Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QoUQwK-nNUB9sB2A4dYb-9s2bO4.roa
File: QoUQwK-nNUB9sB2A4dYb-9s2bO4.roa (raw, json)
Hash identifier: BBsaI9g+WrvMZSqXwivncgj02VVw8NlHRFS/nuS/18w=
Subject key identifier: 42:85:10:C0:AF:A7:35:40:7D:B0:1D:80:E1:D6:1B:FB:DB:36:6C:EE
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0194120AB5CF48250DB0BCFD198B8BB6C2B9
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QoUQwK-nNUB9sB2A4dYb-9s2bO4.roa
Signing time: Sun 29 Dec 2024 10:51:19 +0000
ROA not before: Sun 29 Dec 2024 10:51:19 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.9.157.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.88.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
81.161.239.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.209.133.0/24 maxlen: 24
87.120.84.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.84.0/23 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.48.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.102.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
176.125.254.0/24 maxlen: 24
178.215.237.0/24 maxlen: 24
185.216.71.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:12:0a:b5:cf:48:25:0d:b0:bc:fd:19:8b:8b:b6:c2:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Dec 29 10:51:19 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=428510c0afa735407db01d80e1d61bfbdb366cee
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e2:d7:9a:11:17:63:df:1a:ec:68:54:76:61:26:
c6:0a:a1:c6:1a:26:c4:1d:ea:5b:12:b8:be:e8:03:
c6:ec:94:f7:00:97:d4:c4:33:5b:01:50:f5:5f:bc:
dd:ce:9f:1e:2b:a0:fc:8a:99:d6:f2:93:6f:18:c1:
7a:68:f4:31:fb:f4:c8:7f:e2:3f:c8:8c:9a:7d:7e:
6c:cc:af:d0:d3:74:d2:0a:d6:29:45:1f:ef:92:10:
e5:41:e0:6a:fd:32:e3:e6:bb:b6:d0:36:11:e0:88:
ff:b6:77:cf:85:f5:7f:63:b3:fe:cb:d5:30:de:06:
17:05:f2:0b:ef:83:79:58:f6:36:08:23:b5:57:6d:
74:6a:ce:02:32:b8:be:b5:30:6b:22:78:4f:15:62:
51:96:fb:3e:a0:d9:f9:a2:1c:db:68:46:ea:2a:8c:
e8:52:d2:53:b5:e4:76:a4:48:13:8f:fc:07:93:f4:
26:51:aa:97:cc:33:3f:ce:bf:a5:5c:6d:2d:3d:47:
ec:84:16:4f:e1:37:33:ee:8e:3d:90:93:e4:b0:87:
3d:39:17:76:0e:b5:97:78:3f:14:60:d1:86:21:53:
da:26:61:88:a9:23:d4:1a:74:de:68:24:07:2d:d5:
e6:84:30:94:56:96:42:70:61:dc:8f:2c:55:3d:dd:
ed:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:85:10:C0:AF:A7:35:40:7D:B0:1D:80:E1:D6:1B:FB:DB:36:6C:EE
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/QoUQwK-nNUB9sB2A4dYb-9s2bO4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.157.0/24
45.12.255.0/24
45.14.164.0/24
45.66.228.0/24
45.66.230.0/24
45.88.64.0/24
45.90.88.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.62.0/24
81.161.239.0/24
83.219.97.0/24
84.54.48.0/24
85.209.133.0/24
87.120.84.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.84.0/23
87.121.87.0/24
87.121.105.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.48.0/24
