Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/NhW9ThinaI5m8-CJz3jMNxEppSI.roa
File: NhW9ThinaI5m8-CJz3jMNxEppSI.roa (raw, json)
Hash identifier: utqDtmmYT6sq95s5vmC012hvgo9Q4JiBYp6WCFpZA1w=
Subject key identifier: 36:15:BD:4E:18:A7:68:8E:66:F3:E0:89:CF:78:CC:37:11:29:A5:22
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 0183E80AE853DF6D56C6C0F067FFCFAE906F
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/NhW9ThinaI5m8-CJz3jMNxEppSI.roa
Signing time: Mon 17 Oct 2022 22:22:52 +0000
ROA not before: Mon 17 Oct 2022 22:22:52 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 19905
IP address blocks: 78.144.0.0/13 maxlen: 24
213.208.64.0/18 maxlen: 24
193.218.99.0/24 maxlen: 24
217.68.128.0/20 maxlen: 24
212.159.128.0/18 maxlen: 24
81.178.0.0/15 maxlen: 24
85.210.0.0/15 maxlen: 24
84.13.0.0/16 maxlen: 24
92.0.0.0/11 maxlen: 24
195.112.0.0/18 maxlen: 24
84.43.0.0/17 maxlen: 24
62.24.128.0/17 maxlen: 24
212.139.0.0/16 maxlen: 24
89.240.0.0/14 maxlen: 24
80.225.0.0/16 maxlen: 24
80.40.0.0/13 maxlen: 24
79.72.0.0/13 maxlen: 24
88.104.0.0/13 maxlen: 24
212.1.128.0/19 maxlen: 24
81.170.0.0/17 maxlen: 24
82.133.0.0/17 maxlen: 24
87.242.128.0/17 maxlen: 24
185.173.116.0/22 maxlen: 24
217.8.0.0/19 maxlen: 24
81.1.64.0/18 maxlen: 24
89.168.0.0/16 maxlen: 24
83.67.0.0/16 maxlen: 24
2.96.0.0/13 maxlen: 24
84.12.0.0/16 maxlen: 24
212.74.96.0/19 maxlen: 24
194.247.224.0/19 maxlen: 24
79.66.0.0/15 maxlen: 24
185.175.144.0/22 maxlen: 24
62.3.192.0/18 maxlen: 24
212.67.96.0/19 maxlen: 24
185.173.120.0/22 maxlen: 24
185.175.48.0/22 maxlen: 24
81.6.192.0/18 maxlen: 24
194.106.32.0/19 maxlen: 24
81.86.0.0/16 maxlen: 24
79.68.0.0/14 maxlen: 24
62.241.160.0/19 maxlen: 24
195.149.0.0/18 maxlen: 24
213.78.0.0/16 maxlen: 24
195.137.0.0/17 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:e8:0a:e8:53:df:6d:56:c6:c0:f0:67:ff:cf:ae:90:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Oct 17 22:22:52 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=3615bd4e18a7688e66f3e089cf78cc371129a522
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:37:29:3c:fb:ec:2c:83:f2:2d:32:e6:e5:b4:
36:2b:c9:fd:cf:af:d3:5f:ba:35:f6:17:aa:12:48:
51:0f:d8:37:bf:2f:1e:eb:56:98:ec:ff:53:ae:3d:
4b:9c:71:c3:29:20:ad:99:4b:5a:93:92:6d:13:e3:
fa:83:d7:7f:28:1d:04:ab:2d:9b:09:31:fd:af:da:
a3:23:c8:cb:8d:91:06:5c:21:26:34:8f:5f:ba:e8:
12:9e:e2:c8:19:91:86:15:f1:ec:ed:58:6f:66:2b:
39:92:ec:27:27:f7:08:8f:ee:5d:1a:44:fe:20:22:
16:ad:fe:6f:c0:b9:e6:4f:35:0f:9f:80:9d:59:58:
c0:5a:79:80:aa:63:1c:b4:10:3e:c8:55:6a:a8:40:
af:13:3d:bb:28:32:5d:73:31:d5:db:91:e0:06:1f:
4b:99:95:42:aa:82:c4:b2:4d:ac:7c:09:49:23:2a:
f7:99:25:f4:01:49:a4:a3:1a:c1:18:62:d4:5b:07:
5e:81:d9:29:ce:3c:77:ac:2a:f4:22:85:08:62:36:
71:53:c1:f5:b9:08:40:90:8d:9b:0f:b7:de:2a:46:
c1:7c:36:4b:b9:6a:46:7f:46:9c:41:23:15:35:50:
ce:5e:7e:88:15:e6:3d:9f:b2:02:40:18:52:ed:37:
3b:3d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:15:BD:4E:18:A7:68:8E:66:F3:E0:89:CF:78:CC:37:11:29:A5:22
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/NhW9ThinaI5m8-CJz3jMNxEppSI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.96.0.0/13
62.3.192.0/18
