Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/QxGAHiED6AN_64KDyZ6gjdZc7_k.roa
File: QxGAHiED6AN_64KDyZ6gjdZc7_k.roa (raw, json)
Hash identifier: m3IJg+cs92i2H9cUP/+oWyIYPQjNX9fznEVlC7yVD1w=
Subject key identifier: 43:11:80:1E:21:03:E8:03:7F:EB:82:83:C9:9E:A0:8D:D6:5C:EF:F9
Certificate issuer: /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial: 0194379E27149D46C19E348C4EFEAD7E8756
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/QxGAHiED6AN_64KDyZ6gjdZc7_k.roa
Signing time: Sun 05 Jan 2025 17:58:19 +0000
ROA not before: Sun 05 Jan 2025 17:58:19 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 7489
IP address blocks: 2.56.164.0/22 maxlen: 24
5.182.48.0/24 maxlen: 24
45.81.20.0/22 maxlen: 24
45.140.220.0/22 maxlen: 24
45.154.196.0/22 maxlen: 24
77.83.240.0/22 maxlen: 24
77.83.243.0/24 maxlen: 24
78.108.217.0/24 maxlen: 24
83.143.116.0/22 maxlen: 24
83.143.116.0/24 maxlen: 24
85.202.160.0/22 maxlen: 24
89.190.156.0/22 maxlen: 24
178.218.144.0/22 maxlen: 24
185.185.40.0/22 maxlen: 24
185.186.64.0/22 maxlen: 24
185.227.68.0/22 maxlen: 24
185.227.71.0/24 maxlen: 24
185.234.72.0/22 maxlen: 24
185.242.224.0/22 maxlen: 24
185.242.225.0/24 maxlen: 24
193.31.30.0/24 maxlen: 24
193.34.76.0/22 maxlen: 24
193.34.77.0/24 maxlen: 24
193.221.192.0/22 maxlen: 24
194.50.16.0/22 maxlen: 24
194.56.224.0/22 maxlen: 24
212.107.12.0/22 maxlen: 24
212.107.14.0/24 maxlen: 24
2a0b:b82::/44 maxlen: 44
2a0b:b84::/32 maxlen: 32
2a0b:b85::/32 maxlen: 32
2a0b:b86::/40 maxlen: 48
2a0b:b87:ff12::/48 maxlen: 48
2a0b:b87:ffb4::/48 maxlen: 48
2a0b:b87:ffd2::/48 maxlen: 48
2a0b:b87:ffda::/48 maxlen: 48
2a0b:b87:ffec::/48 maxlen: 48
2a0b:b87:fff0::/44 maxlen: 44
2a0b:7080:10::/44 maxlen: 44
2a0b:7080:10::/45 maxlen: 45
2a0b:7080:10::/48 maxlen: 48
2a0b:7080:20::/44 maxlen: 48
2a0b:7080:20::/48 maxlen: 48
2a0b:7080:30::/44 maxlen: 48
2a0d:77c0::/29 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:37:9e:27:14:9d:46:c1:9e:34:8c:4e:fe:ad:7e:87:56
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Validity
Not Before: Jan 5 17:58:19 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=4311801e2103e8037feb8283c99ea08dd65ceff9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:1b:33:e9:bf:0a:4e:00:0c:97:e5:f6:63:19:
61:fe:6d:6b:66:1f:70:3d:2c:93:2a:3a:04:5a:0d:
aa:7a:13:87:3a:7c:60:22:77:61:ad:8c:37:c3:17:
eb:a0:2d:e0:62:c6:a1:12:e5:4d:66:9d:f1:4d:44:
be:32:13:14:5f:d7:35:be:4a:93:84:43:ca:54:cc:
eb:bc:06:20:ff:39:59:ed:fb:9d:1d:6f:12:23:5f:
aa:a3:b8:21:c6:4d:4d:29:05:7f:04:14:59:3d:e9:
50:6c:9c:3c:df:5a:65:f1:f5:e0:4e:32:da:ff:1e:
7c:07:3a:e4:97:44:62:cd:a9:50:37:96:ab:90:dc:
5b:e5:84:c9:0a:d9:80:4b:e9:40:77:be:15:c9:f6:
63:25:5f:1d:95:37:32:f9:52:9f:b5:c0:e0:83:f3:
13:35:91:7d:6a:01:b5:48:e8:54:28:46:e5:b6:44:
fd:45:11:60:7e:4a:80:6d:36:86:97:50:5f:2b:55:
09:6f:b5:b6:7f:19:2a:d1:eb:e9:52:3e:bb:7c:0a:
4d:00:cf:1b:8f:44:fd:d5:28:e5:4b:1b:7d:79:88:
3a:6c:6f:35:24:cb:1a:d6:b6:32:43:b3:9b:18:02:
39:21:9d:a4:75:7c:ad:bf:37:db:fb:78:84:1c:5b:
a2:83
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
43:11:80:1E:21:03:E8:03:7F:EB:82:83:C9:9E:A0:8D:D6:5C:EF:F9
X509v3 Authority Key Identifier:
keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/QxGAHiED6AN_64KDyZ6gjdZc7_k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.164.0/22
5.182.48.0/24
45.81.20.0/22
45.140.220.0/22
45.154.196.0/22
77.83.240.0/22
78.108.217.0/24
83.143.116.0/22
85.202.160.0/22
89.190.156.0/22
178.218.144.0/22
185.185.40.0/22
185.186.64.0/22
185.227.68.0/22
185.234.72.0/22
185.242.224.0/22
193.31.30.0/24
193.34.76.0/22
193.221.192.0/22
194.50.16.0/22
194.56.224.0/22
212.107.12.0/22
IPv6:
2a0b:b82::/44
2a0b:b84::-2a0b:b86:ff:ffff:ffff:ffff:ffff:ffff
2a0b:b87:ff12::/48
2a0b:b87:ffb4::/48
2a0b:b87:ffd2::/48
2a0b:b87:ffda::/48
2a0b:b87:ffec::/48
2a0b:b87:fff0::/44
2a0b:7080:10::-2a0b:7080:3f:ffff:ffff:ffff:ffff:ffff
2a0d:77c0::/29
Signature Algorithm: sha256WithRSAEncryption
85:a4:dc:75:3c:c4:1b:17:8c:8b:99:99:4b:f5:24:5b:b5:94:
9d:87:21:b4:12:08:eb:a6:e3:4c:e5:2c:68:84:1f:69:c5:b9:
73:f2:2b:1b:b8:9b:95:03:e5:8e:0c:58:02:e1:25:68:79:82:
bd:78:ec:c2:ae:62:2a:26:1f:27:b4:e8:aa:87:04:a1:60:9c:
67:3b:ac:4f:ce:d0:a7:5e:81:af:a6:1c:04:c2:9e:13:e3:9c:
bb:7e:48:7d:82:6e:ba:ba:9b:c5:c5:ad:e3:4d:20:42:0a:db:
24:28:a0:ac:6f:2f:0b:c7:fc:78:97:4e:75:0c:ef:43:13:6a:
bd:ad:9e:d6:23:35:67:63:ec:a2:4e:1e:47:29:0f:e2:25:48:
15:57:12:d8:7d:20:b7:c5:77:3c:1d:86:24:04:d7:98:3f:32:
8b:c0:c8:63:ec:48:fc:d2:b8:06:76:c9:cc:2a:02:43:40:b6:
79:a0:76:e6:47:5c:a7:28:85:6b:3c:46:a9:a2:e5:b9:5b:c3:
d1:2b:d1:7f:ad:87:5f:11:db:62:30:07:73:cd:f3:ee:b7:ec:
3f:47:7b:1d:6c:11:f4:1e:dc:75:c9:85:0a:36:b9:f8:b9:1a:
4f:a9:56:4d:36:10:9b:66:74:13:84:d4:81:51:7f:77:ef:7b:
cc:0a:1c:bb
-----BEGIN CERTIFICATE-----
MIIF9jCCBN6gAwIBAgISAZQ3nicUnUbBnjSMTv6tfodWMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjUwMTA1MTc1ODE5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0MzExODAxZTIxMDNlODAzN2ZlYjgyODNjOTllYTA4ZGQ2NWNlZmY5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlxsz6b8KTgAMl+X2Yxlh/m1rZh9w
PSyTKjoEWg2qehOHOnxgIndhrYw3wxfroC3gYsahEuVNZp3xTUS+MhMUX9c1vkqT
hEPKVMzrvAYg/zlZ7fudHW8SI1+qo7ghxk1NKQV/BBRZPelQbJw831pl8fXgTjLa
/x58Bzrkl0RizalQN5arkNxb5YTJCtmAS+lAd74VyfZjJV8dlTcy+VKftcDgg/MT
NZF9agG1SOhUKEbltkT9RRFgfkqAbTaGl1BfK1UJb7W2fxkq0evpUj67fApNAM8b
j0T91SjlSxt9eYg6bG81JMsa1rYyQ7ObGAI5IZ2kdXytvzfb+3iEHFuigwIDAQAB
o4IDAjCCAv4wHQYDVR0OBBYEFEMRgB4hA+gDf+uCg8meoI3WXO/5MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvUXhHQUhpRUQ2QU5fNjRLRHlaNmdqZFpjN19rLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBFgYIKwYBBQUHAQcBAf8EggEFMIIBATCBiwQCAAEwgYQD
BAICOKQDBAAFtjADBAItURQDBAItjNwDBAItmsQDBAJNU/ADBABObNkDBAJTj3QD
BAJVyqADBAJZvpwDBAKy2pADBAK5uSgDBAK5ukADBAK540QDBAK56kgDBAK58uAD
BADBHx4DBALBIkwDBALB3cADBALCMhADBALCOOADBALUawwwcQQCAAIwawMHBCoL
C4IAADAPAwUCKgsLhAMGACoLC4YAAwcAKgsLh/8SAwcAKgsLh/+0AwcAKgsLh//S
AwcAKgsLh//aAwcAKgsLh//sAwcEKgsLh//wMBIDBwQqC3CAABADBwYqC3CAAAAD
BQMqDXfAMA0GCSqGSIb3DQEBCwUAA4IBAQCFpNx1PMQbF4yLmZlL9SRbtZSdhyG0
EgjrpuNM5SxohB9pxblz8isbuJuVA+WODFgC4SVoeYK9eOzCrmIqJh8ntOiqhwSh
YJxnO6xPztCnXoGvphwEwp4T45y7fkh9gm66upvFxa3jTSBCCtskKKCsby8Lx/x4
l051DO9DE2q9rZ7WIzVnY+yiTh5HKQ/iJUgVVxLYfSC3xXc8HYYkBNeYPzKLwMhj
7Ej80rgGdsnMKgJDQLZ5oHbmR1ynKIVrPEapouW5W8PRK9F/rYdfEdtiMAdzzfPu
t+w/R3sdbBH0Htx1yYUKNrn4uRpPqVZNNhCbZnQThNSBUX9373vMChy7
-----END CERTIFICATE-----
Generated at Sat Apr 12 21:11:10 2025 by rpki-client