Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/6lKlD6l8FYs-pRpDlOv-uGnb5qE.roa
File: 6lKlD6l8FYs-pRpDlOv-uGnb5qE.roa (raw, json)
Hash identifier: 2NuEDBlmiqLlDHF2eNLa4uDsmWCNbmWAZXKF3jaSMhM=
Subject key identifier: EA:52:A5:0F:A9:7C:15:8B:3E:A5:1A:43:94:EB:FE:B8:69:DB:E6:A1
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0194BCAC2955E771BBBB8534E442673E4541
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/6lKlD6l8FYs-pRpDlOv-uGnb5qE.roa
Signing time: Fri 31 Jan 2025 14:03:06 +0000
ROA not before: Fri 31 Jan 2025 14:03:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:bc:ac:29:55:e7:71:bb:bb:85:34:e4:42:67:3e:45:41
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 31 14:03:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ea52a50fa97c158b3ea51a4394ebfeb869dbe6a1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a4:5f:c8:f0:1a:b2:87:38:c5:df:e8:7d:72:e0:
ea:be:79:a1:40:7e:87:2b:1c:79:a4:5a:b7:76:8a:
d9:b7:b1:8e:85:f5:79:54:e1:f5:c4:ff:01:c9:a6:
92:3f:42:93:ff:3f:d5:ac:f3:de:e9:86:5c:63:ce:
d3:17:99:30:03:e1:cc:cf:26:83:f7:35:5e:e6:13:
61:02:6d:a6:95:df:2d:08:b0:71:f0:79:a1:8f:a6:
0e:e1:c1:29:af:63:af:40:3e:65:c2:02:f3:ee:b2:
df:64:70:bf:4e:27:fb:5d:7a:6e:b0:a8:a7:d7:15:
ee:79:2c:d5:3c:92:63:e9:32:da:e0:b5:ce:72:b3:
c7:a5:43:e3:67:e8:b8:1c:a7:39:bd:c3:7b:0b:7a:
e4:4b:0d:9d:12:1d:24:53:b4:f5:2a:bb:00:b9:bf:
6a:75:2d:41:fb:ff:42:61:fe:07:f1:85:fb:dc:63:
e8:c8:28:13:6a:b8:4f:5c:52:ac:ce:c8:65:84:c4:
47:52:f9:74:ee:36:0b:a5:61:3c:8b:11:b9:95:12:
06:26:89:e8:c8:bb:d0:eb:6d:45:b2:57:ec:fe:8e:
a9:e6:f7:9d:8a:56:24:dd:fd:ec:b2:1d:5b:55:76:
e6:8b:29:a3:cc:a3:f8:f0:f7:91:b8:40:e1:a1:fc:
b8:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EA:52:A5:0F:A9:7C:15:8B:3E:A5:1A:43:94:EB:FE:B8:69:DB:E6:A1
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/6lKlD6l8FYs-pRpDlOv-uGnb5qE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/24
45.88.64.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
43:65:09:08:8a:47:5d:ef:78:e9:fe:8c:e2:7c:f2:bc:51:08:
51:aa:89:ac:30:4b:7b:0d:a9:61:21:a5:9d:c9:ac:81:7d:aa:
5c:b8:ef:a9:60:e6:db:23:cc:0f:11:d2:16:3f:fd:97:eb:1f:
c9:d1:4c:68:85:a1:a8:8e:d6:a7:d2:9f:6d:57:60:da:54:8a:
35:74:f3:83:67:8f:e9:1b:20:59:fe:7a:5e:4f:fc:49:45:b7:
