Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/fRRgGXUB2Rxhf9FR3RYX6nxfOas.roa
File: fRRgGXUB2Rxhf9FR3RYX6nxfOas.roa (raw, json)
Hash identifier: wXBYnRp07K2Ts0DnPv8xnhIjwho1ZQ9BaGZUlLso2dY=
Subject key identifier: 7D:14:60:19:75:01:D9:1C:61:7F:D1:51:DD:16:17:EA:7C:5F:39:AB
Certificate issuer: /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial: 018BCF4E00603C4383A2379BAB6FC53B4DE2
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/fRRgGXUB2Rxhf9FR3RYX6nxfOas.roa
Signing time: Tue 14 Nov 2023 19:27:57 +0000
ROA not before: Tue 14 Nov 2023 19:27:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200598
IP address blocks: 194.149.76.0/22 maxlen: 24
79.139.64.0/23 maxlen: 24
178.216.184.0/21 maxlen: 24
188.215.12.0/22 maxlen: 24
79.110.184.0/22 maxlen: 24
195.78.90.0/23 maxlen: 24
121.127.48.0/20 maxlen: 24
173.214.200.0/22 maxlen: 24
66.9.96.0/20 maxlen: 24
162.216.138.0/23 maxlen: 24
89.39.184.0/23 maxlen: 24
24.235.22.0/23 maxlen: 24
77.223.200.0/23 maxlen: 24
91.210.80.0/22 maxlen: 24
204.15.4.0/22 maxlen: 24
69.72.72.0/22 maxlen: 24
176.222.48.0/22 maxlen: 24
162.250.216.0/22 maxlen: 24
89.20.50.0/23 maxlen: 24
95.215.144.0/22 maxlen: 24
217.144.108.0/22 maxlen: 24
83.142.200.0/21 maxlen: 24
77.223.192.0/21 maxlen: 24
141.193.108.0/22 maxlen: 24
205.134.244.0/22 maxlen: 24
205.220.216.0/23 maxlen: 24
128.0.60.0/22 maxlen: 24
85.204.28.0/23 maxlen: 24
86.106.28.0/23 maxlen: 24
199.48.230.0/23 maxlen: 24
176.111.54.0/23 maxlen: 24
168.149.248.0/23 maxlen: 24
193.91.8.0/23 maxlen: 24
141.193.214.0/23 maxlen: 24
91.217.106.0/23 maxlen: 24
74.124.204.0/22 maxlen: 24
89.37.60.0/23 maxlen: 24
50.20.224.0/20 maxlen: 24
66.117.8.0/22 maxlen: 24
31.187.92.0/22 maxlen: 24
89.40.236.0/23 maxlen: 24
134.199.80.0/20 maxlen: 24
198.145.112.0/22 maxlen: 24
198.14.16.0/20 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:cf:4e:00:60:3c:43:83:a2:37:9b:ab:6f:c5:3b:4d:e2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Validity
Not Before: Nov 14 19:27:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7d1460197501d91c617fd151dd1617ea7c5f39ab
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:81:b4:54:b6:60:68:58:21:af:68:a7:cd:68:
fa:c7:fa:3e:46:ff:fa:f1:79:3b:96:68:db:65:26:
e5:e1:3e:dd:5a:77:5e:02:8f:e2:7e:a9:64:70:c1:
fc:73:d3:07:07:8f:17:bc:7b:8c:ae:19:15:79:ca:
87:aa:1e:f0:5c:0b:c1:88:11:de:94:7f:77:a7:a3:
c9:88:e0:54:40:8d:5f:1d:59:ae:b8:07:20:8a:17:
a5:07:b2:5a:d3:c3:cd:4b:8c:97:a8:60:96:d9:ee:
c7:1f:96:88:51:5b:af:a4:ab:a7:4a:18:84:f3:2a:
32:a8:49:df:84:6e:3b:21:a2:e2:5a:bd:9c:50:94:
ba:73:84:98:76:a4:c0:74:ef:1b:9d:c2:b6:ba:0e:
dc:60:4a:dc:a5:3c:df:d6:c1:70:ee:2a:87:e8:57:
28:75:e5:81:49:6d:92:94:ac:d7:b2:7d:03:a4:1d:
b9:cc:7a:cf:dc:99:40:c5:f3:91:7a:e9:f2:71:19:
66:86:6d:02:d2:36:ef:0c:07:dd:be:eb:5a:39:af:
c0:c7:77:08:bf:53:74:71:45:a8:4a:d7:e2:d7:8c:
7d:c7:40:1e:9d:af:3d:be:ca:a6:c9:ea:28:0d:3e:
38:3a:5c:4f:e6:1e:99:fe:62:71:90:1b:41:b4:90:
c9:3f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:14:60:19:75:01:D9:1C:61:7F:D1:51:DD:16:17:EA:7C:5F:39:AB
X509v3 Authority Key Identifier:
keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/fRRgGXUB2Rxhf9FR3RYX6nxfOas.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
