Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fbt7MxSEG6Af-tDkDuZvFkMOs_4.roa
File: fbt7MxSEG6Af-tDkDuZvFkMOs_4.roa (raw, json)
Hash identifier: jimwts+n0wqRF3dPhMQWE/p8ToNFzBo5AHrxVPqvvgc=
Subject key identifier: 7D:BB:7B:33:14:84:1B:A0:1F:FA:D0:E4:0E:E6:6F:16:43:0E:B3:FE
Certificate issuer: /CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Certificate serial: 01938C35B560128651936E8087D2AEEC04D7
Authority key identifier: 22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fbt7MxSEG6Af-tDkDuZvFkMOs_4.roa
Signing time: Tue 03 Dec 2024 11:09:10 +0000
ROA not before: Tue 03 Dec 2024 11:09:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 0
IP address blocks: 31.13.246.0/24 maxlen: 24
45.12.255.0/24 maxlen: 24
45.14.164.0/24 maxlen: 24
45.66.228.0/24 maxlen: 24
45.84.90.0/24 maxlen: 24
45.88.64.0/24 maxlen: 24
45.90.88.0/24 maxlen: 24
45.139.106.0/24 maxlen: 24
45.141.158.0/24 maxlen: 24
45.151.89.0/24 maxlen: 24
45.151.90.0/24 maxlen: 24
45.151.91.0/24 maxlen: 24
83.219.97.0/24 maxlen: 24
84.54.48.0/24 maxlen: 24
87.120.87.0/24 maxlen: 24
87.120.166.0/24 maxlen: 24
87.121.45.0/24 maxlen: 24
87.121.87.0/24 maxlen: 24
87.121.124.0/23 maxlen: 24
87.121.162.0/24 maxlen: 24
87.121.165.0/24 maxlen: 24
91.92.240.0/20 maxlen: 32
92.119.196.0/23 maxlen: 24
93.123.24.0/24 maxlen: 24
93.123.80.0/24 maxlen: 24
93.123.84.0/24 maxlen: 24
94.154.160.0/23 maxlen: 24
94.154.161.0/24 maxlen: 24
94.154.162.0/23 maxlen: 24
94.156.6.0/24 maxlen: 24
94.156.11.0/24 maxlen: 24
94.156.64.0/21 maxlen: 32
94.156.179.0/24 maxlen: 24
141.98.1.0/24 maxlen: 24
147.78.100.0/24 maxlen: 24
171.22.72.0/22 maxlen: 24
185.216.84.0/22 maxlen: 24
185.218.84.0/22 maxlen: 24
185.226.174.0/24 maxlen: 24
194.49.94.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:8c:35:b5:60:12:86:51:93:6e:80:87:d2:ae:ec:04:d7
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=22c4ac3e3c43d70d05349c815baadd38ad775e9d
Validity
Not Before: Dec 3 11:09:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7dbb7b3314841ba01ffad0e40ee66f16430eb3fe
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:f1:0e:3d:8e:2c:fa:f2:ba:cb:c5:11:65:3c:
8f:8b:28:84:8f:9b:11:82:54:8a:2c:3f:63:ae:dc:
37:af:52:12:24:bb:f7:2b:c8:4f:14:6c:d7:b5:11:
