Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WK88jTd11UcF0Mf8FYY-KakQkcc.roa
File: WK88jTd11UcF0Mf8FYY-KakQkcc.roa (raw, json)
Hash identifier: QPX08NhFm87PAt+JHB4vnts3DaHMZ10P28xiojpFWDM=
Subject key identifier: 58:AF:3C:8D:37:75:D5:47:05:D0:C7:FC:15:86:3E:29:A9:10:91:C7
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195BAA5012E2699B975FEE9ED8DA24F90AA
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WK88jTd11UcF0Mf8FYY-KakQkcc.roa
Signing time: Fri 21 Mar 2025 21:38:50 +0000
ROA not before: Fri 21 Mar 2025 21:38:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.128.96.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.113.0/24 maxlen: 24
94.156.167.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:ba:a5:01:2e:26:99:b9:75:fe:e9:ed:8d:a2:4f:90:aa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 21 21:38:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=58af3c8d3775d54705d0c7fc15863e29a91091c7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:5e:4c:e9:84:15:6e:44:e0:82:a3:49:18:de:
4b:bf:a8:4e:c1:78:ee:e7:b6:95:7b:00:08:4f:b3:
8e:73:33:9b:14:41:90:59:9a:dd:3d:6c:1f:93:65:
cb:f3:52:ad:f6:ce:01:15:97:77:7c:77:31:b1:7b:
fe:8f:0f:3b:50:1a:2b:f6:30:a7:ea:34:ca:fd:af:
d4:55:81:b1:0c:d5:5c:ef:a8:b7:bb:cd:aa:e1:a8:
b5:78:00:2b:6c:f4:e2:b1:43:e5:ea:3b:37:e8:f3:
6f:97:00:e3:08:0d:3e:05:11:7e:f5:67:4a:11:45:
d5:0e:af:b3:9d:05:6e:22:a4:4c:95:b3:f3:d4:d3:
c7:65:15:17:e5:ba:cd:50:49:64:a9:c4:09:a9:5d:
95:ef:fd:a4:d3:bc:cf:71:f0:86:39:bf:dd:d4:b5:
2b:2b:89:ad:03:1a:94:bc:3c:d3:3c:d1:b4:a5:5a:
87:0a:94:ba:56:9d:dc:0a:4d:0d:3e:83:4a:66:03:
d3:0d:6d:62:f1:3a:f0:a7:9d:40:41:41:a5:64:20:
eb:cc:dd:ba:1f:96:57:2a:bd:f8:02:c2:7e:71:ff:
21:fd:60:57:17:17:85:51:43:69:1c:4b:d4:b1:c1:
2c:ed:f8:92:c2:d5:ee:c7:8a:96:5a:df:53:91:b4:
09:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
58:AF:3C:8D:37:75:D5:47:05:D0:C7:FC:15:86:3E:29:A9:10:91:C7
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/WK88jTd11UcF0Mf8FYY-KakQkcc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.128.96.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0-87.120.127.255
87.120.166.0/24
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.109.0/24
94.154.160.0/22
94.156.64.0/21
94.156.113.0/24
94.156.167.0/24
94.156.179.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
193.25.216.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
45:e0:9b:8a:08:15:1c:dd:1d:10:9f:cc:60:5e:cf:1e:6f:d0:
3c:8c:3b:eb:66:e5:3f:ca:be:76:43:40:70:f0:4f:80:be:cf:
eb:23:04:d0:75:6c:b5:23:6e:b5:22:77:37:78:a1:09:f4:95:
2f:dc:5c:3f:47:86:00:d8:52:47:ba:d8:f9:b5:c9:09:4b:6d:
fd:6e:c3:4a:97:f6:0f:19:f0:44:ef:f7:69:18:a4:fa:d1:56:
0e:60:5a:cf:06:4c:06:0e:85:ca:d8:a8:61:ba:38:32:dd:67:
24:21:db:32:68:2e:b8:10:a2:c9:39:cf:ed:b9:23:f8:15:26:
e2:d1:c8:e1:0a:ea:8a:eb:fb:36:ff:b9:da:f3:a0:9a:b8:b0:
d6:74:c4:9c:15:d2:ec:a3:1f:f5:6a:c5:4c:c1:eb:2d:3a:79:
e1:36:10:f2:b7:30:78:b0:5c:73:a9:1d:32:0f:aa:04:df:c0:
0f:81:ff:73:a2:ad:08:90:eb:07:a9:d2:13:a4:dd:77:66:9a:
f4:6a:54:5f:4e:c9:11:67:97:30:52:24:a9:c0:0d:ec:72:d6:
22:1a:46:e2:21:ad:9e:a1:08:81:d5:8e:c5:20:48:57:a1:a2:
bb:bd:e3:e7:52:b3:35:ea:23:f5:09:3c:3c:ea:fa:00:fa:b8:
2b:b1:04:e0
-----BEGIN CERTIFICATE-----
MIIGLTCCBRWgAwIBAgISAZW6pQEuJpm5df7p7Y2iT5CqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzIxMjEzODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OGFmM2M4ZDM3NzVkNTQ3MDVkMGM3ZmMxNTg2M2UyOWE5MTA5MWM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi15M6YQVbkTggqNJGN5Lv6hOwXju
57aVewAIT7OOczObFEGQWZrdPWwfk2XL81Kt9s4BFZd3fHcxsXv+jw87UBor9jCn
6jTK/a/UVYGxDNVc76i3u82q4ai1eAArbPTisUPl6js36PNvlwDjCA0+BRF+9WdK
EUXVDq+znQVuIqRMlbPz1NPHZRUX5brNUElkqcQJqV2V7/2k07zPcfCGOb/d1LUr
K4mtAxqUvDzTPNG0pVqHCpS6Vp3cCk0NPoNKZgPTDW1i8Trwp51AQUGlZCDrzN26
H5ZXKr34AsJ+cf8h/WBXFxeFUUNpHEvUscEs7fiSwtXux4qWWt9TkbQJyQIDAQAB
o4IDOTCCAzUwHQYDVR0OBBYEFFivPI03ddVHBdDH/BWGPimpEJHHMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvV0s4OGpUZDExVWNGME1mOEZZWS1LYWtRa2NjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBTQYIKwYBBQUHAQcBAf8EggE8MIIBODCCATQEAgABMIIB
LAMEAgX8hAMEAS0JnAMEAC0OpAMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1a
WQMEAC2AYAMEAC2LagMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAUaHuAwQA
U9thAwQAVDYwAwQAV3hXMAwDBARXeHADBAFXeHQDBAFXeHgwDAMEAFd4fQMEB1d4
AAMEAFd4pgMEAFd5JgMEAFd5LQMEAFd5VwMEAVd5fAMEAFd5ogMEAFd5pQMEBFtc
8AMEAVx3xAMEAFz5MgMEAF17bQMEAl6aoAMEA16cQAMEAF6ccQMEAF6cpwMEAF6c
swMEAG3O7QMEAI1iAQMEAI1iBgMEAJNOZAMEAqsWSAMEALLX4AMEArnYVAMEAMEZ
2AMEAMI3ugMEAMKprzANBgkqhkiG9w0BAQsFAAOCAQEAReCbiggVHN0dEJ/MYF7P
Hm/QPIw762blP8q+dkNAcPBPgL7P6yME0HVstSNutSJ3N3ihCfSVL9xcP0eGANhS
R7rY+bXJCUtt/W7DSpf2DxnwRO/3aRik+tFWDmBazwZMBg6FytioYbo4Mt1nJCHb
MmguuBCiyTnP7bkj+BUm4tHI4Qrqiuv7Nv+52vOgmriw1nTEnBXS7KMf9WrFTMHr
LTp54TYQ8rcweLBcc6kdMg+qBN/AD4H/c6KtCJDrB6nSE6Tdd2aa9GpUX07JEWeX
MFIkqcAN7HLWIhpG4iGtnqEIgdWOxSBIV6Giu73j51KzNeoj9Qk8POr6APq4K7EE
4A==
-----END CERTIFICATE-----
Generated at Wed Apr 16 19:43:41 2025 by rpki-client