Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/6a6805-5ce0-4128-a04c-f62f35af4371/1/NjY6LIh1Xkww9nV34tu4NMKoqmU.roa
File: NjY6LIh1Xkww9nV34tu4NMKoqmU.roa (raw, json)
Hash identifier: vPbRHRlwsQmuOgQ2R+Je1Jnwh7yiFikwlRt5qumDtAk=
Subject key identifier: 36:36:3A:2C:88:75:5E:4C:30:F6:75:77:E2:DB:B8:34:C2:A8:AA:65
Certificate issuer: /CN=5f96676cf398d3994c4dd4a296594614dff586c7
Certificate serial: 018CF8C74FB83D60B5A7FE1D6E8F26776D8E
Authority key identifier: 5F:96:67:6C:F3:98:D3:99:4C:4D:D4:A2:96:59:46:14:DF:F5:86:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/X5ZnbPOY05lMTdSilllGFN_1hsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/6a6805-5ce0-4128-a04c-f62f35af4371/1/NjY6LIh1Xkww9nV34tu4NMKoqmU.roa
Signing time: Thu 11 Jan 2024 13:47:40 +0000
ROA not before: Thu 11 Jan 2024 13:47:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 198417
IP address blocks: 89.43.39.0/24 maxlen: 24
92.114.1.0/24 maxlen: 24
89.39.151.0/24 maxlen: 24
188.208.18.0/24 maxlen: 24
93.117.64.0/24 maxlen: 24
89.40.68.0/24 maxlen: 24
92.114.99.0/24 maxlen: 24
86.107.188.0/24 maxlen: 24
89.47.35.0/24 maxlen: 24
92.114.34.0/24 maxlen: 24
86.106.82.0/24 maxlen: 24
37.153.137.0/24 maxlen: 24
94.177.64.0/24 maxlen: 24
89.42.34.0/24 maxlen: 24
94.177.119.0/24 maxlen: 24
89.32.201.0/24 maxlen: 24
89.32.205.0/24 maxlen: 24
188.241.70.0/24 maxlen: 24
89.32.124.0/24 maxlen: 24
89.32.128.0/24 maxlen: 24
93.113.88.0/24 maxlen: 24
86.106.178.0/24 maxlen: 24
93.113.108.0/24 maxlen: 24
89.38.56.0/24 maxlen: 24
89.34.218.0/24 maxlen: 24
89.38.71.0/24 maxlen: 24
89.45.9.0/24 maxlen: 24
188.240.16.0/24 maxlen: 24
188.240.46.0/24 maxlen: 24
31.14.253.0/24 maxlen: 24
86.106.21.0/24 maxlen: 24
176.223.162.0/24 maxlen: 24
86.105.194.0/24 maxlen: 24
86.105.197.0/24 maxlen: 24
31.14.218.0/24 maxlen: 24
176.223.180.0/24 maxlen: 24
31.14.232.0/24 maxlen: 24
159.20.112.0/24 maxlen: 24
159.20.113.0/24 maxlen: 24
159.20.114.0/24 maxlen: 24
159.20.115.0/24 maxlen: 24
159.20.116.0/24 maxlen: 24
93.118.44.0/24 maxlen: 24
93.114.141.0/24 maxlen: 24
89.40.131.0/24 maxlen: 24
89.44.106.0/24 maxlen: 24
89.41.30.0/24 maxlen: 24
31.14.64.0/24 maxlen: 24
93.114.250.0/24 maxlen: 24
2a10:3ec0::/29 maxlen: 29
2a10:3ec0:32::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:f8:c7:4f:b8:3d:60:b5:a7:fe:1d:6e:8f:26:77:6d:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5f96676cf398d3994c4dd4a296594614dff586c7
Validity
Not Before: Jan 11 13:47:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=36363a2c88755e4c30f67577e2dbb834c2a8aa65
