Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/o-75A13TRa96Ls63PzDv_X0lZFA.roa
File: o-75A13TRa96Ls63PzDv_X0lZFA.roa (raw, json)
Hash identifier: csjEvSgaUmFcWSllBW64rQLbXFulwF/7poPYjhys3wc=
Subject key identifier: A3:EE:F9:03:5D:D3:45:AF:7A:2E:CE:B7:3F:30:EF:FD:7D:25:64:50
Certificate issuer: /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial: 018CC94AADCAFEFF71745F31BEB9E8A57874
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/o-75A13TRa96Ls63PzDv_X0lZFA.roa
Signing time: Tue 02 Jan 2024 08:29:23 +0000
ROA not before: Tue 02 Jan 2024 08:29:23 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200598
IP address blocks: 194.149.76.0/22 maxlen: 24
79.139.64.0/23 maxlen: 24
178.216.184.0/21 maxlen: 24
188.215.12.0/22 maxlen: 24
79.110.184.0/22 maxlen: 24
195.78.90.0/23 maxlen: 24
121.127.48.0/20 maxlen: 24
173.214.200.0/22 maxlen: 24
66.9.96.0/20 maxlen: 24
162.216.138.0/23 maxlen: 24
89.39.184.0/23 maxlen: 24
24.235.22.0/23 maxlen: 24
77.223.200.0/23 maxlen: 24
91.210.80.0/22 maxlen: 24
204.15.4.0/22 maxlen: 24
69.72.72.0/22 maxlen: 24
176.222.48.0/22 maxlen: 24
162.250.216.0/22 maxlen: 24
89.20.50.0/23 maxlen: 24
95.215.144.0/22 maxlen: 24
217.144.108.0/22 maxlen: 24
158.247.56.0/22 maxlen: 24
83.142.200.0/21 maxlen: 24
77.223.192.0/21 maxlen: 24
141.193.108.0/22 maxlen: 24
205.134.244.0/22 maxlen: 24
205.220.216.0/23 maxlen: 24
128.0.60.0/22 maxlen: 24
85.204.28.0/23 maxlen: 24
192.200.192.0/19 maxlen: 24
86.106.28.0/23 maxlen: 24
199.48.230.0/23 maxlen: 24
176.111.54.0/23 maxlen: 24
168.149.248.0/23 maxlen: 24
193.91.8.0/23 maxlen: 24
141.193.214.0/23 maxlen: 24
91.217.106.0/23 maxlen: 24
74.124.204.0/22 maxlen: 24
89.37.60.0/23 maxlen: 24
50.20.224.0/20 maxlen: 24
66.117.8.0/22 maxlen: 24
31.187.92.0/22 maxlen: 24
89.40.236.0/23 maxlen: 24
134.199.80.0/20 maxlen: 24
198.145.112.0/22 maxlen: 24
198.14.16.0/20 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:4a:ad:ca:fe:ff:71:74:5f:31:be:b9:e8:a5:78:74
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Validity
Not Before: Jan 2 08:29:23 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a3eef9035dd345af7a2eceb73f30effd7d256450
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:69:c5:64:f0:6b:73:be:39:d7:f2:75:ff:74:
8c:80:c9:a8:c3:b8:4c:5c:58:b5:62:91:fc:62:3e:
74:b6:22:61:17:fc:a5:a2:8d:e7:92:e4:e6:d9:d3:
60:bb:31:bf:82:88:b2:ca:4a:cc:c4:1d:fd:6b:25:
35:09:8f:dd:e2:b6:c0:6b:a7:55:cd:2d:00:38:80:
0c:d0:22:81:f2:51:f9:74:0b:f5:bd:18:f5:0b:f6:
21:94:5b:84:e8:9b:0a:a5:da:80:70:d2:0f:80:46:
b1:a3:3e:89:f5:5c:b9:82:c1:1a:8e:d1:55:3c:b8:
c7:dd:33:37:65:cc:75:25:47:b0:fc:8e:e3:94:9c:
53:ab:0d:3d:cf:80:82:af:69:9c:bb:21:83:4b:3f:
cb:6b:7f:ea:17:1b:94:3f:12:6f:d8:13:80:0d:a4:
c7:d3:e2:f4:88:a1:d1:53:77:26:18:cd:b7:76:7f:
74:ee:48:7a:89:ca:4d:3d:d9:7e:c1:14:7e:d4:23:
d7:47:7e:b2:9a:a0:1c:ec:68:ee:96:77:72:de:d2:
97:99:1c:48:e3:13:11:dc:85:a5:d5:f1:29:9c:a9:
c4:1b:45:63:8a:31:d5:18:67:25:fe:13:58:e5:58:
03:b0:b4:99:b7:71:44:e1:f2:c4:a8:65:51:46:43:
9d:97
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A3:EE:F9:03:5D:D3:45:AF:7A:2E:CE:B7:3F:30:EF:FD:7D:25:64:50
X509v3 Authority Key Identifier:
keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/o-75A13TRa96Ls63PzDv_X0lZFA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
