Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/oXOHVMpBoM4fa0AruirWB-MfrCk.roa
File: oXOHVMpBoM4fa0AruirWB-MfrCk.roa (raw, json)
Hash identifier: moWx5Un52+8Ad+J43Dfnsn0ViJtVNzXfVMUeLEmweuQ=
Subject key identifier: A1:73:87:54:CA:41:A0:CE:1F:6B:40:2B:BA:2A:D6:07:E3:1F:AC:29
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01959432A2301EB15864F940AC7D1CBE6C29
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/oXOHVMpBoM4fa0AruirWB-MfrCk.roa
Signing time: Fri 14 Mar 2025 10:28:20 +0000
ROA not before: Fri 14 Mar 2025 10:28:20 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
81.161.230.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.31.47.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.104.0/24 maxlen: 24
94.156.105.0/24 maxlen: 24
94.156.106.0/24 maxlen: 32
94.156.166.0/24 maxlen: 24
94.156.167.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:94:32:a2:30:1e:b1:58:64:f9:40:ac:7d:1c:be:6c:29
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 14 10:28:20 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a1738754ca41a0ce1f6b402bba2ad607e31fac29
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:0c:4f:f1:70:33:2d:2d:63:1a:0f:8f:58:17:
ba:54:16:df:df:c0:76:0e:5c:46:e9:fc:06:bc:68:
1c:f0:67:2e:2d:e3:09:3a:88:9a:01:bb:e5:c1:87:
e5:a9:03:16:bd:61:c4:e7:fe:b7:3e:c4:aa:cc:36:
4d:f4:e6:a4:61:87:33:c8:fa:55:7e:4a:06:a2:a4:
bd:f0:13:50:a9:be:76:c6:37:1f:af:57:a3:49:a0:
1a:74:dc:55:8a:32:1c:89:8e:48:b5:54:1f:27:b0:
3b:2a:59:3c:9c:24:67:1f:5f:8c:5f:b6:99:1d:76:
18:d9:f2:df:0b:d2:76:34:06:de:f7:99:ea:09:af:
98:27:00:aa:75:78:ff:7b:1a:75:a9:d8:0f:af:98:
bd:d1:c6:5b:7f:08:92:32:0e:f6:cc:08:25:31:9d:
fa:fb:47:2c:89:5a:d0:b7:82:98:48:e1:bc:4e:a9:
ce:30:30:ef:3c:1b:9c:3b:55:22:7b:b3:0d:86:a8:
c0:81:16:1a:33:4e:d2:ae:ea:dc:b2:f2:5e:2b:85:
e9:59:9b:2c:e6:ff:cc:dd:41:1d:ab:62:78:46:b9:
23:ea:11:88:9d:98:4d:45:3d:83:eb:e7:e6:db:64:
fe:ce:55:37:bb:58:7a:8c:a1:f7:4c:7c:53:82:42:
4a:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:73:87:54:CA:41:A0:CE:1F:6B:40:2B:BA:2A:D6:07:E3:1F:AC:29
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/oXOHVMpBoM4fa0AruirWB-MfrCk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
81.161.230.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
85.31.47.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0-87.120.127.255
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.109.0/24
94.154.160.0/22
94.156.64.0/21
94.156.104.0-94.156.106.255
94.156.166.0/23
94.156.179.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
13:ec:3a:b4:76:19:35:3d:9e:74:d9:9d:93:d8:d3:87:0d:58:
