Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3pq2LxGEr4TyX0CVC7QvxsucVVs.roa
File: 3pq2LxGEr4TyX0CVC7QvxsucVVs.roa (raw, json)
Hash identifier: 8Nj6BkfgU03i2sgpHixwoo40OCOUko12ixMxPBDOhW4=
Subject key identifier: DE:9A:B6:2F:11:84:AF:84:F2:5F:40:95:0B:B4:2F:C6:CB:9C:55:5B
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01948D3548843A7256D18761A6EB178AA540
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3pq2LxGEr4TyX0CVC7QvxsucVVs.roa
Signing time: Wed 22 Jan 2025 08:51:06 +0000
ROA not before: Wed 22 Jan 2025 08:51:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
81.161.239.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.209.133.0/24 maxlen: 24
87.120.84.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.120.187.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.48.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.173.0/24 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.102.0/24 maxlen: 24
94.156.114.0/24 maxlen: 24
94.156.170.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.237.0/24 maxlen: 24
185.216.71.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:8d:35:48:84:3a:72:56:d1:87:61:a6:eb:17:8a:a5:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 22 08:51:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=de9ab62f1184af84f25f40950bb42fc6cb9c555b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c3:d6:f9:81:8b:d5:a7:cf:7e:6d:24:9a:65:8c:
fd:43:c9:81:84:24:1c:2b:5f:e5:3e:54:88:79:b0:
69:1a:dd:85:21:e3:0b:f1:9a:f1:4c:0a:35:95:d1:
84:bf:a8:84:3e:b0:e3:df:3b:cf:9e:2b:e8:54:f0:
b9:cd:3e:e2:a4:be:66:9c:c1:8f:67:b5:2b:b5:56:
47:70:d3:47:31:8d:5d:91:f7:be:c8:70:d9:47:a8:
da:19:ab:63:4b:1c:69:b1:ff:36:8d:20:c9:2f:ce:
13:9b:84:53:2d:88:34:0b:6f:58:dc:16:23:0e:f9:
0c:41:19:33:1b:d7:21:c2:fb:2f:62:51:dd:82:5f:
93:f7:70:18:d6:3b:73:cb:ee:5f:39:c9:7c:56:0c:
af:a5:10:f1:99:d3:24:01:dd:c8:05:b4:78:07:88:
24:ea:49:e4:ce:36:44:fa:91:d1:16:54:bc:94:97:
83:9a:9a:f7:63:0a:3c:0d:df:63:fd:7c:c1:b5:75:
8f:b5:f5:e3:09:58:ee:53:f9:7a:b6:ee:44:8f:70:
51:f2:2e:57:de:3f:d3:1e:9d:56:b4:bb:10:aa:76:
47:7d:9d:8c:e6:0c:c8:a3:6d:0b:75:96:ef:91:f0:
8b:9a:a3:bc:fe:ec:05:4e:61:4a:c3:99:b6:b6:e8:
bd:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DE:9A:B6:2F:11:84:AF:84:F2:5F:40:95:0B:B4:2F:C6:CB:9C:55:5B
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/3pq2LxGEr4TyX0CVC7QvxsucVVs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/23
45.12.255.0/24
45.14.164.0/24
45.66.228.0/24
45.66.230.0/24
45.88.64.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
81.161.239.0/24
83.219.97.0/24
84.54.48.0/24
85.209.133.0/24
87.120.84.0/24
87.120.87.0/24
87.120.166.0/24
87.120.187.0/24
87.121.45.0/24
87.121.87.0/24
87.121.105.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.48.0/24
92.249.50.0/24
94.154.160.0/22
