Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/oVuikjBh94N8LfrFC8lgz-JZdP8.roa
File: oVuikjBh94N8LfrFC8lgz-JZdP8.roa (raw, json)
Hash identifier: +WJ7SAkxb4cI+YJb6T36hYCtgh+WvxjF873CT8GAyOQ=
Subject key identifier: A1:5B:A2:92:30:61:F7:83:7C:2D:FA:C5:0B:C9:60:CF:E2:59:74:FF
Certificate issuer: /CN=2f814adc1d5209e098f078adbc856bad83b749c2
Certificate serial: 018573682CF463655EDACADCE1B713D05637
Authority key identifier: 2F:81:4A:DC:1D:52:09:E0:98:F0:78:AD:BC:85:6B:AD:83:B7:49:C2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/L4FK3B1SCeCY8HitvIVrrYO3ScI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/oVuikjBh94N8LfrFC8lgz-JZdP8.roa
Signing time: Mon 02 Jan 2023 16:54:45 +0000
ROA not before: Mon 02 Jan 2023 16:54:45 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 60976
IP address blocks: 31.214.248.0/21 maxlen: 21
31.214.249.0/24 maxlen: 24
31.214.248.0/24 maxlen: 24
31.214.253.0/24 maxlen: 24
31.214.252.0/24 maxlen: 24
31.214.251.0/24 maxlen: 24
31.214.250.0/24 maxlen: 24
31.214.255.0/24 maxlen: 24
31.214.254.0/24 maxlen: 24
37.228.139.0/24 maxlen: 24
37.228.138.0/24 maxlen: 24
37.228.137.0/24 maxlen: 24
37.228.136.0/24 maxlen: 24
134.255.200.0/21 maxlen: 21
134.255.206.0/24 maxlen: 24
134.255.205.0/24 maxlen: 24
134.255.204.0/24 maxlen: 24
134.255.203.0/24 maxlen: 24
134.255.202.0/24 maxlen: 24
134.255.201.0/24 maxlen: 24
134.255.200.0/24 maxlen: 24
134.255.207.0/24 maxlen: 24
95.156.237.0/24 maxlen: 24
95.156.236.0/24 maxlen: 24
95.156.253.0/24 maxlen: 24
95.156.252.0/24 maxlen: 24
95.156.252.0/22 maxlen: 22
95.156.255.0/24 maxlen: 24
95.156.254.0/24 maxlen: 24
91.99.96.0/21 maxlen: 21
91.99.98.0/24 maxlen: 24
91.99.97.0/24 maxlen: 24
91.99.96.0/24 maxlen: 24
91.99.103.0/24 maxlen: 24
91.99.102.0/24 maxlen: 24
91.99.101.0/24 maxlen: 24
91.99.99.0/24 maxlen: 24
109.230.206.0/24 maxlen: 24
109.230.205.0/24 maxlen: 24
109.230.204.0/24 maxlen: 24
109.230.200.0/24 maxlen: 24
109.230.204.0/22 maxlen: 22
109.230.207.0/24 maxlen: 24
31.214.172.0/24 maxlen: 24
31.214.171.0/24 maxlen: 24
31.214.170.0/24 maxlen: 24
31.214.169.0/24 maxlen: 24
31.214.168.0/24 maxlen: 24
31.214.168.0/21 maxlen: 21
31.214.175.0/24 maxlen: 24
31.214.174.0/24 maxlen: 24
31.214.173.0/24 maxlen: 24
82.99.216.0/22 maxlen: 22
91.99.219.0/24 maxlen: 24
82.99.219.0/24 maxlen: 24
91.99.218.0/24 maxlen: 24
82.99.218.0/24 maxlen: 24
82.99.215.0/24 maxlen: 24
82.99.217.0/24 maxlen: 24
91.99.217.0/24 maxlen: 24
82.99.216.0/24 maxlen: 24
91.99.216.0/24 maxlen: 24
82.99.238.0/24 maxlen: 24
82.99.244.0/24 maxlen: 24
82.99.243.0/24 maxlen: 24
82.99.242.0/24 maxlen: 24
91.99.75.0/24 maxlen: 24
91.99.74.0/24 maxlen: 24