31:72:2a:35:7c:8f:92:f3:08:be:4b:95:e6:24:c9:
4d:f0:83:ee:15:71:cd:24:92:2e:b9:22:f6:96:db:
40:b4:56:6f:34:4d:80:67:6b:d2:e7:ae:2b:0c:e6:
bd:03:0a:54:73:48:0d:37:17:9c:41:74:ec:e4:e7:
ac:d3:e0:92:23:07:46:9c:59:22:82:df:15:68:ed:
82:5e:5f:17:64:3c:77:0b:b0:2e:a8:18:14:2b:f8:
86:a9:f7:80:1e:43:1c:bf:76:0e:fa:c2:83:10:02:
28:70:51:89:5c:cf:b5:70:b8:60:83:e7:50:88:79:
58:e2:05:f7:7f:77:79:c8:72:82:bc:1e:f1:70:c0:
5f:46:19:a5:5f:97:30:10:2e:25:e7:73:0e:6c:c8:
6d:00:4e:50:b9:b8:b2:0d:28:12:e2:2b:d8:dd:39:
45:39:a1:6c:70:8f:6d:d5:85:22:fa:b8:c8:ee:49:
f5:1a:f0:81:3e:a2:7a:43:31:e1:bd:36:9c:36:63:
27:bf:47:51:d5:66:87:b1:d6:37:00:a5:d3:b4:ae:
33:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7D:BB:7B:33:14:84:1B:A0:1F:FA:D0:E4:0E:E6:6F:16:43:0E:B3:FE
X509v3 Authority Key Identifier:
keyid:22:C4:AC:3E:3C:43:D7:0D:05:34:9C:81:5B:AA:DD:38:AD:77:5E:9D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/IsSsPjxD1w0FNJyBW6rdOK13Xp0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/fbt7MxSEG6Af-tDkDuZvFkMOs_4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/03/913a3a-f550-46f0-acc7-cd3ca5975712/1/IsSsPjxD1w0FNJyBW6rdOK13Xp0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.13.246.0/24
45.12.255.0/24
45.14.164.0/24
45.66.228.0/24
45.84.90.0/24
45.88.64.0/24
45.90.88.0/24
45.139.106.0/24
45.141.158.0/24
45.151.89.0-45.151.91.255
83.219.97.0/24
84.54.48.0/24
87.120.87.0/24
87.120.166.0/24
87.121.45.0/24
87.121.87.0/24
87.121.124.0/23
87.121.162.0/24
87.121.165.0/24
91.92.240.0/20
92.119.196.0/23
93.123.24.0/24
93.123.80.0/24
93.123.84.0/24
94.154.160.0/22
94.156.6.0/24
94.156.11.0/24
94.156.64.0/21
94.156.179.0/24
141.98.1.0/24
147.78.100.0/24
171.22.72.0/22
185.216.84.0/22
185.218.84.0/22
185.226.174.0/24
194.49.94.0/24
Signature Algorithm: sha256WithRSAEncryption
0a:df:97:9a:a4:a2:cd:1c:e5:7a:cc:38:f4:90:9e:43:1e:c9:
11:3b:32:4a:da:0f:b4:fc:77:52:85:d2:27:c3:22:56:09:07:
88:c6:9b:7c:8b:cf:ef:f5:8e:bf:10:fe:43:04:a9:63:11:8c:
8e:08:94:46:92:91:f6:bf:6d:14:73:ac:b2:8e:86:6f:14:b6:
44:94:ad:10:1a:3c:44:e0:37:ba:eb:43:3d:a8:2b:f0:49:89:
a5:f7:f9:d5:00:fc:3c:e3:95:b2:35:b1:1c:25:01:61:14:d8:
3f:ca:57:dc:e0:ea:ee:4e:52:9e:02:16:48:ed:65:5a:43:79:
68:5f:d5:50:28:5d:cb:3e:31:e6:15:66:a2:f3:ef:32:11:bf:
b9:8e:5b:10:a3:8d:ab:08:68:f0:20:46:ed:fe:a1:78:1b:2b:
b8:fa:c6:18:3e:ef:ac:89:16:98:2c:a6:85:c5:1c:ac:30:66:
cf:8a:97:60:c2:aa:ae:3b:51:16:b2:83:42:0b:ec:45:7a:d6:
f9:97:ed:5d:28:aa:cc:c8:8a:91:fb:53:48:3b:1a:a1:4e:03:
c8:45:6a:71:cd:45:b0:69:16:14:25:40:a7:c2:bb:dc:a2:54:
12:3c:b0:57:96:f5:c4:99:f5:17:1c:63:29:0d:bb:5d:52:64:
3a:c7:df:03
-----BEGIN CERTIFICATE-----
MIIF3DCCBMSgAwIBAgISAZOMNbVgEoZRk26Ah9Ku7ATXMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDIyYzRhYzNlM2M0M2Q3MGQwNTM0OWM4MTViYWFkZDM4YWQ3
NzVlOWQwHhcNMjQxMjAzMTEwOTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3ZGJiN2IzMzE0ODQxYmEwMWZmYWQwZTQwZWU2NmYxNjQzMGViM2ZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2PEOPY4s+vK6y8URZTyPiyiEj5sR
glSKLD9jrtw3r1ISJLv3K8hPFGzXtRExcio1fI+S8wi+S5XmJMlN8IPuFXHNJJIu
uSL2lttAtFZvNE2AZ2vS564rDOa9AwpUc0gNNxecQXTs5Oes0+CSIwdGnFkigt8V
aO2CXl8XZDx3C7AuqBgUK/iGqfeAHkMcv3YO+sKDEAIocFGJXM+1cLhgg+dQiHlY
4gX3f3d5yHKCvB7xcMBfRhmlX5cwEC4l53MObMhtAE5QubiyDSgS4ivY3TlFOaFs
cI9t1YUi+rjI7kn1GvCBPqJ6QzHhvTacNmMnv0dR1WaHsdY3AKXTtK4zsQIDAQAB
o4IC6DCCAuQwHQYDVR0OBBYEFH27ezMUhBugH/rQ5A7mbxZDDrP+MB8GA1UdIwQY
MBaAFCLErD48Q9cNBTScgVuq3Titd16dMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzct
Y2QzY2E1OTc1NzEyLzEvZmJ0N014U0VHNkFmLXREa0R1WnZGa01Pc180LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wMy85MTNhM2EtZjU1MC00NmYwLWFjYzctY2QzY2E1OTc1NzEy
LzEvSXNTc1BqeEQxdzBGTkp5Qlc2cmRPSzEzWHAwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH9BggrBgEFBQcBBwEB/wSB7TCB6jCB5wQCAAEwgeADBAAf
DfYDBAAtDP8DBAAtDqQDBAAtQuQDBAAtVFoDBAAtWEADBAAtWlgDBAAti2oDBAAt
jZ4wDAMEAC2XWQMEAi2XWAMEAFPbYQMEAFQ2MAMEAFd4VwMEAFd4pgMEAFd5LQME
AFd5VwMEAVd5fAMEAFd5ogMEAFd5pQMEBFtc8AMEAVx3xAMEAF17GAMEAF17UAME
AF17VAMEAl6aoAMEAF6cBgMEAF6cCwMEA16cQAMEAF6cswMEAI1iAQMEAJNOZAME
AqsWSAMEArnYVAMEArnaVAMEALnirgMEAMIxXjANBgkqhkiG9w0BAQsFAAOCAQEA
Ct+XmqSizRzlesw49JCeQx7JETsyStoPtPx3UoXSJ8MiVgkHiMabfIvP7/WOvxD+
QwSpYxGMjgiURpKR9r9tFHOsso6GbxS2RJStEBo8ROA3uutDPagr8EmJpff51QD8
POOVsjWxHCUBYRTYP8pX3ODq7k5SngIWSO1lWkN5aF/VUChdyz4x5hVmovPvMhG/
uY5bEKONqwho8CBG7f6heBsruPrGGD7vrIkWmCymhcUcrDBmz4qXYMKqrjtRFrKD
QgvsRXrW+ZftXSiqzMiKkftTSDsaoU4DyEVqcc1FsGkWFCVAp8K73KJUEjywV5b1
xJn1FxxjKQ27XVJkOsffAw==
-----END CERTIFICATE-----
Generated at Thu Apr 17 10:33:28 2025 by rpki-client