Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/TKHjqRD1gTyaRUf9W-W1weCw9LI.roa
File: TKHjqRD1gTyaRUf9W-W1weCw9LI.roa (raw, json)
Hash identifier: ZIGSCoT1Yf7tYxBmtum1HfOpt1Hv8OCDgc0w5E1p8Qs=
Subject key identifier: 4C:A1:E3:A9:10:F5:81:3C:9A:45:47:FD:5B:E5:B5:C1:E0:B0:F4:B2
Certificate issuer: /CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Certificate serial: 01893BEE75CAB8757B628B0A16044F0E487D
Authority key identifier: 52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/TKHjqRD1gTyaRUf9W-W1weCw9LI.roa
Signing time: Sun 09 Jul 2023 18:33:50 +0000
ROA not before: Sun 09 Jul 2023 18:33:50 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 47869
IP address blocks: 109.235.48.0/21 maxlen: 21
178.239.48.0/20 maxlen: 20
94.185.80.0/21 maxlen: 21
185.149.56.0/22 maxlen: 22
91.208.164.0/24 maxlen: 24
194.110.67.0/24 maxlen: 24
37.46.192.0/22 maxlen: 22
91.205.232.0/22 maxlen: 22
37.46.199.0/24 maxlen: 24
91.199.50.0/24 maxlen: 24
37.46.196.0/23 maxlen: 23
185.24.248.0/22 maxlen: 22
31.171.132.0/22 maxlen: 22
94.228.208.0/20 maxlen: 20
2a00:dd0::/32 maxlen: 48
2a00:dd0:bbbb::/48 maxlen: 48
2a00:dd0:aaaa::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:3b:ee:75:ca:b8:75:7b:62:8b:0a:16:04:4f:0e:48:7d
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=52dc9c218b510c07bc6659b09fbd32afe68abfd2
Validity
Not Before: Jul 9 18:33:50 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4ca1e3a910f5813c9a4547fd5be5b5c1e0b0f4b2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:af:40:e4:7e:0e:50:6d:13:e5:26:83:fe:c7:4d:
4f:a7:f0:61:96:40:ed:41:b9:c5:5c:04:d7:2f:f1:
d8:2b:2a:26:09:fb:fb:a2:c4:05:38:9a:f3:64:1e:
23:61:53:9c:93:c8:79:47:78:e7:ec:bb:86:3f:dc:
8c:a9:e8:5d:7b:b8:89:b6:1e:69:07:d9:f8:34:77:
d9:c1:5d:3c:2a:ac:8c:10:e2:6a:e4:d4:09:e5:bb:
2b:61:cb:bb:2d:c8:fc:da:22:c0:5f:0b:4f:04:ff:
36:f8:78:f1:d8:9a:4f:3c:37:24:5d:e3:7d:33:e5:
d8:50:19:22:83:77:80:f4:99:62:b7:16:82:22:78:
d5:04:a9:d3:d2:f9:4d:3d:05:14:a5:42:02:b4:55:
5e:44:0e:93:2f:2b:fc:90:2b:66:ab:7d:6b:27:3e:
4d:44:99:80:7e:f0:12:dc:d4:22:0f:74:31:02:5e:
18:bf:b9:28:9e:a9:f4:a6:a9:72:cd:b6:4a:61:d8:
00:08:12:c7:0a:0d:a7:b5:b8:a0:ef:fd:fc:ce:f3:
db:57:68:18:3f:75:31:29:93:d5:27:b5:46:c5:b2:
c8:9d:00:25:c3:20:77:47:8c:a0:d8:bc:96:d1:0a:
c6:5a:ef:a5:7b:3f:0f:42:8a:b0:28:2c:48:01:cb:
a2:9d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:A1:E3:A9:10:F5:81:3C:9A:45:47:FD:5B:E5:B5:C1:E0:B0:F4:B2
X509v3 Authority Key Identifier:
keyid:52:DC:9C:21:8B:51:0C:07:BC:66:59:B0:9F:BD:32:AF:E6:8A:BF:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/UtycIYtRDAe8Zlmwn70yr-aKv9I.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/TKHjqRD1gTyaRUf9W-W1weCw9LI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/1d/409b7e-1275-43ed-af0f-52f97b277d1f/1/UtycIYtRDAe8Zlmwn70yr-aKv9I.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.171.132.0/22
