:52:b0:a2:
2c:85:89:c3:9e:b1:ff:f7:71:c2:7b:25:d7:b2:8d:
c0:37:b1:d6:6b:39:f4:f6:a6:20:38:34:9a:02:bc:
c2:d1:ff:89:27:34:89:e4:86:a1:d4:dd:04:7a:c2:
77:94:73:c1:fd:6f:28:0b:03:f8:6c:2a:61:0b:b4:
59:dd:9c:26:68:93:9b:08:3e:1f:3a:52:4d:74:c0:
03:f4:37:1e:53:98:fd:e9:0c:2d:82:17:f6:61:e1:
08:30:35:3d:24:af:6b:48:e8:c3:83:b8:50:52:21:
ee:a7:09:a3:06:dd:2a:20:48:57:50:5b:39:c6:20:
88:7d:ba:67:56:23:52:4e:09:4c:d2:cd:41:1c:ea:
03:1e:01:b2:29:ba:c8:5e:95:10:eb:d6:54:79:b9:
c8:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:CD:2A:2C:8B:2E:B0:04:7C:64:F3:A5:8B:85:8F:52:BB:DD:6E:3E
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kc0qLIsusAR8ZPOli4WPUrvdbj4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.95.0.0/22
45.151.89.0/24
92.119.196.0/23
94.103.124.0/24
94.154.161.0-94.154.163.255
94.156.239.0/24
147.78.100.0/23
171.22.72.0/22
178.215.236.0/24
185.216.84.0/22
185.218.84.0/22
185.218.137.0/24
185.219.126.0/24
194.55.227.0/24
194.113.36.0/22
194.169.173.0-194.169.174.255
195.178.121.0/24
Signature Algorithm: sha256WithRSAEncryption
72:53:6d:e6:d3:7a:af:32:f8:59:56:25:51:5c:0d:ef:2c:3c:
67:50:c1:24:0c:b5:45:1b:9d:50:d9:b1:56:05:c6:bf:89:72:
c7:8e:cf:fe:08:5e:eb:ce:8f:4e:36:40:21:b9:1c:24:72:da:
61:4c:37:4a:5f:4b:4c:67:4f:a2:a7:6e:c4:91:dd:83:05:b3:
a7:33:90:0a:10:6f:82:1e:ff:88:dc:d9:d7:d4:f7:43:53:ac:
84:f9:54:b5:fa:cd:d1:01:f0:82:47:f6:01:86:ed:8e:43:bf:
bf:04:bb:b7:54:a6:68:06:02:f0:13:2e:13:32:8a:92:60:f0:
cb:ff:6b:68:fe:ff:c9:0e:ce:82:89:ae:e2:e5:c5:bb:90:e1:
24:fc:b8:39:10:bc:53:b6:2e:2c:a6:7d:49:6a:26:1e:20:fa:
f6:cc:b5:2b:1b:02:a1:a6:12:4e:cc:94:26:f8:c7:10:c6:a2:
d5:42:d7:a7:8e:1b:86:26:43:69:eb:bd:98:e3:ed:0a:cc:67:
4d:2e:04:72:3e:84:ba:44:02:17:37:6c:9f:0f:3a:bf:32:a4:
04:a9:3f:fd:74:2e:4b:7e:50:c8:18:79:e8:bd:15:8c:9a:a3:
ca:b7:02:7b:52:f0:8c:f4:7e:8a:fa:a0:b2:93:0f:ef:bd:b2:
d4:8a:9a:5e
-----BEGIN CERTIFICATE-----
MIIFbzCCBFegAwIBAgISAYj35neIFDwJySuJBd90SFLiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjMwNjI2MTMzMDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWNkMmEyYzhiMmViMDA0N2M2NGYzYTU4Yjg1OGY1MmJiZGQ2ZTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1S/by/7cVA8LTV0Ig72e2J/COK7d
aH9GtNi6ZpaqpfznohFqSsemDwOyWVOrDEmURwzIb6cPoaSDIBm8LKkaaJkAdmhL
WCPwo0IUlxv/NQAS9NgxSiA1vmr7xeB4oA6e5Qq1J0ZSsKIshYnDnrH/93HCeyXX
so3AN7HWazn09qYgODSaArzC0f+JJzSJ5Iah1N0EesJ3lHPB/W8oCwP4bCphC7RZ
3ZwmaJObCD4fOlJNdMAD9DceU5j96Qwtghf2YeEIMDU9JK9rSOjDg7hQUiHupwmj
Bt0qIEhXUFs5xiCIfbpnViNSTglM0s1BHOoDHgGyKbrIXpUQ69ZUebnIPQIDAQAB
o4ICezCCAncwHQYDVR0OBBYEFJHNKiyLLrAEfGTzpYuFj1K73W4+MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEva2MwcUxJc3VzQVI4WlBPbGk0V1BVcnZkYmo0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGQBggrBgEFBQcBBwEB/wSBgDB+MHwEAgABMHYDBAItXwAD
BAAtl1kDBAFcd8QDBABeZ3wwDAMEAF6aoQMEAl6aoAMEAF6c7wMEAZNOZAMEAqsW
SAMEALLX7AMEArnYVAMEArnaVAMEALnaiQMEALnbfgMEAMI34wMEAsJxJDAMAwQA
wqmtAwQAwqmuAwQAw7J5MA0GCSqGSIb3DQEBCwUAA4IBAQByU23m03qvMvhZViVR
XA3vLDxnUMEkDLVFG51Q2bFWBca/iXLHjs/+CF7rzo9ONkAhuRwkctphTDdKX0tM
Z0+ip27Ekd2DBbOnM5AKEG+CHv+I3NnX1PdDU6yE+VS1+s3RAfCCR/YBhu2OQ7+/
BLu3VKZoBgLwEy4TMoqSYPDL/2to/v/JDs6Cia7i5cW7kOEk/Lg5ELxTti4spn1J
aiYeIPr2zLUrGwKhphJOzJQm+McQxqLVQtenjhuGJkNp672Y4+0KzGdNLgRyPoS6
RAIXN2yfDzq/MqQEqT/9dC5LflDIGHnovRWMmqPKtwJ7UvCM9H6K+qCykw/vvbLU
ippe
-----END CERTIFICATE-----
Generated at Tue May 13 17:19:53 2025 by rpki-client