Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZGjYfXA0id44oOoH-PIf8MBq0cY.roa
File: ZGjYfXA0id44oOoH-PIf8MBq0cY.roa (raw, json)
Hash identifier: FQbXRqjwsQRdLl17eK/C+pdN4xWqQUehR/46EMKQOrc=
Subject key identifier: 64:68:D8:7D:70:34:89:DE:38:A0:EA:07:F8:F2:1F:F0:C0:6A:D1:C6
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0193E0183B544902FE403B1C49D0F8F01F5D
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZGjYfXA0id44oOoH-PIf8MBq0cY.roa
Signing time: Thu 19 Dec 2024 18:05:04 +0000
ROA not before: Thu 19 Dec 2024 18:05:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.9.157.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.88.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
93.123.84.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.179.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.180.48.0/24 maxlen: 24
194.180.49.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:e0:18:3b:54:49:02:fe:40:3b:1c:49:d0:f8:f0:1f:5d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Dec 19 18:05:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=6468d87d703489de38a0ea07f8f21ff0c06ad1c6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:e6:c9:4b:39:f1:67:6b:cf:b3:a9:0d:bc:c4:
98:fa:31:b7:20:65:70:23:95:96:2d:b5:ac:8a:ab:
ba:b0:9f:5e:76:dc:ac:7c:9c:bf:d0:77:6e:96:6f:
de:ea:ae:9e:48:9c:15:61:4a:ea:05:0b:51:1d:c0:
06:0b:56:21:c1:ab:71:42:b1:97:56:f5:ba:6f:f2:
56:5d:a2:b8:46:0c:f4:b1:8f:91:e1:8a:4d:22:b9:
38:86:a4:c4:ef:12:8b:b7:bc:cb:90:90:34:ad:3b:
ff:56:5e:7a:58:3c:ae:3a:a9:da:7b:b9:dc:01:68:
f4:1d:48:e4:72:00:55:b6:bb:4f:16:62:ac:18:56:
27:97:4b:dd:cd:f0:ac:ac:c5:73:20:d3:b8:32:f3:
59:16:77:ee:79:90:e9:85:d3:0c:8b:17:7b:ee:a7:
9f:78:3d:87:14:24:98:18:ad:ae:33:01:c1:9a:e6:
a9:80:2d:00:89:63:07:4f:37:50:cb:68:18:f1:41:
a6:93:90:50:d3:cb:2e:86:3d:33:9b:4b:2f:4f:7d:
d5:ce:7c:47:12:31:c3:0d:d5:da:d8:4b:09:34:e1:
c5:f5:47:2a:58:3d:c7:f6:e5:bf:fc:49:59:f5:c9:
f0:af:63:a9:6e:53:f7:06:91:7e:c1:5d:f9:6f:5b:
55:7b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
64:68:D8:7D:70:34:89:DE:38:A0:EA:07:F8:F2:1F:F0:C0:6A:D1:C6
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ZGjYfXA0id44oOoH-PIf8MBq0cY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.157.0/24
45.12.255.0/24
45.14.164.0/24
45.66.228.0/24
45.88.64.0/24
45.90.88.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
93.123.84.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.179.0/24
141.98.1.0/24
147.78.100.0/24
171.22.72.0/22
