Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/gieewWr5QrkK6B0P3L7CtxzoIFE.roa
File: gieewWr5QrkK6B0P3L7CtxzoIFE.roa (raw, json)
Hash identifier: KHERMAP0JGThHXTMICx4W1WvRh01rqupW86oe8DKUhU=
Subject key identifier: 82:27:9E:C1:6A:F9:42:B9:0A:E8:1D:0F:DC:BE:C2:B7:1C:E8:20:51
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0194AC59B1BC11E0E6E6072C67EB4D85449E
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/gieewWr5QrkK6B0P3L7CtxzoIFE.roa
Signing time: Tue 28 Jan 2025 09:59:06 +0000
ROA not before: Tue 28 Jan 2025 09:59:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.209.133.0/24 maxlen: 24
87.120.84.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.120.187.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.48.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.114.0/24 maxlen: 24
94.156.170.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.236.0/24 maxlen: 24
178.215.237.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:ac:59:b1:bc:11:e0:e6:e6:07:2c:67:eb:4d:85:44:9e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 28 09:59:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=82279ec16af942b90ae81d0fdcbec2b71ce82051
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:96:b5:cb:48:1d:db:f1:d2:9e:4f:79:c8:06:
88:81:97:95:59:8d:7a:f0:72:06:53:fe:f8:97:9a:
8b:d0:3c:09:fa:27:0d:91:bd:bc:3a:86:4e:2e:7d:
e8:71:6e:63:de:ea:30:7b:4c:cd:1b:8a:4f:96:81:
3b:ad:8a:93:79:ff:f2:38:07:bb:c8:7f:ea:a0:69:
99:39:32:ca:aa:e6:1b:8d:51:88:9a:8d:c9:d4:51:
c2:9d:cf:11:a2:bb:6f:79:75:97:3f:bc:0a:ad:75:
89:dc:a6:47:b0:af:3a:bf:43:7c:8d:d0:65:bf:c7:
30:2d:d8:00:87:93:ed:1a:b4:15:f1:00:7d:cb:23:
e7:83:e9:b1:f0:aa:8e:80:2b:24:20:12:bc:05:58:
26:6d:e3:b1:23:aa:f4:9d:df:e9:aa:eb:0e:8f:3f:
53:15:0a:34:b4:21:60:b7:40:35:4d:4b:14:14:d7:
99:92:0b:40:01:3b:de:e5:d4:81:a0:a3:cd:e8:d2:
65:f9:07:b3:d5:41:53:3b:ee:7e:2a:4e:0f:82:a0:
a6:77:a5:6b:66:b9:fc:85:42:8d:d0:a3:53:69:6e:
c4:eb:b9:a8:d6:c7:71:fa:df:8d:10:18:87:43:fa:
88:eb:66:4f:71:55:af:51:ed:ee:af:af:32:2a:51:
fa:31
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:27:9E:C1:6A:F9:42:B9:0A:E8:1D:0F:DC:BE:C2:B7:1C:E8:20:51
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/gieewWr5QrkK6B0P3L7CtxzoIFE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/24
45.88.64.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
83.219.97.0/24
84.54.48.0/24
85.209.133.0/24
87.120.84.0/24
87.120.87.0/24
87.120.166.0/24
87.120.187.0/24
87.121.45.0/24
87.121.87.0/24
87.121.105.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.48.0/24
92.249.50.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.114.0/24
94.156.170.0/24
