Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/PbcWjG9kgIQDZZL_5g5P0K8JmnA.roa
File: PbcWjG9kgIQDZZL_5g5P0K8JmnA.roa (raw, json)
Hash identifier: ZXnIhmzpVpl287t02PvjkrWLJSPnYTJAGiVDXQPYidM=
Subject key identifier: 3D:B7:16:8C:6F:64:80:84:03:65:92:FF:E6:0E:4F:D0:AF:09:9A:70
Certificate issuer: /CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
Certificate serial: 0184E6400F10C94D4D3EC2E12ACF6C3C8C3E
Authority key identifier: 1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/PbcWjG9kgIQDZZL_5g5P0K8JmnA.roa
Signing time: Tue 06 Dec 2022 07:04:28 +0000
ROA not before: Tue 06 Dec 2022 07:04:28 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 9119
IP address blocks: 85.208.172.0/24 maxlen: 24
185.175.0.0/22 maxlen: 22
80.65.174.0/24 maxlen: 24
80.65.173.0/24 maxlen: 24
80.65.175.0/24 maxlen: 24
194.39.85.0/24 maxlen: 24
213.253.120.0/22 maxlen: 22
213.253.124.0/22 maxlen: 22
91.132.74.0/23 maxlen: 23
2.58.48.0/22 maxlen: 22
80.65.166.0/24 maxlen: 24
80.65.165.0/24 maxlen: 24
80.65.160.0/24 maxlen: 24
80.65.160.0/20 maxlen: 20
80.65.164.0/24 maxlen: 24
80.65.163.0/24 maxlen: 24
80.65.162.0/24 maxlen: 24
80.65.161.0/24 maxlen: 24
80.65.172.0/24 maxlen: 24
80.65.167.0/24 maxlen: 24
80.65.171.0/24 maxlen: 24
80.65.170.0/24 maxlen: 24
80.65.169.0/24 maxlen: 24
80.65.168.0/24 maxlen: 24
147.78.219.0/24 maxlen: 24
147.78.216.0/24 maxlen: 24
147.78.216.0/22 maxlen: 22
213.253.96.0/20 maxlen: 20
213.253.96.0/21 maxlen: 21
217.199.132.0/24 maxlen: 24
217.199.131.0/24 maxlen: 24
213.253.104.0/22 maxlen: 22
217.199.130.0/24 maxlen: 24
217.199.129.0/24 maxlen: 24
217.199.128.0/20 maxlen: 24
217.199.128.0/24 maxlen: 24
217.199.133.0/24 maxlen: 24
217.199.139.0/24 maxlen: 24
213.253.112.0/22 maxlen: 22
213.253.111.0/24 maxlen: 24
217.199.138.0/24 maxlen: 24
217.199.134.0/24 maxlen: 24
217.199.137.0/24 maxlen: 24
217.199.136.0/24 maxlen: 24
213.253.110.0/24 maxlen: 24
213.253.108.0/22 maxlen: 22
217.199.135.0/24 maxlen: 24
213.253.108.0/24 maxlen: 24
213.253.109.0/24 maxlen: 24
217.199.140.0/24 maxlen: 24
213.253.116.0/22 maxlen: 22
217.199.143.0/24 maxlen: 24
217.199.142.0/24 maxlen: 24
217.199.141.0/24 maxlen: 24
213.253.64.0/19 maxlen: 19
45.15.44.0/22 maxlen: 22
212.103.128.0/19 maxlen: 19
84.41.122.0/23 maxlen: 23
84.41.120.0/23 maxlen: 23
84.41.124.0/22 maxlen: 22
84.41.96.0/21 maxlen: 21
84.41.104.0/22 maxlen: 22
84.41.108.0/23 maxlen: 23
84.41.112.0/23 maxlen: 23
84.41.111.0/24 maxlen: 24
84.41.110.0/24 maxlen: 24
84.41.115.0/24 maxlen: 24
84.41.114.0/24 maxlen: 24
84.41.116.0/22 maxlen: 22
46.163.48.0/21 maxlen: 21
