Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/YJYZRvkcJKZmRC8OgHaVjfB-4fY.roa
File: YJYZRvkcJKZmRC8OgHaVjfB-4fY.roa (raw, json)
Hash identifier: Bxp2HDOBcQNpaDpFEq95mSTjPfxWguAsBzLyVIdJULs=
Subject key identifier: 60:96:19:46:F9:1C:24:A6:66:44:2F:0E:80:76:95:8D:F0:7E:E1:F6
Certificate issuer: /CN=2f814adc1d5209e098f078adbc856bad83b749c2
Certificate serial: 0186CA9DEF03641B3B018032F5B1434F6895
Authority key identifier: 2F:81:4A:DC:1D:52:09:E0:98:F0:78:AD:BC:85:6B:AD:83:B7:49:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/L4FK3B1SCeCY8HitvIVrrYO3ScI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/YJYZRvkcJKZmRC8OgHaVjfB-4fY.roa
Signing time: Fri 10 Mar 2023 08:23:13 +0000
ROA not before: Fri 10 Mar 2023 08:23:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60976
IP address blocks: 31.214.248.0/21 maxlen: 21
31.214.249.0/24 maxlen: 24
31.214.248.0/24 maxlen: 24
31.214.253.0/24 maxlen: 24
31.214.252.0/24 maxlen: 24
31.214.251.0/24 maxlen: 24
31.214.250.0/24 maxlen: 24
31.214.255.0/24 maxlen: 24
31.214.254.0/24 maxlen: 24
37.228.139.0/24 maxlen: 24
37.228.138.0/24 maxlen: 24
37.228.137.0/24 maxlen: 24
37.228.136.0/24 maxlen: 24
37.228.136.0/22 maxlen: 22
134.255.200.0/21 maxlen: 21
134.255.206.0/24 maxlen: 24
134.255.205.0/24 maxlen: 24
134.255.204.0/24 maxlen: 24
134.255.203.0/24 maxlen: 24
134.255.202.0/24 maxlen: 24
134.255.201.0/24 maxlen: 24
134.255.200.0/24 maxlen: 24
134.255.207.0/24 maxlen: 24
95.156.237.0/24 maxlen: 24
95.156.236.0/24 maxlen: 24
95.156.253.0/24 maxlen: 24
95.156.252.0/24 maxlen: 24
95.156.252.0/22 maxlen: 22
95.156.255.0/24 maxlen: 24
95.156.254.0/24 maxlen: 24
91.99.96.0/21 maxlen: 21
91.99.98.0/24 maxlen: 24
91.99.97.0/24 maxlen: 24
91.99.96.0/24 maxlen: 24
91.99.103.0/24 maxlen: 24
91.99.102.0/24 maxlen: 24
91.99.101.0/24 maxlen: 24
91.99.99.0/24 maxlen: 24
109.230.206.0/24 maxlen: 24
109.230.205.0/24 maxlen: 24
109.230.204.0/24 maxlen: 24
109.230.200.0/24 maxlen: 24
109.230.204.0/22 maxlen: 22
109.230.207.0/24 maxlen: 24
109.230.223.0/24 maxlen: 24
109.230.221.0/24 maxlen: 24
31.214.172.0/24 maxlen: 24
31.214.171.0/24 maxlen: 24
31.214.170.0/24 maxlen: 24
31.214.169.0/24 maxlen: 24
31.214.168.0/24 maxlen: 24
31.214.168.0/21 maxlen: 21
31.214.175.0/24 maxlen: 24
31.214.174.0/24 maxlen: 24
31.214.173.0/24 maxlen: 24
82.99.216.0/22 maxlen: 22
82.99.219.0/24 maxlen: 24
91.99.219.0/24 maxlen: 24
82.99.218.0/24 maxlen: 24
82.99.215.0/24 maxlen: 24
91.99.218.0/24 maxlen: 24
82.99.217.0/24 maxlen: 24
91.99.217.0/24 maxlen: 24
82.99.216.0/24 maxlen: 24
91.99.216.0/24 maxlen: 24
82.99.238.0/24 maxlen: 24
82.99.244.0/24 maxlen: 24
82.99.243.0/24 maxlen: 24
82.99.242.0/24 maxlen: 24
