Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_PwyfRykVCKpAt3oH-12xSITkCA.roa
File: _PwyfRykVCKpAt3oH-12xSITkCA.roa (raw, json)
Hash identifier: X0DexF3pRInAY0VDS70/cxP4jmwq5yo/4pyFQIHIGy8=
Subject key identifier: FC:FC:32:7D:1C:A4:54:22:A9:02:DD:E8:1F:ED:76:C5:22:13:90:20
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195B8F4DDA2A2BA556F234EBC7460811AF0
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_PwyfRykVCKpAt3oH-12xSITkCA.roa
Signing time: Fri 21 Mar 2025 13:46:50 +0000
ROA not before: Fri 21 Mar 2025 13:46:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.128.96.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.105.0/24 maxlen: 24
94.156.112.0/24 maxlen: 24
94.156.113.0/24 maxlen: 24
94.156.115.0/24 maxlen: 24
94.156.167.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.237.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:b8:f4:dd:a2:a2:ba:55:6f:23:4e:bc:74:60:81:1a:f0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 21 13:46:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=fcfc327d1ca45422a902dde81fed76c522139020
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:83:9e:be:67:e0:41:c2:b3:ab:6b:46:fe:02:
64:f2:03:50:a7:6b:44:0d:a8:d7:21:62:bc:ad:f3:
f6:b4:b5:41:16:b5:9f:fb:58:75:68:d9:70:27:92:
d2:22:77:1a:e1:26:c5:63:5b:1f:a7:12:e1:94:d1:
66:7c:5f:eb:39:ca:f4:d8:17:c9:c9:ce:08:b9:ca:
da:53:11:d5:c8:64:f7:2c:be:d8:20:da:26:29:56:
ea:90:7b:a4:56:8e:56:6b:39:f0:55:b6:6f:f8:a8:
06:0b:aa:8f:d4:49:0d:4f:1b:bf:eb:92:19:88:08:
c7:0b:9c:31:87:6d:47:7e:d1:5a:fd:c4:db:a8:2c:
fa:ba:c6:e6:0d:f8:8d:5d:ad:ce:7d:86:37:a4:55:
f9:7f:87:aa:df:2b:9b:72:6a:c3:90:73:17:4e:8b:
6f:72:f3:dc:69:dd:c5:ff:32:cf:71:7f:0a:96:7d:
73:6a:55:8d:8e:3d:37:7e:42:87:13:8f:4b:80:dd:
73:3d:c4:5f:d5:ea:cc:41:17:06:9c:ad:02:ff:54:
92:cf:b6:a7:a8:ac:c5:21:0c:de:01:f0:0e:ed:8a:
c2:a0:1c:b1:5c:27:30:6e:76:bd:6e:d7:0a:95:37:
ba:41:b3:80:27:2a:be:5e:5f:e8:69:ed:f7:36:b7:
a7:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FC:FC:32:7D:1C:A4:54:22:A9:02:DD:E8:1F:ED:76:C5:22:13:90:20
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/_PwyfRykVCKpAt3oH-12xSITkCA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.128.96.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0-87.120.127.255
87.120.166.0/24
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.109.0/24
94.154.160.0/22
94.156.64.0/21
94.156.105.0/24
94.156.112.0/23
94.156.115.0/24
94.156.167.0/24
94.156.179.0/24
94.156.237.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
193.25.216.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
