Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/R8CUEfDqZhQmkw7a4v66Dg67k7g.roa
File: R8CUEfDqZhQmkw7a4v66Dg67k7g.roa (raw, json)
Hash identifier: f1Mkh70AaR8OZFC469iUJ3sJVBtwKmmeyEfSByJzhus=
Subject key identifier: 47:C0:94:11:F0:EA:66:14:26:93:0E:DA:E2:FE:BA:0E:0E:BB:93:B8
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01949270B318CA6F7DBBEA3AB3F1CFFF5D95
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/R8CUEfDqZhQmkw7a4v66Dg67k7g.roa
Signing time: Thu 23 Jan 2025 09:14:06 +0000
ROA not before: Thu 23 Jan 2025 09:14:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.209.133.0/24 maxlen: 24
87.120.84.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.120.187.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.48.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.173.0/24 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.114.0/24 maxlen: 24
94.156.170.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.237.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:92:70:b3:18:ca:6f:7d:bb:ea:3a:b3:f1:cf:ff:5d:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 23 09:14:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=47c09411f0ea661426930edae2feba0e0ebb93b8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:dc:97:15:b8:ea:9d:37:67:8f:4c:36:e9:8c:
bd:1d:7c:9f:1f:01:61:6a:64:43:e5:a5:84:78:89:
4d:2a:a4:8c:c6:95:59:41:b3:e5:4c:c9:fe:3d:92:
47:3f:7c:3b:5c:df:59:54:4d:ac:56:91:92:13:e6:
c3:9f:03:03:22:be:43:dc:51:b9:b6:f4:25:2b:46:
67:f5:93:89:2f:e4:2f:59:dd:34:39:05:50:d9:f4:
55:a2:62:a6:7f:4d:ae:57:f2:1b:31:e3:08:d8:54:
7b:af:b2:4d:af:44:03:b8:21:b9:ac:d8:d6:e6:88:
88:f9:94:0e:be:80:3c:c9:bd:1c:1d:bd:82:45:e2:
e7:31:39:7f:35:49:86:f7:dc:6c:c0:c6:a1:f8:fc:
fc:73:fc:d1:14:1a:e4:f6:92:15:21:72:68:db:e1:
14:40:81:36:fc:8a:25:88:15:f2:2c:45:5e:59:fe:
d0:a7:be:35:7c:1e:bc:dc:e2:a0:64:c5:75:3a:34:
bb:d1:48:e7:3a:90:2c:55:2c:fa:fb:37:c4:53:f3:
b9:53:db:4a:6d:ef:cd:d5:46:e2:4f:ef:c8:71:a3:
f6:6a:1a:d6:34:29:01:31:e7:58:90:b4:03:00:45:
32:dc:a7:1e:03:b7:f7:08:52:4c:60:82:bf:27:66:
48:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:C0:94:11:F0:EA:66:14:26:93:0E:DA:E2:FE:BA:0E:0E:BB:93:B8
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/R8CUEfDqZhQmkw7a4v66Dg67k7g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.156.0/23
45.12.255.0/24
45.14.164.0/24
45.66.228.0/24
45.66.230.0/24
45.88.64.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
83.219.97.0/24
84.54.48.0/24
85.209.133.0/24
87.120.84.0/24
87.120.87.0/24
87.120.166.0/24
87.120.187.0/24
87.121.45.0/24
87.121.87.0/24
87.121.105.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.48.0/24
92.249.50.0/24
94.154.160.0/22
94.154.173.0/24
94.156.11.0/24
