Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mhW75BHCC1-oOh5u4hw6DSx4GAU.roa
File: mhW75BHCC1-oOh5u4hw6DSx4GAU.roa (raw, json)
Hash identifier: obcte0v5A+GeubmlGpEi5mHekV+/KDHhVkpqjfGQ3UM=
Subject key identifier: 9A:15:BB:E4:11:C2:0B:5F:A8:3A:1E:6E:E2:1C:3A:0D:2C:78:18:05
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01944B8E3877213754093353EFCA95F2EB65
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mhW75BHCC1-oOh5u4hw6DSx4GAU.roa
Signing time: Thu 09 Jan 2025 14:53:19 +0000
ROA not before: Thu 09 Jan 2025 14:53:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 45.9.157.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
81.161.239.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.209.133.0/24 maxlen: 24
87.120.84.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.84.0/23 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
87.121.221.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.48.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.102.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.237.0/24 maxlen: 24
185.216.71.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:4b:8e:38:77:21:37:54:09:33:53:ef:ca:95:f2:eb:65
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 9 14:53:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9a15bbe411c20b5fa83a1e6ee21c3a0d2c781805
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:1d:99:bc:73:bf:fa:86:2d:e1:bf:94:2e:0c:
99:51:e6:e7:89:1e:dd:d9:8d:46:b6:99:ad:bd:96:
9c:ab:5c:6a:ca:2d:4d:1a:46:d6:db:51:12:49:61:
42:e4:fb:fa:2b:e5:a4:60:37:d1:48:62:25:36:19:
57:13:f8:26:a2:a3:ae:ca:07:63:52:1d:0f:78:dd:
b2:1f:b9:85:88:cb:59:d1:c2:2b:50:8b:18:a3:da:
2d:30:f7:a1:fc:05:09:c4:e8:6e:68:5b:0f:74:85:
0b:ba:69:3f:13:5b:b9:b5:71:4f:66:d8:10:45:9b:
bb:4d:3f:f2:8c:f9:f5:40:27:25:cb:6d:b2:e5:28:
28:32:84:65:ed:97:62:d8:a4:b0:58:4d:eb:16:3b:
6f:7f:9e:50:e1:4d:19:37:1a:18:40:83:e3:83:25:
a2:20:33:12:a8:31:3b:b1:8e:46:c6:7d:fe:31:d1:
18:3a:4a:52:58:ed:45:06:31:db:f7:e6:d1:93:2c:
93:11:20:c5:b4:13:d9:13:6c:6d:cc:ab:65:03:24:
5c:f0:fd:23:d1:11:56:ad:81:ff:4a:60:59:8e:a0:
12:4b:dd:98:dc:24:7d:83:4b:cc:11:d6:50:4d:48:
3e:4b:da:e3:2e:c7:f0:42:8f:b7:e6:bd:28:3f:bb:
f0:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9A:15:BB:E4:11:C2:0B:5F:A8:3A:1E:6E:E2:1C:3A:0D:2C:78:18:05
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/mhW75BHCC1-oOh5u4hw6DSx4GAU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.157.0/24
45.12.255.0/24
45.14.164.0/24
45.66.228.0/24
45.66.230.0/24
45.88.64.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
81.161.239.0/24
83.219.97.0/24
84.54.48.0/24
85.209.133.0/24
87.120.84.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.84.0/23
87.121.87.0/24
87.121.105.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
87.121.221.0/24
91.92.240.0/20