37.46.192.0-37.46.197.255
37.46.199.0/24
91.199.50.0/24
91.205.232.0/22
91.208.164.0/24
94.185.80.0/21
94.228.208.0/20
109.235.48.0/21
178.239.48.0/20
185.24.248.0/22
185.149.56.0/22
194.110.67.0/24
IPv6:
2a00:dd0::/32
Signature Algorithm: sha256WithRSAEncryption
99:af:d1:6a:47:7f:a9:cc:47:bc:3f:d8:8e:fb:0e:b7:d3:9c:
97:6f:c6:ff:fe:18:eb:16:c1:bc:29:3e:e1:5e:74:18:46:6b:
42:2c:cb:33:e6:e1:c2:51:66:c2:c2:7f:7d:a3:8b:11:59:01:
5d:e7:19:b4:c1:ab:26:26:f1:84:56:6d:c1:0e:af:d3:d8:e1:
c7:bb:1a:10:99:04:c3:24:e8:5a:a8:56:3e:e7:04:d3:51:28:
0b:92:df:94:af:fe:a9:d7:29:f2:63:37:8b:f0:c4:a0:d7:da:
c9:1f:c7:42:73:1a:35:a0:d7:ba:7f:00:e2:b9:4f:90:4d:e9:
67:d2:fb:0c:c0:4c:8a:e0:e3:37:bf:0a:c7:18:c7:7b:07:18:
17:86:34:2b:d7:9b:37:55:32:0e:6a:c9:16:be:5b:e6:80:f4:
07:c6:6d:12:b8:ec:b1:9f:b3:ae:f8:2d:0b:e1:04:9c:03:82:
e2:24:aa:52:b5:e5:fd:28:d4:e1:9e:6c:d4:cc:78:bc:5b:21:
20:82:04:fc:e3:11:7a:1a:da:87:95:f5:04:86:b0:38:39:fb:
ae:c9:c0:7b:f0:dc:4b:bc:a1:cf:44:b1:db:99:eb:df:8f:ed:
de:fe:5c:f4:31:d1:f9:e5:98:f4:b9:e7:df:63:d3:36:59:d4:
34:9d:10:44
-----BEGIN CERTIFICATE-----
MIIFXDCCBESgAwIBAgISAYk77nXKuHV7YosKFgRPDkh9MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUyZGM5YzIxOGI1MTBjMDdiYzY2NTliMDlmYmQzMmFmZTY4
YWJmZDIwHhcNMjMwNzA5MTgzMzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2ExZTNhOTEwZjU4MTNjOWE0NTQ3ZmQ1YmU1YjVjMWUwYjBmNGIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAr0Dkfg5QbRPlJoP+x01Pp/BhlkDt
QbnFXATXL/HYKyomCfv7osQFOJrzZB4jYVOck8h5R3jn7LuGP9yMqehde7iJth5p
B9n4NHfZwV08KqyMEOJq5NQJ5bsrYcu7Lcj82iLAXwtPBP82+Hjx2JpPPDckXeN9
M+XYUBkig3eA9JlitxaCInjVBKnT0vlNPQUUpUICtFVeRA6TLyv8kCtmq31rJz5N
RJmAfvAS3NQiD3QxAl4Yv7konqn0pqlyzbZKYdgACBLHCg2ntbig7/38zvPbV2gY
P3UxKZPVJ7VGxbLInQAlwyB3R4yg2LyW0QrGWu+lez8PQoqwKCxIAcuinQIDAQAB
o4ICaDCCAmQwHQYDVR0OBBYEFEyh46kQ9YE8mkVH/VvltcHgsPSyMB8GA1UdIwQY
MBaAFFLcnCGLUQwHvGZZsJ+9Mq/mir/SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYt
NTJmOTdiMjc3ZDFmLzEvVEtIanFSRDFnVHlhUlVmOVctVzF3ZUN3OUxJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8xZC80MDliN2UtMTI3NS00M2VkLWFmMGYtNTJmOTdiMjc3ZDFm
LzEvVXR5Y0lZdFJEQWU4Wmxtd243MHlyLWFLdjlJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMH4GCCsGAQUFBwEHAQH/BG8wbTBcBAIAATBWAwQCH6uEMAwD
BAYlLsADBAElLsQDBAAlLscDBABbxzIDBAJbzegDBABb0KQDBANeuVADBARe5NAD
BANt6zADBASy7zADBAK5GPgDBAK5lTgDBADCbkMwDQQCAAIwBwMFACoADdAwDQYJ
KoZIhvcNAQELBQADggEBAJmv0WpHf6nMR7w/2I77DrfTnJdvxv/+GOsWwbwpPuFe
dBhGa0IsyzPm4cJRZsLCf32jixFZAV3nGbTBqyYm8YRWbcEOr9PY4ce7GhCZBMMk
6FqoVj7nBNNRKAuS35Sv/qnXKfJjN4vwxKDX2skfx0JzGjWg17p/AOK5T5BN6WfS
+wzATIrg4ze/CscYx3sHGBeGNCvXmzdVMg5qyRa+W+aA9AfGbRK47LGfs674LQvh
BJwDguIkqlK15f0o1OGebNTMeLxbISCCBPzjEXoa2oeV9QSGsDg5+67JwHvw3Eu8
oc9EsduZ69+P7d7+XPQx0fnlmPS5599j0zZZ1DSdEEQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:57:12 2024 by rpki-client on console-ams.rpki-client.org