Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/G9KgdlIUZ5Qj-Il9yJQZRdOQzRs.roa
File: G9KgdlIUZ5Qj-Il9yJQZRdOQzRs.roa (raw, json)
Hash identifier: UNLX9u44+jEzOzLNfP61UeEyh0BaRVflHrtuKEHQ1Do=
Subject key identifier: 1B:D2:A0:76:52:14:67:94:23:F8:89:7D:C8:94:19:45:D3:90:CD:1B
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0194B25CFF235BB2505383319F830CF884E2
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/G9KgdlIUZ5Qj-Il9yJQZRdOQzRs.roa
Signing time: Wed 29 Jan 2025 14:00:26 +0000
ROA not before: Wed 29 Jan 2025 14:00:26 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.209.133.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.48.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:b2:5c:ff:23:5b:b2:50:53:83:31:9f:83:0c:f8:84:e2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 29 14:00:26 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1bd2a0765214679423f8897dc8941945d390cd1b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:c9:9f:14:b3:53:76:e9:a0:7a:31:34:45:7c:
45:11:e8:e3:46:f4:1d:d1:22:3a:34:37:59:da:72:
07:cc:f6:49:69:37:62:6a:f7:b2:58:dd:9b:c6:56:
ea:f6:c2:55:db:a1:e8:a3:bf:01:04:f5:36:30:18:
c8:39:38:bd:4b:93:bf:22:38:88:d4:0f:8d:77:5b:
ef:fe:7f:b0:d0:66:93:cc:7b:7d:60:d0:0c:68:72:
fd:46:33:7d:b2:13:3a:ca:f7:f2:34:13:f4:6c:5d:
22:18:83:d5:a4:a7:f1:ab:0b:da:6a:bc:4d:c1:f7:
f0:9b:9d:2e:27:a8:45:af:99:45:95:84:33:a0:1e:
88:13:73:c5:5b:a2:fa:30:41:52:f0:d8:cf:08:49:
23:fc:a5:c2:ec:0d:c8:41:5a:70:98:f2:b7:10:70:
b3:dd:2f:3a:5b:51:8a:ad:a3:c1:bf:00:1a:7f:af:
25:91:cd:93:12:48:47:d7:75:7b:41:8e:f0:db:28:
58:e9:c6:14:9f:19:f0:60:7c:68:b8:5b:4a:79:fa:
fa:28:d7:ce:c4:06:22:e1:06:b1:11:67:3b:d3:1a:
11:9a:d8:fc:8c:89:c2:58:8e:c9:63:0c:89:c6:1b:
08:a1:e7:23:b5:47:00:21:79:66:9d:89:14:bc:a6:
32:f5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:D2:A0:76:52:14:67:94:23:F8:89:7D:C8:94:19:45:D3:90:CD:1B
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/G9KgdlIUZ5Qj-Il9yJQZRdOQzRs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/24
45.88.64.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
83.219.97.0/24
84.54.48.0/24
85.209.133.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.48.0/24
92.249.50.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
73:a0:ab:05:33:ea:3a:5b:6c:ed:9f:0c:03:88:61:08:2c:57:
9e:71:0e:c6:d9:55:03:ac:6d:e8:fb:96:b6:6f:0a:7f:90:e4:
e1:10:1a:c1:51:2c:e6:3a:0a:3e:63:e9:41:dd:89:a8:60:c1:
93:77:84:13:3f:12:87:30:1c:1e:f7:5a:e0:01:9d:51:c5:0c:
50:51:29:ae:3f:25:a2:7c:8e:ab:a1:a0:d0:4e:2c:ae:8a:54:
35:93:08:73:7e:f4:f8:54:83:9a:47:20:0a:3b:b8:c5:f1:22:
af:c2:d8:92:b1:8e:91:d2:b3:99:26:b9:26:0c:01:8e:27:13:
8f:86:1a:b3:e0:6a:da:0c:15:9e:85:56:68:e1:ad:49:0a:5b:
d4:7d:6f:53:d6:e0:c0:89:d2:a9:e9:2c:b7:5c:64:b8:9e:74:
c0:fa:55:33:54:64:32:ec:63:66:f4:38:66:4c:c2:b3:ae:68:
d2:80:ad:cc:ea:ae:73:8a:90:aa:27:ac:d4:d0:79:89:cd:83:
0c:23:b1:ff:c8:bf:3f:f1:9f:eb:b4:5f:80:cc:b1:56:fb:a3:
76:06:04:a5:c5:12:b9:13:6b:bd:0a:38:f3:a4:ad:55:aa:51:
56:01:32:90:ed:2b:5d:1b:9a:30:34:05:61:45:d4:33:36:bb:
55:84:17:ac
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgISAZSyXP8jW7JQU4Mxn4MM+ITiMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTI5MTQwMDI2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmQyYTA3NjUyMTQ2Nzk0MjNmODg5N2RjODk0MTk0NWQzOTBjZDFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj8mfFLNTdumgejE0RXxFEejjRvQd
0SI6NDdZ2nIHzPZJaTdiaveyWN2bxlbq9sJV26Hoo78BBPU2MBjIOTi9S5O/IjiI
1A+Nd1vv/n+w0GaTzHt9YNAMaHL9RjN9shM6yvfyNBP0bF0iGIPVpKfxqwvaarxN
wffwm50uJ6hFr5lFlYQzoB6IE3PFW6L6MEFS8NjPCEkj/KXC7A3IQVpwmPK3EHCz
3S86W1GKraPBvwAaf68lkc2TEkhH13V7QY7w2yhY6cYUnxnwYHxouFtKefr6KNfO
xAYi4QaxEWc70xoRmtj8jInCWI7JYwyJxhsIoecjtUcAIXlmnYkUvKYy9QIDAQAB
o4IDETCCAw0wHQYDVR0OBBYEFBvSoHZSFGeUI/iJfciUGUXTkM0bMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvRzlLZ2RsSVVaNVFqLUlsOXlKUVpSZE9RelJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBJQYIKwYBBQUHAQcBAf8EggEUMIIBEDCCAQwEAgABMIIB
BAMEAgX8hAMEAS0JnAMEAC0OpAMEAC1C5AMEAC1C5gMEAC1YQAMEAC1aWQMEAC2L
agMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQAU9thAwQAVDYwAwQA
VdGFAwQAV3hXAwQAV3imAwQAV3ktAwQAV3lXAwQBV3l8AwQAV3miAwQAV3mlAwQE
W1zwAwQBXHfEAwQAXPkwAwQAXPkyAwQCXpqgAwQAXpwLAwQDXpxAAwQAXpyzAwQA
Xpz4AwQAX9YbAwQAjWIBAwQAjWIGAwQAk05kAwQCqxZIAwQCudhUAwQCudpUAwQA
wRnYAwQAwjFeAwQAwje6AwQAwqmvMA0GCSqGSIb3DQEBCwUAA4IBAQBzoKsFM+o6
W2ztnwwDiGEILFeecQ7G2VUDrG3o+5a2bwp/kOThEBrBUSzmOgo+Y+lB3YmoYMGT
d4QTPxKHMBwe91rgAZ1RxQxQUSmuPyWifI6roaDQTiyuilQ1kwhzfvT4VIOaRyAK
O7jF8SKvwtiSsY6R0rOZJrkmDAGOJxOPhhqz4GraDBWehVZo4a1JClvUfW9T1uDA
idKp6Sy3XGS4nnTA+lUzVGQy7GNm9DhmTMKzrmjSgK3M6q5zipCqJ6zU0HmJzYMM
I7H/yL8/8Z/rtF+AzLFW+6N2BgSlxRK5E2u9CjjzpK1VqlFWATKQ7StdG5owNAVh
RdQzNrtVhBes
-----END CERTIFICATE-----
Generated at Thu Apr 17 09:13:37 2025 by rpki-client