92.119.196.0/23
92.249.48.0/24
92.249.50.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.102.0/24
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.237.0/24
185.216.71.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
21:fc:50:91:09:e4:0c:a6:04:d5:f1:80:58:0d:0d:7b:da:4b:
1a:7d:47:89:ea:55:c9:85:65:89:bb:65:c4:c7:10:89:cf:61:
98:d3:b7:ee:d9:58:97:25:e3:9a:66:3a:f5:5a:92:eb:99:fc:
1b:cc:69:66:9b:5d:19:cc:93:19:7e:4e:df:66:24:2e:56:d6:
17:2b:de:c5:27:23:4e:4c:85:68:87:d3:13:96:c2:f2:8d:1c:
7b:a6:85:8d:e0:f4:33:1f:eb:42:4f:2b:db:35:7c:b6:5e:96:
24:3f:eb:54:88:b0:b7:f3:77:7a:d1:fb:98:2c:39:61:45:72:
b2:16:ee:e2:12:ad:96:a2:9c:2e:cb:b3:6b:22:82:15:72:33:
d2:64:d6:61:fd:64:72:3b:bb:bf:f3:65:98:de:e5:ed:5f:43:
7c:59:f4:3e:2e:a0:17:da:f4:78:31:76:be:b8:ae:c8:0e:ea:
db:83:f9:7e:1d:00:cd:59:dd:a4:e3:aa:6c:da:6e:ab:91:62:
60:fa:c1:f7:55:7f:75:54:bb:82:c1:23:2c:b0:b1:0b:aa:18:
10:90:0b:59:26:b6:bb:47:da:5e:1b:e1:b9:14:01:84:bb:c8:
9c:f6:08:6f:9e:fc:9b:d7:e0:64:b2:f3:2b:f5:0a:ec:91:15:
2c:00:00:54
-----BEGIN CERTIFICATE-----
MIIGLzCCBRegAwIBAgISAZRLjjh3ITdUCTNT78qV8utlMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTA5MTQ1MzE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YTE1YmJlNDExYzIwYjVmYTgzYTFlNmVlMjFjM2EwZDJjNzgxODA1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAox2ZvHO/+oYt4b+ULgyZUebniR7d
2Y1GtpmtvZacq1xqyi1NGkbW21ESSWFC5Pv6K+WkYDfRSGIlNhlXE/gmoqOuygdj
Uh0PeN2yH7mFiMtZ0cIrUIsYo9otMPeh/AUJxOhuaFsPdIULumk/E1u5tXFPZtgQ
RZu7TT/yjPn1QCcly22y5SgoMoRl7Zdi2KSwWE3rFjtvf55Q4U0ZNxoYQIPjgyWi
IDMSqDE7sY5Gxn3+MdEYOkpSWO1FBjHb9+bRkyyTESDFtBPZE2xtzKtlAyRc8P0j
0RFWrYH/SmBZjqASS92Y3CR9g0vMEdZQTUg+S9rjLsfwQo+35r0oP7vwQwIDAQAB
o4IDOzCCAzcwHQYDVR0OBBYEFJoVu+QRwgtfqDoebuIcOg0seBgFMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbWhXNzVCSENDMS1vT2g1dTRodzZEU3g0R0FVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBTwYIKwYBBQUHAQcBAf8EggE+MIIBOjCCATYEAgABMIIB
LgMEAC0JnQMEAC0M/wMEAC0OpAMEAC1C5AMEAC1C5gMEAC1YQAMEAC2LagMEAC2N
njAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQAUaHvAwQAU9thAwQAVDYwAwQA
VdGFAwQAV3hUAwQAV3hXAwQAV3imAwQAV3ktAwQBV3lUAwQAV3lXAwQAV3lpAwQB
V3l8AwQAV3miAwQAV3mlAwQAV3ndAwQEW1zwAwQBXHfEAwQAXPkwAwQAXPkyAwQC
XpqgAwQAXpwLAwQDXpxAAwQAXpxmAwQAXpyzAwQAXpz4AwQAX9YbAwQAjWIBAwQA
jWIGAwQAk05kAwQCqxZIAwQAstftAwQAudhHAwQCudhUAwQCudpUAwQAwRnYAwQA
wjFeAwQAwje6AwQAwqmvMA0GCSqGSIb3DQEBCwUAA4IBAQAh/FCRCeQMpgTV8YBY
DQ172ksafUeJ6lXJhWWJu2XExxCJz2GY07fu2ViXJeOaZjr1WpLrmfwbzGlmm10Z
zJMZfk7fZiQuVtYXK97FJyNOTIVoh9MTlsLyjRx7poWN4PQzH+tCTyvbNXy2XpYk
P+tUiLC383d60fuYLDlhRXKyFu7iEq2Wopwuy7NrIoIVcjPSZNZh/WRyO7u/82WY
3uXtX0N8WfQ+LqAX2vR4MXa+uK7IDurbg/l+HQDNWd2k46ps2m6rkWJg+sH3VX91
VLuCwSMssLELqhgQkAtZJra7R9peG+G5FAGEu8ic9ghvnvyb1+BksvMr9QrskRUs
AABU
-----END CERTIFICATE-----
Generated at Thu Apr 17 09:44:47 2025 by rpki-client