Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/C0bGGmNqDVEO6_9vqDpJOxEbHUc.roa
File: C0bGGmNqDVEO6_9vqDpJOxEbHUc.roa (raw, json)
Hash identifier: NftPhWZKzQBrLa0nTg+fX2kszOmHXI/mh90y+EugT5g=
Subject key identifier: 0B:46:C6:1A:63:6A:0D:51:0E:EB:FF:6F:A8:3A:49:3B:11:1B:1D:47
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 0189A9A928EF8355237B40C547C7716F9053
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/C0bGGmNqDVEO6_9vqDpJOxEbHUc.roa
Signing time: Mon 31 Jul 2023 01:56:22 +0000
ROA not before: Mon 31 Jul 2023 01:56:22 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 19905
IP address blocks: 78.144.0.0/13 maxlen: 24
213.208.64.0/18 maxlen: 24
193.218.99.0/24 maxlen: 24
217.68.128.0/20 maxlen: 24
212.159.128.0/18 maxlen: 24
81.178.0.0/15 maxlen: 24
92.0.0.0/11 maxlen: 24
195.112.0.0/18 maxlen: 24
84.43.0.0/17 maxlen: 24
62.24.128.0/17 maxlen: 24
212.139.0.0/16 maxlen: 24
89.240.0.0/14 maxlen: 24
80.40.0.0/13 maxlen: 24
212.1.128.0/19 maxlen: 24
81.170.0.0/17 maxlen: 24
91.146.112.0/21 maxlen: 24
88.106.0.0/15 maxlen: 24
82.133.0.0/17 maxlen: 24
145.255.240.0/21 maxlen: 24
87.242.128.0/17 maxlen: 24
185.173.116.0/22 maxlen: 24
185.112.212.0/22 maxlen: 24
217.8.0.0/19 maxlen: 24
81.1.64.0/18 maxlen: 24
83.67.0.0/16 maxlen: 24
2.96.0.0/13 maxlen: 24
84.12.0.0/16 maxlen: 24
212.74.96.0/19 maxlen: 24
194.247.224.0/19 maxlen: 24
79.76.0.0/14 maxlen: 24
88.108.0.0/14 maxlen: 24
185.175.144.0/22 maxlen: 24
62.3.192.0/18 maxlen: 24
212.67.96.0/19 maxlen: 24
185.173.120.0/22 maxlen: 24
185.175.48.0/22 maxlen: 24
81.6.192.0/18 maxlen: 24
194.106.32.0/19 maxlen: 24
89.168.128.0/17 maxlen: 24
81.86.0.0/16 maxlen: 24
62.241.160.0/19 maxlen: 24
195.149.0.0/18 maxlen: 24
185.24.12.0/22 maxlen: 24
213.78.0.0/16 maxlen: 24
195.137.0.0/17 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:a9:a9:28:ef:83:55:23:7b:40:c5:47:c7:71:6f:90:53
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Jul 31 01:56:22 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0b46c61a636a0d510eebff6fa83a493b111b1d47
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:da:cb:6a:b0:6f:55:dd:88:20:34:0e:5a:a5:75:
56:60:c5:57:8a:78:c3:9c:08:e7:fa:1b:a8:8e:56:
f9:68:f4:d6:64:48:21:82:dc:08:df:16:f7:39:72:
f1:95:f6:63:f5:18:0d:02:83:82:74:b9:fd:d0:8c:
e4:c0:59:19:91:d4:08:ed:f2:a1:9e:fd:eb:0a:1a:
e7:28:bd:86:2e:5a:38:e0:4c:5d:82:a7:f6:70:c1:
75:d7:41:69:37:81:fd:a4:7b:0b:82:ca:96:d2:b1:
9a:ce:f4:39:91:9a:c7:29:8d:61:58:0f:c7:78:2d:
43:32:6d:f6:09:18:60:8c:ed:3b:07:f9:d6:30:43:
46:8e:cb:1b:2c:7c:fe:ff:cd:d2:61:1c:da:ce:88:
fc:a5:15:3b:40:f7:e3:47:55:82:3b:81:f8:e9:36:
c5:c5:07:fb:c6:c6:2c:31:bd:a2:50:0f:22:5d:f5:
c6:a6:c6:05:46:e3:c7:63:17:08:6b:d3:14:68:f6:
d1:33:3b:29:c9:8e:bc:bc:42:9f:7c:98:60:68:84:
4f:0a:f6:22:d4:d6:d8:32:7e:91:1f:c9:9d:da:9c:
08:1a:8b:62:a4:9f:eb:22:db:8f:60:18:6d:65:9e:
1e:b3:5c:1e:c8:dc:e3:a0:af:8a:72:f1:fd:3d:a4:
74:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
0B:46:C6:1A:63:6A:0D:51:0E:EB:FF:6F:A8:3A:49:3B:11:1B:1D:47
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/C0bGGmNqDVEO6_9vqDpJOxEbHUc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.96.0.0/13
62.3.192.0/18
