Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/D50BvgKACMMCueZ3ErbK69-YyY4.roa
File: D50BvgKACMMCueZ3ErbK69-YyY4.roa (raw, json)
Hash identifier: udaUGZrwaxYAbhAwyjk4CcNNz5adpruDw6sSS/DUrQY=
Subject key identifier: 0F:9D:01:BE:02:80:08:C3:02:B9:E6:77:12:B6:CA:EB:DF:98:C9:8E
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01948E5CFF5F9AF07A990C7ED0DC620C3CC4
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/D50BvgKACMMCueZ3ErbK69-YyY4.roa
Signing time: Wed 22 Jan 2025 14:14:06 +0000
ROA not before: Wed 22 Jan 2025 14:14:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
81.161.239.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.209.133.0/24 maxlen: 24
87.120.84.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.120.187.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.48.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.173.0/24 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.102.0/24 maxlen: 24
94.156.114.0/24 maxlen: 24
94.156.170.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.237.0/24 maxlen: 24
185.216.71.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.31.222.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:8e:5c:ff:5f:9a:f0:7a:99:0c:7e:d0:dc:62:0c:3c:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 22 14:14:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=0f9d01be028008c302b9e67712b6caebdf98c98e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:f9:44:b1:1c:61:fd:87:dc:87:69:52:38:34:
f6:67:46:3d:a5:42:ba:73:b4:16:c5:00:10:c6:34:
4f:79:b5:4b:e0:5b:d9:fb:76:01:a4:47:7c:85:cf:
8d:20:b7:ac:95:35:aa:ce:90:51:ec:a6:cc:50:71:
97:f9:35:f2:21:93:a7:7b:c5:75:ca:cd:fd:70:95:
2e:88:c4:10:5b:b0:59:d8:ce:a2:d7:72:ee:b8:30:
f8:2f:3d:cd:a6:6e:30:ef:fe:f0:75:d2:98:4e:ac:
77:3a:07:52:69:8c:60:fb:67:5d:64:54:67:37:4b:
b9:c4:78:97:26:0e:cb:f0:ba:1e:40:14:57:be:39:
c0:10:8a:32:cd:9a:14:56:32:e6:39:f4:3f:03:c5:
64:22:2a:80:c8:b9:33:1f:44:fd:96:aa:fd:21:fb:
c5:2b:a6:33:84:06:10:4e:39:04:07:c4:33:65:29:
06:aa:b2:ce:46:53:3a:84:90:73:c8:74:a5:25:17:
f0:54:8f:ba:1a:cd:2d:71:31:97:f6:5f:d1:04:2c:
b2:be:a2:e8:3f:0f:4c:92:b5:63:92:53:c4:31:b6:
7b:4a:6d:41:1c:68:1b:47:49:89:23:0e:35:c8:02:
ef:1c:8a:28:27:d4:fa:b8:39:78:e2:2d:94:b8:eb:
c7:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0F:9D:01:BE:02:80:08:C3:02:B9:E6:77:12:B6:CA:EB:DF:98:C9:8E
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/D50BvgKACMMCueZ3ErbK69-YyY4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/23
45.12.255.0/24
45.14.164.0/24
45.66.228.0/24
45.66.230.0/24
45.88.64.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
81.161.239.0/24
83.219.97.0/24
84.54.48.0/24
85.209.133.0/24
87.120.84.0/24
87.120.87.0/24
87.120.166.0/24
87.120.187.0/24
87.121.45.0/24
87.121.87.0/24
87.121.105.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.48.0/24
92.249.50.0/24
94.154.160.0/22
