Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sy7VD5fxinu9zXlONW2a0F1CKqQ.roa
File: sy7VD5fxinu9zXlONW2a0F1CKqQ.roa (raw, json)
Hash identifier: r/kMaB+jRpReekHKr9g8KAxX8os75EVR521FDqizAAg=
Subject key identifier: B3:2E:D5:0F:97:F1:8A:7B:BD:CD:79:4E:35:6D:9A:D0:5D:42:2A:A4
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01945EAE25E9DC38DF5C68B15B685356C840
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sy7VD5fxinu9zXlONW2a0F1CKqQ.roa
Signing time: Mon 13 Jan 2025 08:00:58 +0000
ROA not before: Mon 13 Jan 2025 08:00:58 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 45.9.157.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
81.161.239.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.209.133.0/24 maxlen: 24
87.120.84.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.84.0/23 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.48.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.102.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.237.0/24 maxlen: 24
185.216.71.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
195.178.110.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:5e:ae:25:e9:dc:38:df:5c:68:b1:5b:68:53:56:c8:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 13 08:00:58 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=b32ed50f97f18a7bbdcd794e356d9ad05d422aa4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:3c:85:4d:4d:3f:60:71:ba:c4:a3:8b:be:b9:
09:ae:1b:99:e0:30:61:aa:88:d8:bf:8d:77:f2:f6:
ba:54:eb:cf:9d:1d:ca:6a:15:76:10:74:6f:67:30:
b6:3e:e4:6a:8a:2b:25:19:32:df:0f:bc:9e:30:30:
90:ec:67:a0:81:76:55:e1:a5:e0:02:dc:6f:c7:aa:
60:88:cd:66:a6:fd:fa:44:77:93:79:69:26:9b:0d:
0c:63:7a:8d:dd:3b:49:59:d8:d3:d8:19:65:8c:68:
a8:f9:02:4f:31:e4:bd:25:2d:81:f5:bf:9a:57:cc:
14:fa:0a:11:71:4e:75:88:3e:bb:81:ef:f1:07:e0:
f6:28:fe:3e:3e:5a:7b:3b:b4:9f:39:df:d1:e8:cd:
f1:f2:59:7d:ff:e3:db:f3:27:29:4e:59:a5:6e:fb:
ef:56:20:fd:81:a3:0a:91:a8:b7:0b:b8:7c:5b:a3:
24:5c:33:4e:17:e0:90:70:fd:a5:27:05:18:53:42:
ae:03:51:54:67:0b:68:59:2e:e5:09:c4:7a:5d:47:
8e:ae:09:01:03:59:32:a4:fe:13:8f:70:ae:9d:e8:
d7:d6:d0:77:c5:d3:3d:9f:f8:78:8f:17:c8:c9:60:
9c:5d:94:2d:f0:e4:a8:e9:86:f9:e8:6f:f6:0d:5a:
e8:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B3:2E:D5:0F:97:F1:8A:7B:BD:CD:79:4E:35:6D:9A:D0:5D:42:2A:A4
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/sy7VD5fxinu9zXlONW2a0F1CKqQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.157.0/24
45.12.255.0/24
45.14.164.0/24
45.66.228.0/24
45.66.230.0/24
45.88.64.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
79.110.62.0/24
81.161.239.0/24
83.219.97.0/24
84.54.48.0/24
85.209.133.0/24
87.120.84.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.84.0/23
87.121.87.0/24
87.121.105.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.48.0/24
