Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/P_cQMRX-TqwdTotSgVkup0X9_dk.roa
File: P_cQMRX-TqwdTotSgVkup0X9_dk.roa (raw, json)
Hash identifier: TmA5d+GoN0VPctcs1R+peWFcf5WLWanjMMGHSIJNqWE=
Subject key identifier: 3F:F7:10:31:15:FE:4E:AC:1D:4E:8B:52:81:59:2E:A7:45:FD:FD:D9
Certificate issuer: /CN=95a5adf6af1fcc0570adf858fd5bfbe28791a186
Certificate serial: 0194252114FC33B24BF57602DDDAFAB81E16
Authority key identifier: 95:A5:AD:F6:AF:1F:CC:05:70:AD:F8:58:FD:5B:FB:E2:87:91:A1:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/laWt9q8fzAVwrfhY_Vv74oeRoYY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/P_cQMRX-TqwdTotSgVkup0X9_dk.roa
Signing time: Thu 02 Jan 2025 03:48:32 +0000
ROA not before: Thu 02 Jan 2025 03:48:32 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 5413
IP address blocks: 5.22.224.0/21 maxlen: 24
45.83.76.0/22 maxlen: 24
62.44.64.0/19 maxlen: 24
62.69.32.0/19 maxlen: 24
62.72.128.0/19 maxlen: 24
62.105.64.0/18 maxlen: 24
62.232.0.0/16 maxlen: 24
77.44.0.0/17 maxlen: 24
77.73.120.0/21 maxlen: 24
77.107.128.0/18 maxlen: 24
78.41.208.0/21 maxlen: 24
78.141.0.0/18 maxlen: 24
80.64.48.0/20 maxlen: 24
80.69.128.0/20 maxlen: 24
80.89.80.0/20 maxlen: 24
80.234.128.0/17 maxlen: 24
82.195.96.0/19 maxlen: 24
83.219.32.0/19 maxlen: 24
89.145.192.0/18 maxlen: 24
91.236.17.0/24 maxlen: 24
93.92.120.0/21 maxlen: 24
93.95.104.0/21 maxlen: 24
94.30.0.0/17 maxlen: 24
109.170.128.0/17 maxlen: 24
130.185.64.0/21 maxlen: 24
176.35.0.0/16 maxlen: 24
185.3.76.0/22 maxlen: 24
185.8.204.0/22 maxlen: 24
185.138.152.0/22 maxlen: 24
185.144.110.0/24 maxlen: 24
185.196.204.0/22 maxlen: 24
193.28.154.0/24 maxlen: 24
193.38.52.0/24 maxlen: 24
193.41.96.0/21 maxlen: 24
193.192.34.0/23 maxlen: 24
193.192.64.0/19 maxlen: 24
193.242.113.0/24 maxlen: 24
193.242.115.0/24 maxlen: 24
193.242.116.0/24 maxlen: 24
194.1.210.0/24 maxlen: 24
194.79.240.0/22 maxlen: 24
194.126.64.0/19 maxlen: 24
194.143.160.0/19 maxlen: 24
194.153.0.0/19 maxlen: 24
194.154.160.0/19 maxlen: 24
195.38.64.0/19 maxlen: 24
195.70.64.0/19 maxlen: 24
195.147.0.0/16 maxlen: 24
195.200.128.0/19 maxlen: 24
195.224.0.0/16 maxlen: 24
195.226.32.0/19 maxlen: 24
212.19.64.0/19 maxlen: 24
212.35.224.0/19 maxlen: 24
212.88.32.0/19 maxlen: 24
212.102.192.0/19 maxlen: 24
212.103.224.0/19 maxlen: 24
212.241.128.0/17 maxlen: 24
213.205.128.0/18 maxlen: 24
217.67.48.0/20 maxlen: 24
2001:b98::/29 maxlen: 48
2a00:b300::/29 maxlen: 48
2a03:4200::/32 maxlen: 48
2a04:b2c0::/29 maxlen: 48
2a07:2640::/29 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:25:21:14:fc:33:b2:4b:f5:76:02:dd:da:fa:b8:1e:16
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=95a5adf6af1fcc0570adf858fd5bfbe28791a186
Validity
