Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/jrsWvtKDbim-0xwbgyCLh8-IQIg.roa
File: jrsWvtKDbim-0xwbgyCLh8-IQIg.roa (raw, json)
Hash identifier: 8fOtemWRA57Q/bkYzCsyF8nO3z/ZjI+VJ9Zlqt6CzZU=
Subject key identifier: 8E:BB:16:BE:D2:83:6E:29:BE:D3:1C:1B:83:20:8B:87:CF:88:40:88
Certificate issuer: /CN=f1479b83c520d784445c24828bab633f0d702cf3
Certificate serial: 01948FC20C50B6F456EC59783FA4F72D29C3
Authority key identifier: F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/jrsWvtKDbim-0xwbgyCLh8-IQIg.roa
Signing time: Wed 22 Jan 2025 20:44:06 +0000
ROA not before: Wed 22 Jan 2025 20:44:06 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 8399
IP address blocks: 37.97.64.0/19 maxlen: 19
37.97.96.0/20 maxlen: 20
37.139.120.0/21 maxlen: 21
65.39.64.0/19 maxlen: 19
80.251.96.0/20 maxlen: 20
81.93.0.0/19 maxlen: 19
88.213.224.0/19 maxlen: 19
109.235.232.0/21 maxlen: 21
109.235.232.0/24 maxlen: 24
109.235.233.0/24 maxlen: 24
109.235.239.0/24 maxlen: 24
157.143.128.0/17 maxlen: 17
178.157.16.0/20 maxlen: 20
178.157.32.0/20 maxlen: 20
178.174.96.0/20 maxlen: 23
178.255.160.0/21 maxlen: 21
185.6.92.0/22 maxlen: 22
185.8.252.0/22 maxlen: 22
185.24.140.0/22 maxlen: 22
185.32.208.0/22 maxlen: 22
185.42.176.0/22 maxlen: 22
185.65.248.0/22 maxlen: 22
185.76.216.0/22 maxlen: 22
185.218.208.0/22 maxlen: 22
185.249.20.0/22 maxlen: 22
195.135.0.0/17 maxlen: 17
195.135.0.0/18 maxlen: 18
195.135.12.0/23 maxlen: 23
195.135.48.0/20 maxlen: 20
195.135.48.0/24 maxlen: 24
217.74.96.0/20 maxlen: 20
217.181.128.0/17 maxlen: 17
2a02:6e8::/32 maxlen: 32
2a02:c440::/29 maxlen: 29
2a05:5cc0::/29 maxlen: 29
2a0b:e3c0::/29 maxlen: 29
2a0c:600::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:8f:c2:0c:50:b6:f4:56:ec:59:78:3f:a4:f7:2d:29:c3
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f1479b83c520d784445c24828bab633f0d702cf3
Validity
Not Before: Jan 22 20:44:06 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=8ebb16bed2836e29bed31c1b83208b87cf884088
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:6d:f8:34:de:23:35:34:9c:b6:50:3a:22:07:
e6:dd:25:15:ac:59:6a:0f:a8:d1:8a:6e:ad:6c:df:
8d:89:2c:4a:a0:8d:fb:c0:95:0a:d2:53:29:24:e0:
74:28:f4:2a:48:0a:cd:01:7e:04:8b:30:7b:b8:e1:
c2:f7:55:7e:4b:60:86:52:57:16:02:8e:87:c2:3a:
53:2a:f3:e3:65:dc:e2:9a:f9:79:18:d7:81:d5:7b:
91:5d:c3:f6:b0:05:fe:72:06:ee:36:30:77:1f:ca:
45:e1:04:86:24:52:27:0f:6d:6a:f9:a9:f5:fc:a3:
e4:3e:ec:5a:9c:24:8b:aa:21:c9:42:a2:1e:20:79:
7c:d2:8c:2d:24:3a:d5:a7:17:68:32:23:de:04:cc:
4a:2f:91:61:51:a1:14:30:87:d8:31:56:3b:19:86:
2a:80:08:ed:f1:79:55:8d:05:ca:fe:f5:1f:ac:bb:
0e:9e:c3:98:1e:f7:6d:5d:a7:a7:65:16:f1:16:8a:
f3:c7:1e:cd:de:31:e9:e5:94:ea:68:3e:84:f8:1e:
ce:5d:bc:77:b7:57:80:8f:f5:34:e9:a1:65:71:e1:
dc:3c:c7:ad:a0:6a:8c:4b:93:59:d4:97:63:b7:ab:
81:d1:f7:8f:d6:01:8e:f6:c2:cf:5b:39:0a:36:42:
7a:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8E:BB:16:BE:D2:83:6E:29:BE:D3:1C:1B:83:20:8B:87:CF:88:40:88
X509v3 Authority Key Identifier:
keyid:F1:47:9B:83:C5:20:D7:84:44:5C:24:82:8B:AB:63:3F:0D:70:2C:F3
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/8Uebg8Ug14REXCSCi6tjPw1wLPM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/jrsWvtKDbim-0xwbgyCLh8-IQIg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/a97e21-b5fe-4a56-a98a-bdd4af5f35d1/1/8Uebg8Ug14REXCSCi6tjPw1wLPM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.97.64.0-37.97.111.255
