Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/SsFxvkG4WVNcBZTZHAf_EXXT0rM.roa
File: SsFxvkG4WVNcBZTZHAf_EXXT0rM.roa (raw, json)
Hash identifier: mTFz7I6qNFq4oY24iljeC4aBbbg1rMUxkfKBQU9P7Bk=
Subject key identifier: 4A:C1:71:BE:41:B8:59:53:5C:05:94:D9:1C:07:FF:11:75:D3:D2:B3
Certificate issuer: /CN=2f814adc1d5209e098f078adbc856bad83b749c2
Certificate serial: 0183C1E113C5538FA7B22A7037EAC6960E4F
Authority key identifier: 2F:81:4A:DC:1D:52:09:E0:98:F0:78:AD:BC:85:6B:AD:83:B7:49:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/L4FK3B1SCeCY8HitvIVrrYO3ScI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/SsFxvkG4WVNcBZTZHAf_EXXT0rM.roa
Signing time: Mon 10 Oct 2022 12:31:36 +0000
ROA not before: Mon 10 Oct 2022 12:31:36 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 60976
IP address blocks: 31.214.248.0/21 maxlen: 21
31.214.249.0/24 maxlen: 24
31.214.248.0/24 maxlen: 24
31.214.253.0/24 maxlen: 24
31.214.252.0/24 maxlen: 24
31.214.251.0/24 maxlen: 24
31.214.250.0/24 maxlen: 24
31.214.255.0/24 maxlen: 24
31.214.254.0/24 maxlen: 24
37.228.139.0/24 maxlen: 24
37.228.138.0/24 maxlen: 24
37.228.137.0/24 maxlen: 24
37.228.136.0/24 maxlen: 24
134.255.200.0/21 maxlen: 21
134.255.206.0/24 maxlen: 24
134.255.205.0/24 maxlen: 24
134.255.204.0/24 maxlen: 24
134.255.203.0/24 maxlen: 24
134.255.202.0/24 maxlen: 24
134.255.201.0/24 maxlen: 24
134.255.200.0/24 maxlen: 24
95.156.237.0/24 maxlen: 24
95.156.236.0/24 maxlen: 24
95.156.253.0/24 maxlen: 24
95.156.252.0/24 maxlen: 24
95.156.252.0/22 maxlen: 22
95.156.255.0/24 maxlen: 24
95.156.254.0/24 maxlen: 24
91.99.96.0/21 maxlen: 21
91.99.98.0/24 maxlen: 24
91.99.97.0/24 maxlen: 24
91.99.96.0/24 maxlen: 24
91.99.103.0/24 maxlen: 24
91.99.102.0/24 maxlen: 24
91.99.101.0/24 maxlen: 24
91.99.99.0/24 maxlen: 24
31.214.172.0/24 maxlen: 24
31.214.171.0/24 maxlen: 24
31.214.170.0/24 maxlen: 24
31.214.169.0/24 maxlen: 24
31.214.168.0/24 maxlen: 24
31.214.168.0/21 maxlen: 21
31.214.175.0/24 maxlen: 24
31.214.174.0/24 maxlen: 24
31.214.173.0/24 maxlen: 24
82.99.216.0/22 maxlen: 22
91.99.219.0/24 maxlen: 24
82.99.219.0/24 maxlen: 24
91.99.218.0/24 maxlen: 24
82.99.218.0/24 maxlen: 24
82.99.215.0/24 maxlen: 24
82.99.217.0/24 maxlen: 24
91.99.217.0/24 maxlen: 24
82.99.216.0/24 maxlen: 24
91.99.216.0/24 maxlen: 24
82.99.238.0/24 maxlen: 24
82.99.244.0/24 maxlen: 24
82.99.243.0/24 maxlen: 24
82.99.242.0/24 maxlen: 24
91.99.75.0/24 maxlen: 24
91.99.74.0/24 maxlen: 24
91.99.73.0/24 maxlen: 24
91.99.72.0/24 maxlen: 24
91.98.96.0/21 maxlen: 21
