Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/zz3v8o5EC9dAZVpM3QJX07bYgfA.roa
File: zz3v8o5EC9dAZVpM3QJX07bYgfA.roa (raw, json)
Hash identifier: nCUJL+CwQqEj8/EqTaSGSOH45QT/K8mBANsex7GcD9I=
Subject key identifier: CF:3D:EF:F2:8E:44:0B:D7:40:65:5A:4C:DD:02:57:D3:B6:D8:81:F0
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 019362705837C43400717ED8B4DEDE66DA8E
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/zz3v8o5EC9dAZVpM3QJX07bYgfA.roa
Signing time: Mon 25 Nov 2024 08:29:10 +0000
ROA not before: Mon 25 Nov 2024 08:29:10 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 3257
IP address blocks: 5.180.4.0/22 maxlen: 22
5.182.28.0/22 maxlen: 22
45.86.16.0/21 maxlen: 21
89.39.242.0/24 maxlen: 24
91.239.59.0/24 maxlen: 24
91.242.72.0/23 maxlen: 24
91.242.73.0/24 maxlen: 24
91.242.74.0/23 maxlen: 23
91.242.94.0/24 maxlen: 24
91.242.95.0/24 maxlen: 24
91.242.103.0/24 maxlen: 24
94.231.198.0/24 maxlen: 24
176.126.223.0/24 maxlen: 24
178.175.176.0/22 maxlen: 22
185.40.105.0/24 maxlen: 24
185.173.247.0/24 maxlen: 24
185.180.145.0/24 maxlen: 24
185.212.11.0/24 maxlen: 24
194.50.206.0/23 maxlen: 24
195.138.103.0/24 maxlen: 24
195.138.104.0/22 maxlen: 24
195.138.105.0/24 maxlen: 24
195.138.106.0/24 maxlen: 24
195.138.108.0/24 maxlen: 24
195.138.112.0/24 maxlen: 24
195.138.116.0/24 maxlen: 24
195.138.120.0/24 maxlen: 24
195.138.122.0/23 maxlen: 23
195.138.124.0/22 maxlen: 22
195.138.124.0/24 maxlen: 24
195.216.156.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:93:62:70:58:37:c4:34:00:71:7e:d8:b4:de:de:66:da:8e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Nov 25 08:29:10 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=cf3deff28e440bd740655a4cdd0257d3b6d881f0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ba:38:23:1e:39:e2:f9:0e:42:70:ca:15:fc:20:
38:24:b9:7b:ba:ad:31:47:9d:bf:d8:df:8a:dd:3c:
91:1b:91:30:1c:ef:ff:e9:90:8e:ca:da:3d:2f:c1:
ec:88:7d:4e:1a:0d:04:55:77:29:37:d0:35:22:ea:
1c:f7:5c:a9:b2:0b:2d:91:81:50:dc:5d:d8:86:49:
fe:74:6a:11:30:a1:1e:f6:e2:aa:96:40:12:28:ef:
71:da:2e:3e:d3:62:d3:74:a9:55:1c:aa:2d:86:47:
f1:8d:d8:d8:1c:c5:1f:6d:e5:ac:90:5b:e9:d3:bb:
d0:0c:33:b0:33:89:e0:d9:34:8b:39:b3:e5:f9:a3:
4e:7a:48:49:b1:ac:b3:7c:01:33:82:c8:f8:f4:a0:
a8:7f:91:cb:b8:c9:00:a4:70:0a:ea:14:78:ef:cb:
41:66:4b:bd:2b:f1:d8:b9:d9:e8:7e:e1:e1:4f:79:
8d:dd:b9:c6:b7:ea:35:51:88:b6:01:14:a9:b5:26:
4d:7b:fd:64:7f:23:df:7a:92:f1:ff:59:60:ee:fa:
72:c3:84:bc:47:b4:85:97:64:c7:93:5d:06:c1:a6:
2f:bc:a8:7d:91:34:2d:b9:87:40:2e:0f:09:36:6c:
a1:3e:1a:8b:4c:07:b9:10:ba:e9:54:60:a9:c7:8e:
74:d5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CF:3D:EF:F2:8E:44:0B:D7:40:65:5A:4C:DD:02:57:D3:B6:D8:81:F0
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/zz3v8o5EC9dAZVpM3QJX07bYgfA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.180.4.0/22