94.156.64.0/21
94.156.114.0/24
94.156.170.0/24
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.237.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
94:2f:e9:5f:25:30:1f:1d:c0:83:63:57:e3:28:6f:2d:63:5b:
32:bb:70:21:ca:51:00:0a:7c:fa:f3:32:b1:c6:d8:86:d7:cf:
96:20:dc:0c:dc:94:64:7e:3e:6a:64:2f:5f:e2:5e:ee:bf:ea:
7b:a1:c5:b1:4d:ae:b7:2f:3f:be:09:f1:e9:61:ee:36:7d:b8:
24:32:8e:14:c7:fd:86:88:3c:15:4e:e1:2e:df:08:99:91:e4:
58:9b:c0:e9:87:d7:33:e1:4e:2b:cd:61:eb:0e:25:ab:50:63:
79:fa:27:a2:6a:ad:40:b2:a0:a5:56:d9:d4:ec:72:2e:c7:3d:
a9:26:f8:51:49:59:17:1b:be:11:63:63:e4:29:0e:5f:f3:a5:
27:2d:d2:98:f4:dd:71:da:5b:28:95:7e:72:2c:44:48:4c:54:
fb:28:c0:b3:07:0e:13:f3:87:46:49:25:88:86:b6:43:6a:33:
d2:0a:e9:76:15:a9:62:aa:2a:a5:ae:13:e8:ac:2f:d3:7a:fc:
8c:a9:bc:37:10:e1:77:64:f0:1d:b4:65:e7:b6:cd:77:46:a2:
4d:8d:6d:33:7a:2c:c4:48:73:78:e0:34:40:62:20:41:0a:9a:
4b:ad:0b:d2:f4:e0:c1:17:78:41:52:9f:1a:a0:a8:06:5b:7c:
24:f8:2d:19
-----BEGIN CERTIFICATE-----
MIIGLzCCBRegAwIBAgISAZSScLMYym99u+o6s/HP/12VMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTIzMDkxNDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2MwOTQxMWYwZWE2NjE0MjY5MzBlZGFlMmZlYmEwZTBlYmI5M2I4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9yXFbjqnTdnj0w26Yy9HXyfHwFh
amRD5aWEeIlNKqSMxpVZQbPlTMn+PZJHP3w7XN9ZVE2sVpGSE+bDnwMDIr5D3FG5
tvQlK0Zn9ZOJL+QvWd00OQVQ2fRVomKmf02uV/IbMeMI2FR7r7JNr0QDuCG5rNjW
5oiI+ZQOvoA8yb0cHb2CReLnMTl/NUmG99xswMah+Pz8c/zRFBrk9pIVIXJo2+EU
QIE2/IoliBXyLEVeWf7Qp741fB683OKgZMV1OjS70UjnOpAsVSz6+zfEU/O5U9tK
be/N1UbiT+/IcaP2ahrWNCkBMedYkLQDAEUy3KceA7f3CFJMYIK/J2ZIiwIDAQAB
o4IDOzCCAzcwHQYDVR0OBBYEFEfAlBHw6mYUJpMO2uL+ug4Ou5O4MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvUjhDVUVmRHFaaFFta3c3YTR2NjZEZzY3azdnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBTwYIKwYBBQUHAQcBAf8EggE+MIIBOjCCATYEAgABMIIB
LgMEAS0JnAMEAC0M/wMEAC0OpAMEAC1C5AMEAC1C5gMEAC1YQAMEAC1aWQMEAC2L
agMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQAU9thAwQAVDYwAwQA
VdGFAwQAV3hUAwQAV3hXAwQAV3imAwQAV3i7AwQAV3ktAwQAV3lXAwQAV3lpAwQB
V3l8AwQAV3miAwQAV3mlAwQEW1zwAwQBXHfEAwQAXPkwAwQAXPkyAwQCXpqgAwQA
XpqtAwQAXpwLAwQDXpxAAwQAXpxyAwQAXpyqAwQAXpyzAwQAXpz4AwQAX9YbAwQA
jWIBAwQAjWIGAwQAk05kAwQCqxZIAwQAstftAwQCudhUAwQCudpUAwQAwRnYAwQA
wjFeAwQAwje6AwQAwqmvMA0GCSqGSIb3DQEBCwUAA4IBAQCUL+lfJTAfHcCDY1fj
KG8tY1syu3AhylEACnz68zKxxtiG18+WINwM3JRkfj5qZC9f4l7uv+p7ocWxTa63
Lz++CfHpYe42fbgkMo4Ux/2GiDwVTuEu3wiZkeRYm8Dph9cz4U4rzWHrDiWrUGN5
+ieiaq1AsqClVtnU7HIuxz2pJvhRSVkXG74RY2PkKQ5f86UnLdKY9N1x2lsolX5y
LERITFT7KMCzBw4T84dGSSWIhrZDajPSCul2FaliqiqlrhPorC/TevyMqbw3EOF3
ZPAdtGXnts13RqJNjW0zeizESHN44DRAYiBBCppLrQvS9ODBF3hBUp8aoKgGW3wk
+C0Z
-----END CERTIFICATE-----
Generated at Thu Apr 17 09:35:41 2025 by rpki-client