Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/em-BE9RoogIs4Ca70rLYkAXdwa8.roa
File: em-BE9RoogIs4Ca70rLYkAXdwa8.roa (raw, json)
Hash identifier: ZCJ3j5p43+9QxkE4XMJaQiy7WTHxex3BI8qAs5lHYaI=
Subject key identifier: 7A:6F:81:13:D4:68:A2:02:2C:E0:26:BB:D2:B2:D8:90:05:DD:C1:AF
Certificate issuer: /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial: 018924EF039FB58D749D08649B9A02319151
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/em-BE9RoogIs4Ca70rLYkAXdwa8.roa
Signing time: Wed 05 Jul 2023 07:23:10 +0000
ROA not before: Wed 05 Jul 2023 07:23:10 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 47223
IP address blocks: 94.240.52.0/22 maxlen: 22
94.240.63.0/24 maxlen: 24
94.240.62.0/23 maxlen: 23
91.106.26.0/23 maxlen: 23
91.106.30.0/23 maxlen: 23
94.240.1.0/24 maxlen: 24
94.240.0.0/24 maxlen: 24
94.240.23.0/24 maxlen: 24
185.139.16.0/22 maxlen: 22
94.240.32.0/21 maxlen: 21
94.240.40.0/24 maxlen: 24
94.240.42.0/24 maxlen: 24
94.240.44.0/22 maxlen: 22
94.240.46.0/24 maxlen: 24
94.240.48.0/22 maxlen: 22
94.240.48.0/24 maxlen: 24
94.240.48.0/21 maxlen: 21
91.106.24.0/23 maxlen: 23
194.152.46.0/23 maxlen: 23
2a01:6e80::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:24:ef:03:9f:b5:8d:74:9d:08:64:9b:9a:02:31:91:51
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Validity
Not Before: Jul 5 07:23:10 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7a6f8113d468a2022ce026bbd2b2d89005ddc1af
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:ef:70:46:fb:a2:31:18:1f:6f:26:8b:e7:f8:
b6:84:bc:21:4e:66:cd:92:ce:f1:f5:01:36:7f:8f:
ef:42:38:e2:b7:29:6b:a0:89:6a:26:6b:1e:8c:bb:
12:36:97:5b:ed:f1:0b:0a:65:14:17:af:a1:ed:1d:
a8:df:57:4f:55:c4:3e:6d:ba:c1:a4:d3:a5:2e:3c:
02:71:89:50:ff:c1:39:b8:8f:be:1e:ff:cc:04:8f:
d9:2e:1a:14:8d:d0:68:b8:58:c8:26:d6:c1:6c:6c:
02:c3:86:2a:ff:26:5d:8b:8b:c1:c0:84:c4:d9:f4:
13:e4:3b:36:bb:65:fd:0b:7e:af:f2:79:50:5f:df:
c7:7c:9d:2e:35:1b:e3:78:34:3c:34:1e:f8:c3:27:
0c:ee:e7:23:93:af:ec:59:79:ce:87:50:46:7a:ff:
6c:59:9e:ec:e7:92:b4:0c:c9:0d:21:ec:ce:38:2d:
16:e1:40:80:96:0d:98:78:34:87:aa:17:b4:eb:8d:
8e:53:f3:56:d7:54:68:f3:a7:0d:39:3d:b7:eb:0f:
f2:32:4a:51:81:97:92:52:c8:df:ff:99:04:c1:a6:
ef:44:1b:16:a3:b0:5c:79:e8:e0:da:48:d2:fe:45:
ca:fe:c3:b2:44:90:5b:00:bf:b7:2e:ec:9e:86:55:
c5:bb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7A:6F:81:13:D4:68:A2:02:2C:E0:26:BB:D2:B2:D8:90:05:DD:C1:AF
X509v3 Authority Key Identifier:
keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/em-BE9RoogIs4Ca70rLYkAXdwa8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.106.24.0/22
