Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xN_E7IrHolvs84Q3L9FWFfz4Xnc.roa
File: xN_E7IrHolvs84Q3L9FWFfz4Xnc.roa (raw, json)
Hash identifier: g8ZXNcwPjSeLwm64QbkdBWC3mV5eB1/ELzcw4rvnOFs=
Subject key identifier: C4:DF:C4:EC:8A:C7:A2:5B:EC:F3:84:37:2F:D1:56:15:FC:F8:5E:77
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01942C6E5C14406E2BA109377360AC1A3FAC
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xN_E7IrHolvs84Q3L9FWFfz4Xnc.roa
Signing time: Fri 03 Jan 2025 13:50:17 +0000
ROA not before: Fri 03 Jan 2025 13:50:17 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 45.9.157.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.62.0/24 maxlen: 24
81.161.239.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
85.209.133.0/24 maxlen: 24
87.120.84.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.84.0/23 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.105.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.48.0/24 maxlen: 24
92.249.50.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.102.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
94.156.248.0/24 maxlen: 24
95.214.27.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.237.0/24 maxlen: 24
185.216.71.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.48.250.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:2c:6e:5c:14:40:6e:2b:a1:09:37:73:60:ac:1a:3f:ac
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Jan 3 13:50:17 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=c4dfc4ec8ac7a25becf384372fd15615fcf85e77
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:3d:0b:71:4c:ba:c3:e9:c6:53:ac:85:47:0f:
f3:ce:68:b2:95:69:da:99:b0:ca:99:04:f4:a4:7a:
82:56:df:ae:2e:ca:67:52:d6:64:b6:aa:e6:a0:fb:
2a:22:57:c1:e2:5b:55:1a:65:1d:8e:90:f4:66:5a:
3d:e5:d7:e1:01:89:39:0b:98:31:90:e2:9c:72:39:
47:4f:16:d6:84:1d:7c:ee:87:6c:57:b6:c8:f1:18:
26:3a:79:87:42:98:63:cf:ba:a1:9f:31:12:ad:ae:
d1:c3:03:c8:ea:37:d9:23:fa:2d:a0:a9:a4:ad:db:
b2:f8:b9:8e:04:b6:1b:b6:cd:b5:35:4e:16:71:1e:
43:47:1e:12:88:1e:d6:f4:ae:8c:20:46:e3:ae:b2:
79:66:55:fd:01:de:3b:e8:1e:61:e3:6a:26:8c:c3:
28:8e:77:f7:56:2e:01:ae:25:b4:c2:93:36:59:68:
7c:e2:fb:a8:5f:94:23:e8:16:e4:00:93:f0:4f:33:
b0:b7:f7:d1:d1:7d:8e:a4:a3:53:e6:77:d7:8c:23:
3e:42:93:d4:f3:b9:24:fd:23:f3:cb:87:78:c1:97:
b8:f8:64:03:90:45:ee:5c:25:f4:ed:2d:5b:17:77:
cf:72:4a:89:74:1d:99:ae:07:3d:d9:f2:f1:b8:0e:
ad:cf
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C4:DF:C4:EC:8A:C7:A2:5B:EC:F3:84:37:2F:D1:56:15:FC:F8:5E:77
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/xN_E7IrHolvs84Q3L9FWFfz4Xnc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.157.0/24
45.12.255.0/24
45.14.164.0/24
45.66.228.0/24
45.66.230.0/24
45.88.64.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.62.0/24
81.161.239.0/24
83.219.97.0/24
84.54.48.0/24
85.209.133.0/24
87.120.84.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.84.0/23
87.121.87.0/24
87.121.105.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.48.0/24
92.249.50.0/24
94.154.160.0/22
94.156.11.0/24
94.156.64.0/21
94.156.102.0/24
94.156.179.0/24
94.156.248.0/24
95.214.27.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.237.0/24
185.216.71.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.48.250.0/24
194.49.94.0/24
194.55.186.0/24
194.169.175.0/24
Signature Algorithm: sha256WithRSAEncryption
a3:91:9a:dd:38:97:04:98:6e:51:73:de:6d:2c:f5:6e:06:24:
5e:83:e1:d3:f8:0c:e1:cf:66:90:b6:13:a5:c9:2e:44:38:2f:
75:9e:6e:5f:0a:0a:f5:3e:16:38:ea:f2:b4:57:ca:25:7e:24:
98:6e:fb:3a:1b:f4:3b:63:b1:54:c7:1b:0d:b1:36:50:51:19:
15:60:af:a8:15:e2:cd:b7:f6:55:ed:d0:37:ce:d0:71:2d:67:
b9:6b:7b:2d:d8:8c:d9:a5:9f:52:63:86:28:1b:92:69:aa:e1:
9b:6c:6a:67:a3:93:56:52:e7:fd:1d:78:77:54:d4:8c:ed:63:
dd:11:14:89:14:28:63:1a:7d:19:6c:aa:8f:f1:2b:c7:d5:54:
46:15:13:b4:c2:b1:04:1e:c9:ca:67:38:1d:28:2f:7c:21:11:
b4:b1:91:f6:95:82:5d:a8:8a:17:0c:7d:19:ca:87:de:91:78:
b3:b0:59:3b:5b:c0:aa:6d:03:9c:58:e3:a6:a6:92:b1:a9:15:
57:6c:2d:d1:dc:e9:49:66:8c:e1:7f:a0:e3:56:d6:96:27:2d:
5f:fc:08:ec:88:d4:3b:65:75:b1:d4:7b:4d:de:f7:7f:59:ac:
ab:39:f1:4a:06:4d:62:87:50:33:9e:d0:91:fd:f5:b0:93:b7:
3f:d1:11:6d
-----BEGIN CERTIFICATE-----
MIIGKTCCBRGgAwIBAgISAZQsblwUQG4roQk3c2CsGj+sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMTAzMTM1MDE3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNGRmYzRlYzhhYzdhMjViZWNmMzg0MzcyZmQxNTYxNWZjZjg1ZTc3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvz0LcUy6w+nGU6yFRw/zzmiylWna
mbDKmQT0pHqCVt+uLspnUtZktqrmoPsqIlfB4ltVGmUdjpD0Zlo95dfhAYk5C5gx
kOKccjlHTxbWhB187odsV7bI8RgmOnmHQphjz7qhnzESra7RwwPI6jfZI/otoKmk
rduy+LmOBLYbts21NU4WcR5DRx4SiB7W9K6MIEbjrrJ5ZlX9Ad476B5h42omjMMo
jnf3Vi4BriW0wpM2WWh84vuoX5Qj6BbkAJPwTzOwt/fR0X2OpKNT5nfXjCM+QpPU
87kk/SPzy4d4wZe4+GQDkEXuXCX07S1bF3fPckqJdB2Zrgc92fLxuA6tzwIDAQAB
o4IDNTCCAzEwHQYDVR0OBBYEFMTfxOyKx6Jb7POENy/RVhX8+F53MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveE5fRTdJckhvbHZzODRRM0w5RldGZno0WG5jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBSQYIKwYBBQUHAQcBAf8EggE4MIIBNDCCATAEAgABMIIB
KAMEAC0JnQMEAC0M/wMEAC0OpAMEAC1C5AMEAC1C5gMEAC1YQAMEAC2LagMEAC2N
njAMAwQALZdZAwQCLZdYAwQAT24+AwQAUaHvAwQAU9thAwQAVDYwAwQAVdGFAwQA
V3hUAwQAV3hXAwQAV3imAwQAV3ktAwQBV3lUAwQAV3lXAwQAV3lpAwQBV3l8AwQA
V3miAwQAV3mlAwQEW1zwAwQBXHfEAwQAXPkwAwQAXPkyAwQCXpqgAwQAXpwLAwQD
XpxAAwQAXpxmAwQAXpyzAwQAXpz4AwQAX9YbAwQAjWIBAwQAjWIGAwQAk05kAwQC
qxZIAwQAstftAwQAudhHAwQCudhUAwQCudpUAwQAwRnYAwQAwjD6AwQAwjFeAwQA
wje6AwQAwqmvMA0GCSqGSIb3DQEBCwUAA4IBAQCjkZrdOJcEmG5Rc95tLPVuBiRe
g+HT+Azhz2aQthOlyS5EOC91nm5fCgr1PhY46vK0V8olfiSYbvs6G/Q7Y7FUxxsN
sTZQURkVYK+oFeLNt/ZV7dA3ztBxLWe5a3st2IzZpZ9SY4YoG5JpquGbbGpno5NW
Uuf9HXh3VNSM7WPdERSJFChjGn0ZbKqP8SvH1VRGFRO0wrEEHsnKZzgdKC98IRG0
sZH2lYJdqIoXDH0ZyofekXizsFk7W8CqbQOcWOOmppKxqRVXbC3R3OlJZozhf6Dj
VtaWJy1f/AjsiNQ7ZXWx1HtN3vd/WayrOfFKBk1ih1AzntCR/fWwk7c/0RFt
-----END CERTIFICATE-----
Generated at Thu Apr 17 09:37:24 2025 by rpki-client