Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/FhBhMZYcZDwzgMWHJv0ff3TVvGw.roa
File: FhBhMZYcZDwzgMWHJv0ff3TVvGw.roa (raw, json)
Hash identifier: nZaDdqTAQwUd0DHcbpyzW3m8WaL16dGJ88wCzpS296s=
Subject key identifier: 16:10:61:31:96:1C:64:3C:33:80:C5:87:26:FD:1F:7F:74:D5:BC:6C
Certificate issuer: /CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Certificate serial: 0186E449CD4CC9E4571D751CAE146DD2E4ED
Authority key identifier: 4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/FhBhMZYcZDwzgMWHJv0ff3TVvGw.roa
Signing time: Wed 15 Mar 2023 08:01:27 +0000
ROA not before: Wed 15 Mar 2023 08:01:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8220
IP address blocks: 212.36.128.0/18 maxlen: 18
62.23.0.0/16 maxlen: 16
62.23.14.0/24 maxlen: 24
212.36.144.0/20 maxlen: 20
62.23.23.0/24 maxlen: 24
80.80.0.0/19 maxlen: 19
46.248.128.0/19 maxlen: 19
212.161.0.0/17 maxlen: 17
136.225.0.0/16 maxlen: 16
84.16.160.0/19 maxlen: 19
193.188.132.0/23 maxlen: 23
213.215.128.0/17 maxlen: 17
213.208.192.0/18 maxlen: 18
212.36.160.0/20 maxlen: 20
62.97.64.0/18 maxlen: 18
62.23.43.0/24 maxlen: 24
157.120.224.0/21 maxlen: 21
157.120.236.0/22 maxlen: 22
212.36.184.0/21 maxlen: 21
62.23.61.0/24 maxlen: 24
62.23.70.0/24 maxlen: 24
157.120.240.0/20 maxlen: 20
193.116.128.0/18 maxlen: 18
212.35.96.0/19 maxlen: 19
62.96.0.0/16 maxlen: 16
213.86.0.0/16 maxlen: 16
87.241.0.0/18 maxlen: 18
213.173.160.0/19 maxlen: 19
213.164.0.0/19 maxlen: 19
193.93.80.0/22 maxlen: 22
80.251.160.0/19 maxlen: 19
195.110.64.0/19 maxlen: 19
212.123.192.0/18 maxlen: 18
217.110.0.0/15 maxlen: 15
212.203.64.0/18 maxlen: 18
212.78.160.0/19 maxlen: 19
194.223.128.0/21 maxlen: 21
194.223.136.0/22 maxlen: 22
213.246.192.0/18 maxlen: 18
85.88.128.0/19 maxlen: 19
195.68.74.0/24 maxlen: 24
193.118.224.0/19 maxlen: 19
78.143.0.0/18 maxlen: 18
212.31.224.0/19 maxlen: 19
217.173.96.0/20 maxlen: 20
82.112.192.0/19 maxlen: 19
62.72.96.0/19 maxlen: 19
57.133.0.0/16 maxlen: 16
78.156.64.0/19 maxlen: 19
78.156.64.0/20 maxlen: 20
193.82.32.0/19 maxlen: 19
78.156.80.0/21 maxlen: 21
212.74.79.0/24 maxlen: 24
212.121.128.0/19 maxlen: 19
212.23.224.0/19 maxlen: 19
213.185.160.0/19 maxlen: 19
212.0.96.0/19 maxlen: 19
213.61.0.0/16 maxlen: 16
62.192.0.0/19 maxlen: 19
193.114.160.0/19 maxlen: 19
212.74.64.0/24 maxlen: 24
212.74.64.0/19 maxlen: 19
212.74.77.0/24 maxlen: 24
212.74.78.0/24 maxlen: 24
195.68.0.0/17 maxlen: 17
84.14.63.0/24 maxlen: 24
62.152.96.0/19 maxlen: 19
213.229.128.0/18 maxlen: 18
118.67.224.0/19 maxlen: 19
62.84.192.0/19 maxlen: 19
84.14.0.0/16 maxlen: 16
213.27.128.0/17 maxlen: 17
213.41.0.0/17 maxlen: 17
80.169.0.0/16 maxlen: 16
2001:921::/32 maxlen: 32
2001:926::/32 maxlen: 32
2001:924::/32 maxlen: 32
2001:925::/32 maxlen: 32
2001:920::/29 maxlen: 29
