Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/G86QEc8iOMEpoPdfQYGKYB18etY.roa
File: G86QEc8iOMEpoPdfQYGKYB18etY.roa (raw, json)
Hash identifier: I07MeqB6ICodRpMms2vxca2N8ihDY+6siKCkZXPk3Hs=
Subject key identifier: 1B:CE:90:11:CF:22:38:C1:29:A0:F7:5F:41:81:8A:60:1D:7C:7A:D6
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 018DA2F54EEE15A9998C62F457268786F728
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/G86QEc8iOMEpoPdfQYGKYB18etY.roa
Signing time: Tue 13 Feb 2024 14:53:21 +0000
ROA not before: Tue 13 Feb 2024 14:53:21 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 13285
IP address blocks: 2.96.0.0/13 maxlen: 24
62.3.192.0/18 maxlen: 24
62.24.128.0/17 maxlen: 24
62.241.160.0/19 maxlen: 24
78.144.0.0/13 maxlen: 24
81.6.192.0/18 maxlen: 24
89.240.0.0/14 maxlen: 24
91.146.112.0/21 maxlen: 24
92.0.0.0/11 maxlen: 24
185.112.212.0/22 maxlen: 24
185.173.116.0/22 maxlen: 24
185.173.120.0/22 maxlen: 24
185.175.144.0/22 maxlen: 24
193.218.99.0/24 maxlen: 24
195.112.0.0/18 maxlen: 24
195.149.0.0/18 maxlen: 24
212.139.24.0/24 maxlen: 24
212.139.133.0/24 maxlen: 24
212.139.148.0/22 maxlen: 22
213.208.64.0/18 maxlen: 24
217.8.0.0/19 maxlen: 24
217.68.128.0/20 maxlen: 24
2001:7e0::/32 maxlen: 32
2001:4a00::/27 maxlen: 27
2a00:4340::/32 maxlen: 32
2a0b:db00::/29 maxlen: 29
2a0b:e900::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:a2:f5:4e:ee:15:a9:99:8c:62:f4:57:26:87:86:f7:28
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Feb 13 14:53:21 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=1bce9011cf2238c129a0f75f41818a601d7c7ad6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b4:a9:58:a8:eb:57:43:e3:ad:7a:1e:12:99:ac:
dc:c1:fb:70:7e:55:f3:83:ba:15:69:3c:33:7d:d9:
10:e0:1b:74:ca:8a:29:b0:65:57:9a:c0:2b:71:3a:
8d:4a:56:fc:54:f4:17:7c:79:f7:a2:59:65:0d:73:
da:e3:45:27:51:ea:8b:85:f7:45:a0:49:06:33:e7:
cd:ce:97:b1:56:ad:9b:1f:cd:eb:04:d8:45:b3:82:
71:e2:32:e6:3c:85:0c:6c:37:3f:bf:e2:21:3f:0c:
a7:ff:fa:cd:df:10:1c:17:62:f5:ca:7b:fd:f7:5c:
2c:ff:e3:40:e6:ef:bb:62:f9:fe:9c:44:11:6b:36:
53:03:50:ee:92:54:aa:54:56:1d:6a:a8:5a:d6:0d:
77:50:63:d6:b6:39:f2:f4:b6:12:61:cd:24:fc:25:
cd:51:7e:dc:18:49:e0:38:e4:05:35:30:9b:a4:0a:
d3:fb:64:79:a2:33:98:57:62:a9:d5:76:64:17:b8:
4e:ee:c4:0c:b3:72:95:94:14:13:ca:f2:33:d1:4c:
c2:7d:22:05:1c:e3:8b:3b:95:3f:e4:d8:90:c5:27:
31:89:6b:15:e1:7a:de:9c:de:0b:d7:34:b0:88:51:
c0:96:9b:8b:70:c3:21:cf:66:1d:67:94:13:c6:a3:
f1:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:CE:90:11:CF:22:38:C1:29:A0:F7:5F:41:81:8A:60:1D:7C:7A:D6
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/G86QEc8iOMEpoPdfQYGKYB18etY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.96.0.0/13
62.3.192.0/18
62.24.128.0/17
62.241.160.0/19
78.144.0.0/13
81.6.192.0/18
