Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/UmauwQy_gH3TSM702FF9KqcHg2g.roa
File: UmauwQy_gH3TSM702FF9KqcHg2g.roa (raw, json)
Hash identifier: XYzeUcMp2h8SEG/AWk+q0Rj7iMlnYdRZMSun19Uxjkg=
Subject key identifier: 52:66:AE:C1:0C:BF:80:7D:D3:48:CE:F4:D8:51:7D:2A:A7:07:83:68
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195423FF817C6B139DE1700EF5B27D8F2E3
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/UmauwQy_gH3TSM702FF9KqcHg2g.roa
Signing time: Wed 26 Feb 2025 12:34:03 +0000
ROA not before: Wed 26 Feb 2025 12:34:03 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
31.13.224.0/24 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.149.241.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
81.161.230.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.31.47.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.39.0/24 maxlen: 24
93.123.85.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.103.125.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.104.0/24 maxlen: 24
94.156.105.0/24 maxlen: 24
94.156.106.0/24 maxlen: 32
94.156.166.0/24 maxlen: 24
94.156.167.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.48.251.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
194.180.36.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:42:3f:f8:17:c6:b1:39:de:17:00:ef:5b:27:d8:f2:e3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 26 12:34:03 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5266aec10cbf807dd348cef4d8517d2aa7078368
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:be:95:95:0d:99:05:a4:e8:ea:50:a0:d1:b3:f4:
15:25:e3:b9:d2:2a:59:e1:6e:66:84:74:92:aa:55:
b2:9a:76:44:d2:91:3b:0f:03:75:74:fe:ad:c1:69:
49:6e:f5:c8:86:c3:a1:e7:ce:b8:74:ca:75:df:05:
93:b6:e4:ee:cf:ff:0e:62:d9:63:07:96:d1:c9:5c:
10:57:89:ee:09:4e:ad:7f:88:ed:52:c3:e8:ca:4e:
48:73:a3:c3:11:13:50:22:7a:4a:5c:87:fe:8b:51:
a9:95:33:dd:8b:9d:71:a1:48:17:e3:b2:1f:b0:bf:
8e:a0:bf:c5:28:13:c1:68:ba:f7:d8:3c:52:20:8d:
e8:6f:48:dd:ee:bd:c2:17:f0:c6:0d:41:fa:a1:b3:
3f:99:b9:05:e2:87:9b:04:68:c2:e3:0b:48:9c:64:
b9:06:8b:7b:16:68:1b:23:fa:4d:8a:27:de:57:41:
27:1c:2c:f5:5b:69:43:ce:c9:8b:d2:b1:1f:9a:3d:
55:5f:2f:bc:bf:f4:49:3f:f9:90:f1:69:df:62:dd:
66:31:32:be:29:d4:08:40:be:87:00:81:32:4a:3e:
d0:d8:8a:87:77:d2:74:fe:2b:9c:d3:80:2f:4f:f9:
6e:21:ef:91:23:43:61:2c:b2:3f:c8:24:80:7c:b6:
d4:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
52:66:AE:C1:0C:BF:80:7D:D3:48:CE:F4:D8:51:7D:2A:A7:07:83:68
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/UmauwQy_gH3TSM702FF9KqcHg2g.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
31.13.224.0/24
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.149.241.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
81.161.230.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
85.31.47.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0-87.120.127.255
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.39.0/24
93.123.85.0/24
93.123.109.0/24
