Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rbsQBe12sAHrxCF0xgCkQaXC5VY.roa
File: rbsQBe12sAHrxCF0xgCkQaXC5VY.roa (raw, json)
Hash identifier: cYb9+ywKlRO2lUD2PlwXlUMUL8dRV3JH+eVHb7uQ3ZE=
Subject key identifier: AD:BB:10:05:ED:76:B0:01:EB:C4:21:74:C6:00:A4:41:A5:C2:E5:56
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195B955EAA17857AE8686E1F4C04CF2AA73
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rbsQBe12sAHrxCF0xgCkQaXC5VY.roa
Signing time: Fri 21 Mar 2025 15:32:50 +0000
ROA not before: Fri 21 Mar 2025 15:32:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.128.96.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.38.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.105.0/24 maxlen: 24
94.156.113.0/24 maxlen: 24
94.156.167.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:b9:55:ea:a1:78:57:ae:86:86:e1:f4:c0:4c:f2:aa:73
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 21 15:32:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=adbb1005ed76b001ebc42174c600a441a5c2e556
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:68:77:88:3c:ba:3c:4d:f4:f9:73:76:a9:62:
2f:58:c1:f6:b6:1e:05:2e:51:84:a1:75:09:89:77:
49:92:33:1d:f4:86:0d:ed:95:d4:2f:1f:6b:dc:13:
42:81:d6:b3:45:9a:1c:7e:7b:66:7b:0a:d5:a1:7e:
87:d0:32:f9:51:3f:57:20:b0:0e:36:d0:12:d8:95:
45:39:ad:c0:a9:18:73:31:6a:2c:7e:35:98:54:a8:
55:a7:fc:06:ba:71:b0:c2:4a:7e:a2:64:6b:f8:0e:
46:b2:ce:62:e0:f7:3a:68:96:ae:5f:c4:de:79:29:
94:92:de:6f:1b:b3:ab:f9:0c:4c:8a:b0:5f:b6:a4:
a0:8a:5e:5a:51:5b:67:f0:8e:bc:99:26:13:56:cc:
a4:3b:95:3d:d9:d2:14:62:ca:50:81:28:b5:26:cf:
e1:ea:df:65:ad:ec:96:d7:dd:44:9f:0c:e7:da:cb:
84:4a:e2:ce:a2:19:24:eb:6e:09:0c:bc:2d:a0:02:
19:ba:33:8d:06:f8:0d:95:1b:b7:08:7c:34:f5:51:
57:42:6d:65:ab:ca:f8:35:36:a0:3c:55:ec:2a:00:
3e:2f:0c:98:84:11:6b:0b:a9:a5:93:11:99:95:28:
91:cd:66:07:ab:d7:ad:5f:30:04:0b:e8:4c:16:de:
cd:b9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AD:BB:10:05:ED:76:B0:01:EB:C4:21:74:C6:00:A4:41:A5:C2:E5:56
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/rbsQBe12sAHrxCF0xgCkQaXC5VY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.128.96.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0-87.120.127.255
87.120.166.0/24
87.121.38.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.109.0/24
94.154.160.0/22
94.156.64.0/21
94.156.105.0/24
94.156.113.0/24
94.156.167.0/24
94.156.179.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
193.25.216.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
4c:0a:29:72:80:d3:d0:70:c3:ca:b6:67:e7:ae:84:d6:27:01:
