Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/onyvA4L55wQ3aSQYH4n0iJ51vLs.roa
File: onyvA4L55wQ3aSQYH4n0iJ51vLs.roa (raw, json)
Hash identifier: BUD2yMs0f+p6T5Jy4XSyq7NhG9VedYlb8Oztq7yjUtI=
Subject key identifier: A2:7C:AF:03:82:F9:E7:04:37:69:24:18:1F:89:F4:88:9E:75:BC:BB
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195053DFB99D9C964EFDF5F0402DE1D7556
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/onyvA4L55wQ3aSQYH4n0iJ51vLs.roa
Signing time: Fri 14 Feb 2025 16:15:02 +0000
ROA not before: Fri 14 Feb 2025 16:15:02 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
31.13.224.0/24 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.88.88.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.149.241.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
80.76.51.0/24 maxlen: 24
81.161.230.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.31.47.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.86.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.39.0/24 maxlen: 24
93.123.85.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.103.125.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.104.0/24 maxlen: 24
94.156.105.0/24 maxlen: 24
94.156.106.0/24 maxlen: 32
94.156.166.0/24 maxlen: 24
94.156.167.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.48.251.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:05:3d:fb:99:d9:c9:64:ef:df:5f:04:02:de:1d:75:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Feb 14 16:15:02 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a27caf0382f9e704376924181f89f4889e75bcbb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:02:d5:b3:08:59:e4:8a:97:66:a8:66:2e:5b:
14:b1:25:5b:6a:46:a3:e1:58:ae:7f:42:5a:e1:8a:
90:ee:9e:64:af:c1:96:66:6c:07:98:f4:b1:28:88:
9a:31:84:05:09:a5:3c:b9:5e:17:c1:85:24:05:07:
93:c7:6b:65:da:c0:3d:4e:ba:75:60:5e:25:77:d8:
82:fb:d2:a2:33:2c:c4:05:31:33:50:75:cb:67:98:
96:eb:7f:a1:bf:72:50:63:d2:f9:58:61:92:16:5f:
94:7e:15:f4:19:30:b6:0e:21:21:73:01:39:d1:04:
7d:61:87:59:12:f6:1c:a8:c7:fb:ff:88:bf:19:5e:
1d:79:92:c3:fd:35:58:53:1a:e5:50:f6:16:ec:c8:
70:83:b4:7c:87:df:f7:5d:cb:c2:0e:fc:dc:0e:f2:
33:11:8e:4c:b7:0e:d3:23:45:bc:02:2a:42:2e:7a:
7b:84:20:f0:47:2e:0e:b3:96:b0:66:46:53:ea:e1:
fe:ec:0d:8f:d8:b1:9f:26:ed:48:79:ea:9e:62:75:
76:13:b0:d7:e8:b9:1f:6f:3d:26:fd:c1:c0:c1:16:
98:87:94:1c:e9:52:2c:43:e0:e0:53:20:f5:b5:02:
9f:f3:17:29:95:80:22:6d:40:ed:5f:0e:df:1e:af:
43:c5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A2:7C:AF:03:82:F9:E7:04:37:69:24:18:1F:89:F4:88:9E:75:BC:BB
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/onyvA4L55wQ3aSQYH4n0iJ51vLs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
31.13.224.0/24
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.88.88.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.149.241.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
80.76.51.0/24
81.161.230.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
85.31.47.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0-87.120.127.255
87.120.166.0/24
87.121.45.0/24