46.163.58.0/24 maxlen: 24
46.163.58.0/23 maxlen: 23
46.163.56.0/23 maxlen: 23
46.163.56.0/24 maxlen: 24
46.163.59.0/24 maxlen: 24
46.163.60.0/22 maxlen: 22
45.156.140.0/24 maxlen: 24
45.8.0.0/22 maxlen: 22
46.163.0.0/19 maxlen: 19
46.163.32.0/20 maxlen: 20
212.13.224.0/19 maxlen: 19
84.41.32.0/19 maxlen: 19
84.41.64.0/19 maxlen: 19
84.41.0.0/18 maxlen: 18
84.41.0.0/19 maxlen: 19
84.41.0.0/21 maxlen: 21
185.54.131.0/24 maxlen: 24
185.54.130.0/24 maxlen: 24
185.54.128.0/24 maxlen: 24
185.54.128.0/23 maxlen: 23
2a0b:c300::/29 maxlen: 29
2a02:805::/33 maxlen: 33
2a0b:c306::/32 maxlen: 32
2a02:801::/33 maxlen: 33
2a02:800::/32 maxlen: 32
2a0e:2e00::/29 maxlen: 29
2a0e:1e80::/29 maxlen: 29
2a09:e140::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:e6:40:0f:10:c9:4d:4d:3e:c2:e1:2a:cf:6c:3c:8c:3e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
Validity
Not Before: Dec 6 07:04:28 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3db7168c6f648084036592ffe60e4fd0af099a70
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:eb:70:96:fc:81:fa:e0:20:27:f6:2c:46:af:
a2:a9:87:42:59:42:05:d4:e3:de:96:6e:4d:06:63:
d2:00:5d:22:b4:9b:06:07:6d:8a:f3:b1:90:05:3b:
3c:b7:ca:68:ca:1c:6d:af:b0:68:2b:7e:ec:4c:c7:
c7:8e:3f:95:37:ec:f3:35:7c:1d:59:07:61:e0:4c:
56:b3:20:ce:5e:7b:34:04:2a:f5:10:3a:56:d0:01:
67:a8:69:2f:71:f4:01:f4:f4:6b:6c:17:bf:c8:32:
8a:50:0f:fb:54:68:dd:f1:b8:0e:4e:a8:29:3a:89:
3c:51:d4:da:78:52:21:42:eb:4e:df:cd:86:28:42:
c2:7b:3b:7e:72:67:4c:7f:fb:8f:69:86:a5:26:8b:
34:0c:63:ad:a9:a4:d8:d6:09:9b:95:66:0f:e0:d7:
d2:04:d2:48:d4:5f:ba:0f:87:fc:3c:a1:1b:12:c4:
a1:d8:1a:bf:ba:20:68:84:94:c3:96:cc:c6:d0:f6:
b0:bf:50:ca:9b:87:2a:c5:9d:ab:e4:b1:d8:d4:9a:
fd:96:13:53:cf:2f:68:51:ca:59:7f:c4:23:1b:f9:
7a:2d:38:25:62:ce:78:1d:d7:1a:84:7a:c0:f3:2c:
52:ae:b1:e6:68:e5:d2:84:98:bb:8a:5e:0a:7c:eb:
34:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3D:B7:16:8C:6F:64:80:84:03:65:92:FF:E6:0E:4F:D0:AF:09:9A:70
X509v3 Authority Key Identifier:
keyid:1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/PbcWjG9kgIQDZZL_5g5P0K8JmnA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.48.0/22
45.8.0.0/22
45.15.44.0/22
45.156.140.0/24
46.163.0.0/18
80.65.160.0/20
84.41.0.0/17
85.208.172.0/24
91.132.74.0/23
147.78.216.0/22
185.54.128.0/22
185.175.0.0/22
194.39.85.0/24
212.13.224.0/19
212.103.128.0/19
213.253.64.0/18
217.199.128.0/20
IPv6:
2a02:800::-2a02:801:7fff:ffff:ffff:ffff:ffff:ffff
2a02:805::/33
2a09:e140::/29
2a0b:c300::/29
2a0e:1e80::/29
2a0e:2e00::/29
Signature Algorithm: sha256WithRSAEncryption
59:51:5a:d3:c5:84:61:94:26:d1:99:b7:a6:3f:1c:d1:f0:19:
