Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/28/6a6805-5ce0-4128-a04c-f62f35af4371/1/TO7-lh315y8WWHqyus7qmAtNvo4.roa
File: TO7-lh315y8WWHqyus7qmAtNvo4.roa (raw, json)
Hash identifier: Afnt9ZmPy9gSf/Uz7LtmvRs0I/0J7CJIZmuGTrCoCx8=
Subject key identifier: 4C:EE:FE:96:1D:F5:E7:2F:16:58:7A:B2:BA:CE:EA:98:0B:4D:BE:8E
Certificate issuer: /CN=5f96676cf398d3994c4dd4a296594614dff586c7
Certificate serial: 018CD5158B87C52C756F78EBB4E1803C124F
Authority key identifier: 5F:96:67:6C:F3:98:D3:99:4C:4D:D4:A2:96:59:46:14:DF:F5:86:C7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/X5ZnbPOY05lMTdSilllGFN_1hsc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/28/6a6805-5ce0-4128-a04c-f62f35af4371/1/TO7-lh315y8WWHqyus7qmAtNvo4.roa
Signing time: Thu 04 Jan 2024 15:26:48 +0000
ROA not before: Thu 04 Jan 2024 15:26:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 198417
IP address blocks: 89.43.39.0/24 maxlen: 24
92.114.1.0/24 maxlen: 24
89.39.151.0/24 maxlen: 24
188.208.18.0/24 maxlen: 24
93.117.64.0/24 maxlen: 24
89.40.68.0/24 maxlen: 24
92.114.99.0/24 maxlen: 24
86.107.188.0/24 maxlen: 24
89.47.35.0/24 maxlen: 24
92.114.34.0/24 maxlen: 24
86.106.82.0/24 maxlen: 24
89.35.152.0/24 maxlen: 24
37.153.137.0/24 maxlen: 24
94.177.64.0/24 maxlen: 24
89.42.34.0/24 maxlen: 24
94.177.119.0/24 maxlen: 24
89.32.201.0/24 maxlen: 24
89.32.205.0/24 maxlen: 24
188.241.70.0/24 maxlen: 24
89.32.124.0/24 maxlen: 24
89.32.128.0/24 maxlen: 24
93.113.88.0/24 maxlen: 24
86.106.178.0/24 maxlen: 24
93.113.108.0/24 maxlen: 24
89.38.56.0/24 maxlen: 24
89.34.218.0/24 maxlen: 24
89.38.71.0/24 maxlen: 24
89.45.9.0/24 maxlen: 24
188.240.16.0/24 maxlen: 24
188.240.46.0/24 maxlen: 24
31.14.253.0/24 maxlen: 24
86.106.21.0/24 maxlen: 24
176.223.162.0/24 maxlen: 24
86.105.194.0/24 maxlen: 24
86.105.197.0/24 maxlen: 24
31.14.218.0/24 maxlen: 24
176.223.180.0/24 maxlen: 24
31.14.232.0/24 maxlen: 24
159.20.112.0/24 maxlen: 24
159.20.113.0/24 maxlen: 24
159.20.114.0/24 maxlen: 24
159.20.115.0/24 maxlen: 24
159.20.116.0/24 maxlen: 24
93.118.44.0/24 maxlen: 24
93.114.141.0/24 maxlen: 24
89.40.131.0/24 maxlen: 24
89.44.106.0/24 maxlen: 24
89.41.30.0/24 maxlen: 24
31.14.64.0/24 maxlen: 24
93.114.250.0/24 maxlen: 24
2a10:3ec0::/29 maxlen: 29
2a10:3ec0:32::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:d5:15:8b:87:c5:2c:75:6f:78:eb:b4:e1:80:3c:12:4f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5f96676cf398d3994c4dd4a296594614dff586c7
Validity
Not Before: Jan 4 15:26:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4ceefe961df5e72f16587ab2baceea980b4dbe8e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:29:77:d9:33:58:17:b5:e0:ef:01:a0:d9:25:
cd:b5:50:ee:85:4f:1a:b8:7b:3d:77:26:12:d0:80:
d5:6e:f5:4f:28:3d:fc:3b:0a:10:15:d2:96:bd:e2:
69:25:9b:e1:6e:cc:c4:6a:68:18:37:2a:bf:34:55:
e4:99:8f:80:c1:56:42:2a:a0:8d:cf:c0:08:2e:3f:
73:0b:44:51:26:28:9e:4b:2d:85:01:b2:99:57:b1:
e0:d7:33:1d:d6:47:64:57:41:0a:05:89:f8:10:a6:
12:ef:50:97:4b:c7:a8:00:bc:c8:d4:6d:3b:ab:b7:
34:14:69:4e:16:84:fb:22:e3:c1:df:26:15:50:67:
d2:b9:97:7e:37:32:2c:4e:3a:80:13:4b:49:6f:cc:
64:e2:04:ae:ef:f3:e3:83:92:b7:3a:09:8a:86:57:
6f:62:46:b7:00:83:0f:1c:2b:c9:f8:e2:ab:ea:68:
63:a3:91:1f:4e:04:9c:f3:5c:87:c6:93:3c:75:88:
ba:9b:36:16:f6:29:b3:08:60:32:88:82:c0:02:a2:
5b:a6:2d:22:16:a7:6b:dc:0f:97:96:bd:85:9c:cb:
ba:32:fa:da:da:b1:f0:65:2d:e9:41:b2:14:ec:5e:
d4:90:81:6f:e0:d5:88:54:2e:e4:25:07:5f:dd:11:
b6:57
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:EE:FE:96:1D:F5:E7:2F:16:58:7A:B2:BA:CE:EA:98:0B:4D:BE:8E
X509v3 Authority Key Identifier:
keyid:5F:96:67:6C:F3:98:D3:99:4C:4D:D4:A2:96:59:46:14:DF:F5:86:C7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/X5ZnbPOY05lMTdSilllGFN_1hsc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/28/6a6805-5ce0-4128-a04c-f62f35af4371/1/TO7-lh315y8WWHqyus7qmAtNvo4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/28/6a6805-5ce0-4128-a04c-f62f35af4371/1/X5ZnbPOY05lMTdSilllGFN_1hsc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.14.64.0/24
31.14.218.0/24
31.14.232.0/24
31.14.253.0/24
37.153.137.0/24
86.105.194.0/24
86.105.197.0/24
86.106.21.0/24
86.106.82.0/24
86.106.178.0/24
86.107.188.0/24
89.32.124.0/24
89.32.128.0/24
89.32.201.0/24
89.32.205.0/24
89.34.218.0/24
89.35.152.0/24
89.38.56.0/24
89.38.71.0/24
89.39.151.0/24
89.40.68.0/24
89.40.131.0/24
89.41.30.0/24
89.42.34.0/24
89.43.39.0/24
89.44.106.0/24
89.45.9.0/24
89.47.35.0/24
92.114.1.0/24
92.114.34.0/24
92.114.99.0/24
93.113.88.0/24
93.113.108.0/24
93.114.141.0/24
93.114.250.0/24
93.117.64.0/24
93.118.44.0/24
94.177.64.0/24
94.177.119.0/24
159.20.112.0-159.20.116.255
176.223.162.0/24
176.223.180.0/24
188.208.18.0/24
188.240.16.0/24
188.240.46.0/24
188.241.70.0/24
IPv6:
2a10:3ec0::/29
Signature Algorithm: sha256WithRSAEncryption
4f:96:d5:99:88:4b:b2:4a:bb:2a:bd:ba:c7:93:84:35:4b:ed:
f8:10:a9:a5:be:4a:6c:65:c2:ae:ea:42:6b:6a:95:ea:fb:a2:
5a:b1:43:d0:69:6a:23:47:ed:54:5c:3f:63:03:a7:d7:37:c9:
c2:f0:73:0a:70:52:0a:ff:cd:9c:4f:9d:1f:0f:76:df:2d:e7:
7f:a1:87:9f:30:fa:d6:8b:f2:10:e4:de:26:41:96:2f:6a:40:
08:cf:a2:b4:24:fb:b6:74:3c:03:1d:eb:69:28:cb:1b:49:75:
54:06:6c:34:f3:27:8f:31:d1:22:b2:85:56:8d:9e:2e:a3:06:
63:e4:3c:ec:13:e0:6c:6c:0b:bf:f1:14:f1:58:17:99:7e:93:
33:f6:a9:4c:5c:75:ea:5f:5f:61:9d:a6:ee:ce:67:f6:83:d9:
54:0e:55:64:ab:50:7f:0c:cf:67:de:3a:5e:df:e7:45:6c:c2:
56:eb:80:e7:79:83:ff:95:07:df:2f:0d:65:10:ec:75:88:5d:
28:29:32:94:c0:98:de:cf:b1:52:01:98:35:a9:bc:85:b1:3a:
cb:e0:c2:2d:cc:c1:da:f8:8a:ee:5f:1f:19:c7:34:05:68:1e:
28:e1:9d:bb:e0:6a:2d:89:10:12:4f:31:19:a5:bb:48:66:81:
d0:c2:27:09
-----BEGIN CERTIFICATE-----
MIIGLDCCBRSgAwIBAgISAYzVFYuHxSx1b3jrtOGAPBJPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVmOTY2NzZjZjM5OGQzOTk0YzRkZDRhMjk2NTk0NjE0ZGZm
NTg2YzcwHhcNMjQwMTA0MTUyNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2VlZmU5NjFkZjVlNzJmMTY1ODdhYjJiYWNlZWE5ODBiNGRiZThlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiCl32TNYF7Xg7wGg2SXNtVDuhU8a
uHs9dyYS0IDVbvVPKD38OwoQFdKWveJpJZvhbszEamgYNyq/NFXkmY+AwVZCKqCN
z8AILj9zC0RRJiieSy2FAbKZV7Hg1zMd1kdkV0EKBYn4EKYS71CXS8eoALzI1G07
q7c0FGlOFoT7IuPB3yYVUGfSuZd+NzIsTjqAE0tJb8xk4gSu7/Pjg5K3OgmKhldv
Yka3AIMPHCvJ+OKr6mhjo5EfTgSc81yHxpM8dYi6mzYW9imzCGAyiILAAqJbpi0i
Fqdr3A+Xlr2FnMu6Mvra2rHwZS3pQbIU7F7UkIFv4NWIVC7kJQdf3RG2VwIDAQAB
o4IDODCCAzQwHQYDVR0OBBYEFEzu/pYd9ecvFlh6srrO6pgLTb6OMB8GA1UdIwQY
MBaAFF+WZ2zzmNOZTE3UopZZRhTf9YbHMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWDVabmJQT1kwNWxNVGRTaWxsbEdGTl8xaHNjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yOC82YTY4MDUtNWNlMC00MTI4LWEwNGMt
ZjYyZjM1YWY0MzcxLzEvVE83LWxoMzE1eThXV0hxeXVzN3FtQXROdm80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yOC82YTY4MDUtNWNlMC00MTI4LWEwNGMtZjYyZjM1YWY0Mzcx
LzEvWDVabmJQT1kwNWxNVGRTaWxsbEdGTl8xaHNjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBTAYIKwYBBQUHAQcBAf8EggE7MIIBNzCCASQEAgABMIIB
HAMEAB8OQAMEAB8O2gMEAB8O6AMEAB8O/QMEACWZiQMEAFZpwgMEAFZpxQMEAFZq
FQMEAFZqUgMEAFZqsgMEAFZrvAMEAFkgfAMEAFkggAMEAFkgyQMEAFkgzQMEAFki
2gMEAFkjmAMEAFkmOAMEAFkmRwMEAFknlwMEAFkoRAMEAFkogwMEAFkpHgMEAFkq
IgMEAFkrJwMEAFksagMEAFktCQMEAFkvIwMEAFxyAQMEAFxyIgMEAFxyYwMEAF1x
WAMEAF1xbAMEAF1yjQMEAF1y+gMEAF11QAMEAF12LAMEAF6xQAMEAF6xdzAMAwQE
nxRwAwQAnxR0AwQAsN+iAwQAsN+0AwQAvNASAwQAvPAQAwQAvPAuAwQAvPFGMA0E
AgACMAcDBQMqED7AMA0GCSqGSIb3DQEBCwUAA4IBAQBPltWZiEuySrsqvbrHk4Q1
S+34EKmlvkpsZcKu6kJrapXq+6JasUPQaWojR+1UXD9jA6fXN8nC8HMKcFIK/82c
T50fD3bfLed/oYefMPrWi/IQ5N4mQZYvakAIz6K0JPu2dDwDHetpKMsbSXVUBmw0
8yePMdEisoVWjZ4uowZj5DzsE+BsbAu/8RTxWBeZfpMz9qlMXHXqX19hnabuzmf2
g9lUDlVkq1B/DM9n3jpe3+dFbMJW64DneYP/lQffLw1lEOx1iF0oKTKUwJjez7FS
AZg1qbyFsTrL4MItzMHa+IruXx8ZxzQFaB4o4Z274GotiRASTzEZpbtIZoHQwicJ
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:59:28 2024 by rpki-client on console-ams.rpki-client.org