87.121.86.0/23
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.39.0/24
93.123.85.0/24
93.123.109.0/24
94.103.125.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.104.0-94.156.106.255
94.156.166.0/23
94.156.179.0/24
94.156.248.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.48.251.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
01:44:09:c5:e1:10:c3:91:45:a9:cc:a7:f7:74:03:c5:91:d8:
66:f3:10:e9:35:65:52:40:de:b0:2d:e2:0a:23:92:6f:3e:8f:
b4:e8:84:76:08:bd:65:f9:c0:ff:1d:4a:d6:7a:33:db:47:7b:
33:fa:57:2f:ec:32:a9:09:90:94:d2:45:c4:be:77:9c:6f:1d:
ec:26:82:bf:9a:5d:f4:fa:70:91:b7:b6:92:58:ea:9c:f0:80:
f1:a4:fa:e0:f3:99:35:cf:31:95:da:14:3c:e2:07:4e:26:dc:
63:2a:93:53:78:be:11:85:7d:8f:36:42:a0:4b:e0:2d:43:7e:
28:12:67:87:b4:a0:d7:4f:58:62:c2:8c:87:31:e4:43:6c:b3:
ee:20:c2:9b:36:d4:9a:a5:bf:3b:e1:1b:45:26:46:47:f8:ab:
d0:09:10:75:76:ed:da:05:6b:bd:a5:a2:13:7b:e3:03:5e:a4:
fa:bb:aa:a1:8f:39:4c:ca:7b:72:91:5a:c9:b4:f2:ce:75:ad:
3f:02:24:55:fc:25:f7:90:ab:08:f6:cc:2a:d2:47:0e:01:48:
e8:f6:cb:81:71:0e:2d:29:be:f2:3f:07:a7:3d:9c:5e:d7:bc:
34:ff:b7:58:39:f4:d2:1e:b4:1d:5e:26:35:4c:7c:9d:93:7f:
73:29:7a:88
-----BEGIN CERTIFICATE-----
MIIGgzCCBWugAwIBAgISAZUFPfuZ2clk799fBALeHXVWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMjE0MTYxNTAyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMjdjYWYwMzgyZjllNzA0Mzc2OTI0MTgxZjg5ZjQ4ODllNzViY2JiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuQLVswhZ5IqXZqhmLlsUsSVbakaj
4Viuf0Ja4YqQ7p5kr8GWZmwHmPSxKIiaMYQFCaU8uV4XwYUkBQeTx2tl2sA9Trp1
YF4ld9iC+9KiMyzEBTEzUHXLZ5iW63+hv3JQY9L5WGGSFl+UfhX0GTC2DiEhcwE5
0QR9YYdZEvYcqMf7/4i/GV4deZLD/TVYUxrlUPYW7Mhwg7R8h9/3XcvCDvzcDvIz
EY5Mtw7TI0W8AipCLnp7hCDwRy4Os5awZkZT6uH+7A2P2LGfJu1IeeqeYnV2E7DX
6Lkfbz0m/cHAwRaYh5Qc6VIsQ+DgUyD1tQKf8xcplYAibUDtXw7fHq9DxQIDAQAB
o4IDjzCCA4swHQYDVR0OBBYEFKJ8rwOC+ecEN2kkGB+J9Iiedby7MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvb255dkE0TDU1d1EzYVNRWUg0bjBpSjUxdkxzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBowYIKwYBBQUHAQcBAf8EggGSMIIBjjCCAYoEAgABMIIB
ggMEAgX8hAMEAB8N4AMEAS0JnAMEAC0OpAMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Y
WAMEAC1Z9wMEAC1aWQMEAC2LagMEAC2NngMEAC2V8TAMAwQALZdZAwQCLZdYAwQA
T24yAwQAT24+AwQAUEwzAwQAUaHmAwQAUaHuAwQAU9thAwQAVDYwAwQAVR8vAwQA
V3hXMAwDBARXeHADBAFXeHQDBAFXeHgwDAMEAFd4fQMEB1d4AAMEAFd4pgMEAFd5
LQMEAVd5VgMEAVd5fAMEAFd5ogMEAFd5pQMEBFtc8AMEAVx3xAMEAFz5MgMEAF17
JwMEAF17VQMEAF17bQMEAF5nfQMEAl6aoAMEAF6cCwMEA16cQDAMAwQDXpxoAwQA
XpxqAwQBXpymAwQAXpyzAwQAXpz4AwQAbc7tAwQAjWIBAwQAjWIGAwQAk05kAwQC
qxZIAwQAstfgAwQCudhUAwQCudpUAwQAwRnYAwQAwjD7AwQAwjFeAwQAwje6AwQA
wqmvMA0GCSqGSIb3DQEBCwUAA4IBAQABRAnF4RDDkUWpzKf3dAPFkdhm8xDpNWVS
QN6wLeIKI5JvPo+06IR2CL1l+cD/HUrWejPbR3sz+lcv7DKpCZCU0kXEvnecbx3s
JoK/ml30+nCRt7aSWOqc8IDxpPrg85k1zzGV2hQ84gdOJtxjKpNTeL4RhX2PNkKg
S+AtQ34oEmeHtKDXT1hiwoyHMeRDbLPuIMKbNtSapb874RtFJkZH+KvQCRB1du3a
BWu9paITe+MDXqT6u6qhjzlMyntykVrJtPLOda0/AiRV/CX3kKsI9swq0kcOAUjo
9suBcQ4tKb7yPwenPZxe17w0/7dYOfTSHrQdXiY1THydk39zKXqI
-----END CERTIFICATE-----
Generated at Thu Apr 17 10:40:58 2025 by rpki-client