5.182.28.0/22
45.86.16.0/21
89.39.242.0/24
91.239.59.0/24
91.242.72.0/22
91.242.94.0/23
91.242.103.0/24
94.231.198.0/24
176.126.223.0/24
178.175.176.0/22
185.40.105.0/24
185.173.247.0/24
185.180.145.0/24
185.212.11.0/24
194.50.206.0/23
195.138.103.0-195.138.108.255
195.138.112.0/24
195.138.116.0/24
195.138.120.0/24
195.138.122.0-195.138.127.255
195.216.156.0/22
Signature Algorithm: sha256WithRSAEncryption
5d:2d:4b:e0:46:69:e9:a0:c6:3e:81:d1:c2:c2:ad:e0:aa:a2:
27:e7:8a:dc:03:e5:92:1c:fb:dc:78:6b:9c:6d:c1:ad:5a:46:
fc:2d:bc:d6:4c:af:10:89:ea:33:0c:47:79:e5:26:05:ab:db:
31:7a:5f:2e:75:0c:96:c0:6e:27:45:14:2a:4b:bb:53:86:09:
77:93:35:dc:ba:4a:f8:5a:8d:58:f1:2b:24:2b:ab:74:4a:08:
95:3f:66:ed:12:64:a9:9e:88:ca:04:3b:9c:0a:25:bb:b7:e8:
39:79:54:b8:f2:74:89:08:a2:a8:f8:5c:1c:b9:6b:77:31:1b:
b0:e1:b0:c5:d0:d4:4e:3b:7f:07:0f:8c:bd:17:2d:d1:e8:8f:
17:ea:d7:76:68:1b:1a:77:72:89:7a:e1:5f:cb:c1:23:fc:b7:
87:c3:3e:53:ab:29:ac:df:68:1e:99:fb:f1:f3:ed:19:40:94:
02:f7:4b:5f:45:4a:60:64:41:ec:69:1e:0e:2a:90:08:9b:c3:
3f:1c:10:93:71:fa:76:ec:7a:e6:d9:82:ae:6b:59:18:27:a3:
fb:9d:f5:08:e0:84:3b:2b:ea:d8:15:2a:d0:0e:bf:f1:d5:cd:
19:5d:e6:6f:ab:9f:9e:88:45:27:43:fa:b7:c7:c9:e8:98:3b:
9a:69:f3:be
-----BEGIN CERTIFICATE-----
MIIFkDCCBHigAwIBAgISAZNicFg3xDQAcX7YtN7eZtqOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQxMTI1MDgyOTEwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZjNkZWZmMjhlNDQwYmQ3NDA2NTVhNGNkZDAyNTdkM2I2ZDg4MWYwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAujgjHjni+Q5CcMoV/CA4JLl7uq0x
R52/2N+K3TyRG5EwHO//6ZCOyto9L8HsiH1OGg0EVXcpN9A1Iuoc91ypsgstkYFQ
3F3Yhkn+dGoRMKEe9uKqlkASKO9x2i4+02LTdKlVHKothkfxjdjYHMUfbeWskFvp
07vQDDOwM4ng2TSLObPl+aNOekhJsayzfAEzgsj49KCof5HLuMkApHAK6hR478tB
Zku9K/HYudnofuHhT3mN3bnGt+o1UYi2ARSptSZNe/1kfyPfepLx/1lg7vpyw4S8
R7SFl2THk10GwaYvvKh9kTQtuYdALg8JNmyhPhqLTAe5ELrpVGCpx4501QIDAQAB
o4ICnDCCApgwHQYDVR0OBBYEFM897/KORAvXQGVaTN0CV9O22IHwMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvenozdjhvNUVDOWRBWlZwTTNRSlgwN2JZZ2ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGxBggrBgEFBQcBBwEB/wSBoTCBnjCBmwQCAAEwgZQDBAIF
tAQDBAIFthwDBAMtVhADBABZJ/IDBABb7zsDBAJb8kgDBAFb8l4DBABb8mcDBABe
58YDBACwft8DBAKyr7ADBAC5KGkDBAC5rfcDBAC5tJEDBAC51AsDBAHCMs4wDAME
AMOKZwMEAMOKbAMEAMOKcAMEAMOKdAMEAMOKeDAMAwQBw4p6AwQHw4oAAwQCw9ic
MA0GCSqGSIb3DQEBCwUAA4IBAQBdLUvgRmnpoMY+gdHCwq3gqqIn54rcA+WSHPvc
eGucbcGtWkb8LbzWTK8QieozDEd55SYFq9sxel8udQyWwG4nRRQqS7tThgl3kzXc
ukr4Wo1Y8SskK6t0SgiVP2btEmSpnojKBDucCiW7t+g5eVS48nSJCKKo+FwcuWt3
MRuw4bDF0NROO38HD4y9Fy3R6I8X6td2aBsad3KJeuFfy8Ej/LeHwz5Tqyms32ge
mfvx8+0ZQJQC90tfRUpgZEHsaR4OKpAIm8M/HBCTcfp27Hrm2YKua1kYJ6P7nfUI
4IQ7K+rYFSrQDr/x1c0ZXeZvq5+eiEUnQ/q3x8nomDuaafO+
-----END CERTIFICATE-----
Generated at Sat Apr 5 22:29:09 2025 by rpki-client