Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/MEEIKspTJbNUjASraSkz_0aEuCI.roa
File: MEEIKspTJbNUjASraSkz_0aEuCI.roa (raw, json)
Hash identifier: hQQCefmmv8MDA7kIjhokT5v9pKgs/MZNvfaekiXrV9s=
Subject key identifier: 30:41:08:2A:CA:53:25:B3:54:8C:04:AB:69:29:33:FF:46:84:B8:22
Certificate issuer: /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial: 018BD29EB1B036CD8C9DCE9F3F1912E54477
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/MEEIKspTJbNUjASraSkz_0aEuCI.roa
Signing time: Wed 15 Nov 2023 10:54:57 +0000
ROA not before: Wed 15 Nov 2023 10:54:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200598
IP address blocks: 194.149.76.0/22 maxlen: 24
79.139.64.0/23 maxlen: 24
178.216.184.0/21 maxlen: 24
188.215.12.0/22 maxlen: 24
79.110.184.0/22 maxlen: 24
195.78.90.0/23 maxlen: 24
121.127.48.0/20 maxlen: 24
173.214.200.0/22 maxlen: 24
66.9.96.0/20 maxlen: 24
162.216.138.0/23 maxlen: 24
89.39.184.0/23 maxlen: 24
24.235.22.0/23 maxlen: 24
77.223.200.0/23 maxlen: 24
91.210.80.0/22 maxlen: 24
204.15.4.0/22 maxlen: 24
69.72.72.0/22 maxlen: 24
176.222.48.0/22 maxlen: 24
162.250.216.0/22 maxlen: 24
89.20.50.0/23 maxlen: 24
95.215.144.0/22 maxlen: 24
217.144.108.0/22 maxlen: 24
158.247.56.0/22 maxlen: 24
83.142.200.0/21 maxlen: 24
77.223.192.0/21 maxlen: 24
141.193.108.0/22 maxlen: 24
205.134.244.0/22 maxlen: 24
205.220.216.0/23 maxlen: 24
128.0.60.0/22 maxlen: 24
85.204.28.0/23 maxlen: 24
86.106.28.0/23 maxlen: 24
199.48.230.0/23 maxlen: 24
176.111.54.0/23 maxlen: 24
168.149.248.0/23 maxlen: 24
193.91.8.0/23 maxlen: 24
141.193.214.0/23 maxlen: 24
91.217.106.0/23 maxlen: 24
74.124.204.0/22 maxlen: 24
89.37.60.0/23 maxlen: 24
50.20.224.0/20 maxlen: 24
66.117.8.0/22 maxlen: 24
31.187.92.0/22 maxlen: 24
89.40.236.0/23 maxlen: 24
134.199.80.0/20 maxlen: 24
198.145.112.0/22 maxlen: 24
198.14.16.0/20 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:d2:9e:b1:b0:36:cd:8c:9d:ce:9f:3f:19:12:e5:44:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Validity
Not Before: Nov 15 10:54:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=3041082aca5325b3548c04ab692933ff4684b822
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:52:d9:ac:1a:d4:86:a0:23:31:ee:6e:a2:19:
d4:d1:01:36:3f:75:f8:70:2b:8a:29:62:b6:db:95:
e7:e0:4f:af:3a:44:57:d1:8c:6f:56:7a:13:8d:43:
85:d5:ed:26:0a:28:09:78:5b:b4:68:bd:f6:94:a8:
63:96:53:4f:e8:43:0f:e1:f2:de:ed:1d:27:3b:85:
53:79:9f:0e:ef:ab:b0:f4:98:f9:42:31:7f:43:54:
c1:c1:f8:ed:36:48:81:78:25:31:14:58:14:ff:85:
2b:36:13:a0:a5:1b:02:2b:42:a8:7f:85:a4:18:e6:
1b:9e:13:c4:ed:9b:19:6c:b7:d3:ad:ee:50:88:ab:
91:c7:42:22:8c:55:bc:f2:e1:17:4c:cc:c9:a9:77:
0b:54:6e:ed:74:85:9f:f9:03:70:c0:61:a9:ab:3b:
77:22:64:bd:e2:82:d3:d8:53:60:df:3f:be:51:60:
70:18:53:06:1e:90:ed:47:0c:c3:6e:f9:2f:3b:f5:
58:48:a1:ce:1f:c1:ab:72:a9:34:6e:f7:26:29:22:
b8:cd:ee:ee:02:74:11:ec:46:df:96:cb:01:49:96:
96:1e:80:ec:08:34:07:db:76:92:1d:95:4a:26:0a:
a9:8f:7f:e6:9a:1a:3b:f8:a6:ba:22:2b:fa:00:25:
58:13
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
30:41:08:2A:CA:53:25:B3:54:8C:04:AB:69:29:33:FF:46:84:B8:22
X509v3 Authority Key Identifier:
keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/MEEIKspTJbNUjASraSkz_0aEuCI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
