Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/UF4y3SF0CfLRwbWOKYh8X_AAKqI.roa
File: UF4y3SF0CfLRwbWOKYh8X_AAKqI.roa (raw, json)
Hash identifier: IJ/TOctsbN1grxn04ssGaRclp0fIqQOfCTg2fx2WWmo=
Subject key identifier: 50:5E:32:DD:21:74:09:F2:D1:C1:B5:8E:29:88:7C:5F:F0:00:2A:A2
Certificate issuer: /CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
Certificate serial: 12B03549
Authority key identifier: 1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/UF4y3SF0CfLRwbWOKYh8X_AAKqI.roa
Signing time: Tue 15 Feb 2022 07:46:00 +0000
ROA not before: Tue 15 Feb 2022 07:46:00 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 9119
IP address blocks: 85.208.172.0/24 maxlen: 24
185.175.0.0/22 maxlen: 22
80.65.174.0/24 maxlen: 24
80.65.173.0/24 maxlen: 24
80.65.175.0/24 maxlen: 24
194.39.85.0/24 maxlen: 24
213.253.120.0/22 maxlen: 22
213.253.124.0/22 maxlen: 22
91.132.74.0/23 maxlen: 23
2.58.48.0/22 maxlen: 22
80.65.166.0/24 maxlen: 24
80.65.165.0/24 maxlen: 24
80.65.160.0/24 maxlen: 24
80.65.160.0/20 maxlen: 20
80.65.164.0/24 maxlen: 24
80.65.163.0/24 maxlen: 24
80.65.162.0/24 maxlen: 24
80.65.161.0/24 maxlen: 24
80.65.172.0/24 maxlen: 24
80.65.167.0/24 maxlen: 24
80.65.171.0/24 maxlen: 24
80.65.170.0/24 maxlen: 24
80.65.169.0/24 maxlen: 24
80.65.168.0/24 maxlen: 24
147.78.216.0/24 maxlen: 24
147.78.216.0/22 maxlen: 22
213.253.96.0/20 maxlen: 20
213.253.96.0/21 maxlen: 21
217.199.132.0/24 maxlen: 24
217.199.131.0/24 maxlen: 24
213.253.104.0/22 maxlen: 22
217.199.130.0/24 maxlen: 24
217.199.129.0/24 maxlen: 24
217.199.128.0/20 maxlen: 24
217.199.128.0/24 maxlen: 24
217.199.133.0/24 maxlen: 24
217.199.139.0/24 maxlen: 24
213.253.112.0/22 maxlen: 22
213.253.111.0/24 maxlen: 24
217.199.138.0/24 maxlen: 24
217.199.134.0/24 maxlen: 24
217.199.137.0/24 maxlen: 24
217.199.136.0/24 maxlen: 24
213.253.110.0/24 maxlen: 24
213.253.108.0/22 maxlen: 22
217.199.135.0/24 maxlen: 24
213.253.108.0/24 maxlen: 24
213.253.109.0/24 maxlen: 24
217.199.140.0/24 maxlen: 24
213.253.116.0/22 maxlen: 22
217.199.143.0/24 maxlen: 24
217.199.142.0/24 maxlen: 24
217.199.141.0/24 maxlen: 24
213.253.64.0/19 maxlen: 19
45.15.44.0/22 maxlen: 22
212.103.128.0/19 maxlen: 19
84.41.122.0/23 maxlen: 23
84.41.120.0/23 maxlen: 23
84.41.124.0/22 maxlen: 22
84.41.96.0/21 maxlen: 21
84.41.104.0/22 maxlen: 22
84.41.108.0/23 maxlen: 23
84.41.112.0/23 maxlen: 23
84.41.111.0/24 maxlen: 24
84.41.110.0/24 maxlen: 24
84.41.115.0/24 maxlen: 24
84.41.114.0/24 maxlen: 24
84.41.116.0/22 maxlen: 22
46.163.48.0/21 maxlen: 21
46.163.58.0/24 maxlen: 24
46.163.58.0/23 maxlen: 23
46.163.56.0/23 maxlen: 23
46.163.56.0/24 maxlen: 24
46.163.59.0/24 maxlen: 24
46.163.60.0/22 maxlen: 22
45.156.140.0/24 maxlen: 24
