Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/YmHrNAEfYIs2MxPzHg5GahQDSIE.roa
File: YmHrNAEfYIs2MxPzHg5GahQDSIE.roa (raw, json)
Hash identifier: bivU+SSWtneZAhtRTBubzr0NdZD2krjTAVnnkB3tQK4=
Subject key identifier: 62:61:EB:34:01:1F:60:8B:36:33:13:F3:1E:0E:46:6A:14:03:48:81
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 018C25756CEE2EE0E133D1226EBCF50EE5B5
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/YmHrNAEfYIs2MxPzHg5GahQDSIE.roa
Signing time: Fri 01 Dec 2023 12:58:21 +0000
ROA not before: Fri 01 Dec 2023 12:58:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 19905
IP address blocks: 78.144.0.0/13 maxlen: 24
213.208.64.0/18 maxlen: 24
193.218.99.0/24 maxlen: 24
217.68.128.0/20 maxlen: 24
212.159.128.0/18 maxlen: 24
81.178.0.0/15 maxlen: 24
79.77.0.0/16 maxlen: 24
92.0.0.0/11 maxlen: 24
195.112.0.0/18 maxlen: 24
84.43.0.0/17 maxlen: 24
62.24.128.0/17 maxlen: 24
212.139.0.0/16 maxlen: 24
89.240.0.0/14 maxlen: 24
80.40.0.0/13 maxlen: 24
212.1.128.0/19 maxlen: 24
81.170.0.0/17 maxlen: 24
91.146.112.0/21 maxlen: 24
82.133.0.0/17 maxlen: 24
145.255.240.0/21 maxlen: 24
87.242.128.0/17 maxlen: 24
185.173.116.0/22 maxlen: 24
185.112.212.0/22 maxlen: 24
217.8.0.0/19 maxlen: 24
81.1.64.0/18 maxlen: 24
83.67.0.0/16 maxlen: 24
2.96.0.0/13 maxlen: 24
84.12.0.0/16 maxlen: 24
212.74.96.0/19 maxlen: 24
194.247.224.0/19 maxlen: 24
185.175.144.0/22 maxlen: 24
62.3.192.0/18 maxlen: 24
212.67.96.0/19 maxlen: 24
185.173.120.0/22 maxlen: 24
185.175.48.0/22 maxlen: 24
81.6.192.0/18 maxlen: 24
194.106.32.0/19 maxlen: 24
89.168.128.0/17 maxlen: 24
81.86.0.0/16 maxlen: 24
62.241.160.0/19 maxlen: 24
195.149.0.0/18 maxlen: 24
185.24.12.0/22 maxlen: 24
213.78.0.0/16 maxlen: 24
79.78.0.0/15 maxlen: 24
195.137.0.0/17 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:25:75:6c:ee:2e:e0:e1:33:d1:22:6e:bc:f5:0e:e5:b5
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Dec 1 12:58:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6261eb34011f608b363313f31e0e466a14034881
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:1a:26:00:ba:4c:66:3c:d7:62:07:44:f1:4a:
b3:fa:2b:32:4e:c1:80:df:5f:08:4c:25:b9:ef:44:
33:c2:a6:40:01:d9:93:7c:ff:85:08:1f:78:0a:e1:
56:1c:c1:45:cb:8f:c9:ab:40:65:05:df:e2:c7:f2:
b6:86:2a:92:2a:58:4a:50:8e:82:a0:f3:c2:98:cf:
dd:34:24:68:c4:8b:b1:af:63:f2:3a:a3:ee:00:28:
7a:27:41:77:72:eb:bf:eb:7b:4b:b3:70:bd:0a:90:
0f:65:b9:9d:26:ab:fc:67:7c:37:2c:b0:67:a6:e2:
b1:5c:02:94:41:6a:64:c2:27:7e:0a:48:96:b4:de:
28:59:c2:0d:dc:77:fc:be:8d:00:33:18:5d:8a:70:
4a:2a:13:e3:90:3c:fc:3e:00:6b:38:ee:e6:f2:84:
65:f6:1d:07:2d:a5:ca:81:b2:ba:b2:21:7f:2d:f4:
6c:9d:54:95:8d:90:37:40:cc:cd:c0:6b:a1:0e:15:
56:f7:a6:f5:84:72:74:a4:af:ed:ba:1a:f9:43:66:
7d:8e:fb:10:f6:dd:59:ee:bb:05:b5:b5:fc:7c:69:
28:21:df:9b:41:77:e5:81:71:ea:ba:78:36:ab:c8:
e7:55:d8:58:54:43:ca:6d:22:69:03:2f:17:c6:b5:
8f:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
62:61:EB:34:01:1F:60:8B:36:33:13:F3:1E:0E:46:6A:14:03:48:81
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/YmHrNAEfYIs2MxPzHg5GahQDSIE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.96.0.0/13
62.3.192.0/18
62.24.128.0/17
