Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ygVEW111mNdsOJmy7znfAU5-xf0.roa
File: ygVEW111mNdsOJmy7znfAU5-xf0.roa (raw, json)
Hash identifier: IyYbKrJYg4IbO3ojkNIVN3/fcnWxfvU0RySQf24wQaU=
Subject key identifier: CA:05:44:5B:5D:75:98:D7:6C:38:99:B2:EF:39:DF:01:4E:7E:C5:FD
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 0195A49605ADC41512B238F32AC80580A313
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ygVEW111mNdsOJmy7znfAU5-xf0.roa
Signing time: Mon 17 Mar 2025 14:50:50 +0000
ROA not before: Mon 17 Mar 2025 14:50:50 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 0
IP address blocks: 5.252.132.0/22 maxlen: 24
45.9.156.0/24 maxlen: 24
45.9.157.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.66.230.0/24 maxlen: 24
45.66.231.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.89.247.0/24 maxlen: 24
45.90.89.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
79.110.50.0/24 maxlen: 24
81.161.238.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.112.0/22 maxlen: 24
87.120.116.0/23 maxlen: 24
87.120.120.0/23 maxlen: 24
87.120.125.0/24 maxlen: 24
87.120.126.0/23 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
92.249.50.0/24 maxlen: 24
93.123.109.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.105.0/24 maxlen: 24
94.156.167.0/24 maxlen: 24
94.156.179.0/24 maxlen: 24
109.206.237.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
141.98.6.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
178.215.224.0/24 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
193.25.216.0/24 maxlen: 24
194.55.186.0/24 maxlen: 24
194.169.175.0/24 maxlen: 24
195.178.121.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:95:a4:96:05:ad:c4:15:12:b2:38:f3:2a:c8:05:80:a3:13
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Mar 17 14:50:50 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=ca05445b5d7598d76c3899b2ef39df014e7ec5fd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e0:2c:36:30:c4:4d:b8:ee:fa:91:0d:84:2d:0d:
3a:7f:96:21:a8:59:64:32:4c:d0:2d:e9:7b:d2:b6:
9b:88:cf:e0:08:46:b8:fd:76:0c:a7:b0:0e:4e:51:
26:58:0f:92:ff:13:e3:85:58:49:48:12:1c:95:4d:
d2:16:13:bd:ed:af:d3:b9:68:f9:00:2e:7c:a0:95:
2e:8b:62:9a:ab:a8:70:63:78:44:38:e4:c0:18:ba:
91:1e:ae:98:40:14:e3:e8:fc:43:8d:a9:db:d7:7e:
cc:e9:1c:e9:15:c2:46:ce:a5:38:d8:25:9b:db:63:
03:f0:6a:ba:e2:ff:0d:12:58:5e:cb:9a:5d:29:b7:
56:94:33:0e:91:0a:bf:43:df:23:a8:88:8f:fe:e2:
e0:1e:bd:96:2d:98:b9:01:8d:a5:a6:3e:b3:ce:b0:
37:c0:46:43:77:49:f8:80:18:2b:8f:31:d4:75:3c:
91:7b:e1:ab:a4:0e:39:57:f7:ad:28:3d:34:ea:68:
57:89:c5:ee:2e:95:18:0d:d0:87:98:f5:1f:47:df:
6a:50:91:67:14:5d:2c:61:1c:46:4f:d8:5c:70:f1:
74:bd:fe:bd:15:b4:ae:83:eb:f2:c0:27:2b:2b:3e:
0f:a6:ab:90:1a:fa:a5:5e:8f:3d:1b:b6:2c:3f:af:
77:a5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CA:05:44:5B:5D:75:98:D7:6C:38:99:B2:EF:39:DF:01:4E:7E:C5:FD
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/ygVEW111mNdsOJmy7znfAU5-xf0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.252.132.0/22
45.9.156.0/23
45.14.164.0/24
45.66.228.0/24
45.66.230.0/23
45.88.64.0/24
45.89.247.0/24
45.90.89.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
