Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/1-brHGQIfAVuG0tUWAKiPXWO2kyk.roa
File: 1-brHGQIfAVuG0tUWAKiPXWO2kyk.roa (raw, json)
Hash identifier: V1F86bFZyK64nMsdcdhDl6CPPCs4c8iPU2o25vFP8XQ=
Subject key identifier: F9:BA:C7:19:02:1F:01:5B:86:D2:D5:16:00:A8:8F:5D:63:B6:93:29
Certificate issuer: /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial: 018852FDF092D9022C4FB8F4C8986098A314
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/1-brHGQIfAVuG0tUWAKiPXWO2kyk.roa
Signing time: Thu 25 May 2023 12:59:13 +0000
ROA not before: Thu 25 May 2023 12:59:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8220
IP address blocks: 212.36.128.0/18 maxlen: 18
62.23.0.0/16 maxlen: 16
62.23.14.0/24 maxlen: 24
212.36.144.0/20 maxlen: 20
62.23.23.0/24 maxlen: 24
80.80.0.0/19 maxlen: 19
46.248.128.0/19 maxlen: 19
212.161.0.0/17 maxlen: 17
136.225.0.0/16 maxlen: 16
84.16.160.0/19 maxlen: 19
193.188.132.0/23 maxlen: 23
213.215.128.0/17 maxlen: 17
213.208.192.0/18 maxlen: 18
212.36.160.0/20 maxlen: 20
62.97.64.0/18 maxlen: 18
62.23.43.0/24 maxlen: 24
157.120.224.0/21 maxlen: 21
157.120.236.0/22 maxlen: 22
212.36.184.0/21 maxlen: 21
62.23.61.0/24 maxlen: 24
62.23.70.0/24 maxlen: 24
157.120.240.0/20 maxlen: 20
193.116.128.0/18 maxlen: 18
212.35.96.0/19 maxlen: 19
62.96.0.0/16 maxlen: 16
213.86.0.0/16 maxlen: 16
87.241.0.0/18 maxlen: 18
213.173.160.0/19 maxlen: 19
213.164.0.0/19 maxlen: 19
193.93.80.0/22 maxlen: 22
80.251.160.0/19 maxlen: 19
195.110.64.0/19 maxlen: 19
212.123.192.0/18 maxlen: 18
217.110.0.0/15 maxlen: 15
212.203.64.0/18 maxlen: 18
212.78.160.0/19 maxlen: 19
194.223.128.0/21 maxlen: 21
194.223.136.0/22 maxlen: 22
213.246.192.0/18 maxlen: 18
85.88.128.0/19 maxlen: 19
195.68.74.0/24 maxlen: 24
193.118.224.0/19 maxlen: 19
78.143.0.0/18 maxlen: 18
212.31.224.0/19 maxlen: 19
217.173.96.0/20 maxlen: 20
82.112.192.0/19 maxlen: 19
62.72.96.0/19 maxlen: 19
57.133.0.0/16 maxlen: 16
78.156.64.0/19 maxlen: 19
78.156.64.0/20 maxlen: 20
193.82.32.0/19 maxlen: 19
78.156.80.0/21 maxlen: 21
212.74.79.0/24 maxlen: 24
212.121.128.0/19 maxlen: 19
212.23.224.0/19 maxlen: 19
213.185.160.0/19 maxlen: 19
212.0.96.0/19 maxlen: 19
213.61.0.0/16 maxlen: 16
62.192.0.0/19 maxlen: 19
193.114.160.0/19 maxlen: 19
212.74.64.0/24 maxlen: 24
212.74.64.0/19 maxlen: 19
212.74.77.0/24 maxlen: 24
212.74.78.0/24 maxlen: 24
195.68.0.0/17 maxlen: 17
84.14.63.0/24 maxlen: 24
62.152.96.0/19 maxlen: 19
62.23.254.0/24 maxlen: 24
213.229.128.0/18 maxlen: 18
118.67.224.0/19 maxlen: 19
62.84.192.0/19 maxlen: 19
84.14.0.0/16 maxlen: 16
213.27.128.0/17 maxlen: 17
213.41.0.0/17 maxlen: 17
80.169.0.0/16 maxlen: 16
2001:921::/32 maxlen: 32
2001:926::/32 maxlen: 32
