Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/nLSxIWAqKhjv15_SwO7AJuvdoVE.roa
File: nLSxIWAqKhjv15_SwO7AJuvdoVE.roa (raw, json)
Hash identifier: gfxLpDB2ekl3CmQ7XSY6tdJXgl9mk4+943mKy8OdpmI=
Subject key identifier: 9C:B4:B1:21:60:2A:2A:18:EF:D7:9F:D2:C0:EE:C0:26:EB:DD:A1:51
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01946A9527C38AEFF67D0EA40816DA302C36
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/nLSxIWAqKhjv15_SwO7AJuvdoVE.roa
Signing time: Wed 15 Jan 2025 15:29:07 +0000
ROA not before: Wed 15 Jan 2025 15:29:07 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 45.9.157.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
81.161.239.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.209.133.0/24 maxlen: 24
87.120.84.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.84.0/23 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.48.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.154.173.0/24 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.102.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.237.0/24 maxlen: 24
185.216.71.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:6a:95:27:c3:8a:ef:f6:7d:0e:a4:08:16:da:30:2c:36
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 15 15:29:07 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=9cb4b121602a2a18efd79fd2c0eec026ebdda151
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:3d:50:2d:5b:4a:99:44:f8:3e:c0:5e:aa:3c:
33:31:d2:1e:45:cb:c5:be:9c:fb:82:53:c4:a5:e1:
c1:c9:93:09:03:b4:38:6e:51:9d:f0:3e:28:a1:99:
dc:fe:c7:2d:31:7f:3b:e2:37:d3:0c:3e:54:60:6a:
ba:24:41:17:6a:9b:37:ce:98:bb:eb:54:df:8b:3e:
34:cd:2e:73:80:d1:4c:4e:c8:77:5c:6c:50:f4:d4:
0a:f8:6d:dc:11:5d:8c:3e:17:c1:83:14:28:b4:6b:
16:0b:c9:9d:f3:ac:cc:b4:b9:37:21:cb:bb:95:a1:
a9:58:99:d3:f0:54:9d:e6:9b:d6:c0:38:0b:58:38:
5d:3b:63:c4:e4:7d:4e:6a:24:8d:42:cb:46:a9:28:
f2:43:56:85:74:cd:8b:b5:e6:de:d2:d1:a4:c0:af:
98:7c:52:7f:7c:96:67:1c:1b:37:00:1c:0e:f5:4d:
09:f5:2c:13:b1:92:c8:e7:32:37:9e:2f:e3:7e:86:
54:2e:5f:40:d8:4e:1d:6e:2a:44:6a:85:e8:0f:8a:
4b:3a:7a:40:f1:60:35:e7:51:81:9b:ad:8c:15:80:
13:ba:ab:ee:7d:65:c1:40:fe:2a:b7:9a:d9:53:e5:
a4:19:7a:e3:a0:66:47:37:6e:fb:3f:52:cc:fe:d2:
44:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9C:B4:B1:21:60:2A:2A:18:EF:D7:9F:D2:C0:EE:C0:26:EB:DD:A1:51
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/nLSxIWAqKhjv15_SwO7AJuvdoVE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.157.0/24
45.12.255.0/24
45.14.164.0/24
45.66.228.0/24
45.66.230.0/24
45.88.64.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
81.161.239.0/24
83.219.97.0/24
84.54.48.0/24
85.209.133.0/24
87.120.84.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.84.0/23
87.121.87.0/24
87.121.105.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.48.0/24
