Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/x1_snApE6SZhJZRtfTLCui3ZxPY.roa
File: x1_snApE6SZhJZRtfTLCui3ZxPY.roa (raw, json)
Hash identifier: BOPLxHB4cEGI30ffMSam7V8m9ftV6YATHRYv/j1wi/U=
Subject key identifier: C7:5F:EC:9C:0A:44:E9:26:61:25:94:6D:7D:32:C2:BA:2D:D9:C4:F6
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195AD85ECF9010C7F4D3D22E3D71DDB4EA6
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/x1_snApE6SZhJZRtfTLCui3ZxPY.roa
Signing time: Wed 19 Mar 2025 08:29:50 +0000
ROA not before: Wed 19 Mar 2025 08:29:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.105.0/24 maxlen: 24
94.156.167.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
185.222.160.0/24 maxlen: 24
193.25.216.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:ad:85:ec:f9:01:0c:7f:4d:3d:22:e3:d7:1d:db:4e:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 19 08:29:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c75fec9c0a44e9266125946d7d32c2ba2dd9c4f6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:07:b1:1b:8e:a8:2d:ac:e6:95:a2:1f:25:6b:
29:ca:d1:4a:65:91:d4:36:8d:c3:e2:19:8c:8a:b9:
a8:23:a5:64:e8:45:65:3f:d4:30:ed:32:6b:06:27:
b4:f9:e2:7f:b8:aa:c7:2e:41:b0:06:ac:38:3d:bf:
00:9f:6e:99:e9:63:33:fe:70:3d:95:cb:33:15:84:
01:bb:dc:18:93:79:9a:cc:93:80:72:99:71:5c:93:
6a:13:b0:95:62:73:5e:5a:b4:a3:22:24:e3:6d:3c:
62:9a:ff:6a:5b:f3:60:c1:36:80:d3:8d:de:6a:54:
80:cf:cd:81:67:7a:e8:5f:57:2f:61:17:75:32:20:
1d:4f:61:df:bd:cc:5e:5e:1f:93:0e:e0:88:d6:0a:
35:26:92:c0:97:0d:9d:44:db:26:f3:0d:70:bd:e2:
f7:e4:e6:a2:9c:84:8c:82:d0:f2:90:47:97:83:f7:
6c:f8:ac:1c:99:19:ce:db:48:fa:b9:af:9f:29:c1:
e5:dc:1c:43:94:e7:1b:33:d5:6a:6d:8d:e7:4a:1f:
f1:ba:f4:6f:ef:c8:72:f5:f8:56:93:4a:4c:4d:6c:
16:24:32:64:3f:b7:65:51:7f:66:52:7c:a2:8a:b6:
2a:9b:a1:fa:54:bc:67:eb:63:8d:2a:fb:e3:1b:6e:
4a:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C7:5F:EC:9C:0A:44:E9:26:61:25:94:6D:7D:32:C2:BA:2D:D9:C4:F6
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/x1_snApE6SZhJZRtfTLCui3ZxPY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0-87.120.127.255
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.109.0/24
94.154.160.0/22
94.156.64.0/21
94.156.105.0/24
94.156.167.0/24
94.156.179.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
185.218.84.0/22
185.222.160.0/24
193.25.216.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
37:66:7d:ca:2e:1c:7f:16:3e:06:6e:d1:bb:9d:cb:3f:c4:ba:
f7:00:b6:80:e4:4c:f8:31:9c:0b:29:b2:3f:f8:04:9e:47:f7:
eb:6d:d1:11:38:4a:f3:cf:c3:55:56:6f:74:dd:92:92:77:31:
15:19:ad:c0:ac:a4:e3:82:78:52:8b:e4:5e:83:d9:e8:d3:3b:
46:c8:c8:f5:a8:88:ee:d8:42:c2:ce:1e:18:e0:dc:d7:57:cf:
57:b5:6f:74:20:8b:f3:69:1a:99:d4:f5:7c:f4:20:f9:ec:5f:
4e:07:84:2b:18:45:b1:24:69:70:8c:2f:57:02:11:18:53:3d:
c2:b0:98:65:0e:2b:83:44:29:7c:70:7d:f7:68:e9:78:ac:32:
93:b9:bd:01:4a:50:54:0e:9c:a3:55:24:12:b1:af:0f:62:51:
fa:ec:9a:23:b0:52:aa:f2:91:c4:c8:c4:e6:e6:12:83:e8:ef:
42:f9:7b:70:1f:84:c6:58:76:de:81:64:ec:95:9f:2c:aa:c4:
ed:02:36:46:73:0e:ca:90:a5:4a:b8:3d:dc:2f:43:76:5d:e5:
30:4b:7a:10:52:cf:5d:0e:b8:29:78:84:0a:da:6d:0c:b6:bc:
9b:db:15:82:f7:47:d6:7c:c6:85:9d:78:21:92:d5:22:5c:13:
3e:57:71:ac
-----BEGIN CERTIFICATE-----
MIIGLTCCBRWgAwIBAgISAZWthez5AQx/TT0i49cd206mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzE5MDgyOTUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNzVmZWM5YzBhNDRlOTI2NjEyNTk0NmQ3ZDMyYzJiYTJkZDljNGY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsAexG46oLazmlaIfJWspytFKZZHU
No3D4hmMirmoI6Vk6EVlP9Qw7TJrBie0+eJ/uKrHLkGwBqw4Pb8An26Z6WMz/nA9
lcszFYQBu9wYk3mazJOAcplxXJNqE7CVYnNeWrSjIiTjbTximv9qW/NgwTaA043e
alSAz82BZ3roX1cvYRd1MiAdT2HfvcxeXh+TDuCI1go1JpLAlw2dRNsm8w1wveL3
5OainISMgtDykEeXg/ds+KwcmRnO20j6ua+fKcHl3BxDlOcbM9VqbY3nSh/xuvRv
78hy9fhWk0pMTWwWJDJkP7dlUX9mUnyiirYqm6H6VLxn62ONKvvjG25KgQIDAQAB
o4IDOTCCAzUwHQYDVR0OBBYEFMdf7JwKROkmYSWUbX0ywrot2cT2MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveDFfc25BcEU2U1poSlpSdGZUTEN1aTNaeFBZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBTQYIKwYBBQUHAQcBAf8EggE8MIIBODCCATQEAgABMIIB
LAMEAgX8hAMEAS0JnAMEAC0OpAMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1a
WQMEAC2LagMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAUaHuAwQAU9thAwQA
VDYwAwQAV3hXMAwDBARXeHADBAFXeHQDBAFXeHgwDAMEAFd4fQMEB1d4AAMEAFd4
pgMEAFd5LQMEAFd5VwMEAVd5fAMEAFd5ogMEAFd5pQMEBFtc8AMEAVx3xAMEAFz5
MgMEAF17bQMEAl6aoAMEA16cQAMEAF6caQMEAF6cpwMEAF6cswMEAG3O7QMEAI1i
AQMEAI1iBgMEAJNOZAMEAqsWSAMEALLX4AMEArnYVAMEArnaVAMEALneoAMEAMEZ
2AMEAMI3ugMEAMKprzANBgkqhkiG9w0BAQsFAAOCAQEAN2Z9yi4cfxY+Bm7Ru53L
P8S69wC2gORM+DGcCymyP/gEnkf3623REThK88/DVVZvdN2SkncxFRmtwKyk44J4
UovkXoPZ6NM7RsjI9aiI7thCws4eGODc11fPV7VvdCCL82kamdT1fPQg+exfTgeE
KxhFsSRpcIwvVwIRGFM9wrCYZQ4rg0QpfHB992jpeKwyk7m9AUpQVA6co1UkErGv
D2JR+uyaI7BSqvKRxMjE5uYSg+jvQvl7cB+Exlh23oFk7JWfLKrE7QI2RnMOypCl
Srg93C9Ddl3lMEt6EFLPXQ64KXiECtptDLa8m9sVgvdH1nzGhZ14IZLVIlwTPldx
rA==
-----END CERTIFICATE-----
Generated at Wed Apr 16 19:26:33 2025 by rpki-client