Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/7DGBc2H22lfAip6o8FEpXqWN27k.roa
File: 7DGBc2H22lfAip6o8FEpXqWN27k.roa (raw, json)
Hash identifier: KgF5ku+LMpkutvK1Yz9pJtyq3wCfANB+hIlmW1xn/Fw=
Subject key identifier: EC:31:81:73:61:F6:DA:57:C0:8A:9E:A8:F0:51:29:5E:A5:8D:DB:B9
Certificate issuer: /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial: 018CC26D1F4FCB1DF097D962FAB222E558F2
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/7DGBc2H22lfAip6o8FEpXqWN27k.roa
Signing time: Mon 01 Jan 2024 00:29:40 +0000
ROA not before: Mon 01 Jan 2024 00:29:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8399
IP address blocks: 37.97.64.0/19 maxlen: 19
185.24.140.0/22 maxlen: 22
185.249.20.0/22 maxlen: 22
185.218.208.0/22 maxlen: 22
88.213.224.0/19 maxlen: 19
37.97.69.0/24 maxlen: 24
37.97.70.0/24 maxlen: 24
217.181.128.0/17 maxlen: 17
37.97.80.0/23 maxlen: 23
185.6.92.0/22 maxlen: 22
178.255.160.0/21 maxlen: 21
37.97.96.0/20 maxlen: 20
195.135.0.0/17 maxlen: 17
217.74.96.0/20 maxlen: 20
195.135.0.0/18 maxlen: 18
185.65.248.0/22 maxlen: 22
157.143.128.0/17 maxlen: 17
81.93.0.0/19 maxlen: 19
217.181.250.0/23 maxlen: 23
109.235.232.0/21 maxlen: 21
109.235.233.0/24 maxlen: 24
109.235.232.0/24 maxlen: 24
109.235.239.0/24 maxlen: 24
185.32.208.0/22 maxlen: 22
80.251.96.0/20 maxlen: 20
178.157.16.0/20 maxlen: 20
195.135.48.0/24 maxlen: 24
178.157.32.0/20 maxlen: 20
65.39.64.0/19 maxlen: 19
185.8.252.0/22 maxlen: 22
185.42.176.0/22 maxlen: 22
2a0c:600::/29 maxlen: 29
2a02:c440::/29 maxlen: 29
2a02:6e8::/32 maxlen: 32
2a0b:e3c0::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:6d:1f:4f:cb:1d:f0:97:d9:62:fa:b2:22:e5:58:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
Validity
Not Before: Jan 1 00:29:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ec31817361f6da57c08a9ea8f051295ea58ddbb9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:19:ae:d5:e0:48:93:de:c2:15:f5:71:49:fa:
d4:8a:2d:13:52:40:ee:f1:f3:ab:e0:ec:e9:ff:9a:
94:10:0d:1b:0b:bd:e1:df:ba:2d:b7:a7:a8:dd:ab:
b0:26:03:cf:51:05:0c:16:cf:62:62:8c:cc:ab:c4:
a6:fd:08:45:61:04:d3:30:b0:91:60:6b:fc:d5:d0:
a6:c0:82:f0:e5:7e:4f:02:5d:68:64:57:b5:5f:c3:
42:92:04:4b:20:b1:ab:6d:7d:ee:ab:c5:c7:e1:ed:
97:b4:ee:83:f0:b9:75:92:50:3b:63:54:6b:67:9f:
2d:94:91:93:82:c1:a3:af:bc:b2:73:8a:ec:82:22:
f7:32:ea:76:a3:36:06:53:32:de:dc:d0:28:6b:88:
ba:b7:59:be:65:49:bc:08:88:95:12:2c:3c:d3:6e:
8c:5a:c8:d7:22:12:d2:12:8f:48:6b:65:55:0b:1e:
9d:ca:d3:ec:1a:e9:db:92:df:3a:bc:a3:80:28:dd:
86:68:b9:cc:7a:8d:88:b2:72:c6:16:49:54:e4:0c:
e7:ed:6c:df:fa:e1:69:86:25:b9:a1:07:7b:89:67:
71:be:0d:32:4e:d4:14:2c:71:f1:37:5c:83:75:44:
70:83:20:2c:fa:30:9d:2a:92:6b:62:31:63:a8:9b:
5f:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EC:31:81:73:61:F6:DA:57:C0:8A:9E:A8:F0:51:29:5E:A5:8D:DB:B9
X509v3 Authority Key Identifier:
keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/7DGBc2H22lfAip6o8FEpXqWN27k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.97.64.0-37.97.111.255