94.154.173.0/24
94.156.11.0/24
94.156.64.0/21
94.156.102.0/24
94.156.114.0/24
94.156.170.0/24
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.237.0/24
185.216.71.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
0d:c1:d7:0b:b3:f0:b6:32:93:2f:30:5c:c0:03:7c:13:ec:ac:
12:0d:e6:1c:77:3a:91:f1:19:9c:21:09:73:e2:25:69:f1:3e:
cf:13:cc:91:36:db:f9:41:8c:d7:46:8f:4c:ed:8d:7d:af:f5:
4f:7d:9a:03:a8:d8:d7:b6:98:52:f2:43:37:b7:21:39:e9:19:
b6:32:40:a4:95:c6:59:8f:b7:d9:0a:4a:5e:bb:34:2b:93:48:
c8:88:25:c8:3c:f9:49:7b:9d:be:ca:60:31:f5:20:db:d8:79:
7b:fb:36:3e:09:96:35:20:3e:ad:1e:c7:53:a7:8a:92:85:17:
5a:3d:1a:67:82:2d:09:5b:27:d8:1c:c0:ff:84:9c:c7:1c:f9:
bc:1f:fd:4d:ae:87:36:e9:ac:48:14:fa:d8:f4:fa:4a:0d:a7:
af:c8:06:c6:bb:e0:f7:4c:f2:37:e3:0a:7d:8b:40:de:bb:7b:
4c:e7:83:96:0c:f4:a5:59:54:01:4d:b7:f5:e7:ea:d8:43:43:
7d:5b:22:44:8b:9c:bd:fd:d4:66:16:de:7e:fb:f1:a6:b5:69:
c3:cd:fc:d7:8b:c5:9a:b4:92:c4:84:64:49:0b:4e:a9:9b:13:
80:b5:65:2a:f3:a5:52:25:03:70:7e:7b:67:a1:c8:88:76:ca:
af:b6:64:95
-----BEGIN CERTIFICATE-----
MIIGQTCCBSmgAwIBAgISAZSNNUiEOnJW0YdhpusXiqVAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTIyMDg1MTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZTlhYjYyZjExODRhZjg0ZjI1ZjQwOTUwYmI0MmZjNmNiOWM1NTViMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw9b5gYvVp89+bSSaZYz9Q8mBhCQc
K1/lPlSIebBpGt2FIeML8ZrxTAo1ldGEv6iEPrDj3zvPnivoVPC5zT7ipL5mnMGP
Z7UrtVZHcNNHMY1dkfe+yHDZR6jaGatjSxxpsf82jSDJL84Tm4RTLYg0C29Y3BYj
DvkMQRkzG9chwvsvYlHdgl+T93AY1jtzy+5fOcl8VgyvpRDxmdMkAd3IBbR4B4gk
6knkzjZE+pHRFlS8lJeDmpr3Ywo8Dd9j/XzBtXWPtfXjCVjuU/l6tu5Ej3BR8i5X
3j/THp1WtLsQqnZHfZ2M5gzIo20LdZbvkfCLmqO8/uwFTmFKw5m2tui9BwIDAQAB
o4IDTTCCA0kwHQYDVR0OBBYEFN6ati8RhK+E8l9AlQu0L8bLnFVbMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvM3BxMkx4R0VyNFR5WDBDVkM3UXZ4c3VjVlZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBYQYIKwYBBQUHAQcBAf8EggFQMIIBTDCCAUgEAgABMIIB
QAMEAS0JnAMEAC0M/wMEAC0OpAMEAC1C5AMEAC1C5gMEAC1YQAMEAC1aWQMEAC2L
agMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQAUaHvAwQAU9thAwQA
VDYwAwQAVdGFAwQAV3hUAwQAV3hXAwQAV3imAwQAV3i7AwQAV3ktAwQAV3lXAwQA
V3lpAwQBV3l8AwQAV3miAwQAV3mlAwQEW1zwAwQBXHfEAwQAXPkwAwQAXPkyAwQC
XpqgAwQAXpqtAwQAXpwLAwQDXpxAAwQAXpxmAwQAXpxyAwQAXpyqAwQAXpyzAwQA
Xpz4AwQAX9YbAwQAjWIBAwQAjWIGAwQAk05kAwQCqxZIAwQAstftAwQAudhHAwQC
udhUAwQCudpUAwQAwRnYAwQAwjFeAwQAwje6AwQAwqmvMA0GCSqGSIb3DQEBCwUA
A4IBAQANwdcLs/C2MpMvMFzAA3wT7KwSDeYcdzqR8RmcIQlz4iVp8T7PE8yRNtv5
QYzXRo9M7Y19r/VPfZoDqNjXtphS8kM3tyE56Rm2MkCklcZZj7fZCkpeuzQrk0jI
iCXIPPlJe52+ymAx9SDb2Hl7+zY+CZY1ID6tHsdTp4qShRdaPRpngi0JWyfYHMD/
hJzHHPm8H/1Nroc26axIFPrY9PpKDaevyAbGu+D3TPI34wp9i0Deu3tM54OWDPSl
WVQBTbf15+rYQ0N9WyJEi5y9/dRmFt5++/GmtWnDzfzXi8WatJLEhGRJC06pmxOA
tWUq86VSJQNwfntnociIdsqvtmSV
-----END CERTIFICATE-----
Generated at Thu Apr 17 10:25:32 2025 by rpki-client