91.99.75.0/24 maxlen: 24
91.99.74.0/24 maxlen: 24
91.99.73.0/24 maxlen: 24
91.99.72.0/24 maxlen: 24
37.10.109.0/24 maxlen: 24
91.98.96.0/21 maxlen: 21
91.98.97.0/24 maxlen: 24
91.98.96.0/24 maxlen: 24
91.98.98.0/24 maxlen: 24
91.98.102.0/24 maxlen: 24
91.98.100.0/24 maxlen: 24
91.98.99.0/24 maxlen: 24
91.98.31.0/24 maxlen: 24
185.13.231.0/24 maxlen: 24
91.98.28.0/22 maxlen: 22
91.98.30.0/24 maxlen: 24
91.98.29.0/24 maxlen: 24
185.13.230.0/24 maxlen: 24
185.13.229.0/24 maxlen: 24
185.13.228.0/24 maxlen: 24
185.13.228.0/22 maxlen: 22
91.98.28.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:ca:9d:ef:03:64:1b:3b:01:80:32:f5:b1:43:4f:68:95
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2f814adc1d5209e098f078adbc856bad83b749c2
Validity
Not Before: Mar 10 08:23:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=60961946f91c24a666442f0e8076958df07ee1f6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:c2:75:4c:55:32:64:56:bb:a3:07:2d:90:86:
14:ba:f3:fa:b0:65:b2:ba:f3:5d:ac:6e:fc:ad:ff:
81:3c:b7:d1:51:62:1d:45:32:a0:b5:b6:6d:f5:fb:
25:05:ff:b8:92:8c:63:93:9a:e8:61:76:e3:6e:88:
30:69:1a:46:97:f7:b7:24:54:76:18:17:2d:28:ee:
b7:9d:77:7e:ba:d7:b8:b1:fb:97:11:5b:66:3a:d8:
04:1f:5c:44:4c:ad:0e:4a:b1:30:db:e0:f4:7c:c1:
4d:1c:88:d4:1f:d7:d6:a8:22:6b:10:48:85:6b:5c:
72:7a:75:0f:f6:92:55:3c:67:fd:45:58:75:bd:cb:
88:7d:38:3d:41:c4:bc:3e:cf:56:7d:6e:35:a1:61:
eb:1b:ba:f9:dd:83:5c:a1:93:bd:ba:24:28:0c:dc:
ce:b1:02:2a:bb:6b:36:89:5a:53:92:c6:bd:60:1a:
cb:1f:19:46:e3:83:40:6a:66:6c:7c:8b:c3:72:ab:
47:fa:72:0a:a6:4a:33:66:af:1b:3c:ec:e9:9f:3b:
3c:3b:e9:ae:21:5a:21:4a:c9:19:7f:83:02:b9:83:
1d:b0:9e:74:d5:45:6b:18:15:19:e8:b7:3b:f7:58:
d6:3e:3c:e4:b7:3c:8c:11:09:3f:a7:c9:17:87:80:
8e:e9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
60:96:19:46:F9:1C:24:A6:66:44:2F:0E:80:76:95:8D:F0:7E:E1:F6
X509v3 Authority Key Identifier:
keyid:2F:81:4A:DC:1D:52:09:E0:98:F0:78:AD:BC:85:6B:AD:83:B7:49:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L4FK3B1SCeCY8HitvIVrrYO3ScI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/YJYZRvkcJKZmRC8OgHaVjfB-4fY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/L4FK3B1SCeCY8HitvIVrrYO3ScI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.214.168.0/21
31.214.248.0/21
37.10.109.0/24
37.228.136.0/22
82.99.215.0-82.99.219.255
82.99.238.0/24
82.99.242.0-82.99.244.255
91.98.28.0/22
91.98.96.0/21
91.99.72.0/22
91.99.96.0/21
91.99.216.0/22
95.156.236.0/23
95.156.252.0/22
109.230.200.0/24
109.230.204.0/22
109.230.221.0/24
109.230.223.0/24
134.255.200.0/21
185.13.228.0/22
Signature Algorithm: sha256WithRSAEncryption
03:8f:75:a2:49:49:79:14:d6:b0:a7:76:bf:36:47:57:9b:7d:
0f:d6:5f:4c:0b:97:31:e0:ef:36:00:57:f6:76:fa:0a:62:93:
1b:bb:c1:2e:09:c5:e3:63:cc:2b:ae:fb:f1:48:cb:43:4f:e8:
3b:ca:57:59:5b:a3:06:ed:43:83:01:ed:1f:bc:5c:6a:39:be:
3f:4d:d0:e4:09:39:1e:23:19:14:c1:d5:b9:7a:0c:b0:01:b5:
7c:e2:ec:80:13:f1:de:6e:e4:5c:1a:e6:c6:73:c4:cb:90:34:
60:16:9c:f1:c8:3f:c9:58:ba:26:3a:47:f3:bf:9f:7e:3b:ff:
78:a6:12:c2:51:70:44:9b:c6:c6:75:07:70:50:9a:f8:8b:b7:
b8:17:3b:51:fd:48:dd:85:c3:25:a3:a0:1b:6a:92:41:b8:6c:
ff:de:7a:35:f4:a7:82:fa:4a:e9:6a:fe:ed:b2:3e:72:1f:91:
c8:8f:b3:67:52:ad:51:b0:37:c1:dc:dc:b9:c7:17:69:09:9f:
38:19:f6:4d:83:8c:8e:5f:26:81:52:1b:76:6c:14:1c:82:b1:
0c:ae:f6:a0:eb:d6:11:0f:c8:75:f7:2a:1d:5b:a2:3e:66:41:
7b:0a:66:65:fe:91:32:ba:c8:19:30:32:f3:d2:7e:ed:fa:99:
ad:b9:9a:34
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAYbKne8DZBs7AYAy9bFDT2iVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmODE0YWRjMWQ1MjA5ZTA5OGYwNzhhZGJjODU2YmFkODNi
NzQ5YzIwHhcNMjMwMzEwMDgyMzEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MDk2MTk0NmY5MWMyNGE2NjY0NDJmMGU4MDc2OTU4ZGYwN2VlMWY2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArsJ1TFUyZFa7owctkIYUuvP6sGWy
uvNdrG78rf+BPLfRUWIdRTKgtbZt9fslBf+4koxjk5roYXbjbogwaRpGl/e3JFR2
GBctKO63nXd+ute4sfuXEVtmOtgEH1xETK0OSrEw2+D0fMFNHIjUH9fWqCJrEEiF
a1xyenUP9pJVPGf9RVh1vcuIfTg9QcS8Ps9WfW41oWHrG7r53YNcoZO9uiQoDNzO
sQIqu2s2iVpTksa9YBrLHxlG44NAamZsfIvDcqtH+nIKpkozZq8bPOzpnzs8O+mu
IVohSskZf4MCuYMdsJ501UVrGBUZ6Lc791jWPjzktzyMEQk/p8kXh4CO6QIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFGCWGUb5HCSmZkQvDoB2lY3wfuH2MB8GA1UdIwQY
MBaAFC+BStwdUgngmPB4rbyFa62Dt0nCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDRGSzNCMVNDZUNZOEhpdHZJVnJyWU8zU2NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8xM2UxMmEtMmJhYy00NzUyLTk5N2Qt
ZGY4NmI2ZGQ5OTdjLzEvWUpZWlJ2a2NKS1ptUkM4T2dIYVZqZkItNGZZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8xM2UxMmEtMmJhYy00NzUyLTk5N2QtZGY4NmI2ZGQ5OTdj
LzEvTDRGSzNCMVNDZUNZOEhpdHZJVnJyWU8zU2NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGlBggrBgEFBQcBBwEB/wSBlTCBkjCBjwQCAAEwgYgDBAMf
1qgDBAMf1vgDBAAlCm0DBAIl5IgwDAMEAFJj1wMEAlJj2AMEAFJj7jAMAwQBUmPy
AwQAUmP0AwQCW2IcAwQDW2JgAwQCW2NIAwQDW2NgAwQCW2PYAwQBX5zsAwQCX5z8
AwQAbebIAwQCbebMAwQAbebdAwQAbebfAwQDhv/IAwQCuQ3kMA0GCSqGSIb3DQEB
CwUAA4IBAQADj3WiSUl5FNawp3a/NkdXm30P1l9MC5cx4O82AFf2dvoKYpMbu8Eu
CcXjY8wrrvvxSMtDT+g7yldZW6MG7UODAe0fvFxqOb4/TdDkCTkeIxkUwdW5egyw
AbV84uyAE/HebuRcGubGc8TLkDRgFpzxyD/JWLomOkfzv59+O/94phLCUXBEm8bG
dQdwUJr4i7e4FztR/UjdhcMlo6AbapJBuGz/3no19KeC+krpav7tsj5yH5HIj7Nn
Uq1RsDfB3Ny5xxdpCZ84GfZNg4yOXyaBUht2bBQcgrEMrvag69YRD8h19yodW6I+
ZkF7CmZl/pEyusgZMDLz0n7t+pmtuZo0
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:01:20 2025 by rpki-client