Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/t4T_l055bsssj405nn-7BGi94dY.roa
File: t4T_l055bsssj405nn-7BGi94dY.roa (raw, json)
Hash identifier: xf2gC7Nu+bxic40c2h4tApmioYDB1YmE2a0uC2XsLgM=
Subject key identifier: B7:84:FF:97:4E:79:6E:CB:2C:8F:8D:39:9E:7F:BB:04:68:BD:E1:D6
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 0184E9E2E737E8E4D077A2CCE5B2D38E6535
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/t4T_l055bsssj405nn-7BGi94dY.roa
Signing time: Wed 07 Dec 2022 00:01:12 +0000
ROA not before: Wed 07 Dec 2022 00:01:12 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 19905
IP address blocks: 78.144.0.0/13 maxlen: 24
213.208.64.0/18 maxlen: 24
193.218.99.0/24 maxlen: 24
217.68.128.0/20 maxlen: 24
212.159.128.0/18 maxlen: 24
81.178.0.0/15 maxlen: 24
85.210.0.0/15 maxlen: 24
84.13.0.0/16 maxlen: 24
92.0.0.0/11 maxlen: 24
195.112.0.0/18 maxlen: 24
84.43.0.0/17 maxlen: 24
62.24.128.0/17 maxlen: 24
212.139.0.0/16 maxlen: 24
89.240.0.0/14 maxlen: 24
80.225.0.0/16 maxlen: 24
80.40.0.0/13 maxlen: 24
79.72.0.0/13 maxlen: 24
88.104.0.0/13 maxlen: 24
212.1.128.0/19 maxlen: 24
81.170.0.0/17 maxlen: 24
91.146.112.0/21 maxlen: 24
82.133.0.0/17 maxlen: 24
87.242.128.0/17 maxlen: 24
185.173.116.0/22 maxlen: 24
217.8.0.0/19 maxlen: 24
81.1.64.0/18 maxlen: 24
89.168.0.0/16 maxlen: 24
83.67.0.0/16 maxlen: 24
2.96.0.0/13 maxlen: 24
84.12.0.0/16 maxlen: 24
212.74.96.0/19 maxlen: 24
194.247.224.0/19 maxlen: 24
79.66.0.0/15 maxlen: 24
185.175.144.0/22 maxlen: 24
62.3.192.0/18 maxlen: 24
212.67.96.0/19 maxlen: 24
185.173.120.0/22 maxlen: 24
185.175.48.0/22 maxlen: 24
81.6.192.0/18 maxlen: 24
194.106.32.0/19 maxlen: 24
81.86.0.0/16 maxlen: 24
79.68.0.0/14 maxlen: 24
62.241.160.0/19 maxlen: 24
195.149.0.0/18 maxlen: 24
213.78.0.0/16 maxlen: 24
195.137.0.0/17 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:84:e9:e2:e7:37:e8:e4:d0:77:a2:cc:e5:b2:d3:8e:65:35
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: Dec 7 00:01:12 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=b784ff974e796ecb2c8f8d399e7fbb0468bde1d6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:15:45:1c:71:23:83:e0:7c:bd:0a:f5:5c:c1:
24:8b:d2:21:56:53:d8:6a:f0:b6:76:50:0b:9e:5f:
42:e1:d8:ca:e8:74:25:08:89:3d:5c:19:41:f5:6b:
c3:37:85:0b:4e:65:32:7d:59:3d:f1:21:99:85:bc:
86:ca:fa:08:12:e9:b9:4b:54:cd:7f:65:5a:c0:88:
be:3e:da:44:81:21:b4:2f:f5:d5:f9:81:8b:4b:e2:
af:63:35:6a:4b:c0:ff:a6:96:c8:70:31:d0:9e:66:
fe:52:12:42:26:97:21:25:71:f5:fa:86:22:95:01:
0d:2e:6b:09:45:4c:97:f6:2a:e2:3e:6c:6f:c3:4f:
f2:57:51:bf:85:45:bc:59:07:d9:5e:ae:1c:36:77:
a0:20:81:e4:7c:ae:2d:c3:a1:fb:26:06:dc:d6:0b:
0a:c6:7c:63:5f:af:5e:2f:b2:9f:82:52:52:84:ad:
b4:77:e4:6a:c2:da:11:11:64:a3:c8:70:e5:5c:e7:
c0:7a:ae:e6:49:c5:8b:45:bd:7b:41:c6:d0:9d:07:
f1:fd:a2:1f:d1:2f:b2:12:b7:81:17:40:a4:3b:0d:
d2:9c:1f:cf:fa:30:f9:f9:2a:4f:18:97:bf:1c:d5:
7e:4f:16:01:84:f9:fb:12:3d:fd:63:8d:0b:48:0a:
1b:a1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:84:FF:97:4E:79:6E:CB:2C:8F:8D:39:9E:7F:BB:04:68:BD:E1:D6