45.8.0.0/22 maxlen: 22
46.163.0.0/19 maxlen: 19
46.163.32.0/20 maxlen: 20
212.13.224.0/19 maxlen: 19
84.41.32.0/19 maxlen: 19
84.41.64.0/19 maxlen: 19
84.41.0.0/18 maxlen: 18
84.41.0.0/19 maxlen: 19
84.41.0.0/21 maxlen: 21
185.54.131.0/24 maxlen: 24
185.54.130.0/24 maxlen: 24
185.54.128.0/24 maxlen: 24
185.54.128.0/23 maxlen: 23
2a0b:c300::/29 maxlen: 29
2a02:805::/33 maxlen: 33
2a0b:c306::/32 maxlen: 32
2a02:801::/33 maxlen: 33
2a02:800::/32 maxlen: 32
2a0e:2e00::/29 maxlen: 29
2a0e:1e80::/29 maxlen: 29
2a09:e140::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 313537865 (0x12b03549)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1c7b06bf41300dc4d30f3d0e180c9b95d2bcddff
Validity
Not Before: Feb 15 07:46:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=505e32dd217409f2d1c1b58e29887c5ff0002aa2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:44:f4:3f:5f:38:9f:b2:b3:ff:ee:61:6b:7b:
12:fa:af:02:8a:9d:71:1b:54:3f:22:26:07:57:12:
b5:45:1e:28:54:d2:60:a3:38:cf:b9:94:2b:37:2c:
5b:e6:58:9c:9f:8a:0f:58:bb:45:58:ca:86:b7:8a:
4e:f7:5d:ff:27:01:0c:e5:73:66:c7:62:06:0e:12:
28:b1:69:ed:6f:18:21:78:f9:c9:90:06:07:6d:ef:
d1:8e:69:65:ba:75:8d:f1:a6:17:fb:6c:db:3b:39:
3b:21:61:e8:23:bb:06:84:e7:8c:83:41:17:b8:40:
77:27:f7:cb:d8:41:3d:60:61:48:b1:e1:dc:d8:fa:
63:37:90:81:d7:ac:fc:c2:7b:b5:97:70:8b:c6:8b:
1a:98:99:d2:91:0f:10:91:6a:36:9d:6d:43:fc:9f:
a3:c7:e9:18:15:c8:0f:5e:3a:bc:bc:d5:d3:40:19:
60:27:60:8e:23:f9:ff:8d:ac:5f:18:43:05:6e:e6:
d2:1e:89:12:f0:81:87:2f:70:8b:8a:7f:14:97:71:
e6:65:fd:1a:de:af:d7:a3:f4:d3:d0:b3:8b:1a:e3:
26:1a:df:b4:73:b4:45:fd:4d:08:9b:06:cd:03:e2:
50:13:2f:a7:c6:ff:c1:b6:93:c0:de:d2:9b:1a:07:
39:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
50:5E:32:DD:21:74:09:F2:D1:C1:B5:8E:29:88:7C:5F:F0:00:2A:A2
X509v3 Authority Key Identifier:
keyid:1C:7B:06:BF:41:30:0D:C4:D3:0F:3D:0E:18:0C:9B:95:D2:BC:DD:FF
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/HHsGv0EwDcTTDz0OGAybldK83f8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/UF4y3SF0CfLRwbWOKYh8X_AAKqI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5a/702b28-e158-40c0-8330-24fddc6d147b/1/HHsGv0EwDcTTDz0OGAybldK83f8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.58.48.0/22
45.8.0.0/22
45.15.44.0/22
45.156.140.0/24
46.163.0.0/18
80.65.160.0/20
84.41.0.0/17
85.208.172.0/24
91.132.74.0/23
147.78.216.0/22
185.54.128.0/22
185.175.0.0/22
194.39.85.0/24
212.13.224.0/19
212.103.128.0/19
213.253.64.0/18
217.199.128.0/20
IPv6:
2a02:800::-2a02:801:7fff:ffff:ffff:ffff:ffff:ffff
2a02:805::/33
2a09:e140::/29
2a0b:c300::/29
2a0e:1e80::/29
2a0e:2e00::/29
Signature Algorithm: sha256WithRSAEncryption
8e:4c:f0:af:af:02:d5:13:5f:d5:63:03:67:a1:71:c9:2d:c4:
f1:92:50:6d:42:3a:b9:ba:06:b2:aa:21:e0:7e:e4:00:1e:a5:
cc:29:dc:96:79:9a:7b:e7:16:8e:5d:68:1e:58:6a:65:f9:d0:
a2:49:9e:d1:1a:15:4c:c0:b8:e4:a6:64:22:7c:72:80:33:4e:
59:d3:c1:3a:da:73:9f:e8:8c:dc:25:fc:57:81:d4:d5:8c:e8:
b8:51:91:8a:57:3d:bf:d2:cd:18:eb:06:f0:e0:f5:23:d5:47:
16:62:c3:26:52:56:15:b0:30:0b:66:22:1f:fc:b3:85:9b:d7:
98:da:3e:9e:57:a8:ce:8f:63:fe:84:1a:45:1b:a4:aa:f7:78:
40:f0:5e:38:b7:22:df:bc:95:c8:c3:f6:aa:c5:49:b7:3d:65:
36:0c:ab:fb:3a:c2:e3:2e:04:3b:17:15:92:02:22:65:cf:b8:
3c:72:d5:47:1d:1d:98:a3:9c:d5:4c:f0:ed:c8:ce:74:f3:75:
96:75:ec:e3:13:22:73:ec:01:8b:2a:b9:b8:15:58:0f:07:15:
bd:2d:58:25:fb:f0:31:1c:56:d2:96:46:2a:3b:2b:08:6b:be:
07:ea:d6:c7:3e:7d:0a:46:38:e7:cc:e3:75:e9:3d:7c:b4:17:
e6:56:a0:75
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgIEErA1STANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygx
YzdiMDZiZjQxMzAwZGM0ZDMwZjNkMGUxODBjOWI5NWQyYmNkZGZmMB4XDTIyMDIx
NTA3NDYwMFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNTA1ZTMyZGQyMTc0
MDlmMmQxYzFiNThlMjk4ODdjNWZmMDAwMmFhMjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANxE9D9fOJ+ys//uYWt7EvqvAoqdcRtUPyImB1cStUUeKFTS
YKM4z7mUKzcsW+ZYnJ+KD1i7RVjKhreKTvdd/ycBDOVzZsdiBg4SKLFp7W8YIXj5
yZAGB23v0Y5pZbp1jfGmF/ts2zs5OyFh6CO7BoTnjINBF7hAdyf3y9hBPWBhSLHh
3Nj6YzeQgdes/MJ7tZdwi8aLGpiZ0pEPEJFqNp1tQ/yfo8fpGBXID146vLzV00AZ
YCdgjiP5/42sXxhDBW7m0h6JEvCBhy9wi4p/FJdx5mX9Gt6v16P009CzixrjJhrf
tHO0Rf1NCJsGzQPiUBMvp8b/wbaTwN7SmxoHOQUCAwEAAaOCAqgwggKkMB0GA1Ud
DgQWBBRQXjLdIXQJ8tHBtY4piHxf8AAqojAfBgNVHSMEGDAWgBQcewa/QTANxNMP
PQ4YDJuV0rzd/zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0hIc0d2MEV3RGNUVER6ME9HQXlibGRLODNmOC5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvNWEvNzAyYjI4LWUxNTgtNDBjMC04MzMwLTI0ZmRkYzZkMTQ3Yi8x
L1VGNHkzU0YwQ2ZMUndiV09LWWg4WF9BQUtxSS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvNWEv
NzAyYjI4LWUxNTgtNDBjMC04MzMwLTI0ZmRkYzZkMTQ3Yi8xL0hIc0d2MEV3RGNU
VER6ME9HQXlibGRLODNmOC5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
vQYIKwYBBQUHAQcBAf8Ega0wgaowbAQCAAEwZgMEAgI6MAMEAi0IAAMEAi0PLAME
AC2cjAMEBi6jAAMEBFBBoAMEB1QpAAMEAFXQrAMEAVuESgMEApNO2AMEArk2gAME
ArmvAAMEAMInVQMEBdQN4AMEBdRngAMEBtX9QAMEBNnHgDA6BAIAAjA0MA4DBAMq
AggDBgcqAggBAAMGByoCCAUAAwUDKgnhQAMFAyoLwwADBQMqDh6AAwUDKg4uADAN
BgkqhkiG9w0BAQsFAAOCAQEAjkzwr68C1RNf1WMDZ6FxyS3E8ZJQbUI6uboGsqoh
4H7kAB6lzCnclnmae+cWjl1oHlhqZfnQokme0RoVTMC45KZkInxygDNOWdPBOtpz
n+iM3CX8V4HU1YzouFGRilc9v9LNGOsG8OD1I9VHFmLDJlJWFbAwC2YiH/yzhZvX
mNo+nleozo9j/oQaRRukqvd4QPBeOLci37yVyMP2qsVJtz1lNgyr+zrC4y4EOxcV
kgIiZc+4PHLVRx0dmKOc1Uzw7cjOdPN1lnXs4xMic+wBiyq5uBVYDwcVvS1YJfvw
MRxW0pZGKjsrCGu+B+rWxz59CkY458zjdek9fLQX5lagdQ==
-----END CERTIFICATE-----
Generated at Tue Apr 8 07:41:46 2025 by rpki-client