91.98.97.0/24 maxlen: 24
91.98.96.0/24 maxlen: 24
91.98.98.0/24 maxlen: 24
91.98.102.0/24 maxlen: 24
91.98.100.0/24 maxlen: 24
91.98.99.0/24 maxlen: 24
91.98.31.0/24 maxlen: 24
185.13.231.0/24 maxlen: 24
91.98.28.0/22 maxlen: 22
91.98.30.0/24 maxlen: 24
91.98.29.0/24 maxlen: 24
185.13.230.0/24 maxlen: 24
185.13.229.0/24 maxlen: 24
185.13.228.0/24 maxlen: 24
185.13.228.0/22 maxlen: 22
91.98.28.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:c1:e1:13:c5:53:8f:a7:b2:2a:70:37:ea:c6:96:0e:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2f814adc1d5209e098f078adbc856bad83b749c2
Validity
Not Before: Oct 10 12:31:36 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=4ac171be41b859535c0594d91c07ff1175d3d2b3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:e6:ba:e6:9a:24:5c:b4:d0:40:06:58:ac:6a:
0f:e1:69:ba:27:50:05:74:af:73:84:cd:9a:f6:5a:
43:91:97:9a:06:08:c6:fe:75:55:6b:64:61:98:0a:
0e:21:8e:4d:48:e4:d5:f7:60:03:42:1d:ec:7d:45:
17:7e:e1:51:d4:44:e7:bc:4b:a5:4b:d4:05:ba:e3:
68:ea:59:fa:bc:d6:5c:23:a0:10:ae:ee:e1:20:52:
69:ed:81:c2:8a:df:41:c9:d7:39:42:27:5d:9f:ae:
5f:b8:5b:e4:a5:9a:7d:d5:ce:5d:e7:28:e2:22:45:
53:88:0a:33:f2:e3:b2:00:12:a4:ad:d3:d5:fa:ab:
6b:11:5b:8c:a9:f7:cf:bd:9e:2b:7e:9d:4a:4f:cc:
ba:b8:6d:33:08:89:f3:68:cd:35:bc:b2:f2:4a:e7:
fc:20:c3:e4:3a:79:7f:22:c3:12:f4:a9:79:1d:af:
2e:1e:be:29:6e:69:44:2b:49:f6:2e:f2:d9:9f:0e:
c4:92:ec:7b:62:6e:a8:71:e9:b0:33:93:88:c6:a8:
6e:0f:15:93:c0:f7:07:99:52:05:ab:ea:78:6e:b8:
d5:3f:1c:b7:91:2b:83:d0:42:f0:cf:95:f1:c2:6b:
a6:7f:f7:85:56:d7:bc:49:f9:b9:24:d0:b5:ca:c2:
32:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:C1:71:BE:41:B8:59:53:5C:05:94:D9:1C:07:FF:11:75:D3:D2:B3
X509v3 Authority Key Identifier:
keyid:2F:81:4A:DC:1D:52:09:E0:98:F0:78:AD:BC:85:6B:AD:83:B7:49:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L4FK3B1SCeCY8HitvIVrrYO3ScI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/SsFxvkG4WVNcBZTZHAf_EXXT0rM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/L4FK3B1SCeCY8HitvIVrrYO3ScI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.214.168.0/21
31.214.248.0/21
37.228.136.0/22
82.99.215.0-82.99.219.255
82.99.238.0/24
82.99.242.0-82.99.244.255
91.98.28.0/22
91.98.96.0/21
91.99.72.0/22
91.99.96.0/21
91.99.216.0/22
95.156.236.0/23
95.156.252.0/22
134.255.200.0/21
185.13.228.0/22
Signature Algorithm: sha256WithRSAEncryption
73:2a:4b:1e:dc:ff:e7:ae:28:9d:d3:27:e2:fc:d7:95:8b:1d:
03:6d:3e:63:75:d5:fa:4a:1c:f2:b3:3a:fb:85:95:6b:b6:8e:
9c:8c:e9:26:52:2f:cd:12:02:89:d1:47:92:74:c8:d4:16:ea:
6d:69:66:22:cc:31:01:9a:09:21:b3:52:c6:dd:6b:8d:40:32:
77:6c:11:e9:b8:33:c0:1a:9b:f4:c5:4b:04:37:0b:3d:c6:c8:
3d:98:a6:f8:45:08:b8:b7:81:c2:09:39:ce:25:cb:2a:d0:7c:
a7:50:11:d6:20:87:4c:df:8e:9a:7c:8b:5b:7d:59:68:e9:90:
78:f6:f6:e4:37:b5:a7:ef:28:06:87:40:5f:b3:66:cb:d3:1e:
83:cf:e7:11:4c:80:9e:60:70:5a:8c:83:64:82:07:b7:84:8d:
bf:b3:9e:43:f7:bc:37:7b:b8:11:4d:b2:1f:3a:99:b0:38:ce:
9b:1f:bf:3a:e2:27:e1:a7:cf:3e:67:47:93:71:cf:ee:d2:52:
30:94:a6:a9:de:3b:75:8f:ef:4b:06:88:9f:7d:66:57:88:35:
d0:a0:a4:bc:01:c7:f2:e6:cd:1f:35:73:47:9a:50:5a:9b:e6:
5d:df:2d:d8:56:df:b5:14:4a:80:fe:c6:23:e8:36:25:d8:8c:
50:c5:d9:d3
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAYPB4RPFU4+nsipwN+rGlg5PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmODE0YWRjMWQ1MjA5ZTA5OGYwNzhhZGJjODU2YmFkODNi
NzQ5YzIwHhcNMjIxMDEwMTIzMTM2WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWMxNzFiZTQxYjg1OTUzNWMwNTk0ZDkxYzA3ZmYxMTc1ZDNkMmIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlua65pokXLTQQAZYrGoP4Wm6J1AF
dK9zhM2a9lpDkZeaBgjG/nVVa2RhmAoOIY5NSOTV92ADQh3sfUUXfuFR1ETnvEul
S9QFuuNo6ln6vNZcI6AQru7hIFJp7YHCit9Bydc5Qiddn65fuFvkpZp91c5d5yji
IkVTiAoz8uOyABKkrdPV+qtrEVuMqffPvZ4rfp1KT8y6uG0zCInzaM01vLLySuf8
IMPkOnl/IsMS9Kl5Ha8uHr4pbmlEK0n2LvLZnw7Ekux7Ym6ocemwM5OIxqhuDxWT
wPcHmVIFq+p4brjVPxy3kSuD0ELwz5Xxwmumf/eFVte8Sfm5JNC1ysIyrQIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFErBcb5BuFlTXAWU2RwH/xF109KzMB8GA1UdIwQY
MBaAFC+BStwdUgngmPB4rbyFa62Dt0nCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDRGSzNCMVNDZUNZOEhpdHZJVnJyWU8zU2NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8xM2UxMmEtMmJhYy00NzUyLTk5N2Qt
ZGY4NmI2ZGQ5OTdjLzEvU3NGeHZrRzRXVk5jQlpUWkhBZl9FWFhUMHJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8xM2UxMmEtMmJhYy00NzUyLTk5N2QtZGY4NmI2ZGQ5OTdj
LzEvTDRGSzNCMVNDZUNZOEhpdHZJVnJyWU8zU2NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGDBggrBgEFBQcBBwEB/wR0MHIwcAQCAAEwagMEAx/WqAME
Ax/W+AMEAiXkiDAMAwQAUmPXAwQCUmPYAwQAUmPuMAwDBAFSY/IDBABSY/QDBAJb
YhwDBANbYmADBAJbY0gDBANbY2ADBAJbY9gDBAFfnOwDBAJfnPwDBAOG/8gDBAK5
DeQwDQYJKoZIhvcNAQELBQADggEBAHMqSx7c/+euKJ3TJ+L815WLHQNtPmN11fpK
HPKzOvuFlWu2jpyM6SZSL80SAonRR5J0yNQW6m1pZiLMMQGaCSGzUsbda41AMnds
Eem4M8Aam/TFSwQ3Cz3GyD2YpvhFCLi3gcIJOc4lyyrQfKdQEdYgh0zfjpp8i1t9
WWjpkHj29uQ3tafvKAaHQF+zZsvTHoPP5xFMgJ5gcFqMg2SCB7eEjb+znkP3vDd7
uBFNsh86mbA4zpsfvzriJ+Gnzz5nR5Nxz+7SUjCUpqneO3WP70sGiJ99ZleINdCg
pLwBx/LmzR81c0eaUFqb5l3fLdhW37UUSoD+xiPoNiXYjFDF2dM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:50:06 2024 by rpki-client on console-ams.rpki-client.org