94.103.125.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.104.0-94.156.106.255
94.156.166.0/23
94.156.179.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.48.251.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
194.180.36.0/24
Signature Algorithm: sha256WithRSAEncryption
93:cd:21:78:1e:0a:57:f4:7a:3d:80:9a:7b:73:24:70:bf:36:
57:52:9c:ee:ba:d1:a7:31:a4:ce:44:b6:80:4b:54:69:6d:29:
a1:72:ae:c6:b3:a2:69:f5:b0:6c:bf:21:39:e4:11:73:49:7b:
44:4e:51:25:fd:cd:71:1a:11:76:e8:f4:73:9e:f9:ff:c6:0e:
cb:6b:ca:ce:5a:55:42:a9:04:be:27:0b:9e:54:12:23:29:1d:
73:fb:42:ae:40:cc:dd:bd:bd:45:c2:af:61:a6:d8:e2:25:a8:
af:40:cb:ca:3e:ab:e9:f0:fb:26:db:33:a6:af:69:9a:2f:00:
9a:52:70:7d:df:65:ff:80:dc:2a:8c:d4:b2:4d:cc:8a:f4:5b:
43:c4:29:df:58:ab:9e:7f:87:ce:77:b0:b4:7c:3a:3e:be:73:
f7:d2:80:6e:a6:52:1b:fd:ca:6b:c1:d6:82:04:b8:b3:09:4c:
31:0e:11:c3:72:09:80:9c:e6:3e:16:51:93:78:d1:96:dd:c6:
5c:42:fb:37:f9:1a:7a:81:a8:97:2d:01:65:86:29:75:ea:c2:
5d:2f:2d:00:11:fb:69:08:27:fb:15:7b:5c:1e:76:0e:27:db:
a5:be:8d:09:64:75:2c:52:70:a1:3a:b3:4b:bc:ed:6d:d8:a5:
2d:62:2e:3c
-----BEGIN CERTIFICATE-----
MIIGdzCCBV+gAwIBAgISAZVCP/gXxrE53hcA71sn2PLjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMjI2MTIzNDAzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MjY2YWVjMTBjYmY4MDdkZDM0OGNlZjRkODUxN2QyYWE3MDc4MzY4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvpWVDZkFpOjqUKDRs/QVJeO50ipZ
4W5mhHSSqlWymnZE0pE7DwN1dP6twWlJbvXIhsOh5864dMp13wWTtuTuz/8OYtlj
B5bRyVwQV4nuCU6tf4jtUsPoyk5Ic6PDERNQInpKXIf+i1GplTPdi51xoUgX47If
sL+OoL/FKBPBaLr32DxSII3ob0jd7r3CF/DGDUH6obM/mbkF4oebBGjC4wtInGS5
Bot7FmgbI/pNiifeV0EnHCz1W2lDzsmL0rEfmj1VXy+8v/RJP/mQ8WnfYt1mMTK+
KdQIQL6HAIEySj7Q2IqHd9J0/iuc04AvT/luIe+RI0NhLLI/yCSAfLbUxQIDAQAB
o4IDgzCCA38wHQYDVR0OBBYEFFJmrsEMv4B900jO9NhRfSqnB4NoMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvVW1hdXdReV9nSDNUU003MDJGRjlLcWNIZzJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBlwYIKwYBBQUHAQcBAf8EggGGMIIBgjCCAX4EAgABMIIB
dgMEAgX8hAMEAB8N4AMEAS0JnAMEAC0OpAMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z
9wMEAC1aWQMEAC2LagMEAC2NngMEAC2V8TAMAwQALZdZAwQCLZdYAwQAT24yAwQA
T24+AwQAUaHmAwQAUaHuAwQAU9thAwQAVDYwAwQAVR8vAwQAV3hXMAwDBARXeHAD
BAFXeHQDBAFXeHgwDAMEAFd4fQMEB1d4AAMEAFd4pgMEAFd5LQMEAFd5VwMEAVd5
fAMEAFd5ogMEAFd5pQMEBFtc8AMEAVx3xAMEAFz5MgMEAF17JwMEAF17VQMEAF17
bQMEAF5nfQMEAl6aoAMEAF6cCwMEA16cQDAMAwQDXpxoAwQAXpxqAwQBXpymAwQA
XpyzAwQAbc7tAwQAjWIBAwQAjWIGAwQAk05kAwQCqxZIAwQAstfgAwQCudhUAwQC
udpUAwQAwRnYAwQAwjD7AwQAwjFeAwQAwje6AwQAwqmvAwQAwrQkMA0GCSqGSIb3
DQEBCwUAA4IBAQCTzSF4HgpX9Ho9gJp7cyRwvzZXUpzuutGnMaTORLaAS1RpbSmh
cq7Gs6Jp9bBsvyE55BFzSXtETlEl/c1xGhF26PRznvn/xg7La8rOWlVCqQS+Jwue
VBIjKR1z+0KuQMzdvb1Fwq9hptjiJaivQMvKPqvp8Psm2zOmr2maLwCaUnB932X/
gNwqjNSyTcyK9FtDxCnfWKuef4fOd7C0fDo+vnP30oBuplIb/cprwdaCBLizCUwx
DhHDcgmAnOY+FlGTeNGW3cZcQvs3+Rp6gaiXLQFlhil16sJdLy0AEftpCCf7FXtc
HnYOJ9ulvo0JZHUsUnChOrNLvO1t2KUtYi48
-----END CERTIFICATE-----
Generated at Thu Apr 17 09:24:02 2025 by rpki-client