Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Xf_xxq-KqHp740BCbKjQUr4eZgM.roa
File: Xf_xxq-KqHp740BCbKjQUr4eZgM.roa (raw, json)
Hash identifier: 8LFRGgyZFVpUlWThQMPirwDUPdzX6tirhOGOS3hpnI8=
Subject key identifier: 5D:FF:F1:C6:AF:8A:A8:7A:7B:E3:40:42:6C:A8:D0:52:BE:1E:66:03
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195D2E8FB75F7E0934325AEF2C12AE99A05
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Xf_xxq-KqHp740BCbKjQUr4eZgM.roa
Signing time: Wed 26 Mar 2025 14:43:58 +0000
ROA not before: Wed 26 Mar 2025 14:43:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.157.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.128.96.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.113.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:d2:e8:fb:75:f7:e0:93:43:25:ae:f2:c1:2a:e9:9a:05
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 26 14:43:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=5dfff1c6af8aa87a7be340426ca8d052be1e6603
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:dc:91:83:48:5f:33:29:68:97:62:2a:42:5d:
1f:30:a7:f4:92:31:53:9a:fa:d2:54:4d:46:66:77:
73:aa:7d:c9:a0:58:0a:22:e3:9e:50:a4:ba:f7:af:
bc:2b:47:ab:51:f3:bf:bc:6f:e3:42:2d:30:9c:9e:
71:e0:f4:ec:3d:1b:85:59:87:ef:54:9e:d1:1c:d8:
3b:0e:a1:49:ad:f2:07:ce:74:f2:53:13:ec:0d:5a:
0a:ee:61:2a:a0:01:c6:e9:83:4d:03:0d:f8:5c:a9:
e5:a9:29:e3:15:1a:d1:fd:a7:b8:51:7c:a6:59:02:
e4:a8:f6:82:b4:d7:44:e8:60:86:11:05:21:6a:b4:
61:31:05:40:ba:3c:47:60:d8:83:63:04:f2:38:ca:
6e:68:a3:f4:b0:c9:0c:1e:78:1e:3a:91:8e:33:7e:
23:26:a6:b1:87:cb:47:12:57:f8:6c:d9:cf:23:d2:
bd:ad:ae:e6:40:3b:42:81:90:ae:63:de:c5:81:99:
9b:9d:40:7a:a6:45:e0:87:74:53:05:30:30:34:5e:
5a:49:ea:53:16:70:83:a6:84:0a:d0:c9:f0:a4:29:
7d:b1:d1:90:6c:35:3a:76:0c:be:39:74:41:02:a6:
3e:6c:b3:27:5d:d9:7f:05:9b:4f:18:fb:32:f7:b3:
15:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:FF:F1:C6:AF:8A:A8:7A:7B:E3:40:42:6C:A8:D0:52:BE:1E:66:03
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Xf_xxq-KqHp740BCbKjQUr4eZgM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.157.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.128.96.0/24
45.139.106.0/24
45.141.158.0/24
45.151.90.0/23
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0-87.120.127.255
87.120.166.0/24
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.249.50.0/24
93.123.109.0/24
94.154.160.0/22
94.156.64.0/21
94.156.113.0/24
94.156.179.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
193.25.216.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
