Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/R4kd1mvadPTkQmiuWiMb_VXLuX4.roa
File: R4kd1mvadPTkQmiuWiMb_VXLuX4.roa (raw, json)
Hash identifier: zf8IDD9Ql8i8m6VV1wqddK9OlAGQxZM9xgC/CCDc5q8=
Subject key identifier: 47:89:1D:D6:6B:DA:74:F4:E4:42:68:AE:5A:23:1B:FD:55:CB:B9:7E
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 018CCA2968C4E005EC983F0C202501C85770
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/R4kd1mvadPTkQmiuWiMb_VXLuX4.roa
Signing time: Tue 02 Jan 2024 12:32:40 +0000
ROA not before: Tue 02 Jan 2024 12:32:40 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 19905
IP address blocks: 78.144.0.0/13 maxlen: 24
213.208.64.0/18 maxlen: 24
193.218.99.0/24 maxlen: 24
217.68.128.0/20 maxlen: 24
212.159.128.0/18 maxlen: 24
81.178.0.0/15 maxlen: 24
79.77.0.0/16 maxlen: 24
92.0.0.0/11 maxlen: 24
195.112.0.0/18 maxlen: 24
84.43.0.0/17 maxlen: 24
62.24.128.0/17 maxlen: 24
212.139.0.0/16 maxlen: 24
89.240.0.0/14 maxlen: 24
80.40.0.0/13 maxlen: 24
212.1.128.0/19 maxlen: 24
81.170.0.0/17 maxlen: 24
91.146.112.0/21 maxlen: 24
82.133.0.0/17 maxlen: 24
145.255.240.0/21 maxlen: 24
87.242.128.0/17 maxlen: 24
185.173.116.0/22 maxlen: 24
185.112.212.0/22 maxlen: 24
217.8.0.0/19 maxlen: 24
81.1.64.0/18 maxlen: 24
83.67.0.0/16 maxlen: 24
2.96.0.0/13 maxlen: 24
84.12.0.0/16 maxlen: 24
212.74.96.0/19 maxlen: 24
194.247.224.0/19 maxlen: 24
185.175.144.0/22 maxlen: 24
62.3.192.0/18 maxlen: 24
212.67.96.0/19 maxlen: 24
185.173.120.0/22 maxlen: 24
185.175.48.0/22 maxlen: 24
81.6.192.0/18 maxlen: 24
194.106.32.0/19 maxlen: 24
89.168.128.0/17 maxlen: 24
81.86.0.0/16 maxlen: 24
62.241.160.0/19 maxlen: 24
195.149.0.0/18 maxlen: 24
185.24.12.0/22 maxlen: 24
213.78.0.0/16 maxlen: 24
79.78.0.0/15 maxlen: 24
195.137.0.0/17 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:ca:29:68:c4:e0:05:ec:98:3f:0c:20:25:01:c8:57:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Jan 2 12:32:40 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=47891dd66bda74f4e44268ae5a231bfd55cbb97e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:44:18:ef:91:f0:4c:da:d9:f0:5a:79:99:f8:
d7:c7:ff:ab:a9:82:d9:85:4b:12:bd:f1:6c:24:72:
1d:a3:81:47:4e:36:3d:9d:51:63:82:1e:f2:a8:00:
57:78:95:49:f7:4e:85:96:d2:8d:ed:a0:f2:57:b6:
fe:f2:1d:fc:7a:ab:fa:77:a2:38:a9:0b:fa:19:04:
af:21:de:ad:c6:7b:05:e2:6c:c3:49:f2:87:0f:a2:
f2:6f:ad:0c:5c:16:a7:3e:84:b6:d2:83:1d:15:63:
86:34:46:05:4f:06:38:fb:54:f9:e1:85:4f:6e:46:
c8:64:1e:86:4d:07:40:6e:62:79:bb:59:6e:ed:50:
c8:2d:62:ab:3d:29:65:8c:ff:5f:e8:a5:69:09:04:
31:26:69:88:82:ec:d3:43:1d:12:cf:14:b1:96:54:
e7:50:b3:de:8f:d5:4b:58:e9:e1:50:64:28:46:3e:
6c:ff:6d:ad:22:0c:cf:e9:20:46:31:b3:77:05:79:
3d:47:0f:a2:d1:8b:1a:47:61:ec:7e:3d:ae:68:74:
66:cb:f5:ab:ca:85:95:22:c4:9e:12:82:ab:eb:88:
22:05:ea:44:37:3b:bf:20:31:76:36:ca:1d:67:a3:
e3:35:0f:8e:d6:d3:a7:46:f1:2e:26:77:c9:5b:12:
a9:e7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
47:89:1D:D6:6B:DA:74:F4:E4:42:68:AE:5A:23:1B:FD:55:CB:B9:7E
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/R4kd1mvadPTkQmiuWiMb_VXLuX4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.96.0.0/13
62.3.192.0/18
62.24.128.0/17