91.99.73.0/24 maxlen: 24
91.99.72.0/24 maxlen: 24
37.10.109.0/24 maxlen: 24
91.98.96.0/21 maxlen: 21
91.98.97.0/24 maxlen: 24
91.98.96.0/24 maxlen: 24
91.98.98.0/24 maxlen: 24
91.98.102.0/24 maxlen: 24
91.98.100.0/24 maxlen: 24
91.98.99.0/24 maxlen: 24
91.98.31.0/24 maxlen: 24
185.13.231.0/24 maxlen: 24
91.98.28.0/22 maxlen: 22
91.98.30.0/24 maxlen: 24
91.98.29.0/24 maxlen: 24
185.13.230.0/24 maxlen: 24
185.13.229.0/24 maxlen: 24
185.13.228.0/24 maxlen: 24
185.13.228.0/22 maxlen: 22
91.98.28.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:73:68:2c:f4:63:65:5e:da:ca:dc:e1:b7:13:d0:56:37
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2f814adc1d5209e098f078adbc856bad83b749c2
Validity
Not Before: Jan 2 16:54:45 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a15ba2923061f7837c2dfac50bc960cfe25974ff
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:d1:24:53:23:cf:0e:84:55:66:6d:75:77:bf:
c8:87:e3:fc:0b:23:4d:cb:c1:f0:df:55:30:1a:69:
26:c1:45:d1:a3:5c:78:68:65:21:9b:5e:52:23:f3:
f0:2f:b3:3c:cf:6a:38:29:9d:47:e6:44:f6:af:d7:
23:58:02:b8:a7:ca:a0:a4:3e:6b:e9:3b:75:4f:c4:
50:ad:7c:eb:0c:ae:e6:6c:4a:d2:de:75:6c:ab:2f:
7a:3d:b7:40:dd:f4:23:3f:37:a1:92:0c:0a:60:54:
b2:16:a5:b1:c3:d3:87:71:60:48:58:4f:34:fe:5c:
8f:99:f4:2f:33:a5:c1:cb:33:78:15:9f:8d:39:d3:
13:71:f1:9f:c9:6d:a3:c0:02:86:6f:b7:65:20:55:
7f:15:d1:7d:b7:04:ab:9e:bb:71:ee:37:86:97:02:
15:b2:3b:cb:7d:be:f1:2b:51:17:00:08:bf:b6:34:
37:c8:56:c4:1d:2c:1f:82:9a:6d:b9:82:1e:47:a0:
ac:57:cc:41:03:e8:06:4c:4c:03:4b:ae:e4:0c:a6:
91:db:d8:b3:83:e6:33:f9:29:b6:d8:e4:a4:9c:ac:
58:78:a4:95:91:54:83:61:c8:0a:b4:c3:b0:22:6e:
42:2a:98:67:0e:f4:22:a2:a0:69:b5:d9:1d:f5:90:
b6:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A1:5B:A2:92:30:61:F7:83:7C:2D:FA:C5:0B:C9:60:CF:E2:59:74:FF
X509v3 Authority Key Identifier:
keyid:2F:81:4A:DC:1D:52:09:E0:98:F0:78:AD:BC:85:6B:AD:83:B7:49:C2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L4FK3B1SCeCY8HitvIVrrYO3ScI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/oVuikjBh94N8LfrFC8lgz-JZdP8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/02/13e12a-2bac-4752-997d-df86b6dd997c/1/L4FK3B1SCeCY8HitvIVrrYO3ScI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.214.168.0/21
31.214.248.0/21
37.10.109.0/24
37.228.136.0/22
82.99.215.0-82.99.219.255
82.99.238.0/24
82.99.242.0-82.99.244.255
91.98.28.0/22
91.98.96.0/21
91.99.72.0/22
91.99.96.0/21
91.99.216.0/22
95.156.236.0/23
95.156.252.0/22
109.230.200.0/24
109.230.204.0/22
134.255.200.0/21
185.13.228.0/22
Signature Algorithm: sha256WithRSAEncryption
25:89:f8:d3:f2:aa:f0:46:41:b4:64:45:81:7a:c5:eb:0c:0f:
7b:68:b7:ba:ea:23:d7:41:5d:d2:3e:54:19:57:f9:f3:a1:c8:
e1:64:fc:e9:a2:26:db:66:7c:e0:98:01:b0:7d:2e:ad:8b:2a:
8d:d8:05:d1:d3:b4:a5:db:1c:12:a1:c5:91:01:38:83:6f:b4:
65:57:78:a7:0d:a1:7f:09:70:eb:ee:5c:dd:57:0f:0c:39:92:
31:51:f5:db:c5:a3:d7:40:c7:78:f3:cb:9c:b2:08:6f:ce:73:
fc:06:b5:a7:d4:f1:a2:5e:0f:c6:56:fd:c5:dc:4e:03:de:de:
c0:ae:92:5b:c8:eb:6d:ac:04:cf:58:06:15:69:0d:57:b1:5f:
67:a8:53:05:d5:c3:40:ad:09:24:5f:5b:38:b2:aa:f1:74:8a:
e5:97:5c:e5:40:db:76:0f:2a:0b:14:17:16:3b:47:1f:72:97:
b3:1a:a8:d7:94:10:a0:cc:20:1c:af:c1:57:48:e3:f4:bc:ce:
9a:2d:ef:91:c1:ba:46:20:af:f0:f6:c5:e7:d5:10:e8:bd:0a:
45:f2:d1:51:49:d5:cb:08:4e:f7:78:d7:36:31:f9:70:2b:23:
e6:0b:c2:cf:ab:0d:21:b0:07:ea:af:ac:f8:c3:6e:d2:99:9b:
c0:97:d4:25
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAYVzaCz0Y2Ve2src4bcT0FY3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmODE0YWRjMWQ1MjA5ZTA5OGYwNzhhZGJjODU2YmFkODNi
NzQ5YzIwHhcNMjMwMTAyMTY1NDQ1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMTViYTI5MjMwNjFmNzgzN2MyZGZhYzUwYmM5NjBjZmUyNTk3NGZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9EkUyPPDoRVZm11d7/Ih+P8CyNN
y8Hw31UwGmkmwUXRo1x4aGUhm15SI/PwL7M8z2o4KZ1H5kT2r9cjWAK4p8qgpD5r
6Tt1T8RQrXzrDK7mbErS3nVsqy96PbdA3fQjPzehkgwKYFSyFqWxw9OHcWBIWE80
/lyPmfQvM6XByzN4FZ+NOdMTcfGfyW2jwAKGb7dlIFV/FdF9twSrnrtx7jeGlwIV
sjvLfb7xK1EXAAi/tjQ3yFbEHSwfgpptuYIeR6CsV8xBA+gGTEwDS67kDKaR29iz
g+Yz+Sm22OSknKxYeKSVkVSDYcgKtMOwIm5CKphnDvQioqBptdkd9ZC21wIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFKFbopIwYfeDfC36xQvJYM/iWXT/MB8GA1UdIwQY
MBaAFC+BStwdUgngmPB4rbyFa62Dt0nCMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDRGSzNCMVNDZUNZOEhpdHZJVnJyWU8zU2NJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMi8xM2UxMmEtMmJhYy00NzUyLTk5N2Qt
ZGY4NmI2ZGQ5OTdjLzEvb1Z1aWtqQmg5NE44TGZyRkM4bGd6LUpaZFA4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMi8xM2UxMmEtMmJhYy00NzUyLTk5N2QtZGY4NmI2ZGQ5OTdj
LzEvTDRGSzNCMVNDZUNZOEhpdHZJVnJyWU8zU2NJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGYBggrBgEFBQcBBwEB/wSBiDCBhTCBggQCAAEwfAMEAx/W
qAMEAx/W+AMEACUKbQMEAiXkiDAMAwQAUmPXAwQCUmPYAwQAUmPuMAwDBAFSY/ID
BABSY/QDBAJbYhwDBANbYmADBAJbY0gDBANbY2ADBAJbY9gDBAFfnOwDBAJfnPwD
BABt5sgDBAJt5swDBAOG/8gDBAK5DeQwDQYJKoZIhvcNAQELBQADggEBACWJ+NPy
qvBGQbRkRYF6xesMD3tot7rqI9dBXdI+VBlX+fOhyOFk/OmiJttmfOCYAbB9Lq2L
Ko3YBdHTtKXbHBKhxZEBOINvtGVXeKcNoX8JcOvuXN1XDww5kjFR9dvFo9dAx3jz
y5yyCG/Oc/wGtafU8aJeD8ZW/cXcTgPe3sCuklvI622sBM9YBhVpDVexX2eoUwXV
w0CtCSRfWziyqvF0iuWXXOVA23YPKgsUFxY7Rx9yl7MaqNeUEKDMIByvwVdI4/S8
zpot75HBukYgr/D2xefVEOi9CkXy0VFJ1csITvd41zYx+XArI+YLws+rDSGwB+qv
rPjDbtKZm8CX1CU=
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:45:34 2025 by rpki-client