Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NoEQGSALRv1Kl7yhlHgf81upXrU.roa
File: NoEQGSALRv1Kl7yhlHgf81upXrU.roa (raw, json)
Hash identifier: hO71uNg2dZfdA6C73g5mPqEo0rtlEBM5wQfOxIRZXoA=
Subject key identifier: 36:81:10:19:20:0B:46:FD:4A:97:BC:A1:94:78:1F:F3:5B:A9:5E:B5
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195AF6B28D7A103B661C40C788B406D9BB5
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NoEQGSALRv1Kl7yhlHgf81upXrU.roa
Signing time: Wed 19 Mar 2025 17:19:50 +0000
ROA not before: Wed 19 Mar 2025 17:19:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.105.0/24 maxlen: 24
94.156.167.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:af:6b:28:d7:a1:03:b6:61:c4:0c:78:8b:40:6d:9b:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 19 17:19:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=36811019200b46fd4a97bca194781ff35ba95eb5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f6:a7:b6:f5:50:54:56:42:80:2a:b6:eb:99:bc:
54:d2:97:c8:18:2c:94:1d:da:62:89:6c:5f:fa:bf:
31:65:66:57:b2:35:39:2b:9b:91:32:ea:d2:ea:1d:
4a:68:a5:1c:5d:cf:a6:a0:1f:00:d2:e9:34:49:a6:
7d:0b:81:de:d6:9e:93:5e:a6:4a:a7:53:a6:9b:e8:
d1:f7:95:28:2f:b0:b9:6b:0a:b5:b0:22:3d:83:ec:
2b:b7:9a:01:7a:eb:a6:c2:48:29:b1:34:f7:b3:b8:
d9:08:fd:be:0f:87:a7:8c:49:0c:45:30:1e:4a:81:
51:48:e8:cd:34:08:0d:c9:37:29:7d:4a:b2:fd:48:
c5:0d:98:5f:99:67:17:34:c2:a7:6e:9f:be:39:b2:
56:e7:09:71:2a:ee:c6:90:8c:ee:4f:bb:01:95:e5:
3d:36:3a:2b:a0:3c:4b:78:6a:56:12:c7:b4:2f:79:
72:cc:e6:92:46:b0:9b:27:5d:8d:09:c0:d4:e7:b8:
a5:18:0f:a7:b1:4c:c8:3c:17:10:87:6d:18:74:d2:
23:d4:cc:81:d6:45:cb:bb:79:9d:37:16:12:c5:c2:
35:0e:9a:68:75:ff:63:0c:a5:8f:88:75:66:1e:5c:
d9:a3:d1:3a:87:0a:a5:64:f6:7b:dd:9a:66:d9:4e:
7e:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:81:10:19:20:0B:46:FD:4A:97:BC:A1:94:78:1F:F3:5B:A9:5E:B5
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/NoEQGSALRv1Kl7yhlHgf81upXrU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0-87.120.127.255
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.109.0/24
94.154.160.0/22
94.156.64.0/21
94.156.105.0/24
94.156.167.0/24
94.156.179.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
8d:86:fe:ae:d4:86:0b:c5:90:42:af:8f:1f:64:55:18:85:ca:
a8:f3:a5:c0:50:82:64:f7:4b:9c:51:77:27:20:fe:a7:ca:b0:
3f:1e:e0:98:6d:b5:61:be:a3:dc:61:75:fc:ed:e0:76:e6:2d:
9a:00:31:de:de:f3:05:54:21:ba:44:c6:2d:a6:f6:07:7b:11:
