Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/74/e9d9cc-2668-42fc-8315-7525d4d408b5/1/qJvrhaIhQWVhpnrV9PvwceXwCiM.roa
File: qJvrhaIhQWVhpnrV9PvwceXwCiM.roa (raw, json)
Hash identifier: wnmi2J9MnjGAnSOkPQqO0Erkns7qmZrKCP0qe3mYba8=
Subject key identifier: A8:9B:EB:85:A2:21:41:65:61:A6:7A:D5:F4:FB:F0:71:E5:F0:0A:23
Certificate issuer: /CN=1ada225cb7f29416e7534695fbfb21762fee93c8
Certificate serial: 01942144549121B6F1B8EC21E2F08F2C4870
Authority key identifier: 1A:DA:22:5C:B7:F2:94:16:E7:53:46:95:FB:FB:21:76:2F:EE:93:C8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GtoiXLfylBbnU0aV-_shdi_uk8g.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/74/e9d9cc-2668-42fc-8315-7525d4d408b5/1/qJvrhaIhQWVhpnrV9PvwceXwCiM.roa
Signing time: Wed 01 Jan 2025 09:48:33 +0000
ROA not before: Wed 01 Jan 2025 09:48:33 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 1273
IP address blocks: 193.195.0.0/17 maxlen: 17
193.195.128.0/21 maxlen: 21
193.195.136.0/23 maxlen: 23
193.195.139.0/24 maxlen: 24
193.195.140.0/24 maxlen: 24
193.195.142.0/23 maxlen: 23
193.195.144.0/20 maxlen: 20
193.195.160.0/19 maxlen: 19
193.195.192.0/18 maxlen: 18
194.70.0.0/23 maxlen: 23
194.70.2.0/24 maxlen: 24
194.70.4.0/22 maxlen: 22
194.70.8.0/21 maxlen: 21
194.70.16.0/20 maxlen: 20
194.70.32.0/22 maxlen: 22
194.70.37.0/24 maxlen: 24
194.70.38.0/23 maxlen: 23
194.70.40.0/21 maxlen: 21
194.70.48.0/20 maxlen: 20
194.70.64.0/20 maxlen: 20
194.70.80.0/21 maxlen: 21
194.70.88.0/22 maxlen: 22
194.70.92.0/23 maxlen: 23
194.70.95.0/24 maxlen: 24
194.70.96.0/19 maxlen: 19
194.70.128.0/18 maxlen: 18
194.70.192.0/19 maxlen: 19
194.70.224.0/21 maxlen: 21
194.70.232.0/23 maxlen: 23
194.70.235.0/24 maxlen: 24
194.70.236.0/22 maxlen: 22
194.70.240.0/20 maxlen: 20
194.159.0.0/16 maxlen: 16
194.217.0.0/16 maxlen: 16
195.11.0.0/16 maxlen: 16
195.173.0.0/16 maxlen: 16
212.240.0.0/16 maxlen: 16
212.248.192.0/18 maxlen: 18
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:21:44:54:91:21:b6:f1:b8:ec:21:e2:f0:8f:2c:48:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1ada225cb7f29416e7534695fbfb21762fee93c8
Validity
Not Before: Jan 1 09:48:33 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=a89beb85a221416561a67ad5f4fbf071e5f00a23
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bc:82:4c:5c:fa:b7:f4:99:96:d6:fb:93:7d:5d:
04:95:47:3b:49:f3:8b:da:95:0d:1f:98:ae:59:7a:
16:fe:14:5e:cd:60:d8:75:4e:2e:68:98:e8:f6:03:
49:07:c8:3e:dc:f0:2e:e1:67:a5:b6:69:1d:eb:f3:
bc:43:68:10:0f:19:ca:46:51:47:5c:f3:59:ef:73:
af:f6:9c:df:e4:e6:80:8f:1a:08:9f:7e:76:3a:fd:
34:47:d0:2b:6b:05:4c:a5:c3:d2:5b:95:7a:a4:ec:
41:f1:83:cf:e9:ff:1b:89:f9:cd:d1:68:ab:cd:3f:
39:07:20:bd:fc:9e:06:6f:58:87:87:9e:8a:ef:1c:
ad:af:70:d3:b6:48:97:62:8a:eb:57:6f:86:42:87:
3d:98:02:22:d3:1b:d1:1b:c9:e2:a0:c4:3b:51:fc:
a4:fb:f7:03:bc:f6:bf:92:7c:3f:3d:a0:e4:88:9b:
67:d1:a5:99:08:b5:de:41:64:00:ff:2c:a1:22:b3:
e6:39:e3:bd:ef:85:aa:c6:d4:37:ff:d5:5d:f3:dc:
d7:28:88:b7:be:86:1e:c6:d0:67:40:0b:6a:0c:f3:
1d:63:44:40:84:a4:d3:64:4d:ce:20:be:52:0d:e1:
12:08:c5:a7:e2:42:bc:7c:5f:4e:a3:c3:7c:00:3d:
85:8d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A8:9B:EB:85:A2:21:41:65:61:A6:7A:D5:F4:FB:F0:71:E5:F0:0A:23
X509v3 Authority Key Identifier:
keyid:1A:DA:22:5C:B7:F2:94:16:E7:53:46:95:FB:FB:21:76:2F:EE:93:C8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GtoiXLfylBbnU0aV-_shdi_uk8g.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/74/e9d9cc-2668-42fc-8315-7525d4d408b5/1/qJvrhaIhQWVhpnrV9PvwceXwCiM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/74/e9d9cc-2668-42fc-8315-7525d4d408b5/1/GtoiXLfylBbnU0aV-_shdi_uk8g.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
193.195.0.0-193.195.137.255
193.195.139.0-193.195.140.255
193.195.142.0-193.195.255.255
194.70.0.0-194.70.2.255
194.70.4.0-194.70.35.255
194.70.37.0-194.70.93.255
194.70.95.0-194.70.233.255
194.70.235.0-194.70.255.255
194.159.0.0/16
194.217.0.0/16
195.11.0.0/16
195.173.0.0/16
212.240.0.0/16
212.248.192.0/18
Signature Algorithm: sha256WithRSAEncryption
5c:6a:41:3f:5c:64:40:93:05:49:a8:2a:f6:c0:1f:93:36:d7:
e8:b6:f4:f5:5b:5d:e3:c5:48:58:33:a4:0a:62:4d:b9:1d:25:
3a:3d:3e:b2:5a:4d:2a:82:9c:f4:09:b4:84:35:32:b3:a3:52:
21:8d:c8:64:53:5d:c7:c0:6e:07:7e:53:42:f6:71:7b:35:fe:
fe:2e:e0:74:cb:fd:eb:b4:4f:b7:2f:b8:41:fa:83:b0:eb:8d:
c2:fd:51:38:b0:af:00:10:ed:00:28:83:d5:85:1d:f4:ab:f4:
c4:f0:52:53:78:44:6b:37:e2:38:09:87:fe:2f:41:13:08:50:
bd:87:c5:8d:b5:30:2f:1e:eb:62:d8:1f:1d:e4:06:dc:a3:9b:
15:ea:cd:ee:80:a8:68:86:65:84:fa:7d:81:da:83:2b:1d:25:
7a:f6:e7:00:a1:aa:87:fa:29:1d:c0:1e:af:65:7b:17:22:69:
d6:ee:9f:e4:f3:61:2b:db:45:ea:8f:10:35:1d:66:3b:6e:1d:
03:cd:b6:89:0d:66:ee:34:21:c0:9e:40:b7:dc:69:ac:91:ce:
a0:18:9e:22:b7:35:d9:b9:6e:36:61:d6:e9:83:a4:ac:6a:00:
3e:e3:35:5f:ca:e5:36:f0:41:9b:85:11:ed:45:36:67:10:14:
4b:5c:44:d3
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgISAZQhRFSRIbbxuOwh4vCPLEhwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhZGEyMjVjYjdmMjk0MTZlNzUzNDY5NWZiZmIyMTc2MmZl
ZTkzYzgwHhcNMjUwMTAxMDk0ODMzWhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhODliZWI4NWEyMjE0MTY1NjFhNjdhZDVmNGZiZjA3MWU1ZjAwYTIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvIJMXPq39JmW1vuTfV0ElUc7SfOL
2pUNH5iuWXoW/hRezWDYdU4uaJjo9gNJB8g+3PAu4Weltmkd6/O8Q2gQDxnKRlFH
XPNZ73Ov9pzf5OaAjxoIn352Ov00R9ArawVMpcPSW5V6pOxB8YPP6f8bifnN0Wir
zT85ByC9/J4Gb1iHh56K7xytr3DTtkiXYorrV2+GQoc9mAIi0xvRG8nioMQ7Ufyk
+/cDvPa/knw/PaDkiJtn0aWZCLXeQWQA/yyhIrPmOeO974WqxtQ3/9Vd89zXKIi3
voYextBnQAtqDPMdY0RAhKTTZE3OIL5SDeESCMWn4kK8fF9Oo8N8AD2FjQIDAQAB
o4ICkzCCAo8wHQYDVR0OBBYEFKib64WiIUFlYaZ61fT78HHl8AojMB8GA1UdIwQY
MBaAFBraIly38pQW51NGlfv7IXYv7pPIMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3RvaVhMZnlsQmJuVTBhVi1fc2hkaV91azhnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NC9lOWQ5Y2MtMjY2OC00MmZjLTgzMTUt
NzUyNWQ0ZDQwOGI1LzEvcUp2cmhhSWhRV1ZocG5yVjlQdndjZVh3Q2lNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NC9lOWQ5Y2MtMjY2OC00MmZjLTgzMTUtNzUyNWQ0ZDQwOGI1
LzEvR3RvaVhMZnlsQmJuVTBhVi1fc2hkaV91azhnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGoBggrBgEFBQcBBwEB/wSBmDCBlTCBkgQCAAEwgYswCwMD
AMHDAwQBwcOIMAwDBADBw4sDBADBw4wwCwMEAcHDjgMDAsHAMAsDAwHCRgMEAMJG
AjAMAwQCwkYEAwQCwkYgMAwDBADCRiUDBAHCRlwwDAMEAMJGXwMEAcJG6DALAwQA
wkbrAwMAwkYDAwDCnwMDAMLZAwMAwwsDAwDDrQMDANTwAwQG1PjAMA0GCSqGSIb3
DQEBCwUAA4IBAQBcakE/XGRAkwVJqCr2wB+TNtfotvT1W13jxUhYM6QKYk25HSU6
PT6yWk0qgpz0CbSENTKzo1IhjchkU13HwG4HflNC9nF7Nf7+LuB0y/3rtE+3L7hB
+oOw643C/VE4sK8AEO0AKIPVhR30q/TE8FJTeERrN+I4CYf+L0ETCFC9h8WNtTAv
Huti2B8d5Abco5sV6s3ugKhohmWE+n2B2oMrHSV69ucAoaqH+ikdwB6vZXsXImnW
7p/k82Er20XqjxA1HWY7bh0DzbaJDWbuNCHAnkC33Gmskc6gGJ4itzXZuW42Ydbp
g6SsagA+4zVfyuU28EGbhRHtRTZnEBRLXETT
-----END CERTIFICATE-----
Generated at Sat Apr 19 14:37:05 2025 by rpki-client