Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Z7VKwUYXf5DtsKfaUZbeaVt-51I.roa
File: Z7VKwUYXf5DtsKfaUZbeaVt-51I.roa (raw, json)
Hash identifier: nqWtYrxCZtRRzj1r61ptB2GKxHhOjGsIKsW+BEjOxfI=
Subject key identifier: 67:B5:4A:C1:46:17:7F:90:ED:B0:A7:DA:51:96:DE:69:5B:7E:E7:52
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195B8AAB5C63AD5EDF8A45597FED3005907
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Z7VKwUYXf5DtsKfaUZbeaVt-51I.roa
Signing time: Fri 21 Mar 2025 12:25:50 +0000
ROA not before: Fri 21 Mar 2025 12:25:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.128.96.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.105.0/24 maxlen: 24
94.156.113.0/24 maxlen: 24
94.156.167.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:b8:aa:b5:c6:3a:d5:ed:f8:a4:55:97:fe:d3:00:59:07
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 21 12:25:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=67b54ac146177f90edb0a7da5196de695b7ee752
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d5:eb:aa:f8:22:37:3a:f0:c3:00:cf:ad:e3:83:
b4:6c:56:02:a9:05:00:a8:5c:9b:f9:91:aa:b4:8a:
11:56:d6:cc:ca:25:d6:dd:a5:fb:a9:7e:4f:7e:d5:
7c:01:6d:ce:53:9a:be:70:e9:bc:8e:e3:ae:94:99:
0e:36:f6:1d:13:27:8b:49:2f:5a:4a:dd:d5:dc:4a:
32:90:34:0f:37:25:79:d8:ba:8f:37:9e:96:0b:4d:
5d:d2:d4:b9:13:1d:42:f8:0f:10:59:57:c6:b2:4e:
e9:c1:47:9d:b3:4e:be:1a:56:34:c5:97:c9:cf:58:
ec:b0:7f:95:70:30:2b:48:1f:59:09:71:6c:14:34:
0a:70:51:05:d0:e7:3c:45:ad:c5:47:54:52:fd:79:
97:59:99:d7:95:e8:c4:e8:94:55:fc:c5:c6:08:a7:
84:ce:1c:74:12:f3:e7:f2:32:3a:b2:c8:64:a9:81:
42:b4:7d:48:0d:34:9f:f0:32:c8:21:a5:16:36:c2:
c5:27:8e:d6:63:4c:36:b0:36:69:35:6d:00:ba:05:
8c:a2:21:69:01:8b:7d:1d:df:06:06:d9:94:90:be:
f2:19:ce:b7:54:72:ae:6c:84:d9:bc:c4:06:ae:b2:
24:0d:d1:ce:1a:4c:a1:0e:cf:35:54:94:9c:09:0b:
6c:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:B5:4A:C1:46:17:7F:90:ED:B0:A7:DA:51:96:DE:69:5B:7E:E7:52
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/Z7VKwUYXf5DtsKfaUZbeaVt-51I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.128.96.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0-87.120.127.255
87.120.166.0/24
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.109.0/24
94.154.160.0/22
94.156.64.0/21
94.156.105.0/24
94.156.113.0/24
94.156.167.0/24
94.156.179.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
193.25.216.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
58:18:a7:b3:89:69:d1:a3:37:44:f2:8a:b8:b8:f5:fd:91:d8:
6b:41:85:93:6a:b3:2e:f2:75:2a:de:ba:ef:fc:86:04:90:b1:
54:db:2a:f7:0a:f2:34:b8:f0:86:f0:a8:5e:46:57:b7:a9:3d:
ae:24:fe:b4:d0:52:1d:6d:89:ea:16:dd:12:bf:de:f4:ef:4c:
4b:4b:93:b6:e0:05:0e:ec:44:9e:6c:77:7f:51:18:9c:b1:f7:
9e:89:84:40:71:76:d3:5e:3a:33:b2:84:8d:64:7c:55:19:1c:
4a:63:07:0e:03:28:d7:69:17:01:d3:c6:97:3e:1b:c7:32:6f:
bc:bc:cc:21:18:4a:d6:5d:97:5f:44:22:c2:6e:9f:fa:9a:15:
4a:9c:c8:17:b4:7f:59:ee:c5:aa:65:73:70:dc:53:b0:91:5e:
31:00:46:79:01:24:50:dc:d3:33:34:09:ba:73:90:8e:7b:cd:
4a:06:c2:98:ed:4b:be:f9:9a:37:db:64:97:a1:fb:57:bd:db:
fc:2a:b5:cb:da:7a:23:b6:73:4f:24:12:0b:aa:6c:75:85:0a:
2d:bb:82:bf:4b:45:48:79:ac:11:a9:ed:2f:64:be:12:9c:91:
0f:60:b4:9e:1b:4d:6f:15:ec:c1:a1:29:18:b1:52:42:35:68:
f3:aa:8a:1f
-----BEGIN CERTIFICATE-----
MIIGMzCCBRugAwIBAgISAZW4qrXGOtXt+KRVl/7TAFkHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzIxMTIyNTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2I1NGFjMTQ2MTc3ZjkwZWRiMGE3ZGE1MTk2ZGU2OTViN2VlNzUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1euq+CI3OvDDAM+t44O0bFYCqQUA
qFyb+ZGqtIoRVtbMyiXW3aX7qX5PftV8AW3OU5q+cOm8juOulJkONvYdEyeLSS9a
St3V3EoykDQPNyV52LqPN56WC01d0tS5Ex1C+A8QWVfGsk7pwUeds06+GlY0xZfJ
z1jssH+VcDArSB9ZCXFsFDQKcFEF0Oc8Ra3FR1RS/XmXWZnXlejE6JRV/MXGCKeE
zhx0EvPn8jI6sshkqYFCtH1IDTSf8DLIIaUWNsLFJ47WY0w2sDZpNW0AugWMoiFp
AYt9Hd8GBtmUkL7yGc63VHKubITZvMQGrrIkDdHOGkyhDs81VJScCQtsCwIDAQAB
o4IDPzCCAzswHQYDVR0OBBYEFGe1SsFGF3+Q7bCn2lGW3mlbfudSMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWjdWS3dVWVhmNUR0c0tmYVVaYmVhVnQtNTFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBUwYIKwYBBQUHAQcBAf8EggFCMIIBPjCCAToEAgABMIIB
MgMEAgX8hAMEAS0JnAMEAC0OpAMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1a
WQMEAC2AYAMEAC2LagMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAUaHuAwQA
U9thAwQAVDYwAwQAV3hXMAwDBARXeHADBAFXeHQDBAFXeHgwDAMEAFd4fQMEB1d4
AAMEAFd4pgMEAFd5JgMEAFd5LQMEAFd5VwMEAVd5fAMEAFd5ogMEAFd5pQMEBFtc
8AMEAVx3xAMEAFz5MgMEAF17bQMEAl6aoAMEA16cQAMEAF6caQMEAF6ccQMEAF6c
pwMEAF6cswMEAG3O7QMEAI1iAQMEAI1iBgMEAJNOZAMEAqsWSAMEALLX4AMEArnY
VAMEAMEZ2AMEAMI3ugMEAMKprzANBgkqhkiG9w0BAQsFAAOCAQEAWBins4lp0aM3
RPKKuLj1/ZHYa0GFk2qzLvJ1Kt667/yGBJCxVNsq9wryNLjwhvCoXkZXt6k9riT+
tNBSHW2J6hbdEr/e9O9MS0uTtuAFDuxEnmx3f1EYnLH3nomEQHF20146M7KEjWR8
VRkcSmMHDgMo12kXAdPGlz4bxzJvvLzMIRhK1l2XX0Qiwm6f+poVSpzIF7R/We7F
qmVzcNxTsJFeMQBGeQEkUNzTMzQJunOQjnvNSgbCmO1LvvmaN9tkl6H7V73b/Cq1
y9p6I7ZzTyQSC6psdYUKLbuCv0tFSHmsEantL2S+EpyRD2C0nhtNbxXswaEpGLFS
QjVo86qKHw==
-----END CERTIFICATE-----
Generated at Thu Apr 17 09:15:52 2025 by rpki-client