Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/fizArLYl2XEmQoL1VPQinG5YhIw.roa
File: fizArLYl2XEmQoL1VPQinG5YhIw.roa (raw, json)
Hash identifier: 3zhcIC5+RZKu08HTFrz/ubYEOG8yvfvdCRQz+CL9AG8=
Subject key identifier: 7E:2C:C0:AC:B6:25:D9:71:26:42:82:F5:54:F4:22:9C:6E:58:84:8C
Certificate issuer: /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial: 018D3810F443C456F13D94531FE2DCB9F6CC
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/fizArLYl2XEmQoL1VPQinG5YhIw.roa
Signing time: Tue 23 Jan 2024 20:44:11 +0000
ROA not before: Tue 23 Jan 2024 20:44:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200598
IP address blocks: 24.235.22.0/23 maxlen: 24
31.187.92.0/22 maxlen: 24
50.20.224.0/20 maxlen: 24
66.9.96.0/20 maxlen: 24
66.117.8.0/22 maxlen: 24
69.72.72.0/22 maxlen: 24
74.124.204.0/22 maxlen: 24
77.223.192.0/21 maxlen: 24
77.223.200.0/23 maxlen: 24
79.110.184.0/22 maxlen: 24
79.139.64.0/23 maxlen: 24
83.142.200.0/21 maxlen: 24
85.204.28.0/23 maxlen: 24
86.106.28.0/23 maxlen: 24
89.20.50.0/23 maxlen: 24
89.37.60.0/23 maxlen: 24
89.39.184.0/23 maxlen: 24
89.40.236.0/23 maxlen: 24
91.210.80.0/22 maxlen: 24
91.217.106.0/23 maxlen: 24
94.101.103.0/24 maxlen: 24
95.215.144.0/22 maxlen: 24
121.127.48.0/20 maxlen: 24
128.0.60.0/22 maxlen: 24
134.199.80.0/20 maxlen: 24
141.193.108.0/22 maxlen: 24
141.193.214.0/23 maxlen: 24
158.247.56.0/22 maxlen: 24
162.216.138.0/23 maxlen: 24
162.250.216.0/22 maxlen: 24
168.149.248.0/23 maxlen: 24
173.214.200.0/22 maxlen: 24
176.111.54.0/23 maxlen: 24
176.222.48.0/22 maxlen: 24
178.216.184.0/21 maxlen: 24
188.215.12.0/22 maxlen: 24
192.200.192.0/19 maxlen: 24
193.91.8.0/23 maxlen: 24
194.149.76.0/22 maxlen: 24
195.78.90.0/23 maxlen: 24
198.14.16.0/20 maxlen: 24
198.145.112.0/22 maxlen: 24
199.48.230.0/23 maxlen: 24
204.15.4.0/22 maxlen: 24
205.134.244.0/22 maxlen: 24
205.220.216.0/23 maxlen: 24
217.144.108.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:38:10:f4:43:c4:56:f1:3d:94:53:1f:e2:dc:b9:f6:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Validity
Not Before: Jan 23 20:44:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7e2cc0acb625d971264282f554f4229c6e58848c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:52:fc:5f:34:f3:62:33:b3:5e:9b:45:8d:68:
d6:9f:3d:85:9b:b0:1c:ba:f2:52:f2:94:97:5a:ef:
e9:90:d5:22:bf:c5:a5:86:39:3b:87:d9:01:3f:e3:
bd:22:6e:c5:95:ce:47:f1:d0:c5:6c:5b:af:33:ad:
de:ee:df:a2:95:31:0d:73:fb:3d:14:78:fa:ff:22:
65:f8:46:9f:33:54:df:fe:44:61:f3:9b:c6:aa:a1:
ca:f9:23:3d:7a:58:68:3b:c7:cf:fe:18:0c:e6:96:
04:6b:6d:2d:61:cf:68:76:71:43:c5:9e:cb:f5:6e:
48:47:df:c8:7f:1e:24:24:57:cf:c8:9b:0c:8d:69:
ef:3c:60:d9:da:26:12:b7:f8:42:af:16:d8:c3:49:
4c:9f:e7:99:95:32:e0:8c:46:7a:7a:83:f0:63:c5:
67:82:96:f0:f2:d1:e0:c7:0d:a6:87:62:92:bc:d7:
7f:5f:e6:a7:1a:9c:f1:20:91:38:a7:c2:75:ed:ef:
7e:aa:42:e7:1b:44:ff:cc:13:6c:8f:c4:f4:fd:63:
38:a0:1b:50:a4:37:c9:74:c2:c6:3a:01:8a:0b:fe:
9b:79:b5:27:12:d4:9d:8b:b3:c1:42:9d:83:82:ae:
8e:d0:1d:49:33:7e:d9:52:48:3f:36:24:91:cc:5e:
45:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7E:2C:C0:AC:B6:25:D9:71:26:42:82:F5:54:F4:22:9C:6E:58:84:8C
X509v3 Authority Key Identifier:
keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/fizArLYl2XEmQoL1VPQinG5YhIw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
