Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/9OkxrzKqzzgqjsTnLKcKPaA5Qck.roa
File: 9OkxrzKqzzgqjsTnLKcKPaA5Qck.roa (raw, json)
Hash identifier: IHTvOvt5CoLu8nZIz4QKSZIX0hMxNQlJ8jPa17Ct6OM=
Subject key identifier: F4:E9:31:AF:32:AA:CF:38:2A:8E:C4:E7:2C:A7:0A:3D:A0:39:41:C9
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 01861557A1C782DA94FEBE66E9A96BF1A033
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/9OkxrzKqzzgqjsTnLKcKPaA5Qck.roa
Signing time: Fri 03 Feb 2023 03:35:09 +0000
ROA not before: Fri 03 Feb 2023 03:35:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 19905
IP address blocks: 78.144.0.0/13 maxlen: 24
213.208.64.0/18 maxlen: 24
193.218.99.0/24 maxlen: 24
217.68.128.0/20 maxlen: 24
212.159.128.0/18 maxlen: 24
81.178.0.0/15 maxlen: 24
92.0.0.0/11 maxlen: 24
195.112.0.0/18 maxlen: 24
84.43.0.0/17 maxlen: 24
79.75.0.0/16 maxlen: 24
62.24.128.0/17 maxlen: 24
212.139.0.0/16 maxlen: 24
89.240.0.0/14 maxlen: 24
80.40.0.0/13 maxlen: 24
88.104.0.0/13 maxlen: 24
212.1.128.0/19 maxlen: 24
81.170.0.0/17 maxlen: 24
91.146.112.0/21 maxlen: 24
82.133.0.0/17 maxlen: 24
87.242.128.0/17 maxlen: 24
185.173.116.0/22 maxlen: 24
185.112.212.0/22 maxlen: 24
217.8.0.0/19 maxlen: 24
81.1.64.0/18 maxlen: 24
83.67.0.0/16 maxlen: 24
2.96.0.0/13 maxlen: 24
84.12.0.0/16 maxlen: 24
212.74.96.0/19 maxlen: 24
194.247.224.0/19 maxlen: 24
79.76.0.0/14 maxlen: 24
79.66.0.0/15 maxlen: 24
185.175.144.0/22 maxlen: 24
62.3.192.0/18 maxlen: 24
212.67.96.0/19 maxlen: 24
185.173.120.0/22 maxlen: 24
185.175.48.0/22 maxlen: 24
81.6.192.0/18 maxlen: 24
194.106.32.0/19 maxlen: 24
89.168.128.0/17 maxlen: 24
81.86.0.0/16 maxlen: 24
79.68.0.0/14 maxlen: 24
62.241.160.0/19 maxlen: 24
195.149.0.0/18 maxlen: 24
213.78.0.0/16 maxlen: 24
195.137.0.0/17 maxlen: 24
79.73.0.0/16 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:15:57:a1:c7:82:da:94:fe:be:66:e9:a9:6b:f1:a0:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Feb 3 03:35:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f4e931af32aacf382a8ec4e72ca70a3da03941c9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:f7:0d:5c:03:17:78:d2:09:22:04:f5:10:49:
1d:07:4c:16:41:fc:45:16:87:1b:fd:d9:54:e0:06:
de:57:4e:84:2d:ec:b9:f3:15:46:06:ba:2f:63:e9:
7c:85:b9:3f:f3:15:3b:9f:41:21:b7:10:81:1e:a4:
c6:17:f2:e8:e0:e7:80:87:e2:81:ce:17:d7:0c:1f:
65:80:3b:b7:70:e6:a1:8e:7f:fc:1e:01:03:5e:00:
7c:49:f0:67:41:de:cf:bb:de:71:c2:1e:12:d9:e7:
f3:a7:3f:f8:f1:1c:16:a5:47:8a:d1:5e:f0:e1:a1:
4f:40:c1:24:45:46:5a:31:22:82:05:54:be:3d:6b:
3e:41:32:bd:04:d6:52:1c:3d:54:2b:19:bb:b1:be:
da:11:2e:be:42:d2:bc:71:52:4b:ed:2e:7e:04:0e:
90:09:77:52:ce:2c:b2:02:f0:f5:e0:a5:73:df:31:
f0:5e:a7:cb:85:3f:86:4d:7d:80:b7:e2:f2:a8:71:
4e:84:ba:18:c5:00:c2:6b:dd:61:18:f2:b2:e2:10:
a5:14:2b:82:ea:b0:49:8c:d7:8b:13:f3:31:10:b5:
f3:4f:90:27:30:db:13:bb:b7:97:1f:89:a7:f7:69:
8b:f8:9b:01:30:08:3f:3c:53:96:d2:67:e3:20:1a:
8d:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F4:E9:31:AF:32:AA:CF:38:2A:8E:C4:E7:2C:A7:0A:3D:A0:39:41:C9
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/9OkxrzKqzzgqjsTnLKcKPaA5Qck.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.96.0.0/13
62.3.192.0/18
62.24.128.0/17
62.241.160.0/19
