Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Cr8vVc4Xdjn7o-8_85zvLDzQvDo.roa
File: Cr8vVc4Xdjn7o-8_85zvLDzQvDo.roa (raw, json)
Hash identifier: kNGdYlXmWwLLZm0vkDv1vsAiVeLYloIxFYrahuHlgVY=
Subject key identifier: 0A:BF:2F:55:CE:17:76:39:FB:A3:EF:3F:F3:9C:EF:2C:3C:D0:BC:3A
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195D809B739B041EA77EF49E125DEA26A86
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Cr8vVc4Xdjn7o-8_85zvLDzQvDo.roa
Signing time: Thu 27 Mar 2025 14:37:50 +0000
ROA not before: Thu 27 Mar 2025 14:37:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.157.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.128.96.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.70.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.113.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:d8:09:b7:39:b0:41:ea:77:ef:49:e1:25:de:a2:6a:86
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 27 14:37:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0abf2f55ce177639fba3ef3ff39cef2c3cd0bc3a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:dc:c0:9f:98:6a:13:60:3a:45:68:2a:97:42:
fa:ef:43:3d:2d:a5:ab:28:cd:cf:a0:82:80:2f:6d:
aa:53:33:e4:81:46:b3:c0:73:30:71:b5:f0:be:98:
8f:f3:b1:51:32:f8:19:76:f2:c7:bc:01:8c:96:95:
af:d1:c3:0a:e4:4f:23:b6:88:b2:78:ca:2a:e2:9d:
7d:b9:b7:f6:20:01:5e:79:77:7a:73:d7:48:8d:ab:
28:a4:3c:88:21:d5:d2:17:79:99:b7:ee:34:c5:db:
a3:3a:b0:eb:2d:49:f6:bd:f7:f5:15:19:cc:27:f7:
4e:f0:36:e2:2a:9a:ce:11:3d:87:12:0a:21:44:db:
e3:1d:22:2f:e3:83:0a:2b:1d:af:6e:db:16:9e:f8:
fb:4e:92:96:06:e5:97:d9:bf:f1:e7:f1:b1:ef:78:
64:80:60:b9:88:03:83:89:ac:7d:55:86:0f:f9:28:
d6:23:11:83:a5:c3:10:d5:8f:cb:65:db:a6:d6:72:
b7:aa:8f:a1:57:2a:68:04:20:ce:21:b7:01:70:8b:
60:9b:45:ee:4c:71:96:41:db:b9:0d:fd:78:cf:8a:
04:9f:7c:ae:98:f9:72:75:25:db:6a:26:77:3a:e4:
36:fc:d9:73:0a:e5:52:36:59:6a:ae:86:bf:e6:c5:
10:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0A:BF:2F:55:CE:17:76:39:FB:A3:EF:3F:F3:9C:EF:2C:3C:D0:BC:3A
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Cr8vVc4Xdjn7o-8_85zvLDzQvDo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.157.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.128.96.0/24
45.139.106.0/24
45.141.158.0/24
45.151.90.0/23
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0-87.120.127.255
87.120.166.0/24
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.70.0/24
91.92.240.0/20
92.249.50.0/24
93.123.109.0/24
94.154.160.0/22
94.156.64.0/21
94.156.113.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