24.235.22.0/23
31.187.92.0/22
50.20.224.0/20
66.9.96.0/20
66.117.8.0/22
69.72.72.0/22
74.124.204.0/22
77.223.192.0-77.223.201.255
79.110.184.0/22
79.139.64.0/23
83.142.200.0/21
85.204.28.0/23
86.106.28.0/23
89.20.50.0/23
89.37.60.0/23
89.39.184.0/23
89.40.236.0/23
91.210.80.0/22
91.217.106.0/23
94.101.103.0/24
95.215.144.0/22
121.127.48.0/20
128.0.60.0/22
134.199.80.0/20
141.193.108.0/22
141.193.214.0/23
158.247.56.0/22
162.216.138.0/23
162.250.216.0/22
168.149.248.0/23
173.214.200.0/22
176.111.54.0/23
176.222.48.0/22
178.216.184.0/21
188.215.12.0/22
192.200.192.0/19
193.91.8.0/23
194.149.76.0/22
195.78.90.0/23
198.14.16.0/20
198.145.112.0/22
199.48.230.0/23
204.15.4.0/22
205.134.244.0/22
205.220.216.0/23
217.144.108.0/22
Signature Algorithm: sha256WithRSAEncryption
0b:40:8f:46:33:83:80:8a:b6:81:90:bb:98:e8:ed:bd:88:e1:
62:ea:fd:30:10:a5:1b:4c:7c:89:14:c7:41:8d:ef:45:7c:d3:
7b:d2:13:b1:8f:b6:d2:ca:7e:7e:7f:0c:22:e0:cb:c6:1a:1d:
97:7e:08:20:7d:08:41:e1:ff:f4:48:04:2f:cc:c3:2b:82:a8:
53:f0:a2:85:a6:f2:92:d2:f5:cf:5c:5f:5a:6f:27:9b:12:29:
24:3f:d8:87:2e:72:33:00:d5:dc:17:36:c2:af:ee:22:c2:04:
6b:fb:ec:c6:1d:77:32:6d:97:58:a4:50:fa:e2:d3:bd:ef:a0:
de:c8:5f:48:79:d6:7f:e9:88:b4:4b:13:f4:40:9e:0a:14:b3:
2a:38:7b:ad:b2:7b:b3:33:4a:05:b4:63:ba:8a:6e:20:bb:e5:
25:5f:c4:e5:79:e1:4a:8d:e0:93:b6:40:c5:17:23:f2:93:93:
b3:c9:b7:e8:12:0c:1f:e3:bf:7f:78:1c:39:51:5f:2a:67:98:
84:04:fa:31:fa:dc:bc:a4:72:fb:73:7a:f2:f8:e5:ee:f0:d1:
f6:f4:bd:01:0d:e4:db:06:24:2c:bd:8c:cc:14:cd:e4:a6:e7:
fe:1e:bc:12:75:1a:17:fa:fa:55:7d:5d:8f:7c:28:d8:fc:e9:
ec:19:ae:4d
-----BEGIN CERTIFICATE-----
MIIGHTCCBQWgAwIBAgISAY04EPRDxFbxPZRTH+LcufbMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjQwMTIzMjA0NDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZTJjYzBhY2I2MjVkOTcxMjY0MjgyZjU1NGY0MjI5YzZlNTg4NDhjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoVL8XzTzYjOzXptFjWjWnz2Fm7Ac
uvJS8pSXWu/pkNUiv8Wlhjk7h9kBP+O9Im7Flc5H8dDFbFuvM63e7t+ilTENc/s9
FHj6/yJl+EafM1Tf/kRh85vGqqHK+SM9elhoO8fP/hgM5pYEa20tYc9odnFDxZ7L
9W5IR9/Ifx4kJFfPyJsMjWnvPGDZ2iYSt/hCrxbYw0lMn+eZlTLgjEZ6eoPwY8Vn
gpbw8tHgxw2mh2KSvNd/X+anGpzxIJE4p8J17e9+qkLnG0T/zBNsj8T0/WM4oBtQ
pDfJdMLGOgGKC/6bebUnEtSdi7PBQp2Dgq6O0B1JM37ZUkg/NiSRzF5FqwIDAQAB
o4IDKTCCAyUwHQYDVR0OBBYEFH4swKy2JdlxJkKC9VT0IpxuWISMMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvZml6QXJMWWwyWEVtUW9MMVZQUWluRzVZaEl3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBPQYIKwYBBQUHAQcBAf8EggEsMIIBKDCCASQEAgABMIIB
HAMEARjrFgMEAh+7XAMEBDIU4AMEBEIJYAMEAkJ1CAMEAkVISAMEAkp8zDAMAwQG
Td/AAwQBTd/IAwQCT264AwQBT4tAAwQDU47IAwQBVcwcAwQBVmocAwQBWRQyAwQB
WSU8AwQBWSe4AwQBWSjsAwQCW9JQAwQBW9lqAwQAXmVnAwQCX9eQAwQEeX8wAwQC
gAA8AwQEhsdQAwQCjcFsAwQBjcHWAwQCnvc4AwQBotiKAwQCovrYAwQBqJX4AwQC
rdbIAwQBsG82AwQCsN4wAwQDsti4AwQCvNcMAwQFwMjAAwQBwVsIAwQCwpVMAwQB
w05aAwQExg4QAwQCxpFwAwQBxzDmAwQCzA8EAwQCzYb0AwQBzdzYAwQC2ZBsMA0G
CSqGSIb3DQEBCwUAA4IBAQALQI9GM4OAiraBkLuY6O29iOFi6v0wEKUbTHyJFMdB
je9FfNN70hOxj7bSyn5+fwwi4MvGGh2XfgggfQhB4f/0SAQvzMMrgqhT8KKFpvKS
0vXPXF9abyebEikkP9iHLnIzANXcFzbCr+4iwgRr++zGHXcybZdYpFD64tO976De
yF9IedZ/6Yi0SxP0QJ4KFLMqOHutsnuzM0oFtGO6im4gu+UlX8TleeFKjeCTtkDF
FyPyk5OzybfoEgwf479/eBw5UV8qZ5iEBPox+ty8pHL7c3ry+OXu8NH29L0BDeTb
BiQsvYzMFM3kpuf+HrwSdRoX+vpVfV2PfCjY/OnsGa5N
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:08:32 2025 by rpki-client