Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/o7Gqqz0vu4ysxK15cMquFWNcZjM.roa
File: o7Gqqz0vu4ysxK15cMquFWNcZjM.roa (raw, json)
Hash identifier: fuS0QxT3SmgZuzf3OkbRvAn3CbkLDkA0kXxpQEIZlCI=
Subject key identifier: A3:B1:AA:AB:3D:2F:BB:8C:AC:C4:AD:79:70:CA:AE:15:63:5C:66:33
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195A7F0C9993291AEEC5287978FC62BE739
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/o7Gqqz0vu4ysxK15cMquFWNcZjM.roa
Signing time: Tue 18 Mar 2025 06:28:50 +0000
ROA not before: Tue 18 Mar 2025 06:28:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.105.0/24 maxlen: 24
94.156.167.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:a7:f0:c9:99:32:91:ae:ec:52:87:97:8f:c6:2b:e7:39
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 18 06:28:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a3b1aaab3d2fbb8cacc4ad7970caae15635c6633
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:7d:a6:85:1b:77:29:cb:3a:f6:9c:29:e8:af:
fd:1a:3f:24:f3:a8:c0:27:c6:08:3c:bd:72:cc:22:
e7:ba:5e:34:6e:8c:cd:d9:1c:d0:92:3a:b3:22:44:
c4:5f:32:6b:e8:6a:2a:a9:7d:c9:43:c4:99:0a:a1:
1f:95:8c:99:ba:e8:e6:61:b5:50:85:8a:17:d3:0d:
cb:0b:a1:93:ec:a7:dd:c1:cf:42:f2:36:95:a4:96:
87:d4:32:49:cf:25:91:c4:dd:ce:f2:36:e4:4f:fc:
b0:7c:38:42:63:87:96:f8:0a:11:db:e3:9c:5c:d6:
91:1e:b8:31:a6:1b:13:88:84:80:07:f0:30:09:12:
f8:00:22:fa:b8:e1:8e:0e:ca:71:4e:af:43:52:d0:
87:11:06:6c:e3:e5:75:85:b1:8a:e6:ce:0c:a4:17:
ce:79:51:ed:e0:2f:7e:df:13:e5:6e:71:ea:82:6f:
e4:c5:6f:2e:5b:a9:19:c1:37:a5:8d:78:6a:28:dd:
9a:69:dc:fa:bc:45:e7:b5:73:7b:74:95:d0:15:e7:
5a:5b:60:b2:f8:3f:13:3d:22:cf:dc:48:ea:49:28:
32:b7:73:c4:dd:85:fd:f1:cd:99:7c:23:16:b1:6d:
35:9a:24:79:1a:5a:bb:79:ce:85:92:1f:47:11:cb:
8c:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:B1:AA:AB:3D:2F:BB:8C:AC:C4:AD:79:70:CA:AE:15:63:5C:66:33
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/o7Gqqz0vu4ysxK15cMquFWNcZjM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0-87.120.127.255
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.109.0/24
94.154.160.0/22
94.156.64.0/21
94.156.105.0/24
94.156.167.0/24
94.156.179.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
01:14:da:a5:87:a4:23:0f:b4:d1:ee:1c:76:fb:5e:c2:60:20:
6a:06:bf:37:71:16:e4:0d:a4:1c:6a:8d:d4:8d:b5:fc:db:03:
6b:31:49:76:1d:5d:63:04:12:12:6b:23:52:7d:2d:b3:69:bf:
ef:a8:e2:ae:c7:82:06:29:26:52:99:38:d6:a3:b7:1c:3d:e1:
a1:b1:4c:05:5a:f5:a5:bb:83:b9:ac:ab:3a:9e:d0:9f:c0:ff:
6b:1c:4f:9a:a8:24:84:51:dd:1c:79:75:0a:0c:53:91:45:b0:
3b:80:ad:69:f7:29:ed:0f:8b:ef:de:41:57:ef:21:9f:6f:19:
67:e1:ac:e5:58:ff:e8:f8:7d:bc:45:26:5e:65:3e:4d:a9:89:
cb:8b:71:db:c1:91:48:9f:09:80:b5:62:26:72:90:1b:52:cd:
ca:76:be:6b:9e:e5:1e:8e:93:a9:2e:52:13:00:ae:fd:0b:5e:
03:b0:88:18:4a:b9:cf:d5:24:47:78:a4:29:31:ff:08:9c:37:
68:a7:69:05:d9:65:94:99:df:da:e2:04:8a:88:0e:0c:42:26:
50:3a:7e:4b:aa:8b:e2:38:2f:83:9e:c0:a7:06:f3:27:a4:36:
4f:cb:aa:68:3a:cc:ca:a7:c2:cc:e7:cf:f6:6f:c1:9c:fd:ed:
cc:68:d6:30
-----BEGIN CERTIFICATE-----
MIIGJzCCBQ+gAwIBAgISAZWn8MmZMpGu7FKHl4/GK+c5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzE4MDYyODUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2IxYWFhYjNkMmZiYjhjYWNjNGFkNzk3MGNhYWUxNTYzNWM2NjMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq32mhRt3Kcs69pwp6K/9Gj8k86jA
J8YIPL1yzCLnul40bozN2RzQkjqzIkTEXzJr6GoqqX3JQ8SZCqEflYyZuujmYbVQ
hYoX0w3LC6GT7Kfdwc9C8jaVpJaH1DJJzyWRxN3O8jbkT/ywfDhCY4eW+AoR2+Oc
XNaRHrgxphsTiISAB/AwCRL4ACL6uOGODspxTq9DUtCHEQZs4+V1hbGK5s4MpBfO
eVHt4C9+3xPlbnHqgm/kxW8uW6kZwTeljXhqKN2aadz6vEXntXN7dJXQFedaW2Cy
+D8TPSLP3EjqSSgyt3PE3YX98c2ZfCMWsW01miR5Glq7ec6Fkh9HEcuMKwIDAQAB
o4IDMzCCAy8wHQYDVR0OBBYEFKOxqqs9L7uMrMSteXDKrhVjXGYzMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvbzdHcXF6MHZ1NHlzeEsxNWNNcXVGV05jWmpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBRwYIKwYBBQUHAQcBAf8EggE2MIIBMjCCAS4EAgABMIIB
JgMEAgX8hAMEAS0JnAMEAC0OpAMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1a
WQMEAC2LagMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAUaHuAwQAU9thAwQA
VDYwAwQAV3hXMAwDBARXeHADBAFXeHQDBAFXeHgwDAMEAFd4fQMEB1d4AAMEAFd4
pgMEAFd5LQMEAFd5VwMEAVd5fAMEAFd5ogMEAFd5pQMEBFtc8AMEAVx3xAMEAFz5
MgMEAF17bQMEAl6aoAMEA16cQAMEAF6caQMEAF6cpwMEAF6cswMEAG3O7QMEAI1i
AQMEAI1iBgMEAJNOZAMEAqsWSAMEALLX4AMEArnYVAMEArnaVAMEAMEZ2AMEAMI3
ugMEAMKprzANBgkqhkiG9w0BAQsFAAOCAQEAARTapYekIw+00e4cdvtewmAgaga/
N3EW5A2kHGqN1I21/NsDazFJdh1dYwQSEmsjUn0ts2m/76jirseCBikmUpk41qO3
HD3hobFMBVr1pbuDuayrOp7Qn8D/axxPmqgkhFHdHHl1CgxTkUWwO4Ctafcp7Q+L
795BV+8hn28ZZ+Gs5Vj/6Ph9vEUmXmU+TamJy4tx28GRSJ8JgLViJnKQG1LNyna+
a57lHo6TqS5SEwCu/QteA7CIGEq5z9UkR3ikKTH/CJw3aKdpBdlllJnf2uIEiogO
DEImUDp+S6qL4jgvg57ApwbzJ6Q2T8uqaDrMyqfCzOfP9m/BnP3tzGjWMA==
-----END CERTIFICATE-----
Generated at Thu Apr 17 09:42:21 2025 by rpki-client