Not Before: Jan 2 03:48:32 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=3ff7103115fe4eac1d4e8b5281592ea745fdfdd9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:d6:9d:c8:58:c1:a8:08:51:fc:b7:ed:da:8f:
2a:48:d5:7b:a7:81:b2:9c:fe:4c:9f:c1:79:b8:03:
52:2b:34:9f:cb:5f:ec:48:80:1b:0b:6e:dd:f7:ae:
67:66:83:21:f3:98:71:b0:43:1b:51:fe:34:10:71:
2f:f5:0f:10:06:ef:94:f0:f6:18:a3:a0:c6:1e:58:
e0:7c:9b:cc:65:7f:80:41:1d:42:37:71:e3:0a:bc:
a3:8d:03:2f:da:ba:82:5c:2b:d4:22:4e:6f:4e:ce:
d0:e9:bc:a9:ca:a3:fa:d2:54:a7:2f:94:e0:61:6a:
81:5a:6a:d6:01:0f:aa:41:95:64:6b:fe:11:f2:98:
ed:b3:2d:d1:57:da:b6:f5:58:8c:31:f1:69:dc:96:
6e:8a:d5:bc:88:29:8f:95:8b:83:ea:bf:b2:7e:f9:
ca:36:3e:30:56:e1:3f:d4:d7:e6:a2:2c:49:48:d4:
95:85:23:99:2c:82:1f:5b:b9:66:e6:88:77:8c:11:
b1:63:04:88:ca:d8:44:aa:78:cc:25:9c:6e:3d:c7:
9e:f4:cc:83:5d:2e:77:e7:5b:f3:19:f5:bd:4e:8e:
7b:bc:bb:e0:91:79:25:ee:55:98:a8:25:a7:50:65:
88:9b:88:11:a7:f1:17:32:ff:4e:99:7c:60:fe:ac:
ae:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3F:F7:10:31:15:FE:4E:AC:1D:4E:8B:52:81:59:2E:A7:45:FD:FD:D9
X509v3 Authority Key Identifier:
keyid:95:A5:AD:F6:AF:1F:CC:05:70:AD:F8:58:FD:5B:FB:E2:87:91:A1:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/laWt9q8fzAVwrfhY_Vv74oeRoYY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/P_cQMRX-TqwdTotSgVkup0X9_dk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/56/d3f1ba-d9e5-45c5-bca2-1619d08c6965/1/laWt9q8fzAVwrfhY_Vv74oeRoYY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.22.224.0/21
45.83.76.0/22
62.44.64.0/19
62.69.32.0/19
62.72.128.0/19
62.105.64.0/18
62.232.0.0/16
77.44.0.0/17
77.73.120.0/21
77.107.128.0/18
78.41.208.0/21
78.141.0.0/18
80.64.48.0/20
80.69.128.0/20
80.89.80.0/20
80.234.128.0/17
82.195.96.0/19
83.219.32.0/19
89.145.192.0/18
91.236.17.0/24
93.92.120.0/21
93.95.104.0/21
94.30.0.0/17
109.170.128.0/17
130.185.64.0/21
176.35.0.0/16
185.3.76.0/22
185.8.204.0/22
185.138.152.0/22
185.144.110.0/24
185.196.204.0/22
193.28.154.0/24
193.38.52.0/24
193.41.96.0/21
193.192.34.0/23
193.192.64.0/19
193.242.113.0/24
193.242.115.0-193.242.116.255
194.1.210.0/24
194.79.240.0/22
194.126.64.0/19
194.143.160.0/19
194.153.0.0/19
194.154.160.0/19
195.38.64.0/19
195.70.64.0/19
195.147.0.0/16
195.200.128.0/19
195.224.0.0/16
195.226.32.0/19
212.19.64.0/19
212.35.224.0/19
212.88.32.0/19
212.102.192.0/19
212.103.224.0/19
212.241.128.0/17
213.205.128.0/18
217.67.48.0/20
IPv6:
2001:b98::/29
2a00:b300::/29
2a03:4200::/32
2a04:b2c0::/29
2a07:2640::/29
Signature Algorithm: sha256WithRSAEncryption
f3:e0:f8:fc:49:66:24:61:6c:5b:f8:40:b1:32:f2:4b:c9:9d:
47:63:94:e0:b0:79:96:54:f1:81:5f:30:77:82:fe:ce:e2:50:
3e:9e:3a:5c:6a:04:89:ba:39:84:13:76:4d:a4:5c:12:79:c7:
1b:34:b7:2a:85:d8:7c:63:f1:88:9b:28:7b:a8:a1:6d:37:81:
94:9b:67:ad:89:2d:a5:e8:70:d4:c1:ac:53:5a:72:f6:c4:ac:
28:79:e6:2f:4d:2e:f2:ec:cc:50:1d:7f:37:f0:d2:1c:cd:01:
ed:e2:2b:45:ba:0b:2e:1d:0c:6d:62:f2:0f:d1:33:59:62:96:
10:92:6b:52:8b:55:4d:bb:28:80:2c:5c:2b:4e:e8:82:3c:d8:
2a:b7:3f:54:67:fd:6a:a2:8f:da:ff:97:48:af:25:03:48:40:
66:7e:79:37:eb:43:4b:85:a6:9d:8d:70:56:96:11:d3:91:bb:
bf:ee:f4:45:59:98:9c:e1:bc:3f:d2:0a:63:96:2e:82:96:57:
32:4a:80:12:ff:36:c7:90:32:63:c7:27:ac:af:03:d5:e0:6a:
43:7b:87:f8:01:58:2b:68:fc:75:b9:7f:d3:2f:a0:2d:df:57:
f1:79:2c:0b:0d:52:f2:0b:1c:2c:63:8a:ae:3f:b7:1b:a2:d6:
33:cc:6a:1a
-----BEGIN CERTIFICATE-----
MIIGjDCCBXSgAwIBAgISAZQlIRT8M7JL9XYC3dr6uB4WMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDk1YTVhZGY2YWYxZmNjMDU3MGFkZjg1OGZkNWJmYmUyODc5
MWExODYwHhcNMjUwMTAyMDM0ODMyWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZmY3MTAzMTE1ZmU0ZWFjMWQ0ZThiNTI4MTU5MmVhNzQ1ZmRmZGQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAotadyFjBqAhR/Lft2o8qSNV7p4Gy
nP5Mn8F5uANSKzSfy1/sSIAbC27d965nZoMh85hxsEMbUf40EHEv9Q8QBu+U8PYY
o6DGHljgfJvMZX+AQR1CN3HjCryjjQMv2rqCXCvUIk5vTs7Q6bypyqP60lSnL5Tg
YWqBWmrWAQ+qQZVka/4R8pjtsy3RV9q29ViMMfFp3JZuitW8iCmPlYuD6r+yfvnK
Nj4wVuE/1NfmoixJSNSVhSOZLIIfW7lm5oh3jBGxYwSIythEqnjMJZxuPcee9MyD
XS5351vzGfW9To57vLvgkXkl7lWYqCWnUGWIm4gRp/EXMv9OmXxg/qyutQIDAQAB
o4IDmDCCA5QwHQYDVR0OBBYEFD/3EDEV/k6sHU6LUoFZLqdF/f3ZMB8GA1UdIwQY
MBaAFJWlrfavH8wFcK34WP1b++KHkaGGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbGFXdDlxOGZ6QVZ3cmZoWV9Wdjc0b2VSb1lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81Ni9kM2YxYmEtZDllNS00NWM1LWJjYTIt
MTYxOWQwOGM2OTY1LzEvUF9jUU1SWC1UcXdkVG90U2dWa3VwMFg5X2RrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81Ni9kM2YxYmEtZDllNS00NWM1LWJjYTItMTYxOWQwOGM2OTY1
LzEvbGFXdDlxOGZ6QVZ3cmZoWV9Wdjc0b2VSb1lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBrAYIKwYBBQUHAQcBAf8EggGbMIIBlzCCAWgEAgABMIIB
YAMEAwUW4AMEAi1TTAMEBT4sQAMEBT5FIAMEBT5IgAMEBj5pQAMDAD7oAwQHTSwA
AwQDTUl4AwQGTWuAAwQDTinQAwQGTo0AAwQEUEAwAwQEUEWAAwQEUFlQAwQHUOqA
AwQFUsNgAwQFU9sgAwQGWZHAAwQAW+wRAwQDXVx4AwQDXV9oAwQHXh4AAwQHbaqA
AwQDgrlAAwMAsCMDBAK5A0wDBAK5CMwDBAK5ipgDBAC5kG4DBAK5xMwDBADBHJoD
BADBJjQDBAPBKWADBAHBwCIDBAXBwEADBADB8nEwDAMEAMHycwMEAMHydAMEAMIB
0gMEAsJP8AMEBcJ+QAMEBcKPoAMEBcKZAAMEBcKaoAMEBcMmQAMEBcNGQAMDAMOT
AwQFw8iAAwMAw+ADBAXD4iADBAXUE0ADBAXUI+ADBAXUWCADBAXUZsADBAXUZ+AD
BAfU8YADBAbVzYADBATZQzAwKQQCAAIwIwMFAyABC5gDBQMqALMAAwUAKgNCAAMF
AyoEssADBQMqByZAMA0GCSqGSIb3DQEBCwUAA4IBAQDz4Pj8SWYkYWxb+ECxMvJL
yZ1HY5TgsHmWVPGBXzB3gv7O4lA+njpcagSJujmEE3ZNpFwSeccbNLcqhdh8Y/GI
myh7qKFtN4GUm2etiS2l6HDUwaxTWnL2xKwoeeYvTS7y7MxQHX838NIczQHt4itF
ugsuHQxtYvIP0TNZYpYQkmtSi1VNuyiALFwrTuiCPNgqtz9UZ/1qoo/a/5dIryUD
SEBmfnk360NLhaadjXBWlhHTkbu/7vRFWZic4bw/0gpjli6CllcySoAS/zbHkDJj
xyesrwPV4GpDe4f4AVgraPx1uX/TL6At31fxeSwLDVLyCxwsY4quP7cbotYzzGoa
-----END CERTIFICATE-----
Generated at Thu Apr 17 21:26:38 2025 by rpki-client