62.24.128.0/17
62.241.160.0/19
78.144.0.0/13
79.76.0.0/14
80.40.0.0/13
81.1.64.0/18
81.6.192.0/18
81.86.0.0/16
81.170.0.0/17
81.178.0.0/15
82.133.0.0/17
83.67.0.0/16
84.12.0.0/16
84.43.0.0/17
87.242.128.0/17
88.106.0.0-88.111.255.255
89.168.128.0/17
89.240.0.0/14
91.146.112.0/21
92.0.0.0/11
145.255.240.0/21
185.24.12.0/22
185.112.212.0/22
185.173.116.0-185.173.123.255
185.175.48.0/22
185.175.144.0/22
193.218.99.0/24
194.106.32.0/19
194.247.224.0/19
195.112.0.0/18
195.137.0.0/17
195.149.0.0/18
212.1.128.0/19
212.67.96.0/19
212.74.96.0/19
212.139.0.0/16
212.159.128.0/18
213.78.0.0/16
213.208.64.0/18
217.8.0.0/19
217.68.128.0/20
Signature Algorithm: sha256WithRSAEncryption
a4:7d:3f:f2:07:e1:4d:5a:8f:88:0d:13:b2:12:f4:bd:b0:62:
ab:48:b3:91:17:57:1a:65:85:3b:bd:55:5e:10:27:f8:d7:a2:
93:65:94:cc:68:e7:2d:48:3f:33:38:d8:23:a8:01:92:9c:65:
20:90:cc:19:9e:5f:c1:c0:e6:c3:f9:1c:ea:f1:28:d6:32:09:
01:4d:dc:b3:2c:96:e2:73:89:8e:df:5f:08:b5:22:ac:53:30:
f0:3d:ad:30:5d:b0:c0:46:44:90:60:58:17:5e:46:8d:a1:0a:
c9:2b:91:34:40:75:4f:8b:54:12:b6:6f:2f:69:ab:27:16:8d:
75:97:bf:e7:13:c8:8a:98:19:58:92:58:20:73:12:68:38:82:
37:4c:c0:60:8e:a1:70:b5:41:4d:a4:31:10:d4:6d:80:71:db:
dc:5a:9c:8b:79:a8:a9:69:b2:ab:90:c3:5d:6b:18:5c:a8:7d:
8e:57:e6:a9:10:a9:90:3b:7f:d4:2a:bd:52:93:cf:64:0d:3d:
6d:64:19:fa:7f:f6:4d:97:93:8b:37:c1:b4:54:30:f8:31:aa:
75:78:ed:99:32:37:09:be:9f:cf:e5:36:a6:28:dd:9c:07:3d:
15:74:44:d9:99:6d:23:b7:a5:f0:9f:68:8b:73:1a:a4:46:89:
8c:75:e0:e5
-----BEGIN CERTIFICATE-----
MIIGBTCCBO2gAwIBAgISAYmpqSjvg1Uje0DFR8dxb5BTMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjMwNzMxMDE1NjIyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYjQ2YzYxYTYzNmEwZDUxMGVlYmZmNmZhODNhNDkzYjExMWIxZDQ3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2stqsG9V3YggNA5apXVWYMVXinjD
nAjn+huojlb5aPTWZEghgtwI3xb3OXLxlfZj9RgNAoOCdLn90IzkwFkZkdQI7fKh
nv3rChrnKL2GLlo44Exdgqf2cMF110FpN4H9pHsLgsqW0rGazvQ5kZrHKY1hWA/H
eC1DMm32CRhgjO07B/nWMENGjssbLHz+/83SYRzazoj8pRU7QPfjR1WCO4H46TbF
xQf7xsYsMb2iUA8iXfXGpsYFRuPHYxcIa9MUaPbRMzspyY68vEKffJhgaIRPCvYi
1NbYMn6RH8md2pwIGotipJ/rItuPYBhtZZ4es1weyNzjoK+KcvH9PaR0FQIDAQAB
o4IDETCCAw0wHQYDVR0OBBYEFAtGxhpjag1RDuv/b6g6STsRGx1HMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvQzBiR0dtTnFEVkVPNl85dnFEcEpPeEViSFVjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBJQYIKwYBBQUHAQcBAf8EggEUMIIBEDCCAQwEAgABMIIB
BAMDAwJgAwQGPgPAAwQHPhiAAwQFPvGgAwMDTpADAwJPTAMDA1AoAwQGUQFAAwQG
UQbAAwMAUVYDBAdRqgADAwFRsgMEB1KFAAMDAFNDAwMAVAwDBAdUKwADBAdX8oAw
CgMDAVhqAwMEWGADBAdZqIADAwJZ8AMEA1uScAMDBVwAAwQDkf/wAwQCuRgMAwQC
uXDUMAwDBAK5rXQDBAK5rXgDBAK5rzADBAK5r5ADBADB2mMDBAXCaiADBAXC9+AD
BAbDcAADBAfDiQADBAbDlQADBAXUAYADBAXUQ2ADBAXUSmADAwDUiwMEBtSfgAMD
ANVOAwQG1dBAAwQF2QgAAwQE2USAMA0GCSqGSIb3DQEBCwUAA4IBAQCkfT/yB+FN
Wo+IDROyEvS9sGKrSLORF1caZYU7vVVeECf416KTZZTMaOctSD8zONgjqAGSnGUg
kMwZnl/BwObD+Rzq8SjWMgkBTdyzLJbic4mO318ItSKsUzDwPa0wXbDARkSQYFgX
XkaNoQrJK5E0QHVPi1QStm8vaasnFo11l7/nE8iKmBlYklggcxJoOII3TMBgjqFw
tUFNpDEQ1G2AcdvcWpyLeaipabKrkMNdaxhcqH2OV+apEKmQO3/UKr1Sk89kDT1t
ZBn6f/ZNl5OLN8G0VDD4Map1eO2ZMjcJvp/P5TamKN2cBz0VdETZmW0jt6Xwn2iL
cxqkRomMdeDl
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:51:36 2025 by rpki-client