65.39.64.0/19
80.251.96.0/20
81.93.0.0/19
88.213.224.0/19
109.235.232.0/21
157.143.128.0/17
178.157.16.0-178.157.47.255
178.255.160.0/21
185.6.92.0/22
185.8.252.0/22
185.24.140.0/22
185.32.208.0/22
185.42.176.0/22
185.65.248.0/22
185.218.208.0/22
185.249.20.0/22
195.135.0.0/17
217.74.96.0/20
217.181.128.0/17
IPv6:
2a02:6e8::/32
2a02:c440::/29
2a0b:e3c0::/29
2a0c:600::/29
Signature Algorithm: sha256WithRSAEncryption
98:c6:f0:5f:98:43:0f:c6:f1:4c:1f:53:c4:c0:d8:26:0b:f2:
59:44:13:f6:72:d2:e7:fb:42:b0:e2:70:51:ae:2a:47:a0:af:
56:9f:bd:f4:af:be:48:5f:5f:19:00:d8:82:41:2b:90:e7:ff:
fd:e8:b7:1a:4d:f1:e8:e0:e0:17:41:22:b4:a6:1b:f8:00:48:
d9:a9:fa:80:1d:bc:65:24:5e:09:7d:73:c5:94:71:e4:58:43:
1d:46:bf:b5:20:81:62:f2:61:bf:f9:45:58:03:6d:50:ee:c5:
d1:47:99:df:fe:34:6c:51:99:a0:7a:50:ae:7f:92:0e:1e:0b:
e5:c9:06:8c:8b:8f:7b:cf:5e:2d:b6:13:26:49:b5:13:3e:f5:
90:9c:64:84:a8:07:bc:e4:29:87:10:b0:8e:f5:ab:12:fc:f7:
ed:e1:ab:ee:e0:46:87:2e:b2:05:69:1b:c2:3f:a8:af:ad:29:
32:fa:1a:00:82:a7:f0:bf:d0:4a:91:b2:7b:20:67:cc:1d:d2:
39:c2:52:63:14:e1:09:e0:85:f6:b5:b0:53:7d:37:e8:0c:57:
3c:22:d4:d5:f1:56:80:6c:8d:c9:22:6e:ea:49:0a:39:62:98:
52:01:ca:3e:cf:f4:7d:ed:bc:76:29:f2:ed:a9:5e:99:86:7b:
c1:df:b2:32
-----BEGIN CERTIFICATE-----
MIIFqDCCBJCgAwIBAgISAYzCbR9Pyx3wl9li+rIi5VjyMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNDc5YjgzYzUyMGQ3ODQ0NDVjMjQ4MjhiYWI2MzNmMGQ3
MDJjZjMwHhcNMjQwMTAxMDAyOTQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlYzMxODE3MzYxZjZkYTU3YzA4YTllYThmMDUxMjk1ZWE1OGRkYmI5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtxmu1eBIk97CFfVxSfrUii0TUkDu
8fOr4Ozp/5qUEA0bC73h37ott6eo3auwJgPPUQUMFs9iYozMq8Sm/QhFYQTTMLCR
YGv81dCmwILw5X5PAl1oZFe1X8NCkgRLILGrbX3uq8XH4e2XtO6D8Ll1klA7Y1Rr
Z58tlJGTgsGjr7yyc4rsgiL3Mup2ozYGUzLe3NAoa4i6t1m+ZUm8CIiVEiw8026M
WsjXIhLSEo9Ia2VVCx6dytPsGunbkt86vKOAKN2GaLnMeo2IsnLGFklU5Azn7Wzf
+uFphiW5oQd7iWdxvg0yTtQULHHxN1yDdURwgyAs+jCdKpJrYjFjqJtfOwIDAQAB
o4ICtDCCArAwHQYDVR0OBBYEFOwxgXNh9tpXwIqeqPBRKV6ljdu5MB8GA1UdIwQY
MBaAFPFHm4PFINeERFwkgourYz8NcCzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEt
YmRkNGFmNWYzNWQxLzEvN0RHQmMySDIybGZBaXA2bzhGRXBYcVdOMjdrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEtYmRkNGFmNWYzNWQx
LzEvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHJBggrBgEFBQcBBwEB/wSBuTCBtjCBjwQCAAEwgYgwDAME
BiVhQAMEBCVhYAMEBUEnQAMEBFD7YAMEBVFdAAMEBVjV4AMEA23r6AMEB52PgDAM
AwQEsp0QAwQEsp0gAwQDsv+gAwQCuQZcAwQCuQj8AwQCuRiMAwQCuSDQAwQCuSqw
AwQCuUH4AwQCudrQAwQCufkUAwQHw4cAAwQE2UpgAwQH2bWAMCIEAgACMBwDBQAq
AgboAwUDKgLEQAMFAyoL48ADBQMqDAYAMA0GCSqGSIb3DQEBCwUAA4IBAQCYxvBf
mEMPxvFMH1PEwNgmC/JZRBP2ctLn+0Kw4nBRripHoK9Wn730r75IX18ZANiCQSuQ
5//96LcaTfHo4OAXQSK0phv4AEjZqfqAHbxlJF4JfXPFlHHkWEMdRr+1IIFi8mG/
+UVYA21Q7sXRR5nf/jRsUZmgelCuf5IOHgvlyQaMi497z14tthMmSbUTPvWQnGSE
qAe85CmHELCO9asS/Pft4avu4EaHLrIFaRvCP6ivrSky+hoAgqfwv9BKkbJ7IGfM
HdI5wlJjFOEJ4IX2tbBTfTfoDFc8ItTV8VaAbI3JIm7qSQo5YphSAco+z/R97bx2
KfLtqV6ZhnvB37Iy
-----END CERTIFICATE-----
Generated at Sun Apr 20 00:59:57 2025 by rpki-client