e7:b3:3a:15:ec:1b:87:75:b1:06:b3:12:11:5d:5a:16:29:49:
93:33:4d:15:d7:71:8f:bb:57:eb:f5:33:2c:81:82:8d:03:a3:
00:b4:75:a3:f9:fb:35:6e:c0:6b:52:4c:9f:68:8f:ec:7c:b8:
96:ed:07:c7:f2:eb:80:35:8a:11:0e:53:fd:5e:7c:5f:37:ea:
0a:9e:15:f8:6b:72:63:72:ce:16:11:2d:0f:85:e2:a3:00:46:
83:a4:45:ef:f0:a4:67:67:3c:65:2a:44:9d:6f:f4:fe:64:18:
86:d8:fb:5d:03:75:b9:9e:bd:01:cd:85:f8:42:5a:74:f5:1d:
d8:29:39:a9:56:53:61:0e:bd:24:50:98:13:00:91:99:4b:9b:
16:d2:bb:26:b5:f5:26:a1:36:0d:db:a9:e5:65:29:34:82:13:
3c:dc:cf:64
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgISAZS8rClV53G7u4U05EJnPkVBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTMxMTQwMzA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYTUyYTUwZmE5N2MxNThiM2VhNTFhNDM5NGViZmViODY5ZGJlNmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApF/I8BqyhzjF3+h9cuDqvnmhQH6H
Kxx5pFq3dorZt7GOhfV5VOH1xP8ByaaSP0KT/z/VrPPe6YZcY87TF5kwA+HMzyaD
9zVe5hNhAm2mld8tCLBx8Hmhj6YO4cEpr2OvQD5lwgLz7rLfZHC/Tif7XXpusKin
1xXueSzVPJJj6TLa4LXOcrPHpUPjZ+i4HKc5vcN7C3rkSw2dEh0kU7T1KrsAub9q
dS1B+/9CYf4H8YX73GPoyCgTarhPXFKszshlhMRHUvl07jYLpWE8ixG5lRIGJono
yLvQ621Fslfs/o6p5vedilYk3f3ssh1bVXbmiymjzKP48PeRuEDhofy4DQIDAQAB
o4IDAzCCAv8wHQYDVR0OBBYEFOpSpQ+pfBWLPqUaQ5Tr/rhp2+ahMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvNmxLbEQ2bDhGWXMtcFJwRGxPdi11R25iNXFFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBFwYIKwYBBQUHAQcBAf8EggEGMIIBAjCB/wQCAAEwgfgD
BAIF/IQDBAEtCZwDBAAtDqQDBAAtQuQDBAAtQuYDBAAtWEADBAAtWlkDBAAti2oD
BAAtjZ4wDAMEAC2XWQMEAi2XWAMEAE9uMgMEAE9uPgMEAFPbYQMEAFQ2MAMEAFd4
VwMEAFd4pgMEAFd5LQMEAFd5VwMEAVd5fAMEAFd5ogMEAFd5pQMEBFtc8AMEAVx3
xAMEAFz5MgMEAl6aoAMEAF6cCwMEA16cQAMEAF6cswMEAF6c+AMEAF/WGwMEAI1i
AQMEAI1iBgMEAJNOZAMEAqsWSAMEArnYVAMEArnaVAMEAMEZ2AMEAMIxXgMEAMI3
ugMEAMKprzANBgkqhkiG9w0BAQsFAAOCAQEAQ2UJCIpHXe946f6M4nzyvFEIUaqJ
rDBLew2pYSGlncmsgX2qXLjvqWDm2yPMDxHSFj/9l+sfydFMaIWhqI7Wp9KfbVdg
2lSKNXTzg2eP6RsgWf56Xk/8SUW357M6Fewbh3WxBrMSEV1aFilJkzNNFddxj7tX
6/UzLIGCjQOjALR1o/n7NW7Aa1JMn2iP7Hy4lu0Hx/LrgDWKEQ5T/V58XzfqCp4V
+GtyY3LOFhEtD4XiowBGg6RF7/CkZ2c8ZSpEnW/0/mQYhtj7XQN1uZ69Ac2F+EJa
dPUd2Ck5qVZTYQ69JFCYEwCRmUubFtK7JrX1JqE2Ddup5WUpNIITPNzPZA==
-----END CERTIFICATE-----
Generated at Thu Apr 17 10:45:46 2025 by rpki-client