Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/pDUPyPZ2ehMpczZ9VOK6Th0R53c.roa
File: pDUPyPZ2ehMpczZ9VOK6Th0R53c.roa (raw, json)
Hash identifier: ADzmFps9TvQSUCcRdurczfniLKdClg3rkiX7YkkesBM=
Subject key identifier: A4:35:0F:C8:F6:76:7A:13:29:73:36:7D:54:E2:BA:4E:1D:11:E7:77
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 019390FA1C35597D336D818B7F0E1FDA7319
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/pDUPyPZ2ehMpczZ9VOK6Th0R53c.roa
Signing time: Wed 04 Dec 2024 09:22:10 +0000
ROA not before: Wed 04 Dec 2024 09:22:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 45.12.255.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.84.90.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.88.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
93.123.24.0/24 maxlen: 24
93.123.80.0/24 maxlen: 24
93.123.84.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.6.0/24 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.179.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
185.226.174.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:90:fa:1c:35:59:7d:33:6d:81:8b:7f:0e:1f:da:73:19
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Dec 4 09:22:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a4350fc8f6767a132973367d54e2ba4e1d11e777
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:72:96:8a:e9:c6:4e:56:a1:91:a3:24:cc:bf:
8d:1d:b6:31:13:ca:58:33:bd:7a:18:98:68:55:c6:
a5:a1:90:74:39:1a:f8:78:2d:22:b3:27:4d:93:69:
8d:93:95:fc:fe:60:b4:7d:e3:ee:32:6e:06:b9:1c:
a4:0e:ef:a1:d7:2e:4f:6f:03:2c:44:96:25:86:26:
d4:13:6c:d4:12:90:98:49:e9:03:fe:7b:a1:b9:da:
bb:0f:d4:51:c2:32:21:9c:e2:34:8a:ea:6a:ec:bc:
47:f0:6d:d7:ae:e7:26:fd:8d:8b:94:fe:bd:18:18:
23:df:6f:5b:9f:7a:07:e9:41:18:c3:2f:3c:e1:74:
e8:b2:54:fd:58:66:70:38:56:67:72:92:e8:38:33:
07:8a:5e:b1:b5:91:41:b8:b3:d0:fa:df:e8:b3:91:
56:00:11:aa:fc:65:06:ca:f1:65:c2:36:7e:2a:23:
fb:bc:57:1f:77:66:a4:30:19:54:1d:9d:77:97:9b:
72:d4:1a:3b:34:1d:17:35:e0:90:ac:da:97:89:59:
e8:9f:be:f3:b3:24:8e:d7:12:43:dd:1b:c6:75:ca:
c1:16:c7:be:6f:9e:01:05:93:fd:63:44:e7:56:e5:
51:e1:fd:e9:29:ce:34:25:15:62:a2:48:67:0d:41:
f7:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A4:35:0F:C8:F6:76:7A:13:29:73:36:7D:54:E2:BA:4E:1D:11:E7:77
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/pDUPyPZ2ehMpczZ9VOK6Th0R53c.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.12.255.0/24
45.14.164.0/24
45.66.228.0/24
45.84.90.0/24
45.88.64.0/24
45.90.88.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
93.123.24.0/24
93.123.80.0/24
93.123.84.0/24
94.154.160.0/22
94.156.6.0/24
94.156.11.0/24
