Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kn0pmOyY9m9hZFd8kMxjOnRh9II.roa
File: kn0pmOyY9m9hZFd8kMxjOnRh9II.roa (raw, json)
Hash identifier: oImm3/OvE4GS9Hyq3zI9wDWN9si/96t+PbgF30XQDbo=
Subject key identifier: 92:7D:29:98:EC:98:F6:6F:61:64:57:7C:90:CC:63:3A:74:61:F4:82
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195F25BFEF9A74E799A0A70542C275A6C50
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kn0pmOyY9m9hZFd8kMxjOnRh9II.roa
Signing time: Tue 01 Apr 2025 17:17:50 +0000
ROA not before: Tue 01 Apr 2025 17:17:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 2.59.253.0/24 maxlen: 24
5.252.132.0/22 maxlen: 24
31.13.211.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.12.253.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.81.39.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.141.159.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.18.0/24 maxlen: 24
87.121.22.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.70.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.249.50.0/24 maxlen: 24
93.123.45.0/24 maxlen: 24
93.123.47.0/24 maxlen: 24
93.123.85.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
93.123.117.0/24 maxlen: 24
93.123.119.0/24 maxlen: 24
94.103.125.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.92.0/24 maxlen: 24
94.156.232.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.73.0/24 maxlen: 24
171.22.74.0/23 maxlen: 24
178.215.224.0/24 maxlen: 24
178.215.227.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
193.35.18.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:f2:5b:fe:f9:a7:4e:79:9a:0a:70:54:2c:27:5a:6c:50
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Apr 1 17:17:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=927d2998ec98f66f6164577c90cc633a7461f482
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bb:39:f4:28:f9:4a:86:4e:85:72:a0:a6:a6:f8:
fd:12:98:c5:fa:a1:b5:33:75:57:62:65:27:28:ed:
db:8a:b6:ce:71:87:f7:c8:71:b4:73:19:fe:2c:c8:
44:04:cc:74:f8:aa:f5:c0:67:dc:1d:fe:84:d1:58:
45:94:87:79:3c:dc:b7:ea:4c:7a:c1:af:61:ab:dd:
fb:ca:c8:71:09:7f:e4:08:cb:85:35:80:2e:36:a1:
20:8c:42:12:35:34:f4:dd:69:e4:bb:93:a1:58:46:
19:45:0c:d3:a3:7e:02:34:48:7e:91:8c:c7:35:13:
85:51:c8:e3:1c:a4:06:05:21:9a:4a:d4:e1:93:a9:
cc:14:d3:21:cd:2f:cc:04:e0:87:dc:fb:1c:81:f3:
91:2d:c1:e9:eb:1e:9a:84:d3:26:81:57:43:1b:f5:
14:02:fb:2e:61:30:a5:09:b9:57:5c:17:d8:f1:44:
56:a6:e4:99:7c:66:3b:76:77:4b:2d:30:e3:4a:88:
91:d1:28:44:6f:ce:c2:76:51:20:02:c0:a9:bb:43:
1a:66:a0:e9:49:fb:2c:65:9c:04:10:e6:82:e8:19:
89:2d:f9:fc:5b:8e:0c:3b:1c:ca:78:01:2c:03:c7:
05:b1:39:e7:ec:72:53:08:ae:06:c8:d1:03:d8:33:
94:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
92:7D:29:98:EC:98:F6:6F:61:64:57:7C:90:CC:63:3A:74:61:F4:82
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/kn0pmOyY9m9hZFd8kMxjOnRh9II.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.253.0/24
5.252.132.0/22
31.13.211.0/24
45.9.157.0/24
45.12.253.0/24
45.66.228.0/24
45.66.230.0/23
45.81.39.0/24
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/23
45.151.90.0/23
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0/24