24.235.22.0/23
31.187.92.0/22
50.20.224.0/20
66.9.96.0/20
66.117.8.0/22
69.72.72.0/22
74.124.204.0/22
77.223.192.0-77.223.201.255
79.110.184.0/22
79.139.64.0/23
83.142.200.0/21
85.204.28.0/23
86.106.28.0/23
89.20.50.0/23
89.37.60.0/23
89.39.184.0/23
89.40.236.0/23
91.210.80.0/22
91.217.106.0/23
95.215.144.0/22
121.127.48.0/20
128.0.60.0/22
134.199.80.0/20
141.193.108.0/22
141.193.214.0/23
162.216.138.0/23
162.250.216.0/22
168.149.248.0/23
173.214.200.0/22
176.111.54.0/23
176.222.48.0/22
178.216.184.0/21
188.215.12.0/22
193.91.8.0/23
194.149.76.0/22
195.78.90.0/23
198.14.16.0/20
198.145.112.0/22
199.48.230.0/23
204.15.4.0/22
205.134.244.0/22
205.220.216.0/23
217.144.108.0/22
Signature Algorithm: sha256WithRSAEncryption
8d:ab:59:ed:63:af:3a:1a:8d:a6:a3:6a:bf:cf:9a:9e:c0:32:
ea:a5:e5:93:8a:ad:af:b4:f8:70:26:a2:8f:e1:16:d0:da:83:
fa:dc:c9:d0:cb:e3:af:73:ed:e9:c2:bc:93:b2:71:ac:77:f7:
4b:ef:54:a2:8f:7d:54:33:97:b1:6f:a0:8c:cf:17:b4:5a:ed:
4e:3b:22:aa:16:3c:4a:66:e0:4b:90:d8:19:11:3e:6a:3b:2b:
d8:ff:4a:6f:d6:73:9d:39:9d:fa:15:4b:51:22:98:a3:35:67:
ba:db:79:71:92:e2:e3:84:da:4c:81:c7:f3:d2:b2:a9:0c:18:
65:37:d3:e1:59:54:52:87:de:58:33:9c:9e:13:92:18:42:ca:
4f:48:2c:cd:ef:12:cc:ee:96:58:67:d5:6c:82:06:5b:a9:45:
78:a3:a2:18:13:17:71:66:9a:96:59:b1:54:e7:b3:e9:07:ea:
e5:56:4d:f4:a9:58:54:de:a9:f5:bf:7d:95:59:2f:19:1f:8d:
03:59:5f:65:42:84:98:f3:c2:97:ea:01:38:6a:e3:5a:90:ef:
2b:17:a2:f0:d3:87:41:cb:d2:7d:a8:63:26:6a:1b:a3:26:87:
d3:60:86:1e:1a:af:b1:a1:fc:dd:6c:b7:94:bc:77:f9:a7:fd:
e9:eb:56:db
-----BEGIN CERTIFICATE-----
MIIGCzCCBPOgAwIBAgISAYvPTgBgPEODojebq2/FO03iMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjMxMTE0MTkyNzU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZDE0NjAxOTc1MDFkOTFjNjE3ZmQxNTFkZDE2MTdlYTdjNWYzOWFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4YG0VLZgaFghr2inzWj6x/o+Rv/6
8Xk7lmjbZSbl4T7dWndeAo/ifqlkcMH8c9MHB48XvHuMrhkVecqHqh7wXAvBiBHe
lH93p6PJiOBUQI1fHVmuuAcgihelB7Ja08PNS4yXqGCW2e7HH5aIUVuvpKunShiE
8yoyqEnfhG47IaLiWr2cUJS6c4SYdqTAdO8bncK2ug7cYErcpTzf1sFw7iqH6Fco
deWBSW2SlKzXsn0DpB25zHrP3JlAxfOReunycRlmhm0C0jbvDAfdvutaOa/Ax3cI
v1N0cUWoStfi14x9x0Aena89vsqmyeooDT44OlxP5h6Z/mJxkBtBtJDJPwIDAQAB
o4IDFzCCAxMwHQYDVR0OBBYEFH0UYBl1AdkcYX/RUd0WF+p8XzmrMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvZlJSZ0dYVUIyUnhoZjlGUjNSWVg2bnhmT2FzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKwYIKwYBBQUHAQcBAf8EggEaMIIBFjCCARIEAgABMIIB
CgMEARjrFgMEAh+7XAMEBDIU4AMEBEIJYAMEAkJ1CAMEAkVISAMEAkp8zDAMAwQG
Td/AAwQBTd/IAwQCT264AwQBT4tAAwQDU47IAwQBVcwcAwQBVmocAwQBWRQyAwQB
WSU8AwQBWSe4AwQBWSjsAwQCW9JQAwQBW9lqAwQCX9eQAwQEeX8wAwQCgAA8AwQE
hsdQAwQCjcFsAwQBjcHWAwQBotiKAwQCovrYAwQBqJX4AwQCrdbIAwQBsG82AwQC
sN4wAwQDsti4AwQCvNcMAwQBwVsIAwQCwpVMAwQBw05aAwQExg4QAwQCxpFwAwQB
xzDmAwQCzA8EAwQCzYb0AwQBzdzYAwQC2ZBsMA0GCSqGSIb3DQEBCwUAA4IBAQCN
q1ntY686Go2mo2q/z5qewDLqpeWTiq2vtPhwJqKP4RbQ2oP63MnQy+Ovc+3pwryT
snGsd/dL71Sij31UM5exb6CMzxe0Wu1OOyKqFjxKZuBLkNgZET5qOyvY/0pv1nOd
OZ36FUtRIpijNWe623lxkuLjhNpMgcfz0rKpDBhlN9PhWVRSh95YM5yeE5IYQspP
SCzN7xLM7pZYZ9VsggZbqUV4o6IYExdxZpqWWbFU57PpB+rlVk30qVhU3qn1v32V
WS8ZH40DWV9lQoSY88KX6gE4auNakO8rF6Lw04dBy9J9qGMmahujJofTYIYeGq+x
ofzdbLeUvHf5p/3p61bb
-----END CERTIFICATE-----
Generated at Wed Feb 19 21:59:59 2025 by rpki-client