7d:3c:33:c4:64:43:0d:84:3f:c6:eb:67:7d:e8:49:ae:0a:40:
11:cc:d1:e3:de:95:64:b2:bc:ee:f2:43:5b:fd:b3:2b:ad:24:
e3:8f:92:8a:13:fd:bf:ad:82:f2:dd:dc:e1:f1:e8:47:3d:03:
87:13:35:87:09:b2:4f:01:60:db:b6:74:69:df:56:19:09:b5:
c8:1a:ab:27:b5:5f:b5:79:42:21:90:c9:65:bf:fc:db:fa:3e:
0f:9d:68:fc:3b:3e:d5:4e:2b:ff:30:f0:79:a6:26:c0:f9:f5:
6f:32:26:98:a8:6a:08:af:a5:e6:dd:62:0d:a8:df:ec:e4:68:
52:63:c4:c9:96:68:79:24:6a:3c:ad:24:c8:05:a6:2d:0b:77:
09:04:c9:b8:d2:08:56:4f:ac:21:3f:bb:1d:5e:5a:bd:35:38:
02:d8:9f:9a:ee:8d:70:75:b9:bd:3f:c6:33:c3:d1:7c:a5:dc:
ee:b7:ac:2d:1b:f4:60:7c:2b:e6:c8:5a:f7:ec:31:ed:52:e1:
5e:de:ea:75:b3:7d:24:cb:3f:de:fd:e5:f8:7b:26:7f:ee:0c:
e0:0b:51:92:ce:ae:fb:f5:81:a2:22:dd:88:59:91:ac:9e:07:
9d:c5:ba:4d:24:ce:4c:4f:65:fa:5f:ec:4b:a4:04:6a:ba:27:
0f:bd:72:fc
-----BEGIN CERTIFICATE-----
MIIGPzCCBSegAwIBAgISAZW49N2iorpVbyNOvHRggRrwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzIxMTM0NjUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmY2ZjMzI3ZDFjYTQ1NDIyYTkwMmRkZTgxZmVkNzZjNTIyMTM5MDIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtYOevmfgQcKzq2tG/gJk8gNQp2tE
DajXIWK8rfP2tLVBFrWf+1h1aNlwJ5LSInca4SbFY1sfpxLhlNFmfF/rOcr02BfJ
yc4IucraUxHVyGT3LL7YINomKVbqkHukVo5WaznwVbZv+KgGC6qP1EkNTxu/65IZ
iAjHC5wxh21HftFa/cTbqCz6usbmDfiNXa3OfYY3pFX5f4eq3yubcmrDkHMXTotv
cvPcad3F/zLPcX8Kln1zalWNjj03fkKHE49LgN1zPcRf1erMQRcGnK0C/1SSz7an
qKzFIQzeAfAO7YrCoByxXCcwbna9btcKlTe6QbOAJyq+Xl/oae33NrenywIDAQAB
o4IDSzCCA0cwHQYDVR0OBBYEFPz8Mn0cpFQiqQLd6B/tdsUiE5AgMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvX1B3eWZSeWtWQ0twQXQzb0gtMTJ4U0lUa0NBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBXwYIKwYBBQUHAQcBAf8EggFOMIIBSjCCAUYEAgABMIIB
PgMEAgX8hAMEAS0JnAMEAC0OpAMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1a
WQMEAC2AYAMEAC2LagMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAUaHuAwQA
U9thAwQAVDYwAwQAV3hXMAwDBARXeHADBAFXeHQDBAFXeHgwDAMEAFd4fQMEB1d4
AAMEAFd4pgMEAFd5JgMEAFd5LQMEAFd5VwMEAVd5fAMEAFd5ogMEAFd5pQMEBFtc
8AMEAVx3xAMEAFz5MgMEAF17bQMEAl6aoAMEA16cQAMEAF6caQMEAV6ccAMEAF6c
cwMEAF6cpwMEAF6cswMEAF6c7QMEAG3O7QMEAI1iAQMEAI1iBgMEAJNOZAMEAqsW
SAMEALLX4AMEArnYVAMEAMEZ2AMEAMI3ugMEAMKprzANBgkqhkiG9w0BAQsFAAOC
AQEAfTwzxGRDDYQ/xutnfehJrgpAEczR496VZLK87vJDW/2zK60k44+SihP9v62C
8t3c4fHoRz0DhxM1hwmyTwFg27Z0ad9WGQm1yBqrJ7VftXlCIZDJZb/82/o+D51o
/Ds+1U4r/zDweaYmwPn1bzImmKhqCK+l5t1iDajf7ORoUmPEyZZoeSRqPK0kyAWm
LQt3CQTJuNIIVk+sIT+7HV5avTU4Atifmu6NcHW5vT/GM8PRfKXc7resLRv0YHwr
5sha9+wx7VLhXt7qdbN9JMs/3v3l+Hsmf+4M4AtRks6u+/WBoiLdiFmRrJ4HncW6
TSTOTE9l+l/sS6QEaronD71y/A==
-----END CERTIFICATE-----
Generated at Thu Apr 17 09:15:52 2025 by rpki-client