62.241.160.0/19
78.144.0.0/13
79.77.0.0-79.79.255.255
80.40.0.0/13
81.1.64.0/18
81.6.192.0/18
81.86.0.0/16
81.170.0.0/17
81.178.0.0/15
82.133.0.0/17
83.67.0.0/16
84.12.0.0/16
84.43.0.0/17
87.242.128.0/17
89.168.128.0/17
89.240.0.0/14
91.146.112.0/21
92.0.0.0/11
145.255.240.0/21
185.24.12.0/22
185.112.212.0/22
185.173.116.0-185.173.123.255
185.175.48.0/22
185.175.144.0/22
193.218.99.0/24
194.106.32.0/19
194.247.224.0/19
195.112.0.0/18
195.137.0.0/17
195.149.0.0/18
212.1.128.0/19
212.67.96.0/19
212.74.96.0/19
212.139.0.0/16
212.159.128.0/18
213.78.0.0/16
213.208.64.0/18
217.8.0.0/19
217.68.128.0/20
Signature Algorithm: sha256WithRSAEncryption
82:62:be:d5:b5:ca:c3:e2:7b:28:10:69:ef:b2:e8:50:45:ed:
35:3a:c1:bc:0c:df:ce:23:27:0a:78:ea:82:84:f5:11:00:c2:
98:18:85:45:24:8d:10:17:c7:b6:e3:60:55:2c:39:80:de:53:
6d:85:4a:4b:3e:65:e5:62:17:3f:f1:23:b0:13:76:b4:d7:f4:
7f:43:20:dc:05:3c:ca:be:5e:e8:3e:fc:b8:ae:89:71:ca:87:
78:86:37:18:0f:83:e7:7f:1b:3c:10:7a:89:cd:9d:4f:c6:f1:
86:60:54:71:8e:e5:2c:2e:9f:2f:98:80:43:65:c3:83:63:b3:
52:71:77:c9:fc:ee:89:8d:c9:42:af:1b:c5:0a:0e:ee:bc:12:
76:62:11:4c:ea:b9:60:eb:b3:0c:90:91:88:4a:fa:90:2a:6b:
e0:14:1f:42:84:0b:ab:3f:ff:12:61:e1:25:80:06:21:3e:cd:
2e:f1:bc:8c:2a:b1:a5:75:9c:0f:4a:d0:81:f3:6c:f7:5e:1e:
d2:ee:e5:f7:93:85:1a:ca:77:77:f2:59:9f:c2:4f:e4:09:4f:
52:1f:dc:ae:a3:05:e7:cd:59:6d:4e:be:d7:a8:62:01:27:63:
f7:0a:fc:9d:6d:86:46:69:8c:db:56:64:13:f2:f8:6a:91:c7:
da:87:b1:44
-----BEGIN CERTIFICATE-----
MIIF/zCCBOegAwIBAgISAYwldWzuLuDhM9Eibrz1DuW1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjMxMjAxMTI1ODIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MjYxZWIzNDAxMWY2MDhiMzYzMzEzZjMxZTBlNDY2YTE0MDM0ODgxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBomALpMZjzXYgdE8Uqz+isyTsGA
318ITCW570QzwqZAAdmTfP+FCB94CuFWHMFFy4/Jq0BlBd/ix/K2hiqSKlhKUI6C
oPPCmM/dNCRoxIuxr2PyOqPuACh6J0F3cuu/63tLs3C9CpAPZbmdJqv8Z3w3LLBn
puKxXAKUQWpkwid+CkiWtN4oWcIN3Hf8vo0AMxhdinBKKhPjkDz8PgBrOO7m8oRl
9h0HLaXKgbK6siF/LfRsnVSVjZA3QMzNwGuhDhVW96b1hHJ0pK/tuhr5Q2Z9jvsQ
9t1Z7rsFtbX8fGkoId+bQXflgXHqung2q8jnVdhYVEPKbSJpAy8XxrWPbQIDAQAB
o4IDCzCCAwcwHQYDVR0OBBYEFGJh6zQBH2CLNjMT8x4ORmoUA0iBMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvWW1Ick5BRWZZSXMyTXhQekhnNUdhaFFEU0lFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBHwYIKwYBBQUHAQcBAf8EggEOMIIBCjCCAQYEAgABMIH/
AwMDAmADBAY+A8ADBAc+GIADBAU+8aADAwNOkDAKAwMAT00DAwRPQAMDA1AoAwQG
UQFAAwQGUQbAAwMAUVYDBAdRqgADAwFRsgMEB1KFAAMDAFNDAwMAVAwDBAdUKwAD
BAdX8oADBAdZqIADAwJZ8AMEA1uScAMDBVwAAwQDkf/wAwQCuRgMAwQCuXDUMAwD
BAK5rXQDBAK5rXgDBAK5rzADBAK5r5ADBADB2mMDBAXCaiADBAXC9+ADBAbDcAAD
BAfDiQADBAbDlQADBAXUAYADBAXUQ2ADBAXUSmADAwDUiwMEBtSfgAMDANVOAwQG
1dBAAwQF2QgAAwQE2USAMA0GCSqGSIb3DQEBCwUAA4IBAQCCYr7VtcrD4nsoEGnv
suhQRe01OsG8DN/OIycKeOqChPURAMKYGIVFJI0QF8e242BVLDmA3lNthUpLPmXl
Yhc/8SOwE3a01/R/QyDcBTzKvl7oPvy4rolxyod4hjcYD4Pnfxs8EHqJzZ1PxvGG
YFRxjuUsLp8vmIBDZcODY7NScXfJ/O6JjclCrxvFCg7uvBJ2YhFM6rlg67MMkJGI
SvqQKmvgFB9ChAurP/8SYeElgAYhPs0u8byMKrGldZwPStCB82z3Xh7S7uX3k4Ua
ynd38lmfwk/kCU9SH9yuowXnzVltTr7XqGIBJ2P3CvydbYZGaYzbVmQT8vhqkcfa
h7FE
-----END CERTIFICATE-----
Generated at Thu Mar 13 02:40:44 2025 by rpki-client