78.144.0.0/13
79.66.0.0-79.71.255.255
79.73.0.0/16
79.75.0.0-79.79.255.255
80.40.0.0/13
81.1.64.0/18
81.6.192.0/18
81.86.0.0/16
81.170.0.0/17
81.178.0.0/15
82.133.0.0/17
83.67.0.0/16
84.12.0.0/16
84.43.0.0/17
87.242.128.0/17
88.104.0.0/13
89.168.128.0/17
89.240.0.0/14
91.146.112.0/21
92.0.0.0/11
185.112.212.0/22
185.173.116.0-185.173.123.255
185.175.48.0/22
185.175.144.0/22
193.218.99.0/24
194.106.32.0/19
194.247.224.0/19
195.112.0.0/18
195.137.0.0/17
195.149.0.0/18
212.1.128.0/19
212.67.96.0/19
212.74.96.0/19
212.139.0.0/16
212.159.128.0/18
213.78.0.0/16
213.208.64.0/18
217.8.0.0/19
217.68.128.0/20
Signature Algorithm: sha256WithRSAEncryption
ce:7e:5f:98:1b:ab:1a:06:c8:b7:59:9c:52:e3:8f:0e:30:10:
74:a2:d0:19:dd:8d:e4:f5:69:e1:b8:36:48:33:54:6e:55:4c:
ca:5f:12:a5:ee:4f:4f:35:98:4a:c1:8c:4d:bb:76:34:07:f4:
1d:4c:b1:06:be:ce:04:b8:43:81:2d:c9:37:8d:f0:18:b5:3b:
1c:7e:9c:a7:22:7c:e2:ba:7b:d3:1e:0b:07:25:e5:51:52:9d:
a7:bf:ac:9a:43:34:cb:9c:a8:cf:d0:48:72:1e:2a:d9:e4:04:
fd:99:15:89:ba:32:75:ed:75:25:79:dd:0a:6e:a7:b6:cc:1e:
23:66:54:a1:28:1f:fc:fe:bb:32:e7:ae:88:c4:3b:46:6a:9f:
73:77:d3:2c:55:69:1c:5d:aa:1f:1b:41:64:3d:e0:0b:d9:26:
9f:91:68:2c:2b:c3:08:c3:97:78:7d:6d:82:19:2b:8c:0b:9f:
7f:0c:ce:bd:0f:9f:66:49:fe:8f:52:39:ef:c8:72:44:e8:d0:
dd:e4:ee:d1:04:35:0e:32:26:41:93:39:eb:fb:0e:22:92:5b:
04:76:36:97:45:a3:38:e6:76:25:17:13:c8:6b:90:08:d3:b8:
93:10:6c:ac:cf:16:e2:17:0f:19:e4:a1:e7:9b:fb:3c:b3:4c:
82:93:2b:ff
-----BEGIN CERTIFICATE-----
MIIGCjCCBPKgAwIBAgISAYYVV6HHgtqU/r5m6alr8aAzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjMwMjAzMDMzNTA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGU5MzFhZjMyYWFjZjM4MmE4ZWM0ZTcyY2E3MGEzZGEwMzk0MWM5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtPcNXAMXeNIJIgT1EEkdB0wWQfxF
Focb/dlU4AbeV06ELey58xVGBrovY+l8hbk/8xU7n0EhtxCBHqTGF/Lo4OeAh+KB
zhfXDB9lgDu3cOahjn/8HgEDXgB8SfBnQd7Pu95xwh4S2efzpz/48RwWpUeK0V7w
4aFPQMEkRUZaMSKCBVS+PWs+QTK9BNZSHD1UKxm7sb7aES6+QtK8cVJL7S5+BA6Q
CXdSziyyAvD14KVz3zHwXqfLhT+GTX2At+LyqHFOhLoYxQDCa91hGPKy4hClFCuC
6rBJjNeLE/MxELXzT5AnMNsTu7eXH4mn92mL+JsBMAg/PFOW0mfjIBqN8QIDAQAB
o4IDFjCCAxIwHQYDVR0OBBYEFPTpMa8yqs84Ko7E5yynCj2gOUHJMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvOU9reHJ6S3F6emdxanNUbkxLY0tQYUE1UWNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKgYIKwYBBQUHAQcBAf8EggEZMIIBFTCCAREEAgABMIIB
CQMDAwJgAwQGPgPAAwQHPhiAAwQFPvGgAwMDTpAwCgMDAU9CAwMDT0ADAwBPSTAK
AwMAT0sDAwRPQAMDA1AoAwQGUQFAAwQGUQbAAwMAUVYDBAdRqgADAwFRsgMEB1KF
AAMDAFNDAwMAVAwDBAdUKwADBAdX8oADAwNYaAMEB1mogAMDAlnwAwQDW5JwAwMF
XAADBAK5cNQwDAMEArmtdAMEArmteAMEArmvMAMEArmvkAMEAMHaYwMEBcJqIAME
BcL34AMEBsNwAAMEB8OJAAMEBsOVAAMEBdQBgAMEBdRDYAMEBdRKYAMDANSLAwQG
1J+AAwMA1U4DBAbV0EADBAXZCAADBATZRIAwDQYJKoZIhvcNAQELBQADggEBAM5+
X5gbqxoGyLdZnFLjjw4wEHSi0BndjeT1aeG4NkgzVG5VTMpfEqXuT081mErBjE27
djQH9B1MsQa+zgS4Q4EtyTeN8Bi1Oxx+nKcifOK6e9MeCwcl5VFSnae/rJpDNMuc
qM/QSHIeKtnkBP2ZFYm6MnXtdSV53Qpup7bMHiNmVKEoH/z+uzLnrojEO0Zqn3N3
0yxVaRxdqh8bQWQ94AvZJp+RaCwrwwjDl3h9bYIZK4wLn38Mzr0Pn2ZJ/o9SOe/I
ckTo0N3k7tEENQ4yJkGTOev7DiKSWwR2NpdFozjmdiUXE8hrkAjTuJMQbKzPFuIX
Dxnkoeeb+zyzTIKTK/8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:23:44 2024 by rpki-client on console-fra.rpki-client.org