24.235.22.0/23
31.187.92.0/22
50.20.224.0/20
66.9.96.0/20
66.117.8.0/22
69.72.72.0/22
74.124.204.0/22
77.223.192.0-77.223.201.255
79.110.184.0/22
79.139.64.0/23
83.142.200.0/21
85.204.28.0/23
86.106.28.0/23
89.20.50.0/23
89.37.60.0/23
89.39.184.0/23
89.40.236.0/23
91.210.80.0/22
91.217.106.0/23
95.215.144.0/22
121.127.48.0/20
128.0.60.0/22
134.199.80.0/20
141.193.108.0/22
141.193.214.0/23
158.247.56.0/22
162.216.138.0/23
162.250.216.0/22
168.149.248.0/23
173.214.200.0/22
176.111.54.0/23
176.222.48.0/22
178.216.184.0/21
188.215.12.0/22
192.200.192.0/19
193.91.8.0/23
194.149.76.0/22
195.78.90.0/23
198.14.16.0/20
198.145.112.0/22
199.48.230.0/23
204.15.4.0/22
205.134.244.0/22
205.220.216.0/23
217.144.108.0/22
Signature Algorithm: sha256WithRSAEncryption
6c:e3:d9:d3:14:e5:93:a3:17:da:72:42:a0:4e:de:eb:4c:f0:
6a:c0:f9:e7:a2:4c:23:bb:98:14:5f:34:79:d2:3a:f0:e7:91:
63:36:1f:56:0e:c4:e1:15:d5:e3:c6:72:eb:b1:0b:a7:bf:d9:
53:23:08:4d:52:29:9e:3f:88:3a:f0:43:93:4d:62:3f:d3:a4:
75:68:69:65:cd:cc:03:0a:99:42:7a:91:01:56:b5:41:c6:a3:
53:c3:39:f6:d0:44:3f:20:a0:44:2a:f7:38:2b:8d:25:67:13:
e2:c5:5d:c0:72:3e:4a:d4:d3:75:0b:eb:1a:26:dd:e1:48:87:
a3:f3:f3:ea:94:93:d8:8a:3d:ca:56:8a:d8:f5:a8:c4:ad:b4:
53:bd:77:16:09:01:b9:3b:07:8c:5a:ae:ad:b0:fc:8f:54:22:
0a:fd:55:37:07:c6:6d:92:a7:c2:e0:89:28:3d:9a:36:9c:95:
4f:ea:b9:03:27:af:fd:b3:d3:a0:49:9d:bb:3b:55:97:ce:6c:
64:66:24:58:bd:c9:55:31:60:4a:d0:21:18:ac:0e:5b:16:b8:
d0:26:48:5c:43:8e:ab:e4:d2:af:58:cb:fe:12:11:aa:ec:f7:
bf:a1:4f:81:af:be:49:0c:3f:49:e8:a9:a5:e9:28:75:bc:62:
43:66:26:2e
-----BEGIN CERTIFICATE-----
MIIGFzCCBP+gAwIBAgISAYzJSq3K/v9xdF8xvrnopXh0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjQwMTAyMDgyOTIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhM2VlZjkwMzVkZDM0NWFmN2EyZWNlYjczZjMwZWZmZDdkMjU2NDUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiWnFZPBrc7451/J1/3SMgMmow7hM
XFi1YpH8Yj50tiJhF/yloo3nkuTm2dNguzG/goiyykrMxB39ayU1CY/d4rbAa6dV
zS0AOIAM0CKB8lH5dAv1vRj1C/YhlFuE6JsKpdqAcNIPgEaxoz6J9Vy5gsEajtFV
PLjH3TM3Zcx1JUew/I7jlJxTqw09z4CCr2mcuyGDSz/La3/qFxuUPxJv2BOADaTH
0+L0iKHRU3cmGM23dn907kh6icpNPdl+wRR+1CPXR36ymqAc7Gjulndy3tKXmRxI
4xMR3IWl1fEpnKnEG0VjijHVGGcl/hNY5VgDsLSZt3FE4fLEqGVRRkOdlwIDAQAB
o4IDIzCCAx8wHQYDVR0OBBYEFKPu+QNd00Wvei7Otz8w7/19JWRQMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvby03NUExM1RSYTk2THM2M1B6RHZfWDBsWkZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBNwYIKwYBBQUHAQcBAf8EggEmMIIBIjCCAR4EAgABMIIB
FgMEARjrFgMEAh+7XAMEBDIU4AMEBEIJYAMEAkJ1CAMEAkVISAMEAkp8zDAMAwQG
Td/AAwQBTd/IAwQCT264AwQBT4tAAwQDU47IAwQBVcwcAwQBVmocAwQBWRQyAwQB
WSU8AwQBWSe4AwQBWSjsAwQCW9JQAwQBW9lqAwQCX9eQAwQEeX8wAwQCgAA8AwQE
hsdQAwQCjcFsAwQBjcHWAwQCnvc4AwQBotiKAwQCovrYAwQBqJX4AwQCrdbIAwQB
sG82AwQCsN4wAwQDsti4AwQCvNcMAwQFwMjAAwQBwVsIAwQCwpVMAwQBw05aAwQE
xg4QAwQCxpFwAwQBxzDmAwQCzA8EAwQCzYb0AwQBzdzYAwQC2ZBsMA0GCSqGSIb3
DQEBCwUAA4IBAQBs49nTFOWToxfackKgTt7rTPBqwPnnokwju5gUXzR50jrw55Fj
Nh9WDsThFdXjxnLrsQunv9lTIwhNUimeP4g68EOTTWI/06R1aGllzcwDCplCepEB
VrVBxqNTwzn20EQ/IKBEKvc4K40lZxPixV3Acj5K1NN1C+saJt3hSIej8/PqlJPY
ij3KVorY9ajErbRTvXcWCQG5OweMWq6tsPyPVCIK/VU3B8ZtkqfC4IkoPZo2nJVP
6rkDJ6/9s9OgSZ27O1WXzmxkZiRYvclVMWBK0CEYrA5bFrjQJkhcQ46r5NKvWMv+
EhGq7Pe/oU+Br75JDD9J6Kml6Sh1vGJDZiYu
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:10:30 2025 by rpki-client