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.180.48.0/23
Signature Algorithm: sha256WithRSAEncryption
aa:d2:61:60:be:65:13:ff:59:09:0c:e0:f2:d9:b8:a4:51:2c:
37:6e:4d:e4:28:45:b1:03:1b:f3:7c:e7:1f:90:36:18:10:d5:
bf:3a:33:57:73:f3:83:9b:0b:5e:8e:a4:73:c5:10:45:02:5f:
69:d2:65:07:47:54:1e:1c:7a:d1:3e:91:f2:22:a0:bd:eb:57:
7f:a1:9b:d1:7a:ab:94:e0:de:43:1f:63:3d:3c:d1:0e:52:a0:
a7:93:22:4f:7b:3d:a2:b9:b3:f9:b3:ce:48:fa:6c:e4:56:10:
dc:ad:29:78:75:d7:86:93:99:58:75:98:43:74:17:5a:e6:69:
1c:21:02:cf:47:28:f5:f7:f1:8c:2a:5d:7e:13:14:d2:5c:53:
c5:fc:e4:4a:79:bc:cf:83:a2:a4:8d:99:c6:a8:e9:fd:ad:6a:
e4:f8:5f:92:d5:ad:ce:f5:62:07:58:49:ea:ea:60:1c:56:a7:
09:72:54:b5:f1:5f:21:bb:55:4e:bd:99:f7:a3:dd:a2:7f:15:
27:11:dc:22:7f:55:29:85:78:a1:34:71:46:2d:fc:c4:6d:68:
e8:d7:88:5a:c1:f5:d7:a1:8d:0c:33:8f:5e:6a:35:9f:f6:02:
c5:9c:54:3f:14:b0:bb:78:c9:3e:6a:2b:5f:4e:d8:47:80:21:
f5:dd:9c:6c
-----BEGIN CERTIFICATE-----
MIIFyjCCBLKgAwIBAgISAZPgGDtUSQL+QDscSdD48B9dMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMjE5MTgwNTA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDY4ZDg3ZDcwMzQ4OWRlMzhhMGVhMDdmOGYyMWZmMGMwNmFkMWM2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoubJSznxZ2vPs6kNvMSY+jG3IGVw
I5WWLbWsiqu6sJ9edtysfJy/0Hdulm/e6q6eSJwVYUrqBQtRHcAGC1YhwatxQrGX
VvW6b/JWXaK4Rgz0sY+R4YpNIrk4hqTE7xKLt7zLkJA0rTv/Vl56WDyuOqnae7nc
AWj0HUjkcgBVtrtPFmKsGFYnl0vdzfCsrMVzINO4MvNZFnfueZDphdMMixd77qef
eD2HFCSYGK2uMwHBmuapgC0AiWMHTzdQy2gY8UGmk5BQ08suhj0zm0svT33VznxH
EjHDDdXa2EsJNOHF9UcqWD3H9uW//ElZ9cnwr2OpblP3BpF+wV35b1tVewIDAQAB
o4IC1jCCAtIwHQYDVR0OBBYEFGRo2H1wNIneOKDqB/jyH/DAatHGMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvWkdqWWZYQTBpZDQ0b09vSC1QSWY4TUJxMGNZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHrBggrBgEFBQcBBwEB/wSB2zCB2DCB1QQCAAEwgc4DBAAt
CZ0DBAAtDP8DBAAtDqQDBAAtQuQDBAAtWEADBAAtWlgDBAAti2oDBAAtjZ4wDAME
AC2XWQMEAi2XWAMEAFPbYQMEAFQ2MAMEAFd4VwMEAFd4pgMEAFd5LQMEAFd5VwME
AVd5fAMEAFd5ogMEAFd5pQMEBFtc8AMEAVx3xAMEAF17VAMEAl6aoAMEAF6cCwME
A16cQAMEAF6cswMEAI1iAQMEAJNOZAMEAqsWSAMEArnYVAMEArnaVAMEAMEZ2AME
AMIxXgMEAcK0MDANBgkqhkiG9w0BAQsFAAOCAQEAqtJhYL5lE/9ZCQzg8tm4pFEs
N25N5ChFsQMb83znH5A2GBDVvzozV3Pzg5sLXo6kc8UQRQJfadJlB0dUHhx60T6R
8iKgvetXf6Gb0XqrlODeQx9jPTzRDlKgp5MiT3s9ormz+bPOSPps5FYQ3K0peHXX
hpOZWHWYQ3QXWuZpHCECz0co9ffxjCpdfhMU0lxTxfzkSnm8z4OipI2Zxqjp/a1q
5PhfktWtzvViB1hJ6upgHFanCXJUtfFfIbtVTr2Z96Pdon8VJxHcIn9VKYV4oTRx
Ri38xG1o6NeIWsH116GNDDOPXmo1n/YCxZxUPxSwu3jJPmorX07YR4Ah9d2cbA==
-----END CERTIFICATE-----
Generated at Thu Apr 17 01:45:12 2025 by rpki-client