Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/2TAcJvPdhIGo79gZdrfdRWMcKlY.roa
File: 2TAcJvPdhIGo79gZdrfdRWMcKlY.roa (raw, json)
Hash identifier: VcYGUdRIvuUgFet7BVoVLnYILS+JbdOfNmNbAomTDhU=
Subject key identifier: D9:30:1C:26:F3:DD:84:81:A8:EF:D8:19:76:B7:DD:45:63:1C:2A:56
Certificate issuer: /CN=2f814adc1d5209e098f078adbc856bad83b749c2
Certificate serial: 0186506C2F9E8701422B7D8AD17DA0339125
Authority key identifier: 2F:81:4A:DC:1D:52:09:E0:98:F0:78:AD:BC:85:6B:AD:83:B7:49:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/L4FK3B1SCeCY8HitvIVrrYO3ScI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/2TAcJvPdhIGo79gZdrfdRWMcKlY.roa
Signing time: Tue 14 Feb 2023 14:55:12 +0000
ROA not before: Tue 14 Feb 2023 14:55:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60976
IP address blocks: 31.214.248.0/21 maxlen: 21
31.214.249.0/24 maxlen: 24
31.214.248.0/24 maxlen: 24
31.214.253.0/24 maxlen: 24
31.214.252.0/24 maxlen: 24
31.214.251.0/24 maxlen: 24
31.214.250.0/24 maxlen: 24
31.214.255.0/24 maxlen: 24
31.214.254.0/24 maxlen: 24
37.228.139.0/24 maxlen: 24
37.228.138.0/24 maxlen: 24
37.228.137.0/24 maxlen: 24
37.228.136.0/24 maxlen: 24
134.255.200.0/21 maxlen: 21
134.255.206.0/24 maxlen: 24
134.255.205.0/24 maxlen: 24
134.255.204.0/24 maxlen: 24
134.255.203.0/24 maxlen: 24
134.255.202.0/24 maxlen: 24
134.255.201.0/24 maxlen: 24
134.255.200.0/24 maxlen: 24
134.255.207.0/24 maxlen: 24
95.156.237.0/24 maxlen: 24
95.156.236.0/24 maxlen: 24
95.156.253.0/24 maxlen: 24
95.156.252.0/24 maxlen: 24
95.156.252.0/22 maxlen: 22
95.156.255.0/24 maxlen: 24
95.156.254.0/24 maxlen: 24
91.99.96.0/21 maxlen: 21
91.99.98.0/24 maxlen: 24
91.99.97.0/24 maxlen: 24
91.99.96.0/24 maxlen: 24
91.99.103.0/24 maxlen: 24
91.99.102.0/24 maxlen: 24
91.99.101.0/24 maxlen: 24
91.99.99.0/24 maxlen: 24
109.230.206.0/24 maxlen: 24
109.230.205.0/24 maxlen: 24
109.230.204.0/24 maxlen: 24
109.230.200.0/24 maxlen: 24
109.230.204.0/22 maxlen: 22
109.230.207.0/24 maxlen: 24
109.230.223.0/24 maxlen: 24
109.230.221.0/24 maxlen: 24
31.214.172.0/24 maxlen: 24
31.214.171.0/24 maxlen: 24
31.214.170.0/24 maxlen: 24
31.214.169.0/24 maxlen: 24
31.214.168.0/24 maxlen: 24
31.214.168.0/21 maxlen: 21
31.214.175.0/24 maxlen: 24
31.214.174.0/24 maxlen: 24
31.214.173.0/24 maxlen: 24
82.99.216.0/22 maxlen: 22
91.99.219.0/24 maxlen: 24
82.99.219.0/24 maxlen: 24
91.99.218.0/24 maxlen: 24
82.99.218.0/24 maxlen: 24
82.99.215.0/24 maxlen: 24
82.99.217.0/24 maxlen: 24
91.99.217.0/24 maxlen: 24
82.99.216.0/24 maxlen: 24
91.99.216.0/24 maxlen: 24
82.99.238.0/24 maxlen: 24
82.99.244.0/24 maxlen: 24
82.99.243.0/24 maxlen: 24
82.99.242.0/24 maxlen: 24
91.99.75.0/24 maxlen: 24