8a:9e:ec:92:fb:8a:ac:d5:af:32:cd:2e:ff:a3:c6:68:70:96:
80:ba:94:d4:5f:6c:b7:e3:5f:3c:5d:62:87:fa:0e:73:58:c8:
19:45:d3:70:ac:7f:5c:08:3b:24:16:99:97:26:d8:65:68:a7:
66:90:3e:80:57:32:ce:89:73:3b:ad:4f:67:13:b0:fb:00:7d:
eb:69:cd:0c:18:f2:ad:c8:53:10:5a:3e:9e:fe:a4:e9:09:4e:
55:b9:34:90:3b:ce:b9:cd:40:19:2b:b3:68:cc:2c:a6:e4:04:
f3:47:6b:bf:23:f3:93:78:ba:fa:cc:66:da:2a:e7:dc:b4:30:
59:0b:18:0b:12:94:34:b5:7f:44:48:d7:bf:a4:4e:c4:90:70:
25:eb:43:67:dc:fe:7e:97:e0:e5:ca:44:28:4f:28:29:3d:e1:
be:62:d7:23:6b:1f:03:f6:83:b9:11:90:a9:8e:8b:4e:0c:83:
3c:41:30:6e:93:b6:88:61:6d:b3:82:95:bc:1d:f8:d1:22:df:
12:e0:75:77:19:8b:17:97:62:b6:56:c7:18:33:d7:25:18:28:
a7:28:a1:e0:fe:94:92:3e:95:c9:7f:4b:17:5b:74:33:0b:75:
88:e1:8c:b2
-----BEGIN CERTIFICATE-----
MIIGRzCCBS+gAwIBAgISAZWUMqIwHrFYZPlArH0cvmwpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzE0MTAyODIwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTczODc1NGNhNDFhMGNlMWY2YjQwMmJiYTJhZDYwN2UzMWZhYzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwgxP8XAzLS1jGg+PWBe6VBbf38B2
DlxG6fwGvGgc8GcuLeMJOoiaAbvlwYflqQMWvWHE5/63PsSqzDZN9OakYYczyPpV
fkoGoqS98BNQqb52xjcfr1ejSaAadNxVijIciY5ItVQfJ7A7Klk8nCRnH1+MX7aZ
HXYY2fLfC9J2NAbe95nqCa+YJwCqdXj/exp1qdgPr5i90cZbfwiSMg72zAglMZ36
+0csiVrQt4KYSOG8TqnOMDDvPBucO1Uie7MNhqjAgRYaM07SrurcsvJeK4XpWZss
5v/M3UEdq2J4Rrkj6hGInZhNRT2D6+fm22T+zlU3u1h6jKH3THxTgkJKpQIDAQAB
o4IDUzCCA08wHQYDVR0OBBYEFKFzh1TKQaDOH2tAK7oq1gfjH6wpMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvb1hPSFZNcEJvTTRmYTBBcnVpcldCLU1mckNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBZwYIKwYBBQUHAQcBAf8EggFWMIIBUjCCAU4EAgABMIIB
RgMEAgX8hAMEAS0JnAMEAC0OpAMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1a
WQMEAC2LagMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQAUaHmAwQA
UaHuAwQAU9thAwQAVDYwAwQAVR8vAwQAV3hXMAwDBARXeHADBAFXeHQDBAFXeHgw
DAMEAFd4fQMEB1d4AAMEAFd4pgMEAFd5LQMEAFd5VwMEAVd5fAMEAFd5ogMEAFd5
pQMEBFtc8AMEAVx3xAMEAFz5MgMEAF17bQMEAl6aoAMEA16cQDAMAwQDXpxoAwQA
XpxqAwQBXpymAwQAXpyzAwQAbc7tAwQAjWIBAwQAjWIGAwQAk05kAwQCqxZIAwQA
stfgAwQCudhUAwQCudpUAwQAwRnYAwQAwjFeAwQAwje6AwQAwqmvMA0GCSqGSIb3
DQEBCwUAA4IBAQAT7Dq0dhk1PZ502Z2T2NOHDViKnuyS+4qs1a8yzS7/o8ZocJaA
upTUX2y34188XWKH+g5zWMgZRdNwrH9cCDskFpmXJthlaKdmkD6AVzLOiXM7rU9n
E7D7AH3rac0MGPKtyFMQWj6e/qTpCU5VuTSQO865zUAZK7NozCym5ATzR2u/I/OT
eLr6zGbaKufctDBZCxgLEpQ0tX9ESNe/pE7EkHAl60Nn3P5+l+DlykQoTygpPeG+
Ytcjax8D9oO5EZCpjotODIM8QTBuk7aIYW2zgpW8HfjRIt8S4HV3GYsXl2K2VscY
M9clGCinKKHg/pSSPpXJf0sXW3QzC3WI4Yyy
-----END CERTIFICATE-----
Generated at Thu Apr 17 01:37:22 2025 by rpki-client