Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/vm4y9Vkwec9goYKQKWUga6L7TAM.roa
File: vm4y9Vkwec9goYKQKWUga6L7TAM.roa (raw, json)
Hash identifier: +1FzEh2kE9EpumcfuKzf8P3nwBQOlgVfiXWRoHwtTi8=
Subject key identifier: BE:6E:32:F5:59:30:79:CF:60:A1:82:90:29:65:20:6B:A2:FB:4C:03
Certificate issuer: /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial: 018A848C253EF99844640499E02AA634225C
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/vm4y9Vkwec9goYKQKWUga6L7TAM.roa
Signing time: Mon 11 Sep 2023 14:01:31 +0000
ROA not before: Mon 11 Sep 2023 14:01:31 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200598
IP address blocks: 205.134.244.0/22 maxlen: 24
194.149.76.0/22 maxlen: 24
128.0.60.0/22 maxlen: 24
188.215.12.0/22 maxlen: 24
79.110.184.0/22 maxlen: 24
121.127.48.0/20 maxlen: 24
173.214.200.0/22 maxlen: 24
66.9.96.0/20 maxlen: 24
74.124.204.0/22 maxlen: 24
91.210.80.0/22 maxlen: 24
50.20.224.0/20 maxlen: 24
204.15.4.0/22 maxlen: 24
69.72.72.0/22 maxlen: 24
162.250.216.0/22 maxlen: 24
95.215.144.0/22 maxlen: 24
66.117.8.0/22 maxlen: 24
31.187.92.0/22 maxlen: 24
217.144.108.0/22 maxlen: 24
134.199.80.0/20 maxlen: 24
198.145.112.0/22 maxlen: 24
141.193.108.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:84:8c:25:3e:f9:98:44:64:04:99:e0:2a:a6:34:22:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Validity
Not Before: Sep 11 14:01:31 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=be6e32f5593079cf60a182902965206ba2fb4c03
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:6b:7a:82:e8:5a:46:21:4f:9a:6d:3c:1f:24:
b4:c2:b9:c2:b9:e2:8c:90:a6:ae:23:4b:e9:b4:ae:
1e:a5:93:f8:ba:66:a1:64:5c:ee:7d:23:27:05:25:
66:35:4a:7d:76:09:ec:3f:b6:fb:bf:ac:8e:1a:ac:
32:61:4d:29:0c:5c:e5:62:0d:aa:62:c8:61:c2:93:
db:6b:32:2d:5e:97:b3:f7:9a:4b:84:ee:26:15:6c:
6f:2a:75:a2:b0:59:0e:22:8f:2f:ef:23:2a:61:be:
7f:05:9f:2d:26:5e:8d:1e:17:d0:90:f1:b2:fd:08:
42:58:12:62:d0:94:a1:65:4f:67:3e:be:65:c7:59:
03:c1:70:c8:ba:dd:31:22:cb:61:0c:3e:e3:89:7c:
fd:7b:6f:bf:6a:8d:c2:6c:d3:51:6e:da:34:11:57:
9a:bd:42:0e:24:d1:4f:92:f6:71:a9:c1:0f:9c:4b:
f3:38:1a:e4:f5:56:0d:61:10:d9:30:0f:9a:89:a6:
b3:73:a9:e7:02:c9:78:56:50:85:0b:ec:d8:48:5d:
7d:f3:16:9c:15:ba:3f:9c:71:71:6b:f7:5f:48:a7:
8a:5d:93:74:9d:9f:04:aa:fc:9d:ab:9c:66:d8:23:
fa:fb:8e:c9:90:ce:ad:e8:42:26:ae:6e:10:ce:67:
a0:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BE:6E:32:F5:59:30:79:CF:60:A1:82:90:29:65:20:6B:A2:FB:4C:03
X509v3 Authority Key Identifier:
keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/vm4y9Vkwec9goYKQKWUga6L7TAM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.187.92.0/22
50.20.224.0/20
66.9.96.0/20