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.236.0/23
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
a9:64:95:ed:01:0c:51:18:bf:32:7a:50:8f:95:e9:fa:e6:89:
76:76:98:25:19:2e:d9:cc:d3:a8:f5:5f:42:94:51:da:08:9b:
75:0c:a0:47:58:be:b7:65:01:96:eb:13:26:fb:aa:f5:bb:70:
29:b8:ea:41:df:29:5c:4e:b2:b4:07:db:01:e5:9e:69:db:6b:
b7:38:f8:d6:5c:fd:40:6f:3e:b9:13:96:3f:e0:bf:f4:35:40:
b5:37:23:7b:72:e8:16:56:3e:fc:65:e3:4b:8d:f5:bd:ac:af:
71:08:67:73:79:b5:a4:02:67:02:76:44:bc:f1:2d:14:45:25:
7f:b9:e7:1d:c0:6c:e8:f4:2b:1b:2c:b3:af:e9:69:86:22:0d:
ac:6e:ee:07:fb:c0:b7:81:74:5d:76:85:19:bb:79:f9:7d:f7:
df:e1:b1:d0:90:d2:eb:b0:e5:1a:e7:cb:26:30:2b:89:44:e7:
6a:0a:fb:3c:6a:61:17:62:b2:f1:11:ab:a7:9a:4c:69:6d:02:
9c:73:78:97:e2:91:27:07:de:f4:8a:19:50:20:e1:a9:34:88:
53:7a:1b:cc:62:21:62:48:7a:f1:bc:b3:46:6e:4c:50:0d:14:
ac:23:07:ea:92:2a:c6:4e:a7:45:39:f3:b3:b4:35:fa:29:99:
31:54:c0:24
-----BEGIN CERTIFICATE-----
MIIGKTCCBRGgAwIBAgISAZSsWbG8EeDm5gcsZ+tNhUSeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTI4MDk1OTA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjI3OWVjMTZhZjk0MmI5MGFlODFkMGZkY2JlYzJiNzFjZTgyMDUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwpa1y0gd2/HSnk95yAaIgZeVWY16
8HIGU/74l5qL0DwJ+icNkb28OoZOLn3ocW5j3uowe0zNG4pPloE7rYqTef/yOAe7
yH/qoGmZOTLKquYbjVGImo3J1FHCnc8RortveXWXP7wKrXWJ3KZHsK86v0N8jdBl
v8cwLdgAh5PtGrQV8QB9yyPng+mx8KqOgCskIBK8BVgmbeOxI6r0nd/pqusOjz9T
FQo0tCFgt0A1TUsUFNeZkgtAATve5dSBoKPN6NJl+Qez1UFTO+5+Kk4PgqCmd6Vr
Zrn8hUKN0KNTaW7E67mo1sdx+t+NEBiHQ/qI62ZPcVWvUe3ur68yKlH6MQIDAQAB
o4IDNTCCAzEwHQYDVR0OBBYEFIInnsFq+UK5CugdD9y+wrcc6CBRMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZ2llZXdXcjVRcmtLNkIwUDNMN0N0eHpvSUZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBSQYIKwYBBQUHAQcBAf8EggE4MIIBNDCCATAEAgABMIIB
KAMEAgX8hAMEAS0JnAMEAC0OpAMEAC1C5AMEAC1C5gMEAC1YQAMEAC1aWQMEAC2L
agMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQAU9thAwQAVDYwAwQA
VdGFAwQAV3hUAwQAV3hXAwQAV3imAwQAV3i7AwQAV3ktAwQAV3lXAwQAV3lpAwQB
V3l8AwQAV3miAwQAV3mlAwQEW1zwAwQBXHfEAwQAXPkwAwQAXPkyAwQCXpqgAwQA
XpwLAwQDXpxAAwQAXpxyAwQAXpyqAwQAXpyzAwQAXpz4AwQAX9YbAwQAjWIBAwQA
jWIGAwQAk05kAwQCqxZIAwQBstfsAwQCudhUAwQCudpUAwQAwRnYAwQAwjFeAwQA
wje6AwQAwqmvMA0GCSqGSIb3DQEBCwUAA4IBAQCpZJXtAQxRGL8yelCPlen65ol2
dpglGS7ZzNOo9V9ClFHaCJt1DKBHWL63ZQGW6xMm+6r1u3ApuOpB3ylcTrK0B9sB
5Z5p22u3OPjWXP1Abz65E5Y/4L/0NUC1NyN7cugWVj78ZeNLjfW9rK9xCGdzebWk
AmcCdkS88S0URSV/uecdwGzo9CsbLLOv6WmGIg2sbu4H+8C3gXRddoUZu3n5ffff
4bHQkNLrsOUa58smMCuJROdqCvs8amEXYrLxEaunmkxpbQKcc3iX4pEnB970ihlQ
IOGpNIhTehvMYiFiSHrxvLNGbkxQDRSsIwfqkirGTqdFOfOztDX6KZkxVMAk
-----END CERTIFICATE-----
Generated at Thu Apr 17 09:18:08 2025 by rpki-client