Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/u9qvlQYqaz1yg7S24F17vo6pCfs.roa
File: u9qvlQYqaz1yg7S24F17vo6pCfs.roa (raw, json)
Hash identifier: DWgQWSb6JP/uopQL7hv33+3wKOpzTsV0j8TnPbu4I/U=
Subject key identifier: BB:DA:AF:95:06:2A:6B:3D:72:83:B4:B6:E0:5D:7B:BE:8E:A9:09:FB
Certificate issuer: /CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Certificate serial: 0193F32010A7572C9DD096A97CED0A4929BF
Authority key identifier: B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/u9qvlQYqaz1yg7S24F17vo6pCfs.roa
Signing time: Mon 23 Dec 2024 10:46:25 +0000
ROA not before: Mon 23 Dec 2024 10:46:25 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 7489
IP address blocks: 2.56.164.0/22 maxlen: 24
5.182.48.0/24 maxlen: 24
45.81.20.0/22 maxlen: 24
45.90.144.0/22 maxlen: 24
45.140.220.0/22 maxlen: 24
45.154.196.0/22 maxlen: 24
77.83.240.0/22 maxlen: 24
77.83.243.0/24 maxlen: 24
78.108.217.0/24 maxlen: 24
83.143.116.0/22 maxlen: 24
83.143.116.0/24 maxlen: 24
85.202.160.0/22 maxlen: 24
89.190.156.0/22 maxlen: 24
178.218.144.0/22 maxlen: 24
185.185.40.0/22 maxlen: 24
185.186.64.0/22 maxlen: 24
185.227.68.0/22 maxlen: 24
185.227.71.0/24 maxlen: 24
185.234.72.0/22 maxlen: 24
185.242.224.0/22 maxlen: 24
185.242.225.0/24 maxlen: 24
193.31.30.0/24 maxlen: 24
193.34.76.0/22 maxlen: 24
193.34.77.0/24 maxlen: 24
193.221.192.0/22 maxlen: 24
194.50.16.0/22 maxlen: 24
194.56.224.0/22 maxlen: 24
212.107.12.0/22 maxlen: 24
212.107.14.0/24 maxlen: 24
2a0b:b82::/44 maxlen: 44
2a0b:b84::/32 maxlen: 32
2a0b:b85::/32 maxlen: 32
2a0b:b86::/40 maxlen: 48
2a0b:b87:ff12::/48 maxlen: 48
2a0b:b87:ffb4::/48 maxlen: 48
2a0b:b87:ffd2::/48 maxlen: 48
2a0b:b87:ffda::/48 maxlen: 48
2a0b:b87:ffec::/48 maxlen: 48
2a0b:b87:fff0::/44 maxlen: 44
2a0b:7080:10::/44 maxlen: 44
2a0b:7080:10::/45 maxlen: 45
2a0b:7080:10::/48 maxlen: 48
2a0b:7080:20::/44 maxlen: 48
2a0b:7080:20::/48 maxlen: 48
2a0b:7080:30::/44 maxlen: 48
2a0d:77c0::/29 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:f3:20:10:a7:57:2c:9d:d0:96:a9:7c:ed:0a:49:29:bf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b1a7b0d8de8251d36d7c83faf6bc7efec73b5034
Validity
Not Before: Dec 23 10:46:25 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=bbdaaf95062a6b3d7283b4b6e05d7bbe8ea909fb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:45:7a:2b:dc:4b:d3:7b:44:90:e0:9d:3e:69:
ef:24:72:ca:50:50:7a:8c:79:3b:63:8b:59:32:32:
a9:5b:5f:30:ae:c3:84:3e:e9:ec:f4:87:4f:a8:b2:
3f:89:5b:05:5b:d8:18:62:ab:28:bb:44:5e:5c:04:
58:3e:51:42:53:a1:0a:9e:6a:73:c2:51:66:ea:5d:
9b:2f:85:73:42:65:72:11:56:f2:84:08:4f:3f:ff:
d8:51:c2:d6:c0:df:31:2d:66:9f:80:ba:73:8c:a8:
33:03:cc:ca:3f:8e:27:36:3d:92:37:d7:f6:c7:e0:
ae:44:8e:cb:37:bf:7e:11:b3:d8:40:8c:5b:8d:f9:
fb:09:96:0f:5b:87:59:02:9c:ce:ff:2a:e8:68:8c:
91:3f:ed:e5:c9:3d:99:11:9f:15:bb:c5:0a:0c:7b:
af:d7:6a:1d:37:18:9b:a9:e2:04:29:88:73:c1:d7:
6e:cc:64:c6:5f:2d:c9:d6:ea:39:02:b4:2f:bb:48:
31:f2:82:de:38:2d:3c:c9:4a:a6:d3:8c:2e:58:33:
1e:57:ab:59:3a:48:64:ef:21:c1:c9:8b:8b:4d:22:
c4:df:b7:49:aa:b6:a6:7c:ec:f7:74:44:30:ba:1d:
90:43:af:53:ed:a2:67:d5:f6:1d:56:d4:64:e6:ca:
1c:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BB:DA:AF:95:06:2A:6B:3D:72:83:B4:B6:E0:5D:7B:BE:8E:A9:09:FB
X509v3 Authority Key Identifier:
keyid:B1:A7:B0:D8:DE:82:51:D3:6D:7C:83:FA:F6:BC:7E:FE:C7:3B:50:34
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/saew2N6CUdNtfIP69rx-_sc7UDQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/u9qvlQYqaz1yg7S24F17vo6pCfs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/17/f134c8-f814-4b71-957b-394acd21f39b/1/saew2N6CUdNtfIP69rx-_sc7UDQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.164.0/22
5.182.48.0/24
45.81.20.0/22
45.90.144.0/22
45.140.220.0/22
45.154.196.0/22
77.83.240.0/22
78.108.217.0/24
83.143.116.0/22
85.202.160.0/22
89.190.156.0/22
178.218.144.0/22
185.185.40.0/22
185.186.64.0/22
185.227.68.0/22
185.234.72.0/22
185.242.224.0/22
193.31.30.0/24
193.34.76.0/22
193.221.192.0/22
194.50.16.0/22
194.56.224.0/22
212.107.12.0/22
IPv6:
2a0b:b82::/44
2a0b:b84::-2a0b:b86:ff:ffff:ffff:ffff:ffff:ffff
2a0b:b87:ff12::/48
2a0b:b87:ffb4::/48
2a0b:b87:ffd2::/48
2a0b:b87:ffda::/48
2a0b:b87:ffec::/48
2a0b:b87:fff0::/44
2a0b:7080:10::-2a0b:7080:3f:ffff:ffff:ffff:ffff:ffff
2a0d:77c0::/29
Signature Algorithm: sha256WithRSAEncryption
bb:48:28:96:ec:54:6f:e9:54:42:f6:54:3c:db:46:4c:24:1a:
f7:15:f2:c1:d7:3c:20:5f:dc:55:b3:d2:e7:0f:c3:fe:a9:f1:
4e:e9:a6:2d:8e:2c:3e:21:af:7f:74:da:22:d0:62:03:36:fd:
ea:d7:28:ff:c6:c0:cc:03:f4:38:1d:2d:82:a0:27:87:8e:c4:
45:5f:3c:68:ac:3b:25:72:75:2c:71:32:f1:73:5a:8a:64:07:
3e:81:30:2d:bc:38:bb:b8:59:01:35:eb:77:2c:0c:bf:59:e2:
67:ae:d0:89:26:c7:87:74:b0:80:6d:0d:4e:0e:a5:8c:f1:f7:
fa:8a:fd:21:e9:38:9c:3a:53:33:64:20:b1:df:c9:a2:7f:9f:
90:cc:10:7b:0e:5b:e0:a0:95:ce:a9:c4:60:67:b8:c4:f4:1e:
6f:5b:51:b2:90:2b:3d:bc:02:23:25:ee:0d:2b:59:9d:ed:d7:
f2:d5:13:7b:03:70:be:c3:46:ab:f5:a5:3e:a6:5a:9b:61:e1:
be:32:40:38:78:e0:61:57:cc:9a:36:de:a0:19:98:06:5b:83:
24:b6:3a:b0:2e:6f:8d:37:2e:af:55:d0:5f:71:7a:18:43:ba:
1b:4a:fc:10:b8:0f:ed:f3:4c:03:0f:cf:04:f1:a3:4e:47:d6:
ca:88:84:7a
-----BEGIN CERTIFICATE-----
MIIF/DCCBOSgAwIBAgISAZPzIBCnVyyd0JapfO0KSSm/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIxYTdiMGQ4ZGU4MjUxZDM2ZDdjODNmYWY2YmM3ZWZlYzcz
YjUwMzQwHhcNMjQxMjIzMTA0NjI1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYmRhYWY5NTA2MmE2YjNkNzI4M2I0YjZlMDVkN2JiZThlYTkwOWZiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAskV6K9xL03tEkOCdPmnvJHLKUFB6
jHk7Y4tZMjKpW18wrsOEPuns9IdPqLI/iVsFW9gYYqsou0ReXARYPlFCU6EKnmpz
wlFm6l2bL4VzQmVyEVbyhAhPP//YUcLWwN8xLWafgLpzjKgzA8zKP44nNj2SN9f2
x+CuRI7LN79+EbPYQIxbjfn7CZYPW4dZApzO/yroaIyRP+3lyT2ZEZ8Vu8UKDHuv
12odNxibqeIEKYhzwdduzGTGXy3J1uo5ArQvu0gx8oLeOC08yUqm04wuWDMeV6tZ
Okhk7yHByYuLTSLE37dJqramfOz3dEQwuh2QQ69T7aJn1fYdVtRk5socowIDAQAB
o4IDCDCCAwQwHQYDVR0OBBYEFLvar5UGKms9coO0tuBde76OqQn7MB8GA1UdIwQY
MBaAFLGnsNjeglHTbXyD+va8fv7HO1A0MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2It
Mzk0YWNkMjFmMzliLzEvdTlxdmxRWXFhejF5ZzdTMjRGMTd2bzZwQ2ZzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xNy9mMTM0YzgtZjgxNC00YjcxLTk1N2ItMzk0YWNkMjFmMzli
LzEvc2FldzJONkNVZE50ZklQNjlyeC1fc2M3VURRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHAYIKwYBBQUHAQcBAf8EggELMIIBBzCBkQQCAAEwgYoD
BAICOKQDBAAFtjADBAItURQDBAItWpADBAItjNwDBAItmsQDBAJNU/ADBABObNkD
BAJTj3QDBAJVyqADBAJZvpwDBAKy2pADBAK5uSgDBAK5ukADBAK540QDBAK56kgD
BAK58uADBADBHx4DBALBIkwDBALB3cADBALCMhADBALCOOADBALUawwwcQQCAAIw
awMHBCoLC4IAADAPAwUCKgsLhAMGACoLC4YAAwcAKgsLh/8SAwcAKgsLh/+0AwcA
KgsLh//SAwcAKgsLh//aAwcAKgsLh//sAwcEKgsLh//wMBIDBwQqC3CAABADBwYq
C3CAAAADBQMqDXfAMA0GCSqGSIb3DQEBCwUAA4IBAQC7SCiW7FRv6VRC9lQ820ZM
JBr3FfLB1zwgX9xVs9LnD8P+qfFO6aYtjiw+Ia9/dNoi0GIDNv3q1yj/xsDMA/Q4
HS2CoCeHjsRFXzxorDslcnUscTLxc1qKZAc+gTAtvDi7uFkBNet3LAy/WeJnrtCJ
JseHdLCAbQ1ODqWM8ff6iv0h6TicOlMzZCCx38mif5+QzBB7DlvgoJXOqcRgZ7jE
9B5vW1GykCs9vAIjJe4NK1md7dfy1RN7A3C+w0ar9aU+plqbYeG+MkA4eOBhV8ya
Nt6gGZgGW4MktjqwLm+NNy6vVdBfcXoYQ7obSvwQuA/t80wDD88E8aNOR9bKiIR6
-----END CERTIFICATE-----
Generated at Sat Apr 12 21:31:12 2025 by rpki-client