92.249.50.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.102.0/24
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
176.125.254.0/24
178.215.237.0/24
185.216.71.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
60:bd:40:92:b1:c2:2b:e9:4e:1a:71:bb:97:33:6f:56:5f:a5:
2a:51:94:ae:f9:61:64:8e:5b:56:8d:c3:1b:30:af:a8:86:ce:
b0:0d:2b:5c:f9:1f:97:f4:bf:dd:94:a5:3f:bc:39:bf:36:48:
bf:c9:06:d1:b4:d5:cf:e3:7a:a4:23:05:e0:12:da:f0:26:ad:
a9:1d:fe:2e:4c:26:dc:3c:a5:e2:30:39:56:49:b2:7f:56:be:
b6:6e:22:77:de:73:fc:ed:3d:45:08:08:58:b6:15:32:2c:8e:
47:af:d1:f2:56:ca:9d:47:e8:3f:35:8b:67:13:39:46:1d:ef:
01:3a:78:f4:56:86:3b:ac:3f:f8:dd:4e:06:8e:2b:0e:83:e4:
d5:b8:93:86:cd:1a:0a:66:d8:8d:67:20:26:b1:e8:69:f3:16:
39:8c:f1:c1:eb:7c:5b:43:d9:de:e5:d3:d2:6d:8d:5f:92:48:
b7:e3:4c:26:28:3d:4e:b2:92:8c:43:06:26:2d:77:b3:5e:be:
60:ac:d8:95:69:a2:ad:4d:60:1f:31:cd:e1:05:7f:11:51:c2:
8b:41:71:4e:a3:bc:59:8d:9e:b0:b6:a7:e1:87:f4:33:cc:98:
70:5b:83:41:bb:77:95:a1:52:d3:61:95:6d:ec:db:66:91:c0:
65:65:98:00
-----BEGIN CERTIFICATE-----
MIIGLzCCBRegAwIBAgISAZQSCrXPSCUNsLz9GYuLtsK5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMjI5MTA1MTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Mjg1MTBjMGFmYTczNTQwN2RiMDFkODBlMWQ2MWJmYmRiMzY2Y2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4teaERdj3xrsaFR2YSbGCqHGGibE
HepbEri+6APG7JT3AJfUxDNbAVD1X7zdzp8eK6D8ipnW8pNvGMF6aPQx+/TIf+I/
yIyafX5szK/Q03TSCtYpRR/vkhDlQeBq/TLj5ru20DYR4Ij/tnfPhfV/Y7P+y9Uw
3gYXBfIL74N5WPY2CCO1V210as4CMri+tTBrInhPFWJRlvs+oNn5ohzbaEbqKozo
UtJTteR2pEgTj/wHk/QmUaqXzDM/zr+lXG0tPUfshBZP4Tcz7o49kJPksIc9ORd2
DrWXeD8UYNGGIVPaJmGIqSPUGnTeaCQHLdXmhDCUVpZCcGHcjyxVPd3tawIDAQAB
o4IDOzCCAzcwHQYDVR0OBBYEFEKFEMCvpzVAfbAdgOHWG/vbNmzuMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUW9VUXdLLW5OVUI5c0IyQTRkWWItOXMyYk80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBTwYIKwYBBQUHAQcBAf8EggE+MIIBOjCCATYEAgABMIIB
LgMEAC0JnQMEAC0M/wMEAC0OpAMEAC1C5AMEAC1C5gMEAC1YQAMEAC1aWAMEAC2L
agMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24+AwQAUaHvAwQAU9thAwQAVDYwAwQA
VdGFAwQAV3hUAwQAV3hXAwQAV3imAwQAV3ktAwQBV3lUAwQAV3lXAwQAV3lpAwQB
V3l8AwQAV3miAwQAV3mlAwQEW1zwAwQBXHfEAwQAXPkwAwQAXPkyAwQCXpqgAwQA
XpwLAwQDXpxAAwQAXpxmAwQAXpyzAwQAXpz4AwQAX9YbAwQAjWIBAwQAjWIGAwQA
k05kAwQCqxZIAwQAsH3+AwQAstftAwQAudhHAwQCudhUAwQCudpUAwQAwRnYAwQA
wjFeAwQAwje6AwQAwqmvMA0GCSqGSIb3DQEBCwUAA4IBAQBgvUCSscIr6U4acbuX
M29WX6UqUZSu+WFkjltWjcMbMK+ohs6wDStc+R+X9L/dlKU/vDm/Nki/yQbRtNXP
43qkIwXgEtrwJq2pHf4uTCbcPKXiMDlWSbJ/Vr62biJ33nP87T1FCAhYthUyLI5H
r9HyVsqdR+g/NYtnEzlGHe8BOnj0VoY7rD/43U4GjisOg+TVuJOGzRoKZtiNZyAm
sehp8xY5jPHB63xbQ9ne5dPSbY1fkki340wmKD1OspKMQwYmLXezXr5grNiVaaKt
TWAfMc3hBX8RUcKLQXFOo7xZjZ6wtqfhh/QzzJhwW4NBu3eVoVLTYZVt7NtmkcBl
ZZgA
-----END CERTIFICATE-----
Generated at Thu Apr 17 09:37:26 2025 by rpki-client