Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/m8zat6n1JHGnB0BGAh2nGO7pZHg.roa
File: m8zat6n1JHGnB0BGAh2nGO7pZHg.roa (raw, json)
Hash identifier: O3aaRyQHqmNhJwTsQSC/ASJctggq6XLG5Udu2Hlg4/k=
Subject key identifier: 9B:CC:DA:B7:A9:F5:24:71:A7:07:40:46:02:1D:A7:18:EE:E9:64:78
Certificate issuer: /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial: 01931BF4A1F34BC9CD16DB4C25B4B994CF80
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/m8zat6n1JHGnB0BGAh2nGO7pZHg.roa
Signing time: Mon 11 Nov 2024 16:00:37 +0000
ROA not before: Mon 11 Nov 2024 16:00:37 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 7489
IP address blocks: 2.56.164.0/22 maxlen: 24
45.81.20.0/22 maxlen: 24
45.90.144.0/22 maxlen: 24
45.140.220.0/22 maxlen: 24
45.154.196.0/22 maxlen: 24
77.83.240.0/22 maxlen: 24
77.83.243.0/24 maxlen: 24
78.108.216.0/22 maxlen: 24
78.108.217.0/24 maxlen: 24
83.143.116.0/22 maxlen: 24
83.143.116.0/24 maxlen: 24
85.202.160.0/22 maxlen: 24
89.190.156.0/22 maxlen: 24
178.218.144.0/22 maxlen: 24
185.185.40.0/22 maxlen: 24
185.186.64.0/22 maxlen: 24
185.227.68.0/22 maxlen: 24
185.227.70.0/24 maxlen: 24
185.227.71.0/24 maxlen: 24
185.234.72.0/22 maxlen: 24
185.242.224.0/22 maxlen: 24
185.242.225.0/24 maxlen: 24
193.31.28.0/22 maxlen: 24
193.31.30.0/24 maxlen: 24
193.34.76.0/22 maxlen: 24
193.34.77.0/24 maxlen: 24
193.105.184.0/24 maxlen: 24
193.221.192.0/22 maxlen: 24
194.31.141.0/24 maxlen: 24
194.50.16.0/22 maxlen: 24
194.56.224.0/22 maxlen: 24
212.107.12.0/22 maxlen: 24
212.107.14.0/24 maxlen: 24
2a0b:b82::/44 maxlen: 44
2a0b:b84::/32 maxlen: 32
2a0b:b85::/32 maxlen: 32
2a0b:b86::/40 maxlen: 48
2a0b:b87:ff12::/48 maxlen: 48
2a0b:b87:ffb4::/48 maxlen: 48
2a0b:b87:ffd2::/48 maxlen: 48
2a0b:b87:ffda::/48 maxlen: 48
2a0b:b87:ffec::/48 maxlen: 48
2a0b:b87:fff0::/44 maxlen: 44
2a0b:7080:10::/44 maxlen: 44
2a0b:7080:10::/45 maxlen: 45
2a0b:7080:10::/48 maxlen: 48
2a0b:7080:20::/44 maxlen: 48
2a0b:7080:20::/48 maxlen: 48
2a0b:7080:30::/44 maxlen: 48
2a0d:77c0::/29 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:1b:f4:a1:f3:4b:c9:cd:16:db:4c:25:b4:b9:94:cf:80
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Validity
Not Before: Nov 11 16:00:37 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=9bccdab7a9f52471a7074046021da718eee96478
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:85:c8:33:ae:99:8b:11:4e:f5:eb:65:7d:8e:
16:96:e3:15:3e:25:21:c7:ca:94:ba:ef:f8:1f:48:
a7:9f:17:a5:bd:a1:a7:e5:8a:99:19:86:b4:11:11:
07:32:87:52:db:d3:33:ef:6b:6a:83:47:ab:1b:17:
92:9e:dd:96:fe:b5:84:0b:7a:8d:77:66:51:82:aa:
1a:23:46:7e:db:e9:98:72:e0:70:ee:a6:87:83:04:
29:65:b6:b8:a7:9b:23:4b:3a:da:b6:09:dc:f7:1f:
35:ab:73:93:4b:a9:f4:35:bc:74:88:f9:68:ec:4e:
66:dc:04:97:64:c9:b7:8a:b4:55:52:7d:ae:bf:09:
7c:4f:f2:36:02:c4:23:63:51:fd:83:fa:ab:a5:43:
cf:c7:a0:e4:5e:ec:d2:7d:3f:7c:04:84:30:ad:da:
87:87:52:fc:3a:50:ab:29:2e:cf:ea:d9:c5:cd:b6:
68:cb:97:a7:27:04:ec:71:57:48:e1:ef:9f:96:8e:
90:72:c9:6f:a8:d0:3f:b7:7a:88:86:cb:55:00:b4:
e8:db:ab:2b:49:c6:de:f3:1c:39:7d:c3:51:57:dd:
6e:02:51:42:69:c0:97:6f:16:b3:ca:b4:9d:8e:2d:
82:ec:83:17:de:23:f4:65:8b:2c:e2:68:d1:36:59:
a1:93
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
9B:CC:DA:B7:A9:F5:24:71:A7:07:40:46:02:1D:A7:18:EE:E9:64:78
X509v3 Authority Key Identifier:
keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/m8zat6n1JHGnB0BGAh2nGO7pZHg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.164.0/22
45.81.20.0/22
45.90.144.0/22
45.140.220.0/22
45.154.196.0/22
77.83.240.0/22
78.108.216.0/22
83.143.116.0/22
85.202.160.0/22
89.190.156.0/22
178.218.144.0/22
185.185.40.0/22
185.186.64.0/22
185.227.68.0/22
185.234.72.0/22
185.242.224.0/22
193.31.28.0/22
193.34.76.0/22
193.105.184.0/24
193.221.192.0/22
194.31.141.0/24
194.50.16.0/22
194.56.224.0/22
212.107.12.0/22
IPv6:
2a0b:b82::/44
2a0b:b84::-2a0b:b86:ff:ffff:ffff:ffff:ffff:ffff
2a0b:b87:ff12::/48
2a0b:b87:ffb4::/48
2a0b:b87:ffd2::/48
2a0b:b87:ffda::/48
2a0b:b87:ffec::/48
2a0b:b87:fff0::/44
2a0b:7080:10::-2a0b:7080:3f:ffff:ffff:ffff:ffff:ffff
2a0d:77c0::/29
Signature Algorithm: sha256WithRSAEncryption
ca:cd:ae:f8:75:65:2e:b1:2e:9b:e9:91:e0:2b:46:13:3f:6b:
0e:40:de:07:ff:d3:c3:88:ad:2a:8d:ea:8d:6c:4b:4b:1a:4c:
b1:49:dc:32:46:92:36:fb:0e:5a:c4:05:93:99:b0:52:06:ac:
c3:ca:92:26:18:8a:15:3b:d0:37:a4:29:00:29:1c:55:f7:67:
2e:c0:a1:8c:8d:1f:a9:22:99:13:e3:e2:19:4b:7b:b1:1e:c3:
a9:52:df:77:2a:8b:49:03:bc:f0:b2:cb:d1:1b:06:ba:1d:d3:
d6:50:9e:4a:ad:14:d9:26:ee:16:8f:fc:0f:5e:00:92:6d:9f:
fc:6d:4b:cd:8c:0e:ff:5b:46:e3:aa:a4:12:7d:46:3d:ba:d3:
0a:4a:fa:3c:d9:ee:71:9e:2a:e2:fb:0e:c6:a5:1b:94:c3:9c:
58:4d:ba:26:df:4c:99:88:03:4d:1f:27:c4:c0:68:49:47:8e:
b4:4a:62:ed:aa:de:ec:45:bd:bb:6f:8c:3d:69:0f:24:7f:8d:
04:a4:6a:14:a5:c5:6e:04:f7:ef:58:c5:11:af:00:ee:9d:b0:
6b:f3:ff:7b:01:53:f6:02:64:72:1f:ea:38:ab:34:71:7f:57:
7f:67:dc:65:f4:c2:97:5d:bf:6d:3e:fe:27:02:84:79:ed:61:
b7:3f:06:94
-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgISAZMb9KHzS8nNFttMJbS5lM+AMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQxMTExMTYwMDM3WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5YmNjZGFiN2E5ZjUyNDcxYTcwNzQwNDYwMjFkYTcxOGVlZTk2NDc4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoYXIM66ZixFO9etlfY4WluMVPiUh
x8qUuu/4H0innxelvaGn5YqZGYa0EREHModS29Mz72tqg0erGxeSnt2W/rWEC3qN
d2ZRgqoaI0Z+2+mYcuBw7qaHgwQpZba4p5sjSzratgnc9x81q3OTS6n0Nbx0iPlo
7E5m3ASXZMm3irRVUn2uvwl8T/I2AsQjY1H9g/qrpUPPx6DkXuzSfT98BIQwrdqH
h1L8OlCrKS7P6tnFzbZoy5enJwTscVdI4e+flo6QcslvqNA/t3qIhstVALTo26sr
Scbe8xw5fcNRV91uAlFCacCXbxazyrSdji2C7IMX3iP0ZYss4mjRNlmhkwIDAQAB
o4IDDjCCAwowHQYDVR0OBBYEFJvM2rep9SRxpwdARgIdpxju6WR4MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvbTh6YXQ2bjFKSEduQjBCR0FoMm5HTzdwWkhnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBIgYIKwYBBQUHAQcBAf8EggERMIIBDTCBlwQCAAEwgZAD
BAICOKQDBAItURQDBAItWpADBAItjNwDBAItmsQDBAJNU/ADBAJObNgDBAJTj3QD
BAJVyqADBAJZvpwDBAKy2pADBAK5uSgDBAK5ukADBAK540QDBAK56kgDBAK58uAD
BALBHxwDBALBIkwDBADBabgDBALB3cADBADCH40DBALCMhADBALCOOADBALUawww
cQQCAAIwawMHBCoLC4IAADAPAwUCKgsLhAMGACoLC4YAAwcAKgsLh/8SAwcAKgsL
h/+0AwcAKgsLh//SAwcAKgsLh//aAwcAKgsLh//sAwcEKgsLh//wMBIDBwQqC3CA
ABADBwYqC3CAAAADBQMqDXfAMA0GCSqGSIb3DQEBCwUAA4IBAQDKza74dWUusS6b
6ZHgK0YTP2sOQN4H/9PDiK0qjeqNbEtLGkyxSdwyRpI2+w5axAWTmbBSBqzDypIm
GIoVO9A3pCkAKRxV92cuwKGMjR+pIpkT4+IZS3uxHsOpUt93KotJA7zwssvRGwa6
HdPWUJ5KrRTZJu4Wj/wPXgCSbZ/8bUvNjA7/W0bjqqQSfUY9utMKSvo82e5xniri
+w7GpRuUw5xYTbom30yZiANNHyfEwGhJR460SmLtqt7sRb27b4w9aQ8kf40EpGoU
pcVuBPfvWMURrwDunbBr8/97AVP2AmRyH+o4qzRxf1d/Z9xl9MKXXb9tPv4nAoR5
7WG3PwaU
-----END CERTIFICATE-----
Generated at Tue Nov 12 16:12:37 2024 by rpki-client on console-fra.rpki-client.org