Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/govzP17L9q7M6kcUtWYvTloopXw.roa
File: govzP17L9q7M6kcUtWYvTloopXw.roa (raw, json)
Hash identifier: p/kEo0wT7vdLUQ8fJNM3d7vp8u8tsQTE1xkapldgAH4=
Subject key identifier: 82:8B:F3:3F:5E:CB:F6:AE:CC:EA:47:14:B5:66:2F:4E:5A:28:A5:7C
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 018E7613135BDC7524951AF9BC7EAA806E7F
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/govzP17L9q7M6kcUtWYvTloopXw.roa
Signing time: Mon 25 Mar 2024 14:45:45 +0000
ROA not before: Mon 25 Mar 2024 14:45:45 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 3257
IP address blocks: 5.180.4.0/22 maxlen: 22
45.15.244.0/22 maxlen: 22
45.67.117.0/24 maxlen: 24
45.151.196.0/22 maxlen: 22
85.159.117.0/24 maxlen: 24
89.39.242.0/24 maxlen: 24
89.40.161.0/24 maxlen: 24
91.242.70.0/24 maxlen: 24
91.242.72.0/23 maxlen: 24
91.242.74.0/23 maxlen: 24
91.242.75.0/24 maxlen: 24
91.242.95.0/24 maxlen: 24
91.242.96.0/24 maxlen: 24
91.242.103.0/24 maxlen: 24
91.242.105.0/24 maxlen: 24
91.242.123.0/24 maxlen: 24
91.242.124.0/24 maxlen: 24
91.242.125.0/24 maxlen: 24
91.242.126.0/24 maxlen: 24
91.242.127.0/24 maxlen: 24
94.231.198.0/24 maxlen: 24
185.40.105.0/24 maxlen: 24
194.50.200.0/23 maxlen: 24
194.50.206.0/23 maxlen: 24
195.138.103.0/24 maxlen: 24
195.138.104.0/24 maxlen: 24
195.138.105.0/24 maxlen: 24
195.138.106.0/24 maxlen: 24
195.138.107.0/24 maxlen: 24
195.138.108.0/24 maxlen: 24
195.138.111.0/24 maxlen: 24
195.138.112.0/24 maxlen: 24
195.138.114.0/24 maxlen: 24
195.138.116.0/24 maxlen: 24
195.138.118.0/24 maxlen: 24
195.138.120.0/24 maxlen: 24
195.138.122.0/23 maxlen: 23
195.138.124.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:76:13:13:5b:dc:75:24:95:1a:f9:bc:7e:aa:80:6e:7f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Mar 25 14:45:45 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=828bf33f5ecbf6aeccea4714b5662f4e5a28a57c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:f6:c5:58:8b:85:84:2d:2b:c3:28:f4:34:f3:
4d:a4:8d:ba:6c:37:8a:7f:15:a6:0a:92:d4:12:b9:
9a:e7:42:c6:1b:d2:db:e8:a8:55:d1:cb:4a:3a:3e:
7b:aa:ca:ff:9d:a4:3c:04:65:e6:af:a4:86:ef:38:
be:14:03:7f:c4:68:95:83:2c:34:6c:d4:a9:1d:e2:
42:4d:9f:27:63:bc:38:50:97:e8:43:bc:d3:27:58:
25:f8:24:42:87:b8:00:59:c4:3e:62:2f:cb:8d:e7:
d7:13:6d:70:b5:e3:73:c6:d0:18:e3:91:3e:b2:a7:
2b:79:53:a0:4d:82:41:55:15:d7:e1:5b:6e:cb:00:
81:15:c4:f0:5d:c6:b5:57:4a:7d:06:b5:ec:09:35:
73:ee:a4:96:a2:aa:ef:a1:48:40:64:67:7c:8a:32:
a6:65:d9:8c:dd:fe:d3:0b:fc:4d:81:b9:bc:0d:e6:
07:8b:5d:ff:a1:82:54:67:19:0e:a9:2c:5c:84:0e:
08:22:7f:fb:be:2e:70:70:f7:21:63:2c:08:91:bd:
57:fa:53:3a:a1:bc:b2:14:f4:e0:43:36:20:30:bc:
b8:02:02:3d:d7:af:8f:83:7a:cb:64:fa:13:94:43:
6c:5e:3f:1c:78:1d:a7:6e:37:b4:4e:45:b3:b8:53:
c6:73
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
82:8B:F3:3F:5E:CB:F6:AE:CC:EA:47:14:B5:66:2F:4E:5A:28:A5:7C
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/govzP17L9q7M6kcUtWYvTloopXw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.180.4.0/22