62.241.160.0/19
78.144.0.0/13
79.77.0.0-79.79.255.255
80.40.0.0/13
81.1.64.0/18
81.6.192.0/18
81.86.0.0/16
81.170.0.0/17
81.178.0.0/15
82.133.0.0/17
83.67.0.0/16
84.12.0.0/16
84.43.0.0/17
87.242.128.0/17
89.168.128.0/17
89.240.0.0/14
91.146.112.0/21
92.0.0.0/11
145.255.240.0/21
185.24.12.0/22
185.112.212.0/22
185.173.116.0-185.173.123.255
185.175.48.0/22
185.175.144.0/22
193.218.99.0/24
194.106.32.0/19
194.247.224.0/19
195.112.0.0/18
195.137.0.0/17
195.149.0.0/18
212.1.128.0/19
212.67.96.0/19
212.74.96.0/19
212.139.0.0/16
212.159.128.0/18
213.78.0.0/16
213.208.64.0/18
217.8.0.0/19
217.68.128.0/20
Signature Algorithm: sha256WithRSAEncryption
00:7c:7f:f1:06:f0:99:12:25:1b:c3:fc:f4:3c:65:fc:0d:99:
94:5a:f1:c8:ec:87:3a:a1:62:76:13:f5:7d:44:6f:ac:70:7f:
e8:b9:ae:38:b1:b3:31:db:9d:13:1f:e3:34:c9:07:8a:c5:d0:
b2:99:0d:73:9a:9c:2b:d7:ab:e7:73:4a:7d:c7:98:81:99:ce:
8d:3e:82:bd:3d:32:ef:a7:f1:b7:92:17:71:92:5f:0b:ba:92:
6c:ef:3b:10:8c:05:02:07:ee:e8:ed:b1:04:a2:08:ca:e8:ad:
79:8c:53:05:a0:8e:26:0a:e2:b6:7d:78:df:76:cb:74:31:dd:
91:07:11:c5:9f:a9:b2:64:94:67:bf:c4:6e:70:61:b9:d5:b0:
21:31:cc:e9:9a:e7:7d:85:b6:2a:d5:b0:5b:6b:16:f2:10:91:
ca:60:1f:f3:88:75:bf:cc:3c:cc:17:59:ee:0c:78:bb:a0:2a:
57:a6:d3:ee:bd:81:98:52:77:62:f8:9a:ae:c6:82:13:a4:92:
2f:c8:34:83:ee:f4:57:24:5e:62:d2:52:97:07:ff:52:df:36:
23:13:81:f3:02:43:cc:ec:1e:b9:49:af:d7:bc:2a:21:1f:2b:
d4:bd:6d:2e:8d:0c:93:b4:82:3a:37:2d:4a:2c:6f:97:41:ad:
b8:b1:e3:3c
-----BEGIN CERTIFICATE-----
MIIF/zCCBOegAwIBAgISAYzKKWjE4AXsmD8MICUByFdwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjQwMTAyMTIzMjQwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Nzg5MWRkNjZiZGE3NGY0ZTQ0MjY4YWU1YTIzMWJmZDU1Y2JiOTdlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnUQY75HwTNrZ8Fp5mfjXx/+rqYLZ
hUsSvfFsJHIdo4FHTjY9nVFjgh7yqABXeJVJ906FltKN7aDyV7b+8h38eqv6d6I4
qQv6GQSvId6txnsF4mzDSfKHD6Lyb60MXBanPoS20oMdFWOGNEYFTwY4+1T54YVP
bkbIZB6GTQdAbmJ5u1lu7VDILWKrPSlljP9f6KVpCQQxJmmIguzTQx0SzxSxllTn
ULPej9VLWOnhUGQoRj5s/22tIgzP6SBGMbN3BXk9Rw+i0YsaR2Hsfj2uaHRmy/Wr
yoWVIsSeEoKr64giBepENzu/IDF2NsodZ6PjNQ+O1tOnRvEuJnfJWxKp5wIDAQAB
o4IDCzCCAwcwHQYDVR0OBBYEFEeJHdZr2nT05EJorlojG/1Vy7l+MB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvUjRrZDFtdmFkUFRrUW1pdVdpTWJfVlhMdVg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHwYIKwYBBQUHAQcBAf8EggEOMIIBCjCCAQYEAgABMIH/
AwMDAmADBAY+A8ADBAc+GIADBAU+8aADAwNOkDAKAwMAT00DAwRPQAMDA1AoAwQG
UQFAAwQGUQbAAwMAUVYDBAdRqgADAwFRsgMEB1KFAAMDAFNDAwMAVAwDBAdUKwAD
BAdX8oADBAdZqIADAwJZ8AMEA1uScAMDBVwAAwQDkf/wAwQCuRgMAwQCuXDUMAwD
BAK5rXQDBAK5rXgDBAK5rzADBAK5r5ADBADB2mMDBAXCaiADBAXC9+ADBAbDcAAD
BAfDiQADBAbDlQADBAXUAYADBAXUQ2ADBAXUSmADAwDUiwMEBtSfgAMDANVOAwQG
1dBAAwQF2QgAAwQE2USAMA0GCSqGSIb3DQEBCwUAA4IBAQAAfH/xBvCZEiUbw/z0
PGX8DZmUWvHI7Ic6oWJ2E/V9RG+scH/oua44sbMx250TH+M0yQeKxdCymQ1zmpwr
16vnc0p9x5iBmc6NPoK9PTLvp/G3khdxkl8LupJs7zsQjAUCB+7o7bEEogjK6K15
jFMFoI4mCuK2fXjfdst0Md2RBxHFn6myZJRnv8RucGG51bAhMczpmud9hbYq1bBb
axbyEJHKYB/ziHW/zDzMF1nuDHi7oCpXptPuvYGYUndi+JquxoITpJIvyDSD7vRX
JF5i0lKXB/9S3zYjE4HzAkPM7B65Sa/XvCohHyvUvW0ujQyTtII6Ny1KLG+XQa24
seM8
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:38:33 2025 by rpki-client