e3:32:8d:71:5f:dd:b6:65:65:5d:94:40:fb:dd:20:49:a9:b3:
16:1a:a0:6d:e1:1c:33:24:93:ba:e5:0b:a6:70:1a:f3:59:20:
62:81:a5:fb:e7:42:d1:d6:61:b9:f2:36:f9:f7:31:16:85:eb:
77:10:49:01:e9:26:f3:49:be:83:5b:54:3e:8a:8d:3f:72:dc:
1e:6f:5b:26:9e:e2:5c:6b:ca:10:3b:a6:47:c2:97:24:73:cc:
ac:0f:a9:cb:45:b2:28:e9:ba:d9:b7:38:42:e7:9f:75:04:b8:
de:6f:e7:3f:30:b3:01:ec:ca:84:68:fb:ca:15:27:6e:d0:14:
8d:6f:9b:a4:50:06:1f:b8:69:26:a9:9a:46:a5:e6:7f:1f:e8:
7d:5f:19:74:09:6f:14:ab:25:33:0f:63:b9:18:fa:f6:1e:df:
14:36:32:a0:bd:84:06:88:88:d2:c0:0d:e4:db:a8:cd:9a:2c:
1e:df:fd:4c:e5:5e:c7:11:3c:11:97:33:fb:7a:48:0d:f0:8a:
cf:5a:75:37:19:82:15:1d:9b:fd:4b:63:00:ad:d5:11:b6:66:
78:4b:bc:27:57:77:23:bb:9e:a5:01:31:ed:c6:aa:50:42:d6:
a5:26:50:9f
-----BEGIN CERTIFICATE-----
MIIGMzCCBRugAwIBAgISAZW5VeqheFeuhobh9MBM8qpzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzIxMTUzMjUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZGJiMTAwNWVkNzZiMDAxZWJjNDIxNzRjNjAwYTQ0MWE1YzJlNTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsGh3iDy6PE30+XN2qWIvWMH2th4F
LlGEoXUJiXdJkjMd9IYN7ZXULx9r3BNCgdazRZocfntmewrVoX6H0DL5UT9XILAO
NtAS2JVFOa3AqRhzMWosfjWYVKhVp/wGunGwwkp+omRr+A5Gss5i4Pc6aJauX8Te
eSmUkt5vG7Or+QxMirBftqSgil5aUVtn8I68mSYTVsykO5U92dIUYspQgSi1Js/h
6t9lreyW191Enwzn2suESuLOohkk624JDLwtoAIZujONBvgNlRu3CHw09VFXQm1l
q8r4NTagPFXsKgA+LwyYhBFrC6mlkxGZlSiRzWYHq9etXzAEC+hMFt7NuQIDAQAB
o4IDPzCCAzswHQYDVR0OBBYEFK27EAXtdrAB68QhdMYApEGlwuVWMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvcmJzUUJlMTJzQUhyeENGMHhnQ2tRYVhDNVZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBUwYIKwYBBQUHAQcBAf8EggFCMIIBPjCCAToEAgABMIIB
MgMEAgX8hAMEAS0JnAMEAC0OpAMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1a
WQMEAC2AYAMEAC2LagMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAUaHuAwQA
U9thAwQAVDYwAwQAV3hXMAwDBARXeHADBAFXeHQDBAFXeHgwDAMEAFd4fQMEB1d4
AAMEAFd4pgMEAFd5JgMEAFd5LQMEAFd5VwMEAVd5fAMEAFd5ogMEAFd5pQMEBFtc
8AMEAVx3xAMEAFz5MgMEAF17bQMEAl6aoAMEA16cQAMEAF6caQMEAF6ccQMEAF6c
pwMEAF6cswMEAG3O7QMEAI1iAQMEAI1iBgMEAJNOZAMEAqsWSAMEALLX4AMEArnY
VAMEAMEZ2AMEAMI3ugMEAMKprzANBgkqhkiG9w0BAQsFAAOCAQEATAopcoDT0HDD
yrZn566E1icB4zKNcV/dtmVlXZRA+90gSamzFhqgbeEcMySTuuULpnAa81kgYoGl
++dC0dZhufI2+fcxFoXrdxBJAekm80m+g1tUPoqNP3LcHm9bJp7iXGvKEDumR8KX
JHPMrA+py0WyKOm62bc4QuefdQS43m/nPzCzAezKhGj7yhUnbtAUjW+bpFAGH7hp
JqmaRqXmfx/ofV8ZdAlvFKslMw9juRj69h7fFDYyoL2EBoiI0sAN5NuozZosHt/9
TOVexxE8EZcz+3pIDfCKz1p1NxmCFR2b/UtjAK3VEbZmeEu8J1d3I7uepQEx7caq
UELWpSZQnw==
-----END CERTIFICATE-----
Generated at Wed Apr 16 20:11:05 2025 by rpki-client