45.15.244.0/22
45.67.117.0/24
45.151.196.0/22
85.159.117.0/24
89.39.242.0/24
89.40.161.0/24
91.242.70.0/24
91.242.72.0/22
91.242.95.0-91.242.96.255
91.242.103.0/24
91.242.105.0/24
91.242.123.0-91.242.127.255
94.231.198.0/24
185.40.105.0/24
194.50.200.0/23
194.50.206.0/23
195.138.103.0-195.138.108.255
195.138.111.0-195.138.112.255
195.138.114.0/24
195.138.116.0/24
195.138.118.0/24
195.138.120.0/24
195.138.122.0-195.138.127.255
Signature Algorithm: sha256WithRSAEncryption
6d:ae:d1:85:73:83:d2:ce:cc:4b:af:50:4a:28:27:6a:b4:6d:
e7:2a:b8:60:2a:6f:45:f0:e9:a7:9f:8a:70:d7:17:1f:8d:6f:
1d:1c:fc:68:4a:1a:2e:28:bd:27:8c:34:20:5c:0b:5a:dc:87:
87:28:77:8f:6b:35:fe:6c:7c:16:77:a4:9d:a9:b0:1f:9a:f9:
29:55:fb:21:11:74:ad:fd:67:2e:eb:06:23:fd:bf:12:2b:a5:
2c:eb:20:b7:51:46:c6:ad:a5:9c:91:e2:72:90:0b:bd:7a:58:
c4:23:c5:b2:f6:50:73:21:23:a4:69:74:59:f2:96:f9:99:c7:
71:29:ed:7a:72:93:f7:c5:3b:af:94:19:16:a4:7c:80:fa:c0:
d4:8f:ca:36:69:72:ef:d7:51:80:f9:49:23:ad:27:73:49:66:
a3:5d:0f:fd:88:2d:d4:db:a2:c8:21:63:b0:88:bd:d9:2e:01:
a9:22:64:ac:04:46:73:b1:05:5d:a4:f6:02:2d:93:09:70:63:
cd:46:31:0e:54:55:c1:56:45:1e:7c:2d:11:2e:70:b9:8e:be:
db:d5:9e:05:e7:b4:92:e3:30:f9:75:42:24:f1:ab:c2:ae:2a:
4a:0e:69:21:c5:30:82:e6:ff:bd:c9:3d:45:04:1e:54:28:a4:
ea:7d:80:8f
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgISAY52ExNb3HUklRr5vH6qgG5/MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwMzI1MTQ0NTQ1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MjhiZjMzZjVlY2JmNmFlY2NlYTQ3MTRiNTY2MmY0ZTVhMjhhNTdjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs/bFWIuFhC0rwyj0NPNNpI26bDeK
fxWmCpLUErma50LGG9Lb6KhV0ctKOj57qsr/naQ8BGXmr6SG7zi+FAN/xGiVgyw0
bNSpHeJCTZ8nY7w4UJfoQ7zTJ1gl+CRCh7gAWcQ+Yi/LjefXE21wteNzxtAY45E+
sqcreVOgTYJBVRXX4VtuywCBFcTwXca1V0p9BrXsCTVz7qSWoqrvoUhAZGd8ijKm
ZdmM3f7TC/xNgbm8DeYHi13/oYJUZxkOqSxchA4IIn/7vi5wcPchYywIkb1X+lM6
obyyFPTgQzYgMLy4AgI916+Pg3rLZPoTlENsXj8ceB2nbje0TkWzuFPGcwIDAQAB
o4ICwDCCArwwHQYDVR0OBBYEFIKL8z9ey/auzOpHFLVmL05aKKV8MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvZ292elAxN0w5cTdNNmtjVXRXWXZUbG9vcFh3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHVBggrBgEFBQcBBwEB/wSBxTCBwjCBvwQCAAEwgbgDBAIF
tAQDBAItD/QDBAAtQ3UDBAItl8QDBABVn3UDBABZJ/IDBABZKKEDBABb8kYDBAJb
8kgwDAMEAFvyXwMEAFvyYAMEAFvyZwMEAFvyaTAMAwQAW/J7AwQHW/IAAwQAXufG
AwQAuShpAwQBwjLIAwQBwjLOMAwDBADDimcDBADDimwwDAMEAMOKbwMEAMOKcAME
AMOKcgMEAMOKdAMEAMOKdgMEAMOKeDAMAwQBw4p6AwQHw4oAMA0GCSqGSIb3DQEB
CwUAA4IBAQBtrtGFc4PSzsxLr1BKKCdqtG3nKrhgKm9F8Omnn4pw1xcfjW8dHPxo
ShouKL0njDQgXAta3IeHKHePazX+bHwWd6SdqbAfmvkpVfshEXSt/Wcu6wYj/b8S
K6Us6yC3UUbGraWckeJykAu9eljEI8Wy9lBzISOkaXRZ8pb5mcdxKe16cpP3xTuv
lBkWpHyA+sDUj8o2aXLv11GA+UkjrSdzSWajXQ/9iC3U26LIIWOwiL3ZLgGpImSs
BEZzsQVdpPYCLZMJcGPNRjEOVFXBVkUefC0RLnC5jr7b1Z4F57SS4zD5dUIk8avC
ripKDmkhxTCC5v+9yT1FBB5UKKTqfYCP
-----END CERTIFICATE-----
Generated at Sat Apr 5 20:41:35 2025 by rpki-client