91.99.74.0/24 maxlen: 24
91.99.73.0/24 maxlen: 24
91.99.72.0/24 maxlen: 24
37.10.109.0/24 maxlen: 24
91.98.96.0/21 maxlen: 21
91.98.97.0/24 maxlen: 24
91.98.96.0/24 maxlen: 24
91.98.98.0/24 maxlen: 24
91.98.102.0/24 maxlen: 24
91.98.100.0/24 maxlen: 24
91.98.99.0/24 maxlen: 24
91.98.31.0/24 maxlen: 24
185.13.231.0/24 maxlen: 24
91.98.28.0/22 maxlen: 22
91.98.30.0/24 maxlen: 24
91.98.29.0/24 maxlen: 24
185.13.230.0/24 maxlen: 24
185.13.229.0/24 maxlen: 24
185.13.228.0/24 maxlen: 24
185.13.228.0/22 maxlen: 22
91.98.28.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:50:6c:2f:9e:87:01:42:2b:7d:8a:d1:7d:a0:33:91:25
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2f814adc1d5209e098f078adbc856bad83b749c2
Validity
Not Before: Feb 14 14:55:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d9301c26f3dd8481a8efd81976b7dd45631c2a56
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:eb:8f:62:99:35:09:41:15:4e:1b:f3:d4:a5:
1e:ba:fd:91:81:0c:18:97:7d:dc:fe:af:a5:95:34:
00:6f:cf:24:33:f6:d9:c8:13:1f:04:81:88:e9:1b:
b2:b0:f1:23:e5:01:0c:cd:1e:26:3d:ee:92:59:a5:
58:9c:f7:f3:a7:1d:62:d0:f9:89:07:a0:03:94:41:
9e:ba:80:72:42:49:f0:a3:44:12:4e:7c:bb:c5:93:
01:06:e4:03:09:b5:cf:1c:61:e1:48:7f:d5:73:10:
28:f3:53:72:74:62:1c:f3:6d:56:b6:ea:b7:86:15:
c5:4f:5c:8f:53:f7:67:76:1b:ed:42:b1:b7:b1:69:
c7:c7:b0:1f:1d:d5:d8:d7:de:a9:32:47:55:e8:ac:
da:16:3e:63:3b:6a:db:ab:09:e6:e0:f9:a6:14:0c:
07:b2:3c:43:85:58:99:18:2c:45:70:bd:25:59:36:
3f:74:3a:0d:91:f6:f6:1b:1e:4e:a5:fd:63:e9:d1:
3d:6c:1f:0e:ea:88:b1:6c:df:93:53:b1:b4:73:21:
d1:de:03:1f:42:7a:06:ab:17:03:f8:57:30:ad:34:
5b:41:f8:a3:46:eb:8d:a7:ed:52:5b:ce:7d:ea:ba:
f8:48:68:8f:59:a8:a7:41:79:fb:97:7e:53:05:b4:
b2:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:30:1C:26:F3:DD:84:81:A8:EF:D8:19:76:B7:DD:45:63:1C:2A:56
X509v3 Authority Key Identifier:
keyid:2F:81:4A:DC:1D:52:09:E0:98:F0:78:AD:BC:85:6B:AD:83:B7:49:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L4FK3B1SCeCY8HitvIVrrYO3ScI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/2TAcJvPdhIGo79gZdrfdRWMcKlY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/L4FK3B1SCeCY8HitvIVrrYO3ScI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.214.168.0/21
31.214.248.0/21
37.10.109.0/24
37.228.136.0/22
82.99.215.0-82.99.219.255
82.99.238.0/24
82.99.242.0-82.99.244.255
91.98.28.0/22
91.98.96.0/21
91.99.72.0/22
91.99.96.0/21
91.99.216.0/22
95.156.236.0/23
95.156.252.0/22
109.230.200.0/24
109.230.204.0/22
109.230.221.0/24
109.230.223.0/24
134.255.200.0/21
185.13.228.0/22
Signature Algorithm: sha256WithRSAEncryption
69:fd:b8:35:a1:24:41:d0:b0:74:75:e7:ae:9f:03:06:b1:f9:
2c:6a:5e:7c:cc:c6:96:30:52:8d:f6:e6:5c:22:68:a8:3c:e0:
2d:18:fd:d1:e7:2c:91:58:bb:90:24:7d:8e:76:37:38:7f:1a:
78:ad:b8:20:50:7e:af:86:08:c0:62:98:f4:90:b9:81:ed:f8:
eb:23:39:89:da:e8:db:be:7d:1d:83:00:91:84:fb:f6:5c:7e:
ab:a2:6c:79:b7:7e:20:85:ba:24:25:cb:e2:2d:9b:92:0d:48:
1d:d0:94:bd:29:b8:61:dc:18:35:36:dd:03:ed:9c:ca:7a:b1:
25:85:2b:be:f6:cb:fc:c8:d3:b7:bf:7c:ec:41:fe:8c:79:ee:
cd:8c:c4:89:39:74:a7:f0:4d:65:ac:31:09:8c:99:44:33:6f:
3a:5c:b5:1a:e2:a3:8c:c1:e1:d3:a7:bc:c4:86:c0:49:00:8f:
eb:8c:0f:15:5e:ed:ad:7e:1b:f6:86:1c:f7:4b:61:79:67:fd:
46:b6:08:85:d8:95:89:2f:d6:ed:bd:a1:55:b5:0c:be:5e:d2:
52:6c:44:20:06:8d:f6:c0:97:bd:cf:70:3b:fc:b3:8f:10:7b:
db:42:c0:29:aa:6e:38:9d:96:f7:c2:78:82:d6:c5:e1:f1:f6:
e0:f6:3f:99
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAYZQbC+ehwFCK32K0X2gM5ElMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmODE0YWRjMWQ1MjA5ZTA5OGYwNzhhZGJjODU2YmFkODNi
NzQ5YzIwHhcNMjMwMjE0MTQ1NTEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTMwMWMyNmYzZGQ4NDgxYThlZmQ4MTk3NmI3ZGQ0NTYzMWMyYTU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj+uPYpk1CUEVThvz1KUeuv2RgQwY
l33c/q+llTQAb88kM/bZyBMfBIGI6RuysPEj5QEMzR4mPe6SWaVYnPfzpx1i0PmJ
B6ADlEGeuoByQknwo0QSTny7xZMBBuQDCbXPHGHhSH/VcxAo81NydGIc821Wtuq3
hhXFT1yPU/dndhvtQrG3sWnHx7AfHdXY196pMkdV6KzaFj5jO2rbqwnm4PmmFAwH
sjxDhViZGCxFcL0lWTY/dDoNkfb2Gx5Opf1j6dE9bB8O6oixbN+TU7G0cyHR3gMf
QnoGqxcD+FcwrTRbQfijRuuNp+1SW8596rr4SGiPWainQXn7l35TBbSyLwIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFNkwHCbz3YSBqO/YGXa33UVjHCpWMB8GA1UdIwQY
MBaAFC+BStwdUgngmPB4rbyFa62Dt0nCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDRGSzNCMVNDZUNZOEhpdHZJVnJyWU8zU2NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8xM2UxMmEtMmJhYy00NzUyLTk5N2Qt
ZGY4NmI2ZGQ5OTdjLzEvMlRBY0p2UGRoSUdvNzlnWmRyZmRSV01jS2xZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8xM2UxMmEtMmJhYy00NzUyLTk5N2QtZGY4NmI2ZGQ5OTdj
LzEvTDRGSzNCMVNDZUNZOEhpdHZJVnJyWU8zU2NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGlBggrBgEFBQcBBwEB/wSBlTCBkjCBjwQCAAEwgYgDBAMf
1qgDBAMf1vgDBAAlCm0DBAIl5IgwDAMEAFJj1wMEAlJj2AMEAFJj7jAMAwQBUmPy
AwQAUmP0AwQCW2IcAwQDW2JgAwQCW2NIAwQDW2NgAwQCW2PYAwQBX5zsAwQCX5z8
AwQAbebIAwQCbebMAwQAbebdAwQAbebfAwQDhv/IAwQCuQ3kMA0GCSqGSIb3DQEB
CwUAA4IBAQBp/bg1oSRB0LB0deeunwMGsfksal58zMaWMFKN9uZcImioPOAtGP3R
5yyRWLuQJH2Odjc4fxp4rbggUH6vhgjAYpj0kLmB7fjrIzmJ2ujbvn0dgwCRhPv2
XH6romx5t34ghbokJcviLZuSDUgd0JS9Kbhh3Bg1Nt0D7ZzKerElhSu+9sv8yNO3
v3zsQf6Mee7NjMSJOXSn8E1lrDEJjJlEM286XLUa4qOMweHTp7zEhsBJAI/rjA8V
Xu2tfhv2hhz3S2F5Z/1GtgiF2JWJL9btvaFVtQy+XtJSbEQgBo32wJe9z3A7/LOP
EHvbQsApqm44nZb3wniC1sXh8fbg9j+Z
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:06 2024 by rpki-client on console-ams.rpki-client.org