Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/AyW3MsTfJCfjaFqtosQ3B_3IZkg.roa
File: AyW3MsTfJCfjaFqtosQ3B_3IZkg.roa (raw, json)
Hash identifier: I3jEpNZErtUgvSjz6GIeluMlnGK1eIdVitFgnMT1S2w=
Subject key identifier: 03:25:B7:32:C4:DF:24:27:E3:68:5A:AD:A2:C4:37:07:FD:C8:66:48
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01949888C21E29E329BE02B0ECAAE93ACD88
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/AyW3MsTfJCfjaFqtosQ3B_3IZkg.roa
Signing time: Fri 24 Jan 2025 13:38:06 +0000
ROA not before: Fri 24 Jan 2025 13:38:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.209.133.0/24 maxlen: 24
87.120.84.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.120.187.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.48.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.114.0/24 maxlen: 24
94.156.170.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.236.0/24 maxlen: 24
178.215.237.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:98:88:c2:1e:29:e3:29:be:02:b0:ec:aa:e9:3a:cd:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 24 13:38:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0325b732c4df2427e3685aada2c43707fdc86648
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e6:37:09:30:a7:65:fb:e5:3b:e5:69:c4:02:91:
e6:23:f4:30:37:0f:dc:3b:d0:1d:68:29:1b:2c:17:
cb:9c:91:aa:2c:fc:78:6b:4b:22:fd:49:40:03:e2:
47:5e:6e:e2:6e:71:73:68:e5:ce:b1:83:60:ac:72:
70:7e:b5:dd:e3:09:fc:ce:ae:e1:52:d9:76:6b:ab:
10:dc:57:4c:1d:b6:70:03:77:d7:ec:6b:b9:01:9e:
c7:a1:54:13:62:16:b6:6e:20:a0:ad:19:f6:3c:03:
bc:c5:c5:97:29:c9:01:13:8b:bb:44:f4:33:76:0a:
bd:d9:e9:7f:94:bf:22:36:fd:0b:b7:8b:3a:19:d4:
b4:c1:af:bb:26:fc:d7:95:61:c4:6a:7c:6c:1d:aa:
2c:11:8d:3a:19:45:4e:e1:c1:a8:ed:15:e1:77:23:
2b:b0:62:d4:79:07:62:db:fb:61:7a:3d:92:65:4d:
70:ed:d9:13:d3:79:bd:ac:43:fe:df:8a:c9:13:40:
92:c3:29:50:ed:d0:b0:98:30:de:cc:c5:c4:ec:f6:
9d:b0:5a:3f:4f:ae:5e:5f:1d:41:86:4b:30:f9:d2:
79:bc:c4:aa:c5:d2:cd:fd:ef:9f:52:6b:4b:1b:cb:
46:9c:b9:66:6f:10:96:d1:3c:3d:83:0b:5e:9a:7d:
3d:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:25:B7:32:C4:DF:24:27:E3:68:5A:AD:A2:C4:37:07:FD:C8:66:48
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/AyW3MsTfJCfjaFqtosQ3B_3IZkg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/24
45.88.64.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
83.219.97.0/24
84.54.48.0/24
85.209.133.0/24
87.120.84.0/24
87.120.87.0/24
87.120.166.0/24
87.120.187.0/24
87.121.45.0/24
87.121.87.0/24
87.121.105.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.48.0/24
92.249.50.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.114.0/24
94.156.170.0/24