2001:920::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:e4:49:cd:4c:c9:e4:57:1d:75:1c:ae:14:6d:d2:e4:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4cf8ffc088591e4f243baafa21b4298bfb366026
Validity
Not Before: Mar 15 08:01:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=16106131961c643c3380c58726fd1f7f74d5bc6c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:75:12:fd:99:d3:56:00:e0:c2:40:0b:61:58:
e6:28:72:53:a0:35:e6:35:e2:8b:25:6c:ee:c0:45:
84:d1:71:95:32:52:8f:7f:d9:af:b5:21:ca:62:31:
12:5b:3c:27:80:cd:b9:c5:58:f1:a1:4a:e6:38:06:
ad:ba:5e:d6:83:04:f6:3b:33:83:e8:f5:a2:4d:83:
95:b5:2e:9e:cf:09:38:fa:72:a4:93:bf:1b:e6:2d:
13:65:f5:9d:d2:0a:3d:79:43:a2:0f:3f:44:b2:e6:
ea:bb:cf:21:97:5a:17:4f:d8:c3:05:13:f4:6d:da:
ee:dc:8e:13:ce:17:62:84:23:5b:b7:39:f3:fe:ab:
53:a6:c4:01:f6:b0:f8:a3:7c:dd:ce:01:3e:cb:b7:
04:98:a4:97:b3:2c:a3:21:e6:f2:ef:b3:af:e4:f9:
72:b0:b6:b8:fd:4f:b6:80:f5:fd:00:41:43:79:dd:
db:91:c1:3b:44:8d:d2:a0:1e:b8:bd:53:74:09:55:
ce:bb:d5:b1:ba:84:53:02:41:ae:43:35:b7:e4:b2:
75:9c:7f:95:16:3c:40:29:e6:b5:5c:27:55:c0:89:
d0:1d:6a:18:8b:a3:bb:db:62:58:70:b7:6f:c1:7c:
a4:b2:01:0c:6b:44:42:13:b6:ac:ae:ee:da:4b:82:
18:0d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
16:10:61:31:96:1C:64:3C:33:80:C5:87:26:FD:1F:7F:74:D5:BC:6C
X509v3 Authority Key Identifier:
keyid:4C:F8:FF:C0:88:59:1E:4F:24:3B:AA:FA:21:B4:29:8B:FB:36:60:26
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TPj_wIhZHk8kO6r6IbQpi_s2YCY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/FhBhMZYcZDwzgMWHJv0ff3TVvGw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a0a39c-be03-47bb-bdb3-b3b78b0b66ea/1/TPj_wIhZHk8kO6r6IbQpi_s2YCY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.248.128.0/19
57.133.0.0/16
62.23.0.0/16
62.72.96.0/19
62.84.192.0/19
62.96.0.0/16
62.97.64.0/18
62.152.96.0/19
62.192.0.0/19
78.143.0.0/18
78.156.64.0/19
80.80.0.0/19
80.169.0.0/16
80.251.160.0/19
82.112.192.0/19
84.14.0.0/16
84.16.160.0/19
85.88.128.0/19
87.241.0.0/18
118.67.224.0/19
136.225.0.0/16
157.120.224.0/21
157.120.236.0-157.120.255.255
193.82.32.0/19
193.93.80.0/22
193.114.160.0/19
193.116.128.0/18
193.118.224.0/19
193.188.132.0/23
194.223.128.0-194.223.139.255
195.68.0.0/17
195.110.64.0/19
212.0.96.0/19
212.23.224.0/19
212.31.224.0/19
212.35.96.0/19
212.36.128.0/18
212.74.64.0/19
212.78.160.0/19
212.121.128.0/19
212.123.192.0/18
212.161.0.0/17
212.203.64.0/18
213.27.128.0/17
213.41.0.0/17
213.61.0.0/16
213.86.0.0/16
213.164.0.0/19
213.173.160.0/19
213.185.160.0/19
213.208.192.0/18
213.215.128.0/17
213.229.128.0/18
213.246.192.0/18
217.110.0.0/15
217.173.96.0/20
IPv6:
2001:920::/29
Signature Algorithm: sha256WithRSAEncryption
30:f1:79:d7:3b:f9:64:a5:25:cf:a3:d8:7c:74:61:2a:4c:d6:
fb:61:ab:f3:51:22:d9:12:5e:a2:14:e0:f2:9a:48:5e:14:46:
d9:88:10:d8:cd:4e:81:c8:8d:f0:c0:ab:c3:86:81:3d:c5:a8:
e3:14:25:70:46:a4:2a:45:1e:4e:a3:af:45:4d:2b:43:db:3e:
b2:7f:d6:d4:40:4c:2a:05:1b:dd:34:75:23:3a:18:52:97:f3:
7f:4b:36:1a:0b:fa:9d:22:50:c8:74:7d:2c:43:58:28:5d:de:
a9:b8:d2:01:e8:e9:39:d7:9b:48:ce:d5:62:04:e4:84:14:6b:
8d:f6:e2:2c:6c:b1:35:8b:8b:fd:09:d4:7e:8a:97:f8:2f:a3:
24:e3:8b:ff:2c:d7:0e:61:b8:ff:5d:a7:45:c1:e3:00:25:34:
ae:f8:a4:d0:5a:08:0e:4d:e9:30:ba:62:94:0d:ff:b1:c2:e5:
89:6c:40:d2:2f:a6:71:50:0f:73:29:fa:b1:03:a9:83:5b:c9:
f8:0b:10:36:97:0f:93:5e:e8:51:33:a1:02:b0:e3:78:a9:82:
31:cc:d6:18:da:2a:9f:34:cf:11:b2:7a:a5:83:c7:9d:3f:9c:
85:23:9e:c1:bd:45:eb:a8:e5:e7:64:31:92:3d:17:64:37:1f:
96:19:b0:c0
-----BEGIN CERTIFICATE-----
MIIGZjCCBU6gAwIBAgISAYbkSc1MyeRXHXUcrhRt0uTtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRjZjhmZmMwODg1OTFlNGYyNDNiYWFmYTIxYjQyOThiZmIz
NjYwMjYwHhcNMjMwMzE1MDgwMTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxNjEwNjEzMTk2MWM2NDNjMzM4MGM1ODcyNmZkMWY3Zjc0ZDViYzZjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgXUS/ZnTVgDgwkALYVjmKHJToDXm
NeKLJWzuwEWE0XGVMlKPf9mvtSHKYjESWzwngM25xVjxoUrmOAatul7WgwT2OzOD
6PWiTYOVtS6ezwk4+nKkk78b5i0TZfWd0go9eUOiDz9Esubqu88hl1oXT9jDBRP0
bdru3I4TzhdihCNbtznz/qtTpsQB9rD4o3zdzgE+y7cEmKSXsyyjIeby77Ov5Ply
sLa4/U+2gPX9AEFDed3bkcE7RI3SoB64vVN0CVXOu9WxuoRTAkGuQzW35LJ1nH+V
FjxAKea1XCdVwInQHWoYi6O722JYcLdvwXyksgEMa0RCE7asru7aS4IYDQIDAQAB
o4IDcjCCA24wHQYDVR0OBBYEFBYQYTGWHGQ8M4DFhyb9H3901bxsMB8GA1UdIwQY
MBaAFEz4/8CIWR5PJDuq+iG0KYv7NmAmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMt
YjNiNzhiMGI2NmVhLzEvRmhCaE1aWWNaRHd6Z01XSEp2MGZmM1RWdkd3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hMGEzOWMtYmUwMy00N2JiLWJkYjMtYjNiNzhiMGI2NmVh
LzEvVFBqX3dJaFpIazhrTzZyNkliUXBpX3MyWUNZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBhgYIKwYBBQUHAQcBAf8EggF1MIIBcTCCAV4EAgABMIIB
VgMEBS74gAMDADmFAwMAPhcDBAU+SGADBAU+VMADAwA+YAMEBj5hQAMEBT6YYAME
BT7AAAMEBk6PAAMEBU6cQAMEBVBQAAMDAFCpAwQFUPugAwQFUnDAAwMAVA4DBAVU
EKADBAVVWIADBAZX8QADBAV2Q+ADAwCI4QMEA5144DALAwQCnXjsAwMAnXgDBAXB
UiADBALBXVADBAXBcqADBAbBdIADBAXBduADBAHBvIQwDAMEB8LfgAMEAsLfiAME
B8NEAAMEBcNuQAMEBdQAYAMEBdQX4AMEBdQf4AMEBdQjYAMEBtQkgAMEBdRKQAME
BdROoAMEBdR5gAMEBtR7wAMEB9ShAAMEBtTLQAMEB9UbgAMEB9UpAAMDANU9AwMA
1VYDBAXVpAADBAXVraADBAXVuaADBAbV0MADBAfV14ADBAbV5YADBAbV9sADAwHZ
bgMEBNmtYDANBAIAAjAHAwUDIAEJIDANBgkqhkiG9w0BAQsFAAOCAQEAMPF51zv5
ZKUlz6PYfHRhKkzW+2Gr81Ei2RJeohTg8ppIXhRG2YgQ2M1OgciN8MCrw4aBPcWo
4xQlcEakKkUeTqOvRU0rQ9s+sn/W1EBMKgUb3TR1IzoYUpfzf0s2Ggv6nSJQyHR9
LENYKF3eqbjSAejpOdebSM7VYgTkhBRrjfbiLGyxNYuL/QnUfoqX+C+jJOOL/yzX
DmG4/12nRcHjACU0rvik0FoIDk3pMLpilA3/scLliWxA0i+mcVAPcyn6sQOpg1vJ
+AsQNpcPk17oUTOhArDjeKmCMczWGNoqnzTPEbJ6pYPHnT+chSOewb1F66jl52Qx
kj0XZDcflhmwwA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:28 2024 by rpki-client on console-ams.rpki-client.org