94.156.64.0/21
94.156.179.0/24
141.98.1.0/24
147.78.100.0/24
171.22.72.0/22
185.216.84.0/22
185.218.84.0/22
185.226.174.0/24
194.49.94.0/24
Signature Algorithm: sha256WithRSAEncryption
5f:a4:77:89:71:30:b0:23:b2:fc:48:38:8c:cd:23:cb:ad:20:
51:7c:c2:26:e5:98:e1:96:f3:58:72:ca:79:fd:73:4f:b6:4a:
1d:5a:60:cd:de:df:e6:67:75:67:0d:59:77:98:f9:93:ea:ae:
8d:6d:9a:aa:aa:b5:ca:05:ed:d9:d6:07:28:73:8b:0f:c4:75:
93:14:37:75:33:23:f4:4e:16:7e:4a:59:7d:a8:a1:95:06:ec:
2c:7c:bc:3b:bc:43:c9:83:79:f4:bc:1a:8a:c0:47:ba:cd:32:
6d:c3:c0:cb:49:04:42:c0:56:a1:87:e0:01:32:75:53:37:85:
cd:3b:b7:96:2e:2e:84:ba:81:17:0b:6b:d6:14:17:e9:85:55:
d6:c4:f5:30:35:c8:df:60:76:81:1b:9b:5e:7f:86:73:85:02:
b0:94:5a:74:50:ac:42:04:53:cf:87:6e:3f:d8:f1:56:77:e0:
13:b5:ea:00:23:b1:b5:bb:eb:85:d6:91:92:4b:72:93:75:aa:
35:64:2e:0a:a6:f9:64:5a:f1:5d:e2:45:c2:4e:07:58:ea:ec:
da:8a:aa:13:c3:b2:a9:f8:56:0c:ee:e9:9a:3f:a3:8f:fa:d9:
3c:2e:f8:f2:c9:26:7c:3f:10:a3:c7:cb:4e:09:06:7c:46:51:
1b:1d:6e:a2
-----BEGIN CERTIFICATE-----
MIIF1jCCBL6gAwIBAgISAZOQ+hw1WX0zbYGLfw4f2nMZMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMjA0MDkyMjEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhNDM1MGZjOGY2NzY3YTEzMjk3MzM2N2Q1NGUyYmE0ZTFkMTFlNzc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAonKWiunGTlahkaMkzL+NHbYxE8pY
M716GJhoVcaloZB0ORr4eC0isydNk2mNk5X8/mC0fePuMm4GuRykDu+h1y5PbwMs
RJYlhibUE2zUEpCYSekD/nuhudq7D9RRwjIhnOI0iupq7LxH8G3Xrucm/Y2LlP69
GBgj329bn3oH6UEYwy884XToslT9WGZwOFZncpLoODMHil6xtZFBuLPQ+t/os5FW
ABGq/GUGyvFlwjZ+KiP7vFcfd2akMBlUHZ13l5ty1Bo7NB0XNeCQrNqXiVnon77z
sySO1xJD3RvGdcrBFse+b54BBZP9Y0TnVuVR4f3pKc40JRViokhnDUH3BwIDAQAB
o4IC4jCCAt4wHQYDVR0OBBYEFKQ1D8j2dnoTKXM2fVTiuk4dEed3MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcERVUHlQWjJlaE1wY3paOVZPSzZUaDBSNTNjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH3BggrBgEFBQcBBwEB/wSB5zCB5DCB4QQCAAEwgdoDBAAt
DP8DBAAtDqQDBAAtQuQDBAAtVFoDBAAtWEADBAAtWlgDBAAti2oDBAAtjZ4wDAME
AC2XWQMEAi2XWAMEAFPbYQMEAFQ2MAMEAFd4VwMEAFd4pgMEAFd5LQMEAFd5VwME
AVd5fAMEAFd5ogMEAFd5pQMEBFtc8AMEAVx3xAMEAF17GAMEAF17UAMEAF17VAME
Al6aoAMEAF6cBgMEAF6cCwMEA16cQAMEAF6cswMEAI1iAQMEAJNOZAMEAqsWSAME
ArnYVAMEArnaVAMEALnirgMEAMIxXjANBgkqhkiG9w0BAQsFAAOCAQEAX6R3iXEw
sCOy/Eg4jM0jy60gUXzCJuWY4ZbzWHLKef1zT7ZKHVpgzd7f5md1Zw1Zd5j5k+qu
jW2aqqq1ygXt2dYHKHOLD8R1kxQ3dTMj9E4WfkpZfaihlQbsLHy8O7xDyYN59Lwa
isBHus0ybcPAy0kEQsBWoYfgATJ1UzeFzTu3li4uhLqBFwtr1hQX6YVV1sT1MDXI
32B2gRubXn+Gc4UCsJRadFCsQgRTz4duP9jxVnfgE7XqACOxtbvrhdaRkktyk3Wq
NWQuCqb5ZFrxXeJFwk4HWOrs2oqqE8OyqfhWDO7pmj+jj/rZPC748skmfD8Qo8fL
TgkGfEZRGx1uog==
-----END CERTIFICATE-----
Generated at Wed Apr 16 19:41:24 2025 by rpki-client