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:bc:cc:b5:06:e7:5f:bb:15:02:86:dc:ba:e4:
32:17:7a:0e:68:09:49:a2:6e:3f:60:35:9d:c9:01:
d9:c2:42:d3:09:e6:44:92:69:5f:5a:6a:77:65:90:
4c:3a:e9:d8:d0:49:fb:36:4f:ae:e2:ab:2c:a3:ba:
44:c3:2d:38:1d:4f:c4:7d:66:2a:2d:93:be:26:ff:
61:d3:d3:d9:70:63:6b:53:f6:65:b9:b4:c3:3c:d6:
16:2e:ce:1c:4c:c5:67:74:ff:80:21:6e:83:75:67:
4f:b9:bd:ff:77:9f:b9:9a:45:54:4d:79:4c:70:44:
e1:80:10:66:b1:50:0c:db:95:1c:28:46:71:c6:1e:
79:10:55:8f:30:20:b0:b6:00:cb:a0:bc:47:41:2e:
b9:b4:aa:3b:d9:58:8b:49:ed:ce:8a:9c:8b:c9:bf:
b2:b3:24:31:8d:c5:d4:58:22:10:d0:de:d6:5f:88:
e5:a4:8a:e7:23:60:1d:91:3c:cb:27:41:9a:ab:f0:
52:f3:71:21:dc:b3:47:c9:87:be:da:c9:ae:69:37:
13:46:b0:47:f7:2b:c5:1c:2d:86:8d:a1:86:9e:89:
89:71:c1:94:14:dd:cb:30:fc:c1:95:a8:af:4e:02:
2d:ba:09:28:84:b6:bd:8e:1d:0c:b9:c0:67:b3:e5:
92:0b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:36:3A:2C:88:75:5E:4C:30:F6:75:77:E2:DB:B8:34:C2:A8:AA:65
X509v3 Authority Key Identifier:
keyid:5F:96:67:6C:F3:98:D3:99:4C:4D:D4:A2:96:59:46:14:DF:F5:86:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X5ZnbPOY05lMTdSilllGFN_1hsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/6a6805-5ce0-4128-a04c-f62f35af4371/1/NjY6LIh1Xkww9nV34tu4NMKoqmU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/6a6805-5ce0-4128-a04c-f62f35af4371/1/X5ZnbPOY05lMTdSilllGFN_1hsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.14.64.0/24
31.14.218.0/24
31.14.232.0/24
31.14.253.0/24
37.153.137.0/24
86.105.194.0/24
86.105.197.0/24
86.106.21.0/24
86.106.82.0/24
86.106.178.0/24
86.107.188.0/24
89.32.124.0/24
89.32.128.0/24
89.32.201.0/24
89.32.205.0/24
89.34.218.0/24
89.38.56.0/24
89.38.71.0/24
89.39.151.0/24
89.40.68.0/24
89.40.131.0/24
89.41.30.0/24
89.42.34.0/24
89.43.39.0/24
89.44.106.0/24
89.45.9.0/24
89.47.35.0/24
92.114.1.0/24
92.114.34.0/24
92.114.99.0/24
93.113.88.0/24
93.113.108.0/24
93.114.141.0/24
93.114.250.0/24
93.117.64.0/24
93.118.44.0/24
94.177.64.0/24
94.177.119.0/24
159.20.112.0-159.20.116.255
176.223.162.0/24
176.223.180.0/24
188.208.18.0/24
188.240.16.0/24
188.240.46.0/24
188.241.70.0/24
IPv6:
2a10:3ec0::/29
Signature Algorithm: sha256WithRSAEncryption
b1:a7:ac:95:b7:41:7f:aa:14:fd:7b:15:ba:31:f2:72:8f:60:
17:20:42:b6:de:33:06:e6:7d:0e:97:6b:97:78:be:fc:17:43:
ea:30:75:7d:3c:5a:34:1f:4e:40:1c:f0:cd:d6:fe:43:af:c6:
71:76:9f:ae:90:8d:9b:79:16:40:60:3c:1d:eb:93:56:d6:8f:
cd:d1:65:c0:70:62:a9:b1:f6:fd:35:9c:af:24:c5:50:20:3e:
2c:ee:9e:53:5f:53:dd:ce:0d:08:78:96:56:df:fd:43:80:6e:
f8:49:ce:fc:4b:93:84:b2:b2:a5:ea:72:53:81:8c:30:cf:99:
ef:04:ea:8e:ca:d3:3e:b2:eb:cc:c5:6b:79:a9:6b:4f:5a:87:
26:a6:69:34:13:63:a4:35:16:e2:10:8d:4a:69:7c:bd:f5:fa:
68:de:37:95:7b:f6:e3:5c:7a:12:9b:72:73:a6:f5:f4:6e:89:
44:e9:9a:57:22:07:f6:74:ca:de:f7:18:4e:16:ab:9b:b6:07:
9d:ac:0b:3a:27:6d:06:91:81:e7:9c:c3:20:65:a6:63:c6:ed:
8c:a9:22:ea:ad:0a:61:bb:fb:13:af:c2:d7:cc:89:7f:bc:e7:
4e:a6:df:a0:68:31:59:e4:4b:bc:8b:77:30:d0:ad:88:d9:58:
2f:eb:96:10
-----BEGIN CERTIFICATE-----
MIIGJjCCBQ6gAwIBAgISAYz4x0+4PWC1p/4dbo8md22OMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmOTY2NzZjZjM5OGQzOTk0YzRkZDRhMjk2NTk0NjE0ZGZm
NTg2YzcwHhcNMjQwMTExMTM0NzQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjM2M2EyYzg4NzU1ZTRjMzBmNjc1NzdlMmRiYjgzNGMyYThhYTY1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhLzMtQbnX7sVAobcuuQyF3oOaAlJ
om4/YDWdyQHZwkLTCeZEkmlfWmp3ZZBMOunY0En7Nk+u4qsso7pEwy04HU/EfWYq
LZO+Jv9h09PZcGNrU/ZlubTDPNYWLs4cTMVndP+AIW6DdWdPub3/d5+5mkVUTXlM
cEThgBBmsVAM25UcKEZxxh55EFWPMCCwtgDLoLxHQS65tKo72ViLSe3OipyLyb+y
syQxjcXUWCIQ0N7WX4jlpIrnI2AdkTzLJ0Gaq/BS83Eh3LNHyYe+2smuaTcTRrBH
9yvFHC2GjaGGnomJccGUFN3LMPzBlaivTgItugkohLa9jh0MucBns+WSCwIDAQAB
o4IDMjCCAy4wHQYDVR0OBBYEFDY2OiyIdV5MMPZ1d+LbuDTCqKplMB8GA1UdIwQY
MBaAFF+WZ2zzmNOZTE3UopZZRhTf9YbHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDVabmJQT1kwNWxNVGRTaWxsbEdGTl8xaHNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC82YTY4MDUtNWNlMC00MTI4LWEwNGMt
ZjYyZjM1YWY0MzcxLzEvTmpZNkxJaDFYa3d3OW5WMzR0dTROTUtvcW1VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC82YTY4MDUtNWNlMC00MTI4LWEwNGMtZjYyZjM1YWY0Mzcx
LzEvWDVabmJQT1kwNWxNVGRTaWxsbEdGTl8xaHNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBRgYIKwYBBQUHAQcBAf8EggE1MIIBMTCCAR4EAgABMIIB
FgMEAB8OQAMEAB8O2gMEAB8O6AMEAB8O/QMEACWZiQMEAFZpwgMEAFZpxQMEAFZq
FQMEAFZqUgMEAFZqsgMEAFZrvAMEAFkgfAMEAFkggAMEAFkgyQMEAFkgzQMEAFki
2gMEAFkmOAMEAFkmRwMEAFknlwMEAFkoRAMEAFkogwMEAFkpHgMEAFkqIgMEAFkr
JwMEAFksagMEAFktCQMEAFkvIwMEAFxyAQMEAFxyIgMEAFxyYwMEAF1xWAMEAF1x
bAMEAF1yjQMEAF1y+gMEAF11QAMEAF12LAMEAF6xQAMEAF6xdzAMAwQEnxRwAwQA
nxR0AwQAsN+iAwQAsN+0AwQAvNASAwQAvPAQAwQAvPAuAwQAvPFGMA0EAgACMAcD
BQMqED7AMA0GCSqGSIb3DQEBCwUAA4IBAQCxp6yVt0F/qhT9exW6MfJyj2AXIEK2
3jMG5n0Ol2uXeL78F0PqMHV9PFo0H05AHPDN1v5Dr8Zxdp+ukI2beRZAYDwd65NW
1o/N0WXAcGKpsfb9NZyvJMVQID4s7p5TX1Pdzg0IeJZW3/1DgG74Sc78S5OEsrKl
6nJTgYwwz5nvBOqOytM+suvMxWt5qWtPWocmpmk0E2OkNRbiEI1KaXy99fpo3jeV
e/bjXHoSm3JzpvX0bolE6ZpXIgf2dMre9xhOFqubtgedrAs6J20GkYHnnMMgZaZj
xu2MqSLqrQphu/sTr8LXzIl/vOdOpt+gaDFZ5Eu8i3cw0K2I2Vgv65YQ
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:59:28 2024 by rpki-client on console-ams.rpki-client.org