66.117.8.0/22
69.72.72.0/22
74.124.204.0/22
79.110.184.0/22
91.210.80.0/22
95.215.144.0/22
121.127.48.0/20
128.0.60.0/22
134.199.80.0/20
141.193.108.0/22
162.250.216.0/22
173.214.200.0/22
188.215.12.0/22
194.149.76.0/22
198.145.112.0/22
204.15.4.0/22
205.134.244.0/22
217.144.108.0/22
Signature Algorithm: sha256WithRSAEncryption
08:6f:0c:c6:66:0f:4b:4b:42:fa:99:41:be:72:dc:3b:07:1d:
a4:0b:f2:db:6c:b2:9e:2e:fd:34:79:ad:b7:b7:ed:ee:c1:4c:
b3:11:d0:45:34:d5:70:3f:54:8d:82:f6:46:30:40:1f:8f:66:
47:98:82:83:39:73:e9:58:9e:e3:a4:7e:7a:ef:f7:71:28:69:
fb:d1:79:5e:96:f1:fd:24:8b:88:b7:f8:5b:8c:ba:fb:f8:1d:
75:b8:3f:90:8c:5b:8f:19:09:cc:ec:dc:05:08:0a:ab:07:f2:
1d:d8:6c:c9:81:70:bc:38:d8:46:d4:56:75:65:c1:cd:42:3b:
82:dd:2b:e3:84:78:a9:4e:3b:a2:63:4f:38:fc:09:b6:70:a9:
52:b5:ec:28:d8:1e:c5:94:18:6f:88:65:39:c1:f5:e3:82:02:
0c:d5:dd:e6:d2:c0:97:52:e3:e6:91:70:fc:0d:a6:4f:05:00:
e4:0a:5a:14:80:65:35:f8:5d:47:c6:55:e0:60:7f:93:24:0a:
28:83:67:1d:57:06:8f:0d:28:d4:4b:6b:6c:d8:06:b7:65:af:
6c:44:58:08:75:53:97:c4:79:d5:99:d4:04:5c:7f:59:35:31:
a0:8a:9d:67:17:d0:1f:fa:5a:21:5b:e3:6d:3a:76:98:29:b5:
be:70:16:e2
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgISAYqEjCU++ZhEZASZ4CqmNCJcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjMwOTExMTQwMTMxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiZTZlMzJmNTU5MzA3OWNmNjBhMTgyOTAyOTY1MjA2YmEyZmI0YzAzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp2t6guhaRiFPmm08HyS0wrnCueKM
kKauI0vptK4epZP4umahZFzufSMnBSVmNUp9dgnsP7b7v6yOGqwyYU0pDFzlYg2q
YshhwpPbazItXpez95pLhO4mFWxvKnWisFkOIo8v7yMqYb5/BZ8tJl6NHhfQkPGy
/QhCWBJi0JShZU9nPr5lx1kDwXDIut0xIsthDD7jiXz9e2+/ao3CbNNRbto0EVea
vUIOJNFPkvZxqcEPnEvzOBrk9VYNYRDZMA+aiaazc6nnAsl4VlCFC+zYSF198xac
Fbo/nHFxa/dfSKeKXZN0nZ8Eqvydq5xm2CP6+47JkM6t6EImrm4QzmegNwIDAQAB
o4IChTCCAoEwHQYDVR0OBBYEFL5uMvVZMHnPYKGCkCllIGui+0wDMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvdm00eTlWa3dlYzlnb1lLUUtXVWdhNkw3VEFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGaBggrBgEFBQcBBwEB/wSBijCBhzCBhAQCAAEwfgMEAh+7
XAMEBDIU4AMEBEIJYAMEAkJ1CAMEAkVISAMEAkp8zAMEAk9uuAMEAlvSUAMEAl/X
kAMEBHl/MAMEAoAAPAMEBIbHUAMEAo3BbAMEAqL62AMEAq3WyAMEArzXDAMEAsKV
TAMEAsaRcAMEAswPBAMEAs2G9AMEAtmQbDANBgkqhkiG9w0BAQsFAAOCAQEACG8M
xmYPS0tC+plBvnLcOwcdpAvy22yyni79NHmtt7ft7sFMsxHQRTTVcD9UjYL2RjBA
H49mR5iCgzlz6Vie46R+eu/3cShp+9F5Xpbx/SSLiLf4W4y6+/gddbg/kIxbjxkJ
zOzcBQgKqwfyHdhsyYFwvDjYRtRWdWXBzUI7gt0r44R4qU47omNPOPwJtnCpUrXs
KNgexZQYb4hlOcH144ICDNXd5tLAl1Lj5pFw/A2mTwUA5ApaFIBlNfhdR8ZV4GB/
kyQKKINnHVcGjw0o1EtrbNgGt2WvbERYCHVTl8R51ZnUBFx/WTUxoIqdZxfQH/pa
IVvjbTp2mCm1vnAW4g==
-----END CERTIFICATE-----
Generated at Wed Feb 19 22:05:45 2025 by rpki-client