193.25.216.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
88:80:2f:35:69:c4:54:16:60:1a:ba:57:45:8e:f0:94:1b:bb:
5c:e8:00:52:e8:5d:8e:dc:1d:64:75:14:b2:44:39:d8:d4:85:
f8:ca:fc:bf:b9:df:dc:7f:34:69:4b:eb:01:db:f0:4d:89:cf:
50:b3:c8:58:58:cf:b0:77:20:d9:b5:10:7d:b0:a1:f5:ae:c7:
8f:e8:10:5d:39:26:c2:0f:28:76:be:cf:f3:47:00:18:19:d1:
77:e3:49:59:f7:0a:b4:f9:aa:6c:d6:d8:67:b0:2e:3c:15:57:
e7:59:bd:46:b7:79:9d:83:96:f3:24:48:a8:d4:2a:43:73:5c:
46:3e:f7:02:05:9a:79:15:75:98:a1:d0:72:ba:c2:19:ba:29:
48:18:47:0f:75:83:49:03:14:38:a1:fe:83:62:ff:10:b5:c5:
d9:d0:2f:be:dc:11:97:da:b2:1d:9f:6b:c5:45:b8:3b:e5:f1:
b5:78:20:f5:f4:0c:17:d8:2b:ae:10:08:33:bb:85:88:0e:70:
6e:19:c4:f7:49:91:77:f0:3d:81:86:ab:44:54:29:e6:0c:55:
f9:c3:19:2b:0f:be:88:a1:37:3f:e3:b5:1b:e0:24:49:18:2a:
89:4e:be:46:c5:7f:12:48:e9:a4:a0:98:d4:d5:d3:b9:0d:04:
e1:63:20:9e
-----BEGIN CERTIFICATE-----
MIIGEzCCBPugAwIBAgISAZXYCbc5sEHqd+9J4SXeomqGMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzI3MTQzNzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWJmMmY1NWNlMTc3NjM5ZmJhM2VmM2ZmMzljZWYyYzNjZDBiYzNhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0dzAn5hqE2A6RWgql0L670M9LaWr
KM3PoIKAL22qUzPkgUazwHMwcbXwvpiP87FRMvgZdvLHvAGMlpWv0cMK5E8jtoiy
eMoq4p19ubf2IAFeeXd6c9dIjasopDyIIdXSF3mZt+40xdujOrDrLUn2vff1FRnM
J/dO8DbiKprOET2HEgohRNvjHSIv44MKKx2vbtsWnvj7TpKWBuWX2b/x5/Gx73hk
gGC5iAODiax9VYYP+SjWIxGDpcMQ1Y/LZdum1nK3qo+hVypoBCDOIbcBcItgm0Xu
THGWQdu5Df14z4oEn3yumPlydSXbaiZ3OuQ2/NlzCuVSNllqroa/5sUQzQIDAQAB
o4IDHzCCAxswHQYDVR0OBBYEFAq/L1XOF3Y5+6PvP/Oc7yw80Lw6MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvQ3I4dlZjNFhkam43by04Xzg1enZMRHpRdkRvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBMwYIKwYBBQUHAQcBAf8EggEiMIIBHjCCARoEAgABMIIB
EgMEAgX8hAMEAC0JnQMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1aWQMEAC2A
YAMEAC2LagMEAC2NngMEAS2XWgMEAE9uMgMEAFGh7gMEAFPbYQMEAFQ2MAMEAFd4
VzAMAwQEV3hwAwQBV3h0AwQBV3h4MAwDBABXeH0DBAdXeAADBABXeKYDBABXeSYD
BABXeS0DBABXeVcDBAFXeXwDBABXeaIDBABXeaUDBABbXEYDBARbXPADBABc+TID
BABde20DBAJemqADBANenEADBABenHEDBABtzu0DBACNYgEDBACNYgYDBACTTmQD
BAKrFkgDBACy1+ADBAK52FQDBADBGdgDBADCN7oDBADCqa8wDQYJKoZIhvcNAQEL
BQADggEBAIiALzVpxFQWYBq6V0WO8JQbu1zoAFLoXY7cHWR1FLJEOdjUhfjK/L+5
39x/NGlL6wHb8E2Jz1CzyFhYz7B3INm1EH2wofWux4/oEF05JsIPKHa+z/NHABgZ
0XfjSVn3CrT5qmzW2GewLjwVV+dZvUa3eZ2DlvMkSKjUKkNzXEY+9wIFmnkVdZih
0HK6whm6KUgYRw91g0kDFDih/oNi/xC1xdnQL77cEZfash2fa8VFuDvl8bV4IPX0
DBfYK64QCDO7hYgOcG4ZxPdJkXfwPYGGq0RUKeYMVfnDGSsPvoihNz/jtRvgJEkY
KolOvkbFfxJI6aSgmNTV07kNBOFjIJ4=
-----END CERTIFICATE-----
Generated at Thu Apr 17 10:35:58 2025 by rpki-client