71:09:e1:63:87:42:b2:52:fb:03:e4:4a:e9:7e:da:11:42:8d:
34:ee:2e:1a:a5:fa:f1:de:c2:63:84:96:15:4b:79:6a:d9:bd:
ba:6d:da:88:bc:d8:31:9b:4d:c9:91:b9:47:23:e9:dc:17:dc:
e3:16:34:cd:0e:86:4b:13:2c:f6:b2:a6:37:7a:42:05:fc:2e:
6c:ee:fe:a6:14:dd:30:61:63:75:c2:23:df:45:19:4b:d9:57:
7a:5e:98:24:78:41:60:4b:b4:a0:a0:6d:d3:4e:bd:22:89:47:
c8:3a:d2:a1:98:31:8b:0c:8d:7a:9a:48:63:a8:b0:8d:14:e3:
cd:ac:2c:24:5a:b7:4c:00:63:f7:d6:64:3d:2a:6a:0e:46:58:
a6:4a:1a:7c:77:5c:dc:28:54:12:11:fb:f9:ef:00:07:74:b4:
2d:3d:23:8a:66:f0:9f:35:5c:05:a3:73:72:db:b8:fb:98:a6:
64:cc:56:8f:d4:53:e6:2e:ad:8e:f7:59:a1:5a:57:c3:23:00:
30:1c:35:31:ed:46:e1:69:7a:70:e7:47:d4:3e:26:2e:b6:f3:
0f:7b:cf:73:2e:d9:4d:0a:81:fe:29:aa:4a:39:a7:25:f0:7d:
70:00:af:6e
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgISAYTmQA8QyU1NPsLhKs9sPIw+MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFjN2IwNmJmNDEzMDBkYzRkMzBmM2QwZTE4MGM5Yjk1ZDJi
Y2RkZmYwHhcNMjIxMjA2MDcwNDI4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZGI3MTY4YzZmNjQ4MDg0MDM2NTkyZmZlNjBlNGZkMGFmMDk5YTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgetwlvyB+uAgJ/YsRq+iqYdCWUIF
1OPelm5NBmPSAF0itJsGB22K87GQBTs8t8poyhxtr7BoK37sTMfHjj+VN+zzNXwd
WQdh4ExWsyDOXns0BCr1EDpW0AFnqGkvcfQB9PRrbBe/yDKKUA/7VGjd8bgOTqgp
Ook8UdTaeFIhQutO382GKELCezt+cmdMf/uPaYalJos0DGOtqaTY1gmblWYP4NfS
BNJI1F+6D4f8PKEbEsSh2Bq/uiBohJTDlszG0Pawv1DKm4cqxZ2r5LHY1Jr9lhNT
zy9oUcpZf8QjG/l6LTglYs54HdcahHrA8yxSrrHmaOXShJi7il4KfOs0OwIDAQAB
o4ICqDCCAqQwHQYDVR0OBBYEFD23FoxvZICEA2WS/+YOT9CvCZpwMB8GA1UdIwQY
MBaAFBx7Br9BMA3E0w89DhgMm5XSvN3/MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAt
MjRmZGRjNmQxNDdiLzEvUGJjV2pHOWtnSVFEWlpMXzVnNVAwSzhKbW5BLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81YS83MDJiMjgtZTE1OC00MGMwLTgzMzAtMjRmZGRjNmQxNDdi
LzEvSEhzR3YwRXdEY1RURHowT0dBeWJsZEs4M2Y4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG9BggrBgEFBQcBBwEB/wSBrTCBqjBsBAIAATBmAwQCAjow
AwQCLQgAAwQCLQ8sAwQALZyMAwQGLqMAAwQEUEGgAwQHVCkAAwQAVdCsAwQBW4RK
AwQCk07YAwQCuTaAAwQCua8AAwQAwidVAwQF1A3gAwQF1GeAAwQG1f1AAwQE2ceA
MDoEAgACMDQwDgMEAyoCCAMGByoCCAEAAwYHKgIIBQADBQMqCeFAAwUDKgvDAAMF
AyoOHoADBQMqDi4AMA0GCSqGSIb3DQEBCwUAA4IBAQBZUVrTxYRhlCbRmbemPxzR
8BlxCeFjh0KyUvsD5ErpftoRQo007i4apfrx3sJjhJYVS3lq2b26bdqIvNgxm03J
kblHI+ncF9zjFjTNDoZLEyz2sqY3ekIF/C5s7v6mFN0wYWN1wiPfRRlL2Vd6Xpgk
eEFgS7SgoG3TTr0iiUfIOtKhmDGLDI16mkhjqLCNFOPNrCwkWrdMAGP31mQ9KmoO
RlimShp8d1zcKFQSEfv57wAHdLQtPSOKZvCfNVwFo3Ny27j7mKZkzFaP1FPmLq2O
91mhWlfDIwAwHDUx7UbhaXpw50fUPiYutvMPe89zLtlNCoH+KapKOacl8H1wAK9u
-----END CERTIFICATE-----
Generated at Tue Apr 8 07:21:34 2025 by rpki-client