94.154.173.0/24
94.156.11.0/24
94.156.64.0/21
94.156.102.0/24
94.156.114.0/24
94.156.170.0/24
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.237.0/24
185.216.71.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.31.222.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
20:80:ae:03:c4:bc:0b:de:e1:28:f0:72:8f:81:b3:35:eb:c0:
57:29:20:04:4e:b7:98:ee:01:99:c7:51:7a:89:49:bf:fa:a9:
33:64:ff:33:2d:e3:44:46:5f:5f:c7:3c:df:84:8e:12:55:96:
c9:dc:4d:82:64:24:ba:e1:a7:ae:6a:20:b8:70:90:9d:75:3d:
28:88:ae:fa:ed:bd:05:5a:c1:45:6c:fd:16:33:63:ce:49:57:
5e:17:7f:29:5a:3c:56:3f:0f:63:c3:18:42:9a:32:ba:9c:36:
f7:cd:11:af:94:af:a7:37:8c:01:09:88:44:28:02:71:5e:0e:
57:48:15:75:29:1f:a5:59:fc:c7:47:e1:f1:91:ac:64:98:35:
ad:cd:61:3b:4a:3f:37:b0:d5:c3:d5:02:0f:f3:4d:50:1f:d3:
32:4d:5c:77:81:47:fd:84:78:bf:86:27:f6:49:a7:7d:13:fa:
dc:b7:78:d5:e0:86:a8:75:6c:3e:07:33:01:4e:4a:ce:7d:3f:
84:6c:20:77:fa:4c:2d:8e:28:d7:14:e9:9b:58:f1:66:cd:07:
8f:91:74:d9:cb:7e:5e:66:e0:8a:6d:38:e7:ed:9f:0f:ec:d9:
dc:bf:41:da:f5:6f:f5:51:e7:a5:dd:a0:56:04:1e:c3:4d:f0:
e3:86:21:36
-----BEGIN CERTIFICATE-----
MIIGRzCCBS+gAwIBAgISAZSOXP9fmvB6mQx+0NxiDDzEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTIyMTQxNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwZjlkMDFiZTAyODAwOGMzMDJiOWU2NzcxMmI2Y2FlYmRmOThjOThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoflEsRxh/Yfch2lSODT2Z0Y9pUK6
c7QWxQAQxjRPebVL4FvZ+3YBpEd8hc+NILeslTWqzpBR7KbMUHGX+TXyIZOne8V1
ys39cJUuiMQQW7BZ2M6i13LuuDD4Lz3Npm4w7/7wddKYTqx3OgdSaYxg+2ddZFRn
N0u5xHiXJg7L8LoeQBRXvjnAEIoyzZoUVjLmOfQ/A8VkIiqAyLkzH0T9lqr9IfvF
K6YzhAYQTjkEB8QzZSkGqrLORlM6hJBzyHSlJRfwVI+6Gs0tcTGX9l/RBCyyvqLo
Pw9MkrVjklPEMbZ7Sm1BHGgbR0mJIw41yALvHIooJ9T6uDl44i2UuOvHOwIDAQAB
o4IDUzCCA08wHQYDVR0OBBYEFA+dAb4CgAjDArnmdxK2yuvfmMmOMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRDUwQnZnS0FDTU1DdWVaM0VyYks2OS1ZeVk0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBZwYIKwYBBQUHAQcBAf8EggFWMIIBUjCCAU4EAgABMIIB
RgMEAS0JnAMEAC0M/wMEAC0OpAMEAC1C5AMEAC1C5gMEAC1YQAMEAC1aWQMEAC2L
agMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQAUaHvAwQAU9thAwQA
VDYwAwQAVdGFAwQAV3hUAwQAV3hXAwQAV3imAwQAV3i7AwQAV3ktAwQAV3lXAwQA
V3lpAwQBV3l8AwQAV3miAwQAV3mlAwQEW1zwAwQBXHfEAwQAXPkwAwQAXPkyAwQC
XpqgAwQAXpqtAwQAXpwLAwQDXpxAAwQAXpxmAwQAXpxyAwQAXpyqAwQAXpyzAwQA
Xpz4AwQAX9YbAwQAjWIBAwQAjWIGAwQAk05kAwQCqxZIAwQAstftAwQAudhHAwQC
udhUAwQCudpUAwQAwRnYAwQAwh/eAwQAwjFeAwQAwje6AwQAwqmvMA0GCSqGSIb3
DQEBCwUAA4IBAQAggK4DxLwL3uEo8HKPgbM168BXKSAETreY7gGZx1F6iUm/+qkz
ZP8zLeNERl9fxzzfhI4SVZbJ3E2CZCS64aeuaiC4cJCddT0oiK767b0FWsFFbP0W
M2POSVdeF38pWjxWPw9jwxhCmjK6nDb3zRGvlK+nN4wBCYhEKAJxXg5XSBV1KR+l
WfzHR+HxkaxkmDWtzWE7Sj83sNXD1QIP801QH9MyTVx3gUf9hHi/hif2Sad9E/rc
t3jV4IaodWw+BzMBTkrOfT+EbCB3+kwtjijXFOmbWPFmzQePkXTZy35eZuCKbTjn
7Z8P7Nncv0Ha9W/1Ueel3aBWBB7DTfDjhiE2
-----END CERTIFICATE-----
Generated at Wed Apr 16 19:33:36 2025 by rpki-client