62.24.128.0/17
62.241.160.0/19
78.144.0.0/13
79.66.0.0-79.79.255.255
80.40.0.0/13
80.225.0.0/16
81.1.64.0/18
81.6.192.0/18
81.86.0.0/16
81.170.0.0/17
81.178.0.0/15
82.133.0.0/17
83.67.0.0/16
84.12.0.0/15
84.43.0.0/17
85.210.0.0/15
87.242.128.0/17
88.104.0.0/13
89.168.0.0/16
89.240.0.0/14
92.0.0.0/11
185.173.116.0-185.173.123.255
185.175.48.0/22
185.175.144.0/22
193.218.99.0/24
194.106.32.0/19
194.247.224.0/19
195.112.0.0/18
195.137.0.0/17
195.149.0.0/18
212.1.128.0/19
212.67.96.0/19
212.74.96.0/19
212.139.0.0/16
212.159.128.0/18
213.78.0.0/16
213.208.64.0/18
217.8.0.0/19
217.68.128.0/20
Signature Algorithm: sha256WithRSAEncryption
74:bf:58:63:bf:0d:34:86:c0:75:cc:81:ac:fe:8f:a4:1c:bc:
5e:d5:60:66:34:9e:67:0a:b7:4d:c3:bf:ff:58:61:71:26:1d:
66:3a:35:3e:e5:1f:f9:cb:c0:c1:31:f0:9b:65:eb:6f:9a:6c:
3d:13:36:49:da:c7:d0:71:ac:6d:ce:2f:80:ef:da:65:6c:36:
4e:90:9f:37:39:a3:56:44:ef:89:16:1e:f1:e7:0c:23:e3:bf:
e2:fa:1d:1e:29:0c:13:39:7d:3d:51:bf:80:61:23:b5:41:7d:
aa:2d:8a:a2:6a:68:dc:70:67:01:d4:65:b7:15:f0:e5:9a:e7:
cb:d7:46:0c:06:ba:75:65:58:88:99:09:22:5d:35:de:81:9a:
88:1f:22:c9:66:30:e3:a9:d3:d1:55:4c:54:66:91:b8:40:b1:
a3:b6:26:f8:cd:8d:fe:72:06:fd:10:6d:2e:e7:7f:14:db:43:
cd:61:75:ca:81:42:81:98:a2:57:06:71:30:e4:91:af:08:9f:
db:73:51:52:31:e2:9b:c5:b6:9b:c2:4e:32:b4:f2:d8:71:a9:
79:73:40:08:53:3c:8b:e2:d1:28:31:e1:c4:66:cd:72:98:5f:
51:98:f6:dc:20:f2:09:2f:11:83:5f:cb:93:c5:73:b6:b9:6d:
70:6d:af:98
-----BEGIN CERTIFICATE-----
MIIF8zCCBNugAwIBAgISAYPoCuhT321WxsDwZ//PrpBvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjIxMDE3MjIyMjUyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjE1YmQ0ZTE4YTc2ODhlNjZmM2UwODljZjc4Y2MzNzExMjlhNTIyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmTcpPPvsLIPyLTLm5bQ2K8n9z6/T
X7o19heqEkhRD9g3vy8e61aY7P9Trj1LnHHDKSCtmUtak5JtE+P6g9d/KB0Eqy2b
CTH9r9qjI8jLjZEGXCEmNI9fuugSnuLIGZGGFfHs7VhvZis5kuwnJ/cIj+5dGkT+
ICIWrf5vwLnmTzUPn4CdWVjAWnmAqmMctBA+yFVqqECvEz27KDJdczHV25HgBh9L
mZVCqoLEsk2sfAlJIyr3mSX0AUmkoxrBGGLUWwdegdkpzjx3rCr0IoUIYjZxU8H1
uQhAkI2bD7feKkbBfDZLuWpGf0acQSMVNVDOXn6IFeY9n7ICQBhS7Tc7PQIDAQAB
o4IC/zCCAvswHQYDVR0OBBYEFDYVvU4Yp2iOZvPgic94zDcRKaUiMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvTmhXOVRoaW5hSTVtOC1DSnozak1OeEVwcFNJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBEwYIKwYBBQUHAQcBAf8EggECMIH/MIH8BAIAATCB9QMD
AwJgAwQGPgPAAwQHPhiAAwQFPvGgAwMDTpAwCgMDAU9CAwMET0ADAwNQKAMDAFDh
AwQGUQFAAwQGUQbAAwMAUVYDBAdRqgADAwFRsgMEB1KFAAMDAFNDAwMBVAwDBAdU
KwADAwFV0gMEB1fygAMDA1hoAwMAWagDAwJZ8AMDBVwAMAwDBAK5rXQDBAK5rXgD
BAK5rzADBAK5r5ADBADB2mMDBAXCaiADBAXC9+ADBAbDcAADBAfDiQADBAbDlQAD
BAXUAYADBAXUQ2ADBAXUSmADAwDUiwMEBtSfgAMDANVOAwQG1dBAAwQF2QgAAwQE
2USAMA0GCSqGSIb3DQEBCwUAA4IBAQB0v1hjvw00hsB1zIGs/o+kHLxe1WBmNJ5n
CrdNw7//WGFxJh1mOjU+5R/5y8DBMfCbZetvmmw9EzZJ2sfQcaxtzi+A79plbDZO
kJ83OaNWRO+JFh7x5wwj47/i+h0eKQwTOX09Ub+AYSO1QX2qLYqiamjccGcB1GW3
FfDlmufL10YMBrp1ZViImQkiXTXegZqIHyLJZjDjqdPRVUxUZpG4QLGjtib4zY3+
cgb9EG0u538U20PNYXXKgUKBmKJXBnEw5JGvCJ/bc1FSMeKbxbabwk4ytPLYcal5
c0AIUzyL4tEoMeHEZs1ymF9RmPbcIPIJLxGDX8uTxXO2uW1wba+Y
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:51 2023 by rpki-client on console-fra.rpki-client.org