92.249.50.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.102.0/24
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.237.0/24
185.216.71.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
195.178.110.0/24
Signature Algorithm: sha256WithRSAEncryption
32:10:a3:ea:0a:24:93:d5:97:c1:61:b0:c2:21:c2:49:16:d4:
be:e4:1c:71:74:5e:5f:fe:a6:df:00:73:3d:96:15:6a:ff:71:
c0:f8:25:c3:03:bd:b5:e6:4d:1c:16:82:d3:61:03:4f:f4:88:
50:34:d2:bf:1d:ac:4f:84:bd:f3:ba:98:ea:cf:7a:6b:3b:8f:
87:3e:ea:78:29:b6:16:9a:78:22:36:24:cd:80:a8:e5:25:36:
e2:90:6d:89:00:98:b5:a6:44:b0:14:79:1a:d1:e9:de:42:de:
67:bc:7a:4a:1e:7e:68:a4:61:39:7d:c2:3f:36:ac:96:87:6c:
ee:4b:58:f1:47:4a:f1:4b:b7:65:c6:71:3a:86:3c:40:f0:d5:
3d:18:3a:51:43:99:e1:70:f5:89:16:fe:94:c4:fb:1d:c1:4f:
8d:82:2f:eb:b8:39:bd:6e:8d:4e:e1:69:0f:a4:45:0d:a1:93:
6b:a4:fc:25:f4:79:cd:51:c4:b8:6b:f9:15:eb:84:97:03:4d:
a9:bb:d8:7b:15:ed:22:26:86:35:6c:c5:20:33:40:0e:fa:f3:
45:6c:af:cc:31:e0:65:32:16:44:08:e3:f2:80:bf:3e:4e:6c:
54:79:a1:7f:ec:d1:35:9d:e1:40:a6:f3:77:09:8c:7e:8d:57:
65:d6:58:a5
-----BEGIN CERTIFICATE-----
MIIGLzCCBRegAwIBAgISAZReriXp3DjfXGixW2hTVshAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTEzMDgwMDU4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzJlZDUwZjk3ZjE4YTdiYmRjZDc5NGUzNTZkOWFkMDVkNDIyYWE0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlzyFTU0/YHG6xKOLvrkJrhuZ4DBh
qojYv4138va6VOvPnR3KahV2EHRvZzC2PuRqiislGTLfD7yeMDCQ7GeggXZV4aXg
Atxvx6pgiM1mpv36RHeTeWkmmw0MY3qN3TtJWdjT2BlljGio+QJPMeS9JS2B9b+a
V8wU+goRcU51iD67ge/xB+D2KP4+Plp7O7SfOd/R6M3x8ll9/+Pb8ycpTlmlbvvv
ViD9gaMKkai3C7h8W6MkXDNOF+CQcP2lJwUYU0KuA1FUZwtoWS7lCcR6XUeOrgkB
A1kypP4Tj3CunejX1tB3xdM9n/h4jxfIyWCcXZQt8OSo6Yb56G/2DVrowwIDAQAB
o4IDOzCCAzcwHQYDVR0OBBYEFLMu1Q+X8Yp7vc15TjVtmtBdQiqkMB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvc3k3VkQ1ZnhpbnU5elhsT05XMmEwRjFDS3FRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBTwYIKwYBBQUHAQcBAf8EggE+MIIBOjCCATYEAgABMIIB
LgMEAC0JnQMEAC0M/wMEAC0OpAMEAC1C5AMEAC1C5gMEAC1YQAMEAC2LagMEAC2N
njAMAwQALZdZAwQCLZdYAwQAT24yAwQAT24+AwQAUaHvAwQAU9thAwQAVDYwAwQA
VdGFAwQAV3hUAwQAV3hXAwQAV3imAwQAV3ktAwQBV3lUAwQAV3lXAwQAV3lpAwQB
V3l8AwQAV3miAwQAV3mlAwQEW1zwAwQBXHfEAwQAXPkwAwQAXPkyAwQCXpqgAwQA
XpwLAwQDXpxAAwQAXpxmAwQAXpyzAwQAXpz4AwQAX9YbAwQAjWIBAwQAjWIGAwQA
k05kAwQCqxZIAwQAstftAwQAudhHAwQCudhUAwQCudpUAwQAwRnYAwQAwjFeAwQA
wje6AwQAwqmvAwQAw7JuMA0GCSqGSIb3DQEBCwUAA4IBAQAyEKPqCiST1ZfBYbDC
IcJJFtS+5BxxdF5f/qbfAHM9lhVq/3HA+CXDA7215k0cFoLTYQNP9IhQNNK/HaxP
hL3zupjqz3prO4+HPup4KbYWmngiNiTNgKjlJTbikG2JAJi1pkSwFHka0eneQt5n
vHpKHn5opGE5fcI/NqyWh2zuS1jxR0rxS7dlxnE6hjxA8NU9GDpRQ5nhcPWJFv6U
xPsdwU+Ngi/ruDm9bo1O4WkPpEUNoZNrpPwl9HnNUcS4a/kV64SXA02pu9h7Fe0i
JoY1bMUgM0AO+vNFbK/MMeBlMhZECOPygL8+TmxUeaF/7NE1neFApvN3CYx+jVdl
1lil
-----END CERTIFICATE-----
Generated at Thu Apr 17 01:48:48 2025 by rpki-client