Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TczVCd0Ua23CXIUxRXvSVgfYY64.roa
File: TczVCd0Ua23CXIUxRXvSVgfYY64.roa (raw, json)
Hash identifier: eu03rgTV8dssySfcNsepDscDz/yfbIFeehT7uEwq+UY=
Subject key identifier: 4D:CC:D5:09:DD:14:6B:6D:C2:5C:85:31:45:7B:D2:56:07:D8:63:AE
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 019CFA873597B4686EF74C017E6E6619B300
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TczVCd0Ua23CXIUxRXvSVgfYY64.roa
Signing time: Tue 17 Mar 2026 06:41:30 +0000
ROA not before: Tue 17 Mar 2026 06:41:30 +0000
ROA not after: Thu 01 Jul 2027 00:00:00 +0000
asID: 0
IP address blocks: 45.66.228.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
85.217.130.0/23 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.126.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.60.0/23 maxlen: 23
87.121.165.0/24 maxlen: 24
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
147.78.101.0/24 maxlen: 24
185.218.84.0/22 maxlen: 24
185.222.160.0/24 maxlen: 24
193.25.216.0/24 maxlen: 24
193.47.61.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:9c:fa:87:35:97:b4:68:6e:f7:4c:01:7e:6e:66:19:b3:00
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 17 06:41:30 2026 GMT
Not After : Jul 1 00:00:00 2027 GMT
Subject: CN=4dccd509dd146b6dc25c8531457bd25607d863ae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:b4:fa:0e:4c:54:15:d0:15:60:90:03:5b:46:
bc:86:ed:e8:fa:c9:95:3d:21:0b:93:cf:48:b4:97:
3f:39:5d:b3:d5:56:a1:45:cd:d2:d3:82:de:55:61:
ba:ac:64:af:d1:75:d0:77:a2:a5:0f:9e:f9:96:68:
34:e1:1b:16:d4:bc:e1:9f:9a:31:f7:98:7f:ae:87:
42:12:99:1a:db:91:d7:95:98:e1:c0:55:a6:3f:08:
a0:c4:6a:04:5b:50:5e:f6:c6:c4:cd:71:5d:0a:19:
ac:58:7d:8e:b2:86:a0:e1:b3:85:9d:5f:d4:a6:02:
3f:32:b1:86:20:78:19:ee:a3:d1:a4:f7:e3:0a:8a:
aa:5a:97:4c:10:69:0e:09:35:e6:cf:87:fe:86:c4:
4b:77:fd:91:3a:f4:83:20:6e:00:f2:67:5e:d6:61:
78:bd:13:84:1f:0d:3d:34:40:c8:6c:75:57:2d:9a:
1a:3a:19:35:2b:76:20:1d:68:85:ba:6e:f1:fd:ed:
02:8b:f0:e7:2b:7f:f1:10:5a:90:65:d8:6a:83:34:
16:b3:01:b7:98:7e:2e:bb:92:bd:f3:3f:50:7b:66:
31:68:03:a9:5b:22:e7:29:ac:bd:d3:d2:79:3d:44:
c5:17:af:21:5a:3b:8a:10:73:84:94:58:f6:58:e2:
67:5b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:CC:D5:09:DD:14:6B:6D:C2:5C:85:31:45:7B:D2:56:07:D8:63:AE
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/TczVCd0Ua23CXIUxRXvSVgfYY64.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.66.228.0/24
45.66.231.0/24
45.89.247.0/24
45.141.158.0/24
81.161.238.0/24
85.217.130.0/23
87.120.87.0/24
87.120.126.0/24