92.249.50.0/24
94.154.160.0/22
94.154.173.0/24
94.156.11.0/24
94.156.64.0/21
94.156.102.0/24
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.237.0/24
185.216.71.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
a1:ff:50:e0:c2:e7:eb:24:fe:ab:40:49:b3:72:e4:f3:60:10:
0a:dd:f3:30:21:da:e3:a4:d8:ed:8e:22:e7:03:6c:ee:a5:b5:
9a:6e:d5:4c:b3:07:de:fe:5c:88:23:df:78:57:7e:ba:3c:04:
26:1e:e4:e9:95:3a:eb:02:0f:da:3b:1a:6c:5b:4e:d9:51:c9:
87:0e:d1:f0:f4:16:45:00:4d:25:a5:e0:18:9e:61:f3:95:28:
37:ef:c0:2a:19:c6:63:a4:85:47:fc:2c:22:33:0e:ae:03:79:
52:06:88:24:e5:44:15:52:3d:0d:22:06:4f:60:df:7c:e8:a4:
6d:f6:3d:11:92:20:09:b1:97:88:b8:67:a6:fd:05:fd:92:1a:
a4:c8:24:cc:cc:3c:cf:11:28:23:50:a4:1e:85:39:ec:fc:33:
f7:b9:16:ea:20:f0:a6:af:75:51:c7:26:66:56:64:0c:0b:99:
a4:4d:a1:63:ef:1d:f7:af:cf:00:45:7e:51:56:00:db:ff:7f:
35:84:c2:c8:d4:da:6b:48:11:72:a5:78:1c:ca:24:e2:63:c6:
90:49:1f:cc:63:30:01:a6:a5:fb:b5:a3:f4:f6:e7:89:41:5f:
9a:b1:61:7a:12:5d:6c:1b:d3:35:99:77:a8:6d:92:bb:23:d3:
45:b8:77:1a
-----BEGIN CERTIFICATE-----
MIIGNTCCBR2gAwIBAgISAZRqlSfDiu/2fQ6kCBbaMCw2MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTE1MTUyOTA3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5Y2I0YjEyMTYwMmEyYTE4ZWZkNzlmZDJjMGVlYzAyNmViZGRhMTUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkT1QLVtKmUT4PsBeqjwzMdIeRcvF
vpz7glPEpeHByZMJA7Q4blGd8D4ooZnc/sctMX874jfTDD5UYGq6JEEXaps3zpi7
61Tfiz40zS5zgNFMTsh3XGxQ9NQK+G3cEV2MPhfBgxQotGsWC8md86zMtLk3Icu7
laGpWJnT8FSd5pvWwDgLWDhdO2PE5H1OaiSNQstGqSjyQ1aFdM2Ltebe0tGkwK+Y
fFJ/fJZnHBs3ABwO9U0J9SwTsZLI5zI3ni/jfoZULl9A2E4dbipEaoXoD4pLOnpA
8WA151GBm62MFYATuqvufWXBQP4qt5rZU+WkGXrjoGZHN277P1LM/tJE8QIDAQAB
o4IDQTCCAz0wHQYDVR0OBBYEFJy0sSFgKioY79ef0sDuwCbr3aFRMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbkxTeElXQXFLaGp2MTVfU3dPN0FKdXZkb1ZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBVQYIKwYBBQUHAQcBAf8EggFEMIIBQDCCATwEAgABMIIB
NAMEAC0JnQMEAC0M/wMEAC0OpAMEAC1C5AMEAC1C5gMEAC1YQAMEAC1aWQMEAC2L
agMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQAUaHvAwQAU9thAwQA
VDYwAwQAVdGFAwQAV3hUAwQAV3hXAwQAV3imAwQAV3ktAwQBV3lUAwQAV3lXAwQA
V3lpAwQBV3l8AwQAV3miAwQAV3mlAwQEW1zwAwQBXHfEAwQAXPkwAwQAXPkyAwQC
XpqgAwQAXpqtAwQAXpwLAwQDXpxAAwQAXpxmAwQAXpyzAwQAXpz4AwQAX9YbAwQA
jWIBAwQAjWIGAwQAk05kAwQCqxZIAwQAstftAwQAudhHAwQCudhUAwQCudpUAwQA
wRnYAwQAwjFeAwQAwje6AwQAwqmvMA0GCSqGSIb3DQEBCwUAA4IBAQCh/1Dgwufr
JP6rQEmzcuTzYBAK3fMwIdrjpNjtjiLnA2zupbWabtVMswfe/lyII994V366PAQm
HuTplTrrAg/aOxpsW07ZUcmHDtHw9BZFAE0lpeAYnmHzlSg378AqGcZjpIVH/Cwi
Mw6uA3lSBogk5UQVUj0NIgZPYN986KRt9j0RkiAJsZeIuGem/QX9khqkyCTMzDzP
ESgjUKQehTns/DP3uRbqIPCmr3VRxyZmVmQMC5mkTaFj7x33r88ARX5RVgDb/381
hMLI1NprSBFypXgcyiTiY8aQSR/MYzABpqX7taP09ueJQV+asWF6El1sG9M1mXeo
bZK7I9NFuHca
-----END CERTIFICATE-----
Generated at Thu Apr 17 01:23:02 2025 by rpki-client