87.120.166.0/24
87.121.18.0/24
87.121.22.0/24
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.70.0/24
91.92.240.0/20
92.249.50.0/24
93.123.45.0/24
93.123.47.0/24
93.123.85.0/24
93.123.109.0/24
93.123.117.0/24
93.123.119.0/24
94.103.125.0/24
94.154.160.0/22
94.156.64.0/21
94.156.92.0/24
94.156.232.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.73.0-171.22.75.255
178.215.224.0/24
178.215.227.0/24
185.216.84.0/22
193.25.216.0/24
193.35.18.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
29:93:b4:c1:b8:07:f0:98:fc:9b:09:c9:2a:15:70:55:e1:20:
89:0a:0a:1e:cb:42:13:7a:52:5a:8c:d1:b8:91:de:4e:a2:f9:
a2:23:ab:42:58:24:e4:1f:8a:af:f3:56:aa:c8:60:8c:26:11:
7c:f8:ed:9e:2b:c5:c6:49:68:2c:1a:68:30:4c:11:30:21:40:
59:27:77:74:8f:9b:4a:63:e4:7f:a3:80:82:0a:20:0f:31:ed:
22:99:e1:ac:42:2d:51:01:e0:f0:f2:21:c9:ff:8f:46:0c:62:
ee:9e:04:27:22:b6:ba:a0:dc:c6:1b:b8:4a:7f:5a:33:e9:c9:
c0:c2:8c:05:35:c3:eb:e6:f0:2b:f8:5a:02:74:f4:bb:97:1e:
c0:00:80:55:6b:c9:55:0c:0c:ec:3f:a5:4a:f7:ac:13:34:12:
87:d7:b2:1d:9c:77:cd:1c:1a:a6:a1:88:95:66:c8:08:85:6f:
16:32:e1:e9:1a:bf:9f:a3:56:8a:99:4f:fa:fd:23:be:14:3a:
8f:b0:d1:ac:1a:a5:63:ef:7b:0c:f1:d5:30:7b:66:e8:2e:07:
1c:b4:67:0a:83:4d:cc:b0:c1:77:12:d4:7b:ed:9e:33:7f:cb:
64:d8:1b:ce:f0:48:b1:8f:85:2f:29:ab:2b:b0:31:26:76:15:
cc:04:3c:ba
-----BEGIN CERTIFICATE-----
MIIGZzCCBU+gAwIBAgISAZXyW/75p055mgpwVCwnWmxQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwNDAxMTcxNzUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MjdkMjk5OGVjOThmNjZmNjE2NDU3N2M5MGNjNjMzYTc0NjFmNDgyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzn0KPlKhk6FcqCmpvj9EpjF+qG1
M3VXYmUnKO3birbOcYf3yHG0cxn+LMhEBMx0+Kr1wGfcHf6E0VhFlId5PNy36kx6
wa9hq937yshxCX/kCMuFNYAuNqEgjEISNTT03Wnku5OhWEYZRQzTo34CNEh+kYzH
NROFUcjjHKQGBSGaStThk6nMFNMhzS/MBOCH3PscgfORLcHp6x6ahNMmgVdDG/UU
AvsuYTClCblXXBfY8URWpuSZfGY7dndLLTDjSoiR0ShEb87CdlEgAsCpu0MaZqDp
SfssZZwEEOaC6BmJLfn8W44MOxzKeAEsA8cFsTnn7HJTCK4GyNED2DOUqwIDAQAB
o4IDczCCA28wHQYDVR0OBBYEFJJ9KZjsmPZvYWRXfJDMYzp0YfSCMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEva24wcG1PeVk5bTloWkZkOGtNeGpPblJoOUlJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBhwYIKwYBBQUHAQcBAf8EggF2MIIBcjCCAW4EAgABMIIB
ZgMEAAI7/QMEAgX8hAMEAB8N0wMEAC0JnQMEAC0M/QMEAC1C5AMEAS1C5gMEAC1R
JwMEAC1YQAMEAC1Z9wMEAC1aWQMEAC2LagMEAS2NngMEAS2XWgMEAE9uMgMEAFGh
7gMEAFPbYQMEAFQ2MAMEAFd4VzAMAwQEV3hwAwQBV3h0AwQBV3h4AwQAV3h9AwQA
V3imAwQAV3kSAwQAV3kWAwQAV3kmAwQAV3ktAwQAV3lXAwQBV3l8AwQAV3miAwQA
V3mlAwQAW1xGAwQEW1zwAwQAXPkyAwQAXXstAwQAXXsvAwQAXXtVAwQAXXttAwQA
XXt1AwQAXXt3AwQAXmd9AwQCXpqgAwQDXpxAAwQAXpxcAwQAXpzoAwQAbc7tAwQA
jWIBAwQAjWIGAwQAk05kMAwDBACrFkkDBAKrFkgDBACy1+ADBACy1+MDBAK52FQD
BADBGdgDBADBIxIDBADCN7oDBADCqa8wDQYJKoZIhvcNAQELBQADggEBACmTtMG4
B/CY/JsJySoVcFXhIIkKCh7LQhN6UlqM0biR3k6i+aIjq0JYJOQfiq/zVqrIYIwm
EXz47Z4rxcZJaCwaaDBMETAhQFknd3SPm0pj5H+jgIIKIA8x7SKZ4axCLVEB4PDy
Icn/j0YMYu6eBCcitrqg3MYbuEp/WjPpycDCjAU1w+vm8Cv4WgJ09LuXHsAAgFVr
yVUMDOw/pUr3rBM0EofXsh2cd80cGqahiJVmyAiFbxYy4ekav5+jVoqZT/r9I74U
Oo+w0awapWPvewzx1TB7ZuguBxy0ZwqDTcywwXcS1HvtnjN/y2TYG87wSLGPhS8p
qyuwMSZ2FcwEPLo=
-----END CERTIFICATE-----
Generated at Thu Apr 17 01:33:20 2025 by rpki-client