89.240.0.0/14
91.146.112.0/21
92.0.0.0/11
185.112.212.0/22
185.173.116.0-185.173.123.255
185.175.144.0/22
193.218.99.0/24
195.112.0.0/18
195.149.0.0/18
212.139.24.0/24
212.139.133.0/24
212.139.148.0/22
213.208.64.0/18
217.8.0.0/19
217.68.128.0/20
IPv6:
2001:7e0::/32
2001:4a00::/27
2a00:4340::/32
2a0b:db00::/29
2a0b:e900::/29
Signature Algorithm: sha256WithRSAEncryption
58:75:9e:0d:03:15:53:06:78:c9:76:e5:e5:24:b4:39:98:1e:
66:70:43:05:4a:be:02:7c:12:c0:48:5a:18:07:ac:4c:c8:75:
2b:ce:5e:94:33:99:3e:e0:c0:67:ea:7a:f9:dc:85:fe:c0:f9:
c2:0f:4e:1b:47:7b:b8:62:07:6c:0c:44:ca:76:6b:1c:01:a1:
8f:f8:7b:14:54:1f:c0:ea:67:1c:8a:11:fa:7b:5e:85:25:6f:
e8:40:79:57:ca:de:ed:23:f2:e2:f8:d7:fc:39:74:d8:78:1d:
80:ce:45:b3:81:86:82:ee:93:36:5f:09:26:6f:5f:67:0b:90:
45:de:5a:82:9c:4b:f3:9b:8a:b8:30:d2:3f:da:52:6d:c0:ab:
14:b2:61:69:d9:ac:80:73:e1:4f:79:50:52:18:48:51:e1:c6:
77:f8:03:e5:79:60:77:d4:3e:0d:99:06:aa:a2:93:b7:87:81:
84:ad:a1:12:16:92:2c:2b:67:cb:a8:30:07:3d:b9:f9:64:6f:
3f:20:75:c0:34:ed:d1:f1:5f:61:e3:66:4c:c6:af:3b:94:98:
99:91:37:82:50:27:a8:42:12:29:48:9f:92:38:e6:0a:89:98:
a1:32:2c:8a:bb:63:84:73:0b:50:58:d7:de:f8:71:32:4a:e4:
f5:10:31:23
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgISAY2i9U7uFamZjGL0VyaHhvcoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjQwMjEzMTQ1MzIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmNlOTAxMWNmMjIzOGMxMjlhMGY3NWY0MTgxOGE2MDFkN2M3YWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtKlYqOtXQ+Oteh4SmazcwftwflXz
g7oVaTwzfdkQ4Bt0yoopsGVXmsArcTqNSlb8VPQXfHn3olllDXPa40UnUeqLhfdF
oEkGM+fNzpexVq2bH83rBNhFs4Jx4jLmPIUMbDc/v+IhPwyn//rN3xAcF2L1ynv9
91ws/+NA5u+7Yvn+nEQRazZTA1DuklSqVFYdaqha1g13UGPWtjny9LYSYc0k/CXN
UX7cGEngOOQFNTCbpArT+2R5ojOYV2Kp1XZkF7hO7sQMs3KVlBQTyvIz0UzCfSIF
HOOLO5U/5NiQxScxiWsV4XrenN4L1zSwiFHAlpuLcMMhz2YdZ5QTxqPxeQIDAQAB
o4ICtTCCArEwHQYDVR0OBBYEFBvOkBHPIjjBKaD3X0GBimAdfHrWMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvRzg2UUVjOGlPTUVwb1BkZlFZR0tZQjE4ZXRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHKBggrBgEFBQcBBwEB/wSBujCBtzCBiQQCAAEwgYIDAwMC
YAMEBj4DwAMEBz4YgAMEBT7xoAMDA06QAwQGUQbAAwMCWfADBANbknADAwVcAAME
Arlw1DAMAwQCua10AwQCua14AwQCua+QAwQAwdpjAwQGw3AAAwQGw5UAAwQA1IsY
AwQA1IuFAwQC1IuUAwQG1dBAAwQF2QgAAwQE2USAMCkEAgACMCMDBQAgAQfgAwUF
IAFKAAMFACoAQ0ADBQMqC9sAAwUDKgvpADANBgkqhkiG9w0BAQsFAAOCAQEAWHWe
DQMVUwZ4yXbl5SS0OZgeZnBDBUq+AnwSwEhaGAesTMh1K85elDOZPuDAZ+p6+dyF
/sD5wg9OG0d7uGIHbAxEynZrHAGhj/h7FFQfwOpnHIoR+ntehSVv6EB5V8re7SPy
4vjX/Dl02HgdgM5Fs4GGgu6TNl8JJm9fZwuQRd5agpxL85uKuDDSP9pSbcCrFLJh
admsgHPhT3lQUhhIUeHGd/gD5Xlgd9Q+DZkGqqKTt4eBhK2hEhaSLCtny6gwBz25
+WRvPyB1wDTt0fFfYeNmTMavO5SYmZE3glAnqEISKUifkjjmComYoTIsirtjhHML
UFjX3vhxMkrk9RAxIw==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:34:04 2025 by rpki-client