64:74:80:db:a0:f4:cb:2b:3a:ae:9b:44:ec:a1:54:2f:3c:60:
b6:e3:23:43:55:d7:48:09:15:1a:73:4e:da:d3:e3:77:41:e5:
3a:6b:68:f7:61:85:1b:c1:e1:db:f1:94:df:e2:da:1c:20:60:
69:40:1e:f4:43:7a:d5:14:b2:f2:45:7e:1a:13:37:b2:1e:4f:
94:5a:bc:ef:d4:95:c3:e9:bf:9a:a5:a7:da:27:c6:fd:d4:81:
ca:16:0e:86:ce:f9:b7:d6:01:78:60:ba:2d:98:0a:a5:9d:d5:
22:3d:6a:4d:af:13:30:de:39:4d:42:ec:2f:52:19:87:fc:0c:
ea:31:0a:fa:e3:4c:82:9e:7c:45:0a:c4:de:e7:29:05:ce:69:
77:66:93:4b:7c:0d:39:44:60:41:c6:00:0f:46:c2:f6:fb:29:
fa:fc:e1:05:3d:87:f0:ba:60:52:d6:22:0d:29:82:d7:c7:4e:
04:c9:ee:ce
-----BEGIN CERTIFICATE-----
MIIGJzCCBQ+gAwIBAgISAZWvayjXoQO2YcQMeItAbZu1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzE5MTcxOTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjgxMTAxOTIwMGI0NmZkNGE5N2JjYTE5NDc4MWZmMzViYTk1ZWI1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA9qe29VBUVkKAKrbrmbxU0pfIGCyU
HdpiiWxf+r8xZWZXsjU5K5uRMurS6h1KaKUcXc+moB8A0uk0SaZ9C4He1p6TXqZK
p1Omm+jR95UoL7C5awq1sCI9g+wrt5oBeuumwkgpsTT3s7jZCP2+D4enjEkMRTAe
SoFRSOjNNAgNyTcpfUqy/UjFDZhfmWcXNMKnbp++ObJW5wlxKu7GkIzuT7sBleU9
NjoroDxLeGpWEse0L3lyzOaSRrCbJ12NCcDU57ilGA+nsUzIPBcQh20YdNIj1MyB
1kXLu3mdNxYSxcI1Dppodf9jDKWPiHVmHlzZo9E6hwqlZPZ73Zpm2U5+hQIDAQAB
o4IDMzCCAy8wHQYDVR0OBBYEFDaBEBkgC0b9Spe8oZR4H/NbqV61MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvTm9FUUdTQUxSdjFLbDd5aGxIZ2Y4MXVwWHJVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBRwYIKwYBBQUHAQcBAf8EggE2MIIBMjCCAS4EAgABMIIB
JgMEAgX8hAMEAS0JnAMEAC0OpAMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1a
WQMEAC2LagMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAUaHuAwQAU9thAwQA
VDYwAwQAV3hXMAwDBARXeHADBAFXeHQDBAFXeHgwDAMEAFd4fQMEB1d4AAMEAFd4
pgMEAFd5LQMEAFd5VwMEAVd5fAMEAFd5ogMEAFd5pQMEBFtc8AMEAVx3xAMEAFz5
MgMEAF17bQMEAl6aoAMEA16cQAMEAF6caQMEAF6cpwMEAF6cswMEAG3O7QMEAI1i
AQMEAI1iBgMEAJNOZAMEAqsWSAMEALLX4AMEArnYVAMEArnaVAMEAMEZ2AMEAMI3
ugMEAMKprzANBgkqhkiG9w0BAQsFAAOCAQEAjYb+rtSGC8WQQq+PH2RVGIXKqPOl
wFCCZPdLnFF3JyD+p8qwPx7gmG21Yb6j3GF1/O3gduYtmgAx3t7zBVQhukTGLab2
B3sRZHSA26D0yys6rptE7KFULzxgtuMjQ1XXSAkVGnNO2tPjd0HlOmto92GFG8Hh
2/GU3+LaHCBgaUAe9EN61RSy8kV+GhM3sh5PlFq879SVw+m/mqWn2ifG/dSByhYO
hs75t9YBeGC6LZgKpZ3VIj1qTa8TMN45TULsL1IZh/wM6jEK+uNMgp58RQrE3ucp
Bc5pd2aTS3wNOURgQcYAD0bC9vsp+vzhBT2H8LpgUtYiDSmC18dOBMnuzg==
-----END CERTIFICATE-----
Generated at Thu Apr 17 01:41:46 2025 by rpki-client