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.236.0/23
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
5b:46:ef:df:8b:3f:e4:39:5a:39:74:cc:b5:2b:e0:a6:53:92:
e5:1a:f7:67:0c:25:62:41:b3:7e:4c:f0:b0:38:fd:50:a8:7b:
cd:29:0c:83:2c:c6:3c:4e:52:69:2f:d1:44:b4:03:90:7d:61:
90:1f:7f:d8:23:a4:0f:df:5f:f8:ec:7b:ee:45:ab:ea:ed:18:
b9:7d:16:35:8d:36:8e:ca:ec:99:bc:ad:33:c1:57:b0:24:b3:
c6:8c:70:e0:5a:e4:a9:9e:25:cf:d8:01:39:db:26:38:85:95:
9c:0a:50:3c:6c:fc:e2:f7:17:b5:e1:9a:12:a2:99:17:63:84:
0f:56:0c:cf:38:21:0a:11:3f:d7:9a:20:b7:86:2a:84:0e:f1:
71:85:78:58:b9:e8:05:1b:4d:6d:a8:98:56:61:78:8a:22:b3:
dc:34:df:09:1a:c0:04:61:b1:c2:2e:3f:c1:5e:b0:dc:5d:9d:
23:56:95:00:34:06:59:9b:51:b4:26:e2:d2:69:8a:3a:4b:4c:
4f:d5:1f:d4:ed:1c:97:13:d1:5c:3c:4f:1d:c9:fe:90:98:89:
11:4c:60:f6:24:9d:fd:02:3a:46:8e:9e:74:27:cb:18:71:59:
45:34:76:33:dd:85:2b:b7:7c:61:07:e4:9b:d0:d0:02:a6:67:
02:e4:f5:10
-----BEGIN CERTIFICATE-----
MIIGIzCCBQugAwIBAgISAZSYiMIeKeMpvgKw7KrpOs2IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTI0MTMzODA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzI1YjczMmM0ZGYyNDI3ZTM2ODVhYWRhMmM0MzcwN2ZkYzg2NjQ4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5jcJMKdl++U75WnEApHmI/QwNw/c
O9AdaCkbLBfLnJGqLPx4a0si/UlAA+JHXm7ibnFzaOXOsYNgrHJwfrXd4wn8zq7h
Utl2a6sQ3FdMHbZwA3fX7Gu5AZ7HoVQTYha2biCgrRn2PAO8xcWXKckBE4u7RPQz
dgq92el/lL8iNv0Lt4s6GdS0wa+7JvzXlWHEanxsHaosEY06GUVO4cGo7RXhdyMr
sGLUeQdi2/thej2SZU1w7dkT03m9rEP+34rJE0CSwylQ7dCwmDDezMXE7PadsFo/
T65eXx1Bhksw+dJ5vMSqxdLN/e+fUmtLG8tGnLlmbxCW0Tw9gwtemn09PQIDAQAB
o4IDLzCCAyswHQYDVR0OBBYEFAMltzLE3yQn42haraLENwf9yGZIMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQXlXM01zVGZKQ2ZqYUZxdG9zUTNCXzNJWmtnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBQwYIKwYBBQUHAQcBAf8EggEyMIIBLjCCASoEAgABMIIB
IgMEAS0JnAMEAC0OpAMEAC1C5AMEAC1C5gMEAC1YQAMEAC1aWQMEAC2LagMEAC2N
njAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQAU9thAwQAVDYwAwQAVdGFAwQA
V3hUAwQAV3hXAwQAV3imAwQAV3i7AwQAV3ktAwQAV3lXAwQAV3lpAwQBV3l8AwQA
V3miAwQAV3mlAwQEW1zwAwQBXHfEAwQAXPkwAwQAXPkyAwQCXpqgAwQAXpwLAwQD
XpxAAwQAXpxyAwQAXpyqAwQAXpyzAwQAXpz4AwQAX9YbAwQAjWIBAwQAjWIGAwQA
k05kAwQCqxZIAwQBstfsAwQCudhUAwQCudpUAwQAwRnYAwQAwjFeAwQAwje6AwQA
wqmvMA0GCSqGSIb3DQEBCwUAA4IBAQBbRu/fiz/kOVo5dMy1K+CmU5LlGvdnDCVi
QbN+TPCwOP1QqHvNKQyDLMY8TlJpL9FEtAOQfWGQH3/YI6QP31/47HvuRavq7Ri5
fRY1jTaOyuyZvK0zwVewJLPGjHDgWuSpniXP2AE52yY4hZWcClA8bPzi9xe14ZoS
opkXY4QPVgzPOCEKET/XmiC3hiqEDvFxhXhYuegFG01tqJhWYXiKIrPcNN8JGsAE
YbHCLj/BXrDcXZ0jVpUANAZZm1G0JuLSaYo6S0xP1R/U7RyXE9FcPE8dyf6QmIkR
TGD2JJ39AjpGjp50J8sYcVlFNHYz3YUrt3xhB+Sb0NACpmcC5PUQ
-----END CERTIFICATE-----
Generated at Thu Apr 17 09:18:12 2025 by rpki-client