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/t4T_l055bsssj405nn-7BGi94dY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.96.0.0/13
62.3.192.0/18
62.24.128.0/17
62.241.160.0/19
78.144.0.0/13
79.66.0.0-79.79.255.255
80.40.0.0/13
80.225.0.0/16
81.1.64.0/18
81.6.192.0/18
81.86.0.0/16
81.170.0.0/17
81.178.0.0/15
82.133.0.0/17
83.67.0.0/16
84.12.0.0/15
84.43.0.0/17
85.210.0.0/15
87.242.128.0/17
88.104.0.0/13
89.168.0.0/16
89.240.0.0/14
91.146.112.0/21
92.0.0.0/11
185.173.116.0-185.173.123.255
185.175.48.0/22
185.175.144.0/22
193.218.99.0/24
194.106.32.0/19
194.247.224.0/19
195.112.0.0/18
195.137.0.0/17
195.149.0.0/18
212.1.128.0/19
212.67.96.0/19
212.74.96.0/19
212.139.0.0/16
212.159.128.0/18
213.78.0.0/16
213.208.64.0/18
217.8.0.0/19
217.68.128.0/20
Signature Algorithm: sha256WithRSAEncryption
7d:9d:44:19:3e:d4:74:31:8b:eb:02:f1:57:19:4d:d4:5d:69:
a9:2d:c7:28:1b:63:03:e4:8e:be:8d:be:24:8f:aa:a3:66:42:
dc:7f:68:17:fa:a0:5b:51:8b:1a:3b:10:e0:1a:6c:cc:dd:c9:
05:74:f1:14:96:e5:b6:28:25:33:d0:e6:60:ca:45:2d:25:ab:
4f:51:a5:b9:37:ee:fc:5e:96:b0:d7:b4:eb:73:52:da:cf:83:
c7:28:7c:43:30:58:9c:59:63:08:1d:5a:b2:ea:67:e2:a8:4a:
8e:c1:19:4b:df:bb:32:4b:e5:44:e9:d7:83:64:3e:8a:ce:bf:
64:ef:ee:94:c6:b6:66:f9:f4:3d:6f:06:95:41:63:e8:bc:99:
be:40:94:b8:27:c3:c9:81:b7:67:81:6f:26:56:a0:ea:02:0a:
18:2c:10:0c:bd:c8:8a:b7:9b:47:51:9a:9b:00:74:c5:22:c9:
f4:35:b2:a1:d2:c8:60:8e:68:ab:82:eb:0f:38:e6:13:c2:d2:
78:03:65:db:00:c0:0a:49:17:fe:13:11:46:af:42:83:91:38:
57:4c:85:b7:a2:e9:9f:21:9c:45:4e:72:d4:f6:3d:58:25:82:
15:be:f7:f4:b9:60:d7:4a:f3:ed:34:b5:75:fa:37:72:cb:06:
2e:ec:11:5c
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgISAYTp4uc36OTQd6LM5bLTjmU1MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjIxMjA3MDAwMTEyWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzg0ZmY5NzRlNzk2ZWNiMmM4ZjhkMzk5ZTdmYmIwNDY4YmRlMWQ2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlhVFHHEjg+B8vQr1XMEki9IhVlPY
avC2dlALnl9C4djK6HQlCIk9XBlB9WvDN4ULTmUyfVk98SGZhbyGyvoIEum5S1TN
f2VawIi+PtpEgSG0L/XV+YGLS+KvYzVqS8D/ppbIcDHQnmb+UhJCJpchJXH1+oYi
lQENLmsJRUyX9iriPmxvw0/yV1G/hUW8WQfZXq4cNnegIIHkfK4tw6H7Jgbc1gsK
xnxjX69eL7KfglJShK20d+RqwtoREWSjyHDlXOfAeq7mScWLRb17QcbQnQfx/aIf
0S+yEreBF0CkOw3SnB/P+jD5+SpPGJe/HNV+TxYBhPn7Ej39Y40LSAoboQIDAQAB
o4IDBzCCAwMwHQYDVR0OBBYEFLeE/5dOeW7LLI+NOZ5/uwRoveHWMB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEvdDRUX2wwNTVic3NzajQwNW5uLTdCR2k5NGRZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBGwYIKwYBBQUHAQcBAf8EggEKMIIBBjCCAQIEAgABMIH7
AwMDAmADBAY+A8ADBAc+GIADBAU+8aADAwNOkDAKAwMBT0IDAwRPQAMDA1AoAwMA
UOEDBAZRAUADBAZRBsADAwBRVgMEB1GqAAMDAVGyAwQHUoUAAwMAU0MDAwFUDAME
B1QrAAMDAVXSAwQHV/KAAwMDWGgDAwBZqAMDAlnwAwQDW5JwAwMFXAAwDAMEArmt
dAMEArmteAMEArmvMAMEArmvkAMEAMHaYwMEBcJqIAMEBcL34AMEBsNwAAMEB8OJ
AAMEBsOVAAMEBdQBgAMEBdRDYAMEBdRKYAMDANSLAwQG1J+AAwMA1U4DBAbV0EAD
BAXZCAADBATZRIAwDQYJKoZIhvcNAQELBQADggEBAH2dRBk+1HQxi+sC8VcZTdRd
aaktxygbYwPkjr6NviSPqqNmQtx/aBf6oFtRixo7EOAabMzdyQV08