37.139.120.0/21
65.39.64.0/19
80.251.96.0/20
81.93.0.0/19
88.213.224.0/19
109.235.232.0/21
157.143.128.0/17
178.157.16.0-178.157.47.255
178.174.96.0/20
178.255.160.0/21
185.6.92.0/22
185.8.252.0/22
185.24.140.0/22
185.32.208.0/22
185.42.176.0/22
185.65.248.0/22
185.76.216.0/22
185.218.208.0/22
185.249.20.0/22
195.135.0.0/17
217.74.96.0/20
217.181.128.0/17
IPv6:
2a02:6e8::/32
2a02:c440::/29
2a05:5cc0::/29
2a0b:e3c0::/29
2a0c:600::/29
Signature Algorithm: sha256WithRSAEncryption
10:31:68:37:c6:8f:a4:f3:97:67:e1:f8:00:93:4c:90:9a:90:
56:e2:0d:89:1b:65:f2:5a:d6:7c:e4:77:ae:ff:03:74:09:d6:
64:1b:e2:6a:1e:78:86:be:79:28:27:08:38:6a:1e:bd:63:cf:
97:c2:6e:12:1a:16:a0:a0:1a:77:37:dc:68:4c:d9:08:54:ad:
e1:5a:6e:46:00:f5:fa:4f:90:70:b9:df:e8:98:3a:5e:cf:17:
ba:24:a0:b8:2e:68:a9:36:8b:2b:b2:29:b1:ab:0e:f6:32:28:
bd:49:b1:fb:85:0f:58:93:1d:df:68:b3:8b:3f:0c:2c:db:94:
da:f9:a2:fe:b9:5b:9e:1b:54:65:d1:4c:ab:b1:37:f9:3b:7b:
5b:82:8d:ed:cb:78:26:93:00:fa:46:62:18:a3:30:e7:cc:95:
db:c4:19:75:8f:85:fe:5f:1e:44:54:76:84:76:3b:08:ac:f2:
92:4e:90:3a:7e:2f:d1:78:be:1e:55:8e:1f:52:2f:4c:0c:4e:
19:11:de:a0:f3:5b:52:c1:a7:60:71:ea:3c:ed:b3:14:61:8a:
b9:7f:e5:ac:ca:e2:83:e7:3e:92:c0:38:cf:1d:43:39:39:4e:
80:99:a2:ed:5f:c5:50:f9:ac:c8:ec:ce:b4:e0:fb:40:11:b3:
ec:5b:18:1d
-----BEGIN CERTIFICATE-----
MIIFwTCCBKmgAwIBAgISAZSPwgxQtvRW7Fl4P6T3LSnDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGYxNDc5YjgzYzUyMGQ3ODQ0NDVjMjQ4MjhiYWI2MzNmMGQ3
MDJjZjMwHhcNMjUwMTIyMjA0NDA2WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZWJiMTZiZWQyODM2ZTI5YmVkMzFjMWI4MzIwOGI4N2NmODg0MDg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlW34NN4jNTSctlA6Igfm3SUVrFlq
D6jRim6tbN+NiSxKoI37wJUK0lMpJOB0KPQqSArNAX4EizB7uOHC91V+S2CGUlcW
Ao6HwjpTKvPjZdzimvl5GNeB1XuRXcP2sAX+cgbuNjB3H8pF4QSGJFInD21q+an1
/KPkPuxanCSLqiHJQqIeIHl80owtJDrVpxdoMiPeBMxKL5FhUaEUMIfYMVY7GYYq
gAjt8XlVjQXK/vUfrLsOnsOYHvdtXaenZRbxForzxx7N3jHp5ZTqaD6E+B7OXbx3
t1eAj/U06aFlceHcPMetoGqMS5NZ1Jdjt6uB0feP1gGO9sLPWzkKNkJ67wIDAQAB
o4ICzTCCAskwHQYDVR0OBBYEFI67Fr7Sg24pvtMcG4Mgi4fPiECIMB8GA1UdIwQY
MBaAFPFHm4PFINeERFwkgourYz8NcCzzMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEt
YmRkNGFmNWYzNWQxLzEvanJzV3Z0S0RiaW0tMHh3Ymd5Q0xoOC1JUUlnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9hOTdlMjEtYjVmZS00YTU2LWE5OGEtYmRkNGFmNWYzNWQx
LzEvOFVlYmc4VWcxNFJFWENTQ2k2dGpQdzF3TFBNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHiBggrBgEFBQcBBwEB/wSB0jCBzzCBoQQCAAEwgZowDAME
BiVhQAMEBCVhYAMEAyWLeAMEBUEnQAMEBFD7YAMEBVFdAAMEBVjV4AMEA23r6AME
B52PgDAMAwQEsp0QAwQEsp0gAwQEsq5gAwQDsv+gAwQCuQZcAwQCuQj8AwQCuRiM
AwQCuSDQAwQCuSqwAwQCuUH4AwQCuUzYAwQCudrQAwQCufkUAwQHw4cAAwQE2Upg
AwQH2bWAMCkEAgACMCMDBQAqAgboAwUDKgLEQAMFAyoFXMADBQMqC+PAAwUDKgwG
ADANBgkqhkiG9w0BAQsFAAOCAQEAEDFoN8aPpPOXZ+H4AJNMkJqQVuINiRtl8lrW
fOR3rv8DdAnWZBviah54hr55KCcIOGoevWPPl8JuEhoWoKAadzfcaEzZCFSt4Vpu
RgD1+k+QcLnf6Jg6Xs8XuiSguC5oqTaLK7IpsasO9jIovUmx+4UPWJMd32iziz8M
LNuU2vmi/rlbnhtUZdFMq7E3+Tt7W4KN7ct4JpMA+kZiGKMw58yV28QZdY+F/l8e
RFR2hHY7CKzykk6QOn4v0Xi+HlWOH1IvTAxOGRHeoPNbUsGnYHHqPO2zFGGKuX/l
rMrig+c+ksA4zx1DOTlOgJmi7V/FUPmsyOzOtOD7QBGz7FsYHQ==
-----END CERTIFICATE-----
Generated at Sun Apr 20 04:27:10 2025 by rpki-client