25:5d:5b:2e:48:40:29:a9:0c:41:15:b3:72:3c:c2:fe:92:84:
fc:17:fc:09:a6:c2:6a:4b:68:84:0c:ef:eb:75:d9:94:a5:01:
74:64:6f:81:91:8a:18:44:25:76:70:3f:e1:3a:2d:17:3b:c9:
67:26:d0:ac:2d:68:0c:6e:63:d7:5d:35:af:3c:a5:ab:ef:24:
e3:31:4f:f4:89:af:a9:4e:2a:7a:42:b8:31:ba:75:9b:2c:ea:
f6:2f:b9:09:3a:b1:14:ec:45:68:c0:06:4b:88:8e:53:5a:05:
e4:f3:ae:ee:d3:c3:b8:74:cd:a8:22:79:b1:b3:9f:9c:75:32:
0b:97:2c:9f:bb:a8:73:1e:cc:ca:6c:52:bf:cf:7d:18:62:90:
5e:32:11:65:7c:1f:31:2d:cb:e6:7c:a6:c6:ab:60:77:cd:e7:
34:b9:19:e5:7c:37:64:73:7a:fa:29:5e:18:73:a0:04:11:ed:
49:f9:f6:45:d2:67:49:19:ba:c5:1f:36:84:7c:85:f3:44:0c:
b4:c8:70:f6:7a:e7:02:49:08:cb:74:79:12:91:42:ac:ae:65:
9e:26:1f:40:36:b9:0e:a0:23:ee:50:33:48:7c:4e:4d:94:a0:
ca:85:88:1a:64:0e:2f:04:3f:25:bf:3b:c3:7a:91:cf:38:a6:
58:f5:3e:25
-----BEGIN CERTIFICATE-----
MIIGEzCCBPugAwIBAgISAZXS6Pt19+CTQyWu8sEq6ZoFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzI2MTQ0MzU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGZmZjFjNmFmOGFhODdhN2JlMzQwNDI2Y2E4ZDA1MmJlMWU2NjAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAydyRg0hfMylol2IqQl0fMKf0kjFT
mvrSVE1GZndzqn3JoFgKIuOeUKS696+8K0erUfO/vG/jQi0wnJ5x4PTsPRuFWYfv
VJ7RHNg7DqFJrfIHznTyUxPsDVoK7mEqoAHG6YNNAw34XKnlqSnjFRrR/ae4UXym
WQLkqPaCtNdE6GCGEQUharRhMQVAujxHYNiDYwTyOMpuaKP0sMkMHngeOpGOM34j
Jqaxh8tHElf4bNnPI9K9ra7mQDtCgZCuY97FgZmbnUB6pkXgh3RTBTAwNF5aSepT
FnCDpoQK0MnwpCl9sdGQbDU6dgy+OXRBAqY+bLMnXdl/BZtPGPsy97MV0wIDAQAB
o4IDHzCCAxswHQYDVR0OBBYEFF3/8caviqh6e+NAQmyo0FK+HmYDMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWGZfeHhxLUtxSHA3NDBCQ2JLalFVcjRlWmdNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBMwYIKwYBBQUHAQcBAf8EggEiMIIBHjCCARoEAgABMIIB
EgMEAgX8hAMEAC0JnQMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1aWQMEAC2A
YAMEAC2LagMEAC2NngMEAS2XWgMEAE9uMgMEAFGh7gMEAFPbYQMEAFQ2MAMEAFd4
VzAMAwQEV3hwAwQBV3h0AwQBV3h4MAwDBABXeH0DBAdXeAADBABXeKYDBABXeSYD
BABXeS0DBABXeVcDBAFXeXwDBABXeaIDBABXeaUDBARbXPADBABc+TIDBABde20D
BAJemqADBANenEADBABenHEDBABenLMDBABtzu0DBACNYgEDBACNYgYDBACTTmQD
BAKrFkgDBACy1+ADBAK52FQDBADBGdgDBADCN7oDBADCqa8wDQYJKoZIhvcNAQEL
BQADggEBACVdWy5IQCmpDEEVs3I8wv6ShPwX/AmmwmpLaIQM7+t12ZSlAXRkb4GR
ihhEJXZwP+E6LRc7yWcm0KwtaAxuY9ddNa88pavvJOMxT/SJr6lOKnpCuDG6dZss
6vYvuQk6sRTsRWjABkuIjlNaBeTzru7Tw7h0zagiebGzn5x1MguXLJ+7qHMezMps
Ur/PfRhikF4yEWV8HzEty+Z8psarYHfN5zS5GeV8N2RzevopXhhzoAQR7Un59kXS
Z0kZusUfNoR8hfNEDLTIcPZ65wJJCMt0eRKRQqyuZZ4mH0A2uQ6gI+5QM0h8Tk2U
oMqFiBpkDi8EPyW/O8N6kc84plj1PiU=
-----END CERTIFICATE-----
Generated at Thu Apr 17 10:43:24 2025 by rpki-client