24.235.22.0/23
31.187.92.0/22
50.20.224.0/20
66.9.96.0/20
66.117.8.0/22
69.72.72.0/22
74.124.204.0/22
77.223.192.0-77.223.201.255
79.110.184.0/22
79.139.64.0/23
83.142.200.0/21
85.204.28.0/23
86.106.28.0/23
89.20.50.0/23
89.37.60.0/23
89.39.184.0/23
89.40.236.0/23
91.210.80.0/22
91.217.106.0/23
95.215.144.0/22
121.127.48.0/20
128.0.60.0/22
134.199.80.0/20
141.193.108.0/22
141.193.214.0/23
158.247.56.0/22
162.216.138.0/23
162.250.216.0/22
168.149.248.0/23
173.214.200.0/22
176.111.54.0/23
176.222.48.0/22
178.216.184.0/21
188.215.12.0/22
193.91.8.0/23
194.149.76.0/22
195.78.90.0/23
198.14.16.0/20
198.145.112.0/22
199.48.230.0/23
204.15.4.0/22
205.134.244.0/22
205.220.216.0/23
217.144.108.0/22
Signature Algorithm: sha256WithRSAEncryption
0a:78:74:cd:32:ad:2d:90:dc:9f:b9:b4:13:80:b3:fb:a2:6f:
f6:54:a0:21:89:77:7c:e5:0e:98:c0:59:a8:9b:b8:4d:d7:af:
1f:de:61:7a:04:71:7c:1a:0a:3f:79:7d:3d:f0:89:92:b6:40:
af:50:1a:15:85:1a:e3:fc:9b:8c:40:a7:0c:e9:5f:27:01:7b:
fa:35:fe:a1:ae:e8:b2:c0:14:e8:4d:6f:43:ed:a5:94:38:3c:
31:80:66:1f:a3:d6:15:9b:62:2c:1d:3c:ec:05:3b:c5:e1:a0:
10:53:e8:56:fe:17:94:ab:92:4f:b5:c7:eb:11:ba:0c:4f:98:
1c:bf:35:a8:54:bf:7f:f5:cc:7a:2c:cd:ff:78:f9:3c:09:27:
45:67:81:26:5b:de:7a:0d:f8:5e:ac:c8:a7:1f:20:fd:7c:5d:
95:9c:a7:9d:b1:8b:09:81:96:2e:1f:e9:06:a1:fa:a1:10:59:
c2:8a:fe:c1:e2:f7:3c:6f:93:2a:c2:eb:8f:5b:ff:ca:a0:32:
a3:6e:fc:85:6f:04:a3:f8:cd:21:a3:83:23:d0:40:ad:20:ea:
11:00:20:18:46:18:4e:04:89:66:cd:8f:57:60:4a:ac:eb:43:
74:e8:11:08:30:c8:06:c8:6e:86:fb:82:0d:c8:24:30:01:2f:
d4:cc:1e:94
-----BEGIN CERTIFICATE-----
MIIGETCCBPmgAwIBAgISAYvSnrGwNs2Mnc6fPxkS5UR3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjMxMTE1MTA1NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMDQxMDgyYWNhNTMyNWIzNTQ4YzA0YWI2OTI5MzNmZjQ2ODRiODIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1LZrBrUhqAjMe5uohnU0QE2P3X4
cCuKKWK225Xn4E+vOkRX0YxvVnoTjUOF1e0mCigJeFu0aL32lKhjllNP6EMP4fLe
7R0nO4VTeZ8O76uw9Jj5QjF/Q1TBwfjtNkiBeCUxFFgU/4UrNhOgpRsCK0Kof4Wk
GOYbnhPE7ZsZbLfTre5QiKuRx0IijFW88uEXTMzJqXcLVG7tdIWf+QNwwGGpqzt3
ImS94oLT2FNg3z++UWBwGFMGHpDtRwzDbvkvO/VYSKHOH8Grcqk0bvcmKSK4ze7u
AnQR7EbflssBSZaWHoDsCDQH23aSHZVKJgqpj3/mmho7+Ka6Iiv6ACVYEwIDAQAB
o4IDHTCCAxkwHQYDVR0OBBYEFDBBCCrKUyWzVIwEq2kpM/9GhLgiMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvTUVFSUtzcFRKYk5VakFTcmFTa3pfMGFFdUNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBMQYIKwYBBQUHAQcBAf8EggEgMIIBHDCCARgEAgABMIIB
EAMEARjrFgMEAh+7XAMEBDIU4AMEBEIJYAMEAkJ1CAMEAkVISAMEAkp8zDAMAwQG
Td/AAwQBTd/IAwQCT264AwQBT4tAAwQDU47IAwQBVcwcAwQBVmocAwQBWRQyAwQB
WSU8AwQBWSe4AwQBWSjsAwQCW9JQAwQBW9lqAwQCX9eQAwQEeX8wAwQCgAA8AwQE
hsdQAwQCjcFsAwQBjcHWAwQCnvc4AwQBotiKAwQCovrYAwQBqJX4AwQCrdbIAwQB
sG82AwQCsN4wAwQDsti4AwQCvNcMAwQBwVsIAwQCwpVMAwQBw05aAwQExg4QAwQC
xpFwAwQBxzDmAwQCzA8EAwQCzYb0AwQBzdzYAwQC2ZBsMA0GCSqGSIb3DQEBCwUA
A4IBAQAKeHTNMq0tkNyfubQTgLP7om/2VKAhiXd85Q6YwFmom7hN168f3mF6BHF8
Ggo/eX098ImStkCvUBoVhRrj/JuMQKcM6V8nAXv6Nf6hruiywBToTW9D7aWUODwx
gGYfo9YVm2IsHTzsBTvF4aAQU+hW/heUq5JPtcfrEboMT5gcvzWoVL9/9cx6LM3/
ePk8CSdFZ4EmW956DfherMinHyD9fF2VnKedsYsJgZYuH+kGofqhEFnCiv7B4vc8
b5MqwuuPW//KoDKjbvyFbwSj+M0ho4Mj0ECtIOoRACAYRhhOBIlmzY9XYEqs60N0
6BEIMMgGyG6G+4INyCQwAS/UzB6U
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:01:15 2025 by rpki-client