91.106.30.0/23
94.240.0.0/23
94.240.23.0/24
94.240.32.0-94.240.40.255
94.240.42.0/24
94.240.44.0-94.240.55.255
94.240.62.0/23
185.139.16.0/22
194.152.46.0/23
IPv6:
2a01:6e80::/32
Signature Algorithm: sha256WithRSAEncryption
02:8c:e8:07:04:6c:68:26:d8:db:3f:e3:17:f8:2e:42:81:b4:
87:1a:f7:24:78:c0:13:1b:7b:9c:c5:c9:4e:14:73:a2:8b:aa:
eb:30:32:93:fd:f2:14:5c:23:71:4a:1a:d4:8c:47:10:41:35:
b6:a6:b0:bd:26:60:39:71:1f:8b:51:f5:b5:62:b1:02:5e:dc:
48:b2:85:4a:67:94:6a:e1:71:20:3e:9d:34:34:1a:d7:d9:05:
cf:ff:44:9a:db:72:12:3f:b1:55:64:c6:89:1f:8e:45:cb:5a:
43:99:7a:99:44:9b:ef:86:6a:a7:5b:09:41:71:7e:da:9c:36:
47:b5:e2:cc:de:06:f5:78:e5:c9:4c:58:ba:60:08:3a:76:fc:
57:93:08:8f:9e:67:59:93:2b:71:c3:16:44:46:68:c1:60:98:
a8:34:54:f4:19:10:d3:2b:62:b5:90:15:72:72:7a:cd:4c:f6:
d8:f8:82:a1:ff:a1:0d:e3:a5:1b:c6:b6:a8:95:a2:12:92:63:
6e:2f:8f:dc:2a:de:e0:e7:00:72:9a:77:05:ad:9e:1a:32:0f:
af:5e:8f:1d:6c:6e:96:6b:f1:d7:e2:74:c6:48:82:e2:13:56:
2d:70:c2:04:5a:e3:04:30:eb:93:cb:08:37:66:f1:6c:0b:2a:
0c:84:ef:02
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgISAYkk7wOftY10nQhkm5oCMZFRMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjMwNzA1MDcyMzEwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YTZmODExM2Q0NjhhMjAyMmNlMDI2YmJkMmIyZDg5MDA1ZGRjMWFmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlu9wRvuiMRgfbyaL5/i2hLwhTmbN
ks7x9QE2f4/vQjjitylroIlqJmsejLsSNpdb7fELCmUUF6+h7R2o31dPVcQ+bbrB
pNOlLjwCcYlQ/8E5uI++Hv/MBI/ZLhoUjdBouFjIJtbBbGwCw4Yq/yZdi4vBwITE
2fQT5Ds2u2X9C36v8nlQX9/HfJ0uNRvjeDQ8NB74wycM7ucjk6/sWXnOh1BGev9s
WZ7s55K0DMkNIezOOC0W4UCAlg2YeDSHqhe0642OU/NW11Ro86cNOT236w/yMkpR
gZeSUsjf/5kEwabvRBsWo7Bceejg2kjS/kXK/sOyRJBbAL+3LuyehlXFuwIDAQAB
o4ICXjCCAlowHQYDVR0OBBYEFHpvgRPUaKICLOAmu9Ky2JAF3cGvMB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvZW0tQkU5Um9vZ0lzNENhNzByTFlrQVhkd2E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHQGCCsGAQUFBwEHAQH/BGUwYzBSBAIAATBMAwQCW2oYAwQB
W2oeAwQBXvAAAwQAXvAXMAwDBAVe8CADBABe8CgDBABe8CowDAMEAl7wLAMEA17w
MAMEAV7wPgMEArmLEAMEAcKYLjANBAIAAjAHAwUAKgFugDANBgkqhkiG9w0BAQsF
AAOCAQEAAozoBwRsaCbY2z/jF/guQoG0hxr3JHjAExt7nMXJThRzoouq6zAyk/3y
FFwjcUoa1IxHEEE1tqawvSZgOXEfi1H1tWKxAl7cSLKFSmeUauFxID6dNDQa19kF
z/9EmttyEj+xVWTGiR+ORctaQ5l6mUSb74Zqp1sJQXF+2pw2R7XizN4G9XjlyUxY
umAIOnb8V5MIj55nWZMrccMWREZowWCYqDRU9BkQ0ytitZAVcnJ6zUz22PiCof+h
DeOlG8a2qJWiEpJjbi+P3Cre4OcAcpp3Ba2eGjIPr16PHWxulmvx1+J0xkiC4hNW
LXDCBFrjBDDrk8sIN2bxbAsqDITvAg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:39:12 2024 by rpki-client on console-ams.rpki-client.org