87.120.166.0/24
87.121.60.0/23
87.121.165.0/24
92.119.196.0/23
92.249.50.0/24
93.123.109.0/24
147.78.100.0/23
185.218.84.0/22
185.222.160.0/24
193.25.216.0/24
193.47.61.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
8f:06:57:4b:d7:2b:88:d3:33:05:51:12:90:b9:b0:d8:44:90:
de:00:ed:fc:a2:ff:08:11:a8:66:88:fb:4e:48:80:88:07:be:
f7:c6:96:d6:e9:7f:34:a6:40:d1:49:11:b6:df:08:65:af:d5:
50:ff:76:1c:95:86:cb:17:de:11:ef:1d:d9:ac:45:5b:89:da:
ba:bd:95:95:e3:89:fe:79:74:41:92:2f:6c:77:93:7b:1f:0f:
8e:35:a0:99:a3:18:c7:82:f2:d5:c9:c2:90:53:70:95:fa:b8:
bb:4b:47:6c:bb:09:7e:7a:65:b0:6a:85:f1:4a:c1:69:b1:a1:
8c:9d:97:ad:fb:d6:fe:95:c7:b7:8e:df:94:e6:bf:05:af:88:
67:47:be:b3:73:e2:1d:c2:c8:cf:db:72:b6:62:50:b7:57:78:
c1:a6:08:1a:97:ec:52:1e:00:d7:64:a9:24:72:f4:12:6c:16:
73:06:07:01:ef:88:fc:24:4a:89:67:b2:ea:32:08:ec:18:41:
61:77:36:e4:25:62:82:db:56:f5:e9:93:a7:58:57:dc:aa:ef:
91:db:d0:33:c7:65:95:07:af:b8:2a:e6:90:09:e5:2b:84:34:
fa:7a:ac:93:2c:17:7f:51:f1:ec:29:8c:62:96:c4:79:59:b0:
f2:ff:fd:97
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAZz6hzWXtGhu90wBfm5mGbMAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjYwMzE3MDY0MTMwWhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZGNjZDUwOWRkMTQ2YjZkYzI1Yzg1MzE0NTdiZDI1NjA3ZDg2M2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0bT6DkxUFdAVYJADW0a8hu3o+smV
PSELk89ItJc/OV2z1VahRc3S04LeVWG6rGSv0XXQd6KlD575lmg04RsW1Lzhn5ox
95h/rodCEpka25HXlZjhwFWmPwigxGoEW1Be9sbEzXFdChmsWH2Osoag4bOFnV/U
pgI/MrGGIHgZ7qPRpPfjCoqqWpdMEGkOCTXmz4f+hsRLd/2ROvSDIG4A8mde1mF4
vROEHw09NEDIbHVXLZoaOhk1K3YgHWiFum7x/e0Ci/DnK3/xEFqQZdhqgzQWswG3
mH4uu5K98z9Qe2YxaAOpWyLnKay909J5PUTFF68hWjuKEHOElFj2WOJnWwIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFE3M1QndFGttwlyFMUV70lYH2GOuMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVGN6VkNkMFVhMjNDWElVeFJYdlNWZ2ZZWTY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzCBhAQCAAEwfgMEAC1C
5AMEAC1C5wMEAC1Z9wMEAC2NngMEAFGh7gMEAVXZggMEAFd4VwMEAFd4fgMEAFd4
pgMEAVd5PAMEAFd5pQMEAVx3xAMEAFz5MgMEAF17bQMEAZNOZAMEArnaVAMEALne
oAMEAMEZ2AMEAMEvPQMEAMI3ugMEAMKprzANBgkqhkiG9w0BAQsFAAOCAQEAjwZX
S9criNMzBVESkLmw2ESQ3gDt/KL/CBGoZoj7TkiAiAe+98aW1ul/NKZA0UkRtt8I
Za/VUP92HJWGyxfeEe8d2axFW4naur2VleOJ/nl0QZIvbHeTex8PjjWgmaMYx4Ly
1cnCkFNwlfq4u0tHbLsJfnplsGqF8UrBabGhjJ2XrfvW/pXHt47flOa/Ba+IZ0e+
s3PiHcLIz9tytmJQt1d4waYIGpfsUh4A12SpJHL0EmwWcwYHAe+I/CRKiWey6jII
7BhBYXc25CVigttW9emTp1hX3KrvkdvQM8dllQevuCrmkAnlK4Q0+nqskywXf1Hx
7CmMYpbEeVmw8v/9lw==
-----END CERTIFICATE-----
Generated at Wed Apr 15 03:32:53 2026 by rpki-client