2001:924::/32 maxlen: 32
2001:925::/32 maxlen: 32
2001:920::/29 maxlen: 29
2001:920::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:52:fd:f0:92:d9:02:2c:4f:b8:f4:c8:98:60:98:a3:14
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Validity
Not Before: May 25 12:59:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f9bac719021f015b86d2d51600a88f5d63b69329
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ef:50:ea:cf:40:50:1a:b8:79:aa:1b:95:9a:ae:
ea:e9:c8:96:8a:de:45:6d:88:73:92:02:e8:dd:1e:
d5:3e:ab:b3:8f:3a:4e:ba:89:e6:87:69:04:2a:c2:
72:58:fe:38:b7:7f:eb:30:9f:26:37:fc:f4:31:bc:
e9:84:a1:bd:b8:30:f8:a9:45:ba:af:2d:a0:fb:70:
9a:fd:14:3b:dc:5b:61:7b:26:01:6f:73:ee:c1:a8:
bf:53:0d:6e:2a:f1:75:30:31:f8:68:eb:8f:13:14:
7b:74:1f:0d:f3:33:52:68:51:6b:44:59:85:c5:ad:
8c:84:16:11:ae:4c:9a:47:dd:94:e6:94:84:5e:b9:
6e:a1:66:82:c1:e6:e9:7c:b4:7f:f3:8d:ec:81:49:
e4:88:f3:7e:97:cf:60:32:77:47:38:6c:e1:16:22:
b2:10:1a:83:18:c9:91:79:ee:04:b3:af:5f:f0:33:
fe:83:28:0c:5a:8e:b5:b8:ee:e4:93:aa:5a:37:49:
b9:90:28:75:ce:09:b3:a7:ef:00:07:15:66:3c:ac:
66:ed:49:4b:a5:69:d5:8c:25:f1:d6:41:fe:3e:0f:
6b:6e:99:09:b8:c5:0c:b0:ba:07:c6:74:93:0b:5b:
98:30:5b:6e:d8:2a:07:09:b4:47:16:58:bb:07:f9:
89:b7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F9:BA:C7:19:02:1F:01:5B:86:D2:D5:16:00:A8:8F:5D:63:B6:93:29
X509v3 Authority Key Identifier:
keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/1-brHGQIfAVuG0tUWAKiPXWO2kyk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.248.128.0/19
57.133.0.0/16
62.23.0.0/16
62.72.96.0/19
62.84.192.0/19
62.96.0.0/16
62.97.64.0/18
62.152.96.0/19
62.192.0.0/19
78.143.0.0/18
78.156.64.0/19
80.80.0.0/19
80.169.0.0/16
80.251.160.0/19
82.112.192.0/19
84.14.0.0/16
84.16.160.0/19
85.88.128.0/19
87.241.0.0/18
118.67.224.0/19
136.225.0.0/16
157.120.224.0/21
157.120.236.0-157.120.255.255
193.82.32.0/19
193.93.80.0/22
193.114.160.0/19
193.116.128.0/18
193.118.224.0/19
193.188.132.0/23
194.223.128.0-194.223.139.255
195.68.0.0/17
195.110.64.0/19
212.0.96.0/19
212.23.224.0/19
212.31.224.0/19
212.35.96.0/19
212.36.128.0/18
212.74.64.0/19
212.78.160.0/19
212.121.128.0/19
212.123.192.0/18
212.161.0.0/17
212.203.64.0/18
213.27.128.0/17
213.41.0.0/17
213.61.0.0/16
213.86.0.0/16
213.164.0.0/19
213.173.160.0/19
213.185.160.0/19
213.208.192.0/18
213.215.128.0/17
213.229.128.0/18
213.246.192.0/18
217.110.0.0/15
217.173.96.0/20
IPv6:
2001:920::/29
Signature Algorithm: sha256WithRSAEncryption
9f:e4:09:ba:d5:32:14:26:c2:46:28:5c:eb:8c:bc:47:9e:0e:
81:c5:5b:4d:8f:c7:6d:31:be:87:c1:d4:a5:0b:9a:60:ce:29:
3c:72:4b:7d:c0:62:7b:d4:5e:45:20:bd:4c:bb:54:32:b5:dc:
f0:3b:93:09:f7:7f:2c:3a:8b:d4:e6:bd:1c:7c:09:d1:89:39:
37:19:43:0d:c5:74:2d:e7:40:63:57:f4:e8:1c:2f:24:c8:ff:
58:0c:5e:55:eb:a3:b0:f8:54:7a:a4:69:4c:b3:a1:d3:4d:5b:
94:9b:a2:db:be:42:e1:21:0f:80:51:4a:9c:33:bc:5f:ca:11:
74:f8:f2:d7:a9:e2:16:46:5a:10:41:62:f7:19:01:d5:ac:37:
b4:52:16:28:7d:7b:41:68:3e:06:6e:a4:01:77:f9:6e:dd:a6:
18:dc:e3:e3:4d:28:12:1f:f5:a2:0e:ca:04:4b:1a:9a:99:2b:
72:48:0c:aa:ed:49:d2:27:8f:d0:39:7d:38:21:1c:01:d7:08:
e5:a5:8f:5f:f0:e9:17:8d:6c:63:73:05:4d:1c:f6:43:8d:48:
a1:c2:3a:de:cd:a2:89:78:c6:c3:43:09:f6:af:5c:7b:7e:70:
c0:95:67:87:80:e1:ee:c7:78:96:d0:79:8f:0e:4a:70:94:5a:
af:2a:12:be
-----BEGIN CERTIFICATE-----
MIIGZzCCBU+gAwIBAgISAYhS/fCS2QIsT7j0yJhgmKMUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjMwNTI1MTI1OTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmOWJhYzcxOTAyMWYwMTViODZkMmQ1MTYwMGE4OGY1ZDYzYjY5MzI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA71Dqz0BQGrh5qhuVmq7q6ciWit5F
bYhzkgLo3R7VPquzjzpOuonmh2kEKsJyWP44t3/rMJ8mN/z0MbzphKG9uDD4qUW6
ry2g+3Ca/RQ73FtheyYBb3Puwai/Uw1uKvF1MDH4aOuPExR7dB8N8zNSaFFrRFmF
xa2MhBYRrkyaR92U5pSEXrluoWaCwebpfLR/843sgUnkiPN+l89gMndHOGzhFiKy
EBqDGMmRee4Es69f8DP+gygMWo61uO7kk6paN0m5kCh1zgmzp+8ABxVmPKxm7UlL
pWnVjCXx1kH+Pg9rbpkJuMUMsLoHxnSTC1uYMFtu2CoHCbRHFli7B/mJtwIDAQAB
o4IDczCCA28wHQYDVR0OBBYEFPm6xxkCHwFbhtLVFgCoj11jtpMpMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jgYIKwYBBQUHAQsEgYEwfzB9BggrBgEFBQcwC4ZxcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvMS1ickhHUUlmQVZ1RzB0VVdBS2lQWFdPMmt5ay5yb2Ew
gYEGA1UdHwR6MHgwdqB0oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0
b3J5L0RFRkFVTFQvMmIvYTBhMzljLWJlMDMtNDdiYi1iZGIzLWIzYjc4YjBiNjZl
YS8xL1RQal93SWhaSGs4a082cjZJYlFwaV9zMllDWS5jcmwwGAYDVR0gAQH/BA4w
DDAKBggrBgEFBQcOAjCCAYYGCCsGAQUFBwEHAQH/BIIBdTCCAXEwggFeBAIAATCC
AVYDBAUu+IADAwA5hQMDAD4XAwQFPkhgAwQFPlTAAwMAPmADBAY+YUADBAU+mGAD
BAU+wAADBAZOjwADBAVOnEADBAVQUAADAwBQqQMEBVD7oAMEBVJwwAMDAFQOAwQF
VBCgAwQFVViAAwQGV/EAAwQFdkPgAwMAiOEDBAOdeOAwCwMEAp147AMDAJ14AwQF
wVIgAwQCwV1QAwQFwXKgAwQGwXSAAwQFwXbgAwQBwbyEMAwDBAfC34ADBALC34gD
BAfDRAADBAXDbkADBAXUAGADBAXUF+ADBAXUH+ADBAXUI2ADBAbUJIADBAXUSkAD
BAXUTqADBAXUeYADBAbUe8ADBAfUoQADBAbUy0ADBAfVG4ADBAfVKQADAwDVPQMD
ANVWAwQF1aQAAwQF1a2gAwQF1bmgAwQG1dDAAwQH1deAAwQG1eWAAwQG1fbAAwMB
2W4DBATZrWAwDQQCAAIwBwMFAyABCSAwDQYJKoZIhvcNAQELBQADggEBAJ/kCbrV
MhQmwkYoXOuMvEeeDoHFW02Px20xvofB1KULmmDOKTxyS33AYnvUXkUgvUy7VDK1
3PA7kwn3fyw6i9TmvRx8CdGJOTcZQw3FdC3nQGNX9OgcLyTI/1gMXlXro7D4VHqk
aUyzodNNW5Sbotu+QuEhD4BRSpwzvF/KEXT48tep4hZGWhBBYvcZAdWsN7RSFih9
e0FoPgZupAF3+W7dphjc4+NNKBIf9aIOygRLGpqZK3JIDKrtSdInj9A5fTghHAHX
COWlj1/w6ReNbGNzBU0c9kONSKHCOt7Nool4xsNDCfavXHt+cMCVZ4eA4e7HeJbQ
eY8OSnCUWq8qEr4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:42 2024 by rpki-client on console-fra.rpki-client.org