79.110.50.0/24
81.161.238.0/24
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.112.0-87.120.117.255
87.120.120.0/23
87.120.125.0-87.120.127.255
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
92.249.50.0/24
93.123.109.0/24
94.154.160.0/22
94.156.64.0/21
94.156.105.0/24
94.156.167.0/24
94.156.179.0/24
109.206.237.0/24
141.98.1.0/24
141.98.6.0/24
147.78.100.0/24
171.22.72.0/22
178.215.224.0/24
185.216.84.0/22
185.218.84.0/22
193.25.216.0/24
194.55.186.0/24
194.169.175.0/24
195.178.121.0/24
Signature Algorithm: sha256WithRSAEncryption
88:49:a3:19:23:36:ce:18:6d:d6:24:63:8a:a1:b0:2a:26:2b:
b5:93:99:c1:7d:a5:26:61:6f:64:2d:64:06:7c:9b:79:f4:98:
10:5e:da:e7:98:a9:63:07:ae:74:ed:8b:14:0b:85:ce:47:8e:
70:b3:c9:f7:be:da:48:87:b3:27:18:ef:48:51:e6:9a:95:fa:
22:72:35:44:c7:5c:7e:80:d8:1c:38:b4:75:2f:25:67:1f:52:
81:12:2b:4c:ef:de:18:f0:2c:61:52:a6:b7:29:96:b2:81:04:
97:b2:87:73:eb:67:bc:2a:fe:fa:dd:e6:a1:b8:9d:ac:da:2d:
e6:f3:9d:f9:12:b1:8c:75:a7:66:d4:18:4e:ee:09:06:d2:c9:
7a:39:88:2c:83:65:90:7a:2f:38:cd:1d:88:23:ff:48:31:4f:
16:7a:1d:10:79:06:70:96:6e:8b:89:d1:42:5d:0b:6a:24:4a:
38:83:b5:95:b5:1b:1f:57:34:38:60:16:e3:c1:d4:dd:56:33:
5b:5c:f4:19:47:a3:7a:bc:15:47:34:8d:05:46:b3:71:2f:11:
e3:cb:4b:b5:3c:4d:95:df:d7:c4:d9:23:23:97:9d:ce:b4:ef:
46:5c:5a:72:ec:b2:4e:fc:aa:c3:e6:24:24:6d:c1:c7:89:7d:
93:08:c3:fb
-----BEGIN CERTIFICATE-----
MIIGLTCCBRWgAwIBAgISAZWklgWtxBUSsjjzKsgFgKMTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjUwMzE3MTQ1MDUwWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTA1NDQ1YjVkNzU5OGQ3NmMzODk5YjJlZjM5ZGYwMTRlN2VjNWZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4Cw2MMRNuO76kQ2ELQ06f5YhqFlk
MkzQLel70rabiM/gCEa4/XYMp7AOTlEmWA+S/xPjhVhJSBIclU3SFhO97a/TuWj5
AC58oJUui2Kaq6hwY3hEOOTAGLqRHq6YQBTj6PxDjanb137M6RzpFcJGzqU42CWb
22MD8Gq64v8NElhey5pdKbdWlDMOkQq/Q98jqIiP/uLgHr2WLZi5AY2lpj6zzrA3
wEZDd0n4gBgrjzHUdTyRe+GrpA45V/etKD006mhXicXuLpUYDdCHmPUfR99qUJFn
FF0sYRxGT9hccPF0vf69FbSug+vywCcrKz4PpquQGvqlXo89G7YsP693pQIDAQAB
o4IDOTCCAzUwHQYDVR0OBBYEFMoFRFtddZjXbDiZsu853wFOfsX9MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEveWdWRVcxMTFtTmRzT0pteTd6bmZBVTUteGYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBTQYIKwYBBQUHAQcBAf8EggE8MIIBODCCATQEAgABMIIB
LAMEAgX8hAMEAS0JnAMEAC0OpAMEAC1C5AMEAS1C5gMEAC1YQAMEAC1Z9wMEAC1a
WQMEAC2LagMEAC2NnjAMAwQALZdZAwQCLZdYAwQAT24yAwQAUaHuAwQAU9thAwQA
VDYwAwQAV3hXMAwDBARXeHADBAFXeHQDBAFXeHgwDAMEAFd4fQMEB1d4AAMEAFd4
pgMEAFd5LQMEAFd5VwMEAVd5fAMEAFd5ogMEAFd5pQMEBFtc8AMEAVx3xAMEAFz5
MgMEAF17bQMEAl6aoAMEA16cQAMEAF6caQMEAF6cpwMEAF6cswMEAG3O7QMEAI1i
AQMEAI1iBgMEAJNOZAMEAqsWSAMEALLX4AMEArnYVAMEArnaVAMEAMEZ2AMEAMI3
ugMEAMKprwMEAMOyeTANBgkqhkiG9w0BAQsFAAOCAQEAiEmjGSM2zhht1iRjiqGw
KiYrtZOZwX2lJmFvZC1kBnybefSYEF7a55ipYweudO2LFAuFzkeOcLPJ977aSIez
JxjvSFHmmpX6InI1RMdcfoDYHDi0dS8lZx9SgRIrTO/eGPAsYVKmtymWsoEEl7KH
c+tnvCr++t3mobidrNot5vOd+RKxjHWnZtQYTu4JBtLJejmILINlkHovOM0diCP/
SDFPFnodEHkGcJZui4nRQl0LaiRKOIO1lbUbH1c0OGAW48HU3VYzW1z0GUejerwV
RzSNBUazcS8R48tLtTxNld/XxNkjI5edzrTvRlxacuyyTvyqw+YkJG3Bx4l9kwjD
+w==
-----END CERTIFICATE-----
Generated at Wed Apr 16 20:00:41 2025 by rpki-client