Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1F6kgu8m-ccFDdgX57ALAGB_opI.roa
File: 1F6kgu8m-ccFDdgX57ALAGB_opI.roa (raw, json)
Hash identifier: BlXp1TRuE6AFTdT0pz5AG1m8XZZoNajucomWaNcb/1o=
Subject key identifier: D4:5E:A4:82:EF:26:F9:C7:05:0D:D8:17:E7:B0:0B:00:60:7F:A2:92
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195D76C3EAB1C1744C1284A4C4550DBBBA2
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1F6kgu8m-ccFDdgX57ALAGB_opI.roa
Signing time: Thu 27 Mar 2025 11:45:50 +0000
ROA not before: Thu 27 Mar 2025 11:45:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.157.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.128.96.0/24 maxlen: 24
45.133.251.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.113.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.246.223.0/24 maxlen: 24
193.25.216.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:d7:6c:3e:ab:1c:17:44:c1:28:4a:4c:45:50:db:bb:a2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 27 11:45:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=d45ea482ef26f9c7050dd817e7b00b00607fa292
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:ef:a0:e9:49:8e:b9:a7:81:0d:93:a3:7b:af:
0f:bf:da:32:be:25:ec:5b:f1:bb:c0:97:a6:ec:1c:
94:86:6a:f3:8f:55:5e:9c:3d:b6:a1:17:97:aa:0b:
e7:62:4f:90:d7:b7:30:0a:ef:5c:1f:ec:1b:bb:97:
01:c0:c1:87:85:9f:07:dc:0b:82:00:c3:4d:90:34:
de:76:56:35:14:93:2a:18:a3:fb:94:12:9e:56:67:
1d:76:10:4a:df:0a:79:98:cb:e7:1c:b7:0e:b5:ea:
c4:7c:28:77:7b:b8:d0:23:08:c4:f8:b4:a1:c9:07:
8f:3a:62:f0:c6:db:4c:97:fd:18:46:cf:d7:49:3f:
22:33:6b:82:b7:bd:f7:b4:bc:31:fa:be:83:09:7c:
47:c8:68:51:37:05:8b:4b:6a:45:c6:13:2f:e5:be:
cc:de:2c:15:ab:59:11:06:d5:41:8f:d4:b4:08:60:
11:32:54:71:d3:1e:a0:04:38:d8:71:07:d1:7a:7e:
97:f8:fb:60:bb:b4:14:e4:02:e8:66:0b:80:e4:8d:
8e:1a:38:f9:9c:0f:86:57:9c:14:fd:79:8e:ed:59:
e6:6b:b6:a8:cc:8a:fa:83:d9:5f:b0:77:bf:fa:02:
65:fd:ea:2d:4e:d3:98:b8:fe:34:be:98:64:de:c3:
14:8f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D4:5E:A4:82:EF:26:F9:C7:05:0D:D8:17:E7:B0:0B:00:60:7F:A2:92
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/1F6kgu8m-ccFDdgX57ALAGB_opI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.157.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.128.96.0/24
45.133.251.0/24
45.139.106.0/24
45.141.158.0/24
45.151.90.0/23
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0-87.120.127.255
87.120.166.0/24
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.249.50.0/24
93.123.109.0/24
94.154.160.0/22
94.156.64.0/21
94.156.113.0/24
94.156.179.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
185.246.223.0/24
193.25.216.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
aa:b0:26:63:9c:3d:4b:20:ba:a4:25:bc:a8:4f:61:37:58:e7:
9f:f9:34:1f:48:97:4f:4e:42:ee:12:a0:3d:5a:b9:b8:89:0e:
da:61:b8:33:39:c7:63:72:f3:30:6e:d1:02:d6:9a:47:96:82:
7c:aa:11:10:c4:2a:98:fd:71:fa:0e:3a:92:3a:20:80:59:30:
98:5d:38:51:cf:43:7a:c3:34:47:ec:46:71:ab:74:b5:70:86:
25:9c:c6:8b:a2:96:e7:f6:61:ff:2c:06:86:4a:d8:ea:f8:26:
49:91:dd:de:9c:75:ce:de:a8:d7:d1:86:7b:f6:ab:38:9c:0c:
c8:98:30:d4:e2:42:46:27:72:e4:64:d9:57:4c:fe:aa:23:9e:
d8:5e:40:8f:21:d6:56:cb:e4:86:ea:e3:f7:73:36:cd:56:7f:
5e:3e:50:34:97:a5:40:bf:16:2f:c8:91:0c:2a:df:5f:43:81:
90:b9:22:ea:ee:93:e9:92:23:62:e2:ea:c9:d9:83:44:61:69:
ff:18:fd:e1:c8:38:f0:cb:1d:f5:e8:ad:58:7f:77:14:15:27:
33:cd:f0:ed:25:f9:f8:fb:5c:02:c9:fd:1f:75:2d:7c:f1:7b:
e9:55:a5:22:cf:a2:3f:2b:51:f0:cf:9d:83:d8:af:4f:1a:4d:
c6:3f:79:65
-----BEGIN CERTIFICATE-----
MIIGHzCCBQegAwIBAgISAZXXbD6rHBdEwShKTEVQ27uiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzI3MTE0NTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNDVlYTQ4MmVmMjZmOWM3MDUwZGQ4MTdlN2IwMGIwMDYwN2ZhMjkyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoe+g6UmOuaeBDZOje68Pv9oyviXs
W/G7wJem7ByUhmrzj1VenD22oReXqgvnYk+Q17cwCu9cH+wbu5cBwMGHhZ8H3AuC
AMNNkDTedlY1FJMqGKP7lBKeVmcddhBK3wp5mMvnHLcOterEfCh3e7jQIwjE+LSh
yQePOmLwxttMl/0YRs/XST8iM2uCt733tLwx+r6DCXxHyGhRNwWLS2pFxhMv5b7M
3iwVq1kRBtVBj9S0CGARMlRx0x6gBDjYcQfRen6X+Ptgu7QU5ALoZguA5I2OGjj5
nA+GV5wU/XmO7Vnma7aozIr6g9lfsHe/+gJl/eotTtOYuP40vphk3sMUjwIDAQAB
o4IDKzCCAycwHQYDVR0OBBYEFNRepILvJvnHBQ3YF+ewCwBgf6KSMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvMUY2a2d1OG0tY2NGRGRnWDU3QUxBR0Jfb3BJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBPwYIKwYBBQUHAQcBAf8EggEuMIIBKjCCASYEAgABMIIB
HgMEAgX8hAMEAC0JnQMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1aWQMEAC2A
YAMEAC2F+wMEAC2LagMEAC2NngMEAS2XWgMEAE9uMgMEAFGh7gMEAFPbYQMEAFQ2
MAMEAFd4VzAMAwQEV3hwAwQBV3h0AwQBV3h4MAwDBABXeH0DBAdXeAADBABXeKYD
BABXeSYDBABXeS0DBABXeVcDBAFXeXwDBABXeaIDBABXeaUDBARbXPADBABc+TID
BABde20DBAJemqADBANenEADBABenHEDBABenLMDBABtzu0DBACNYgEDBACNYgYD
BACTTmQDBAKrFkgDBACy1+ADBAK52FQDBAC59t8DBADBGdgDBADCN7oDBADCqa8w
DQYJKoZIhvcNAQELBQADggEBAKqwJmOcPUsguqQlvKhPYTdY55/5NB9Il09OQu4S
oD1aubiJDtphuDM5x2Ny8zBu0QLWmkeWgnyqERDEKpj9cfoOOpI6IIBZMJhdOFHP
Q3rDNEfsRnGrdLVwhiWcxouiluf2Yf8sBoZK2Or4JkmR3d6cdc7eqNfRhnv2qzic
DMiYMNTiQkYncuRk2VdM/qojntheQI8h1lbL5Ibq4/dzNs1Wf14+UDSXpUC/Fi/I
kQwq319DgZC5Iuruk+mSI2Li6snZg0Rhaf8Y/eHIOPDLHfXorVh/dxQVJzPN8O0l
+fj7XALJ/R91LXzxe+lVpSLPoj8rUfDPnYPYr08aTcY/eWU=
-----END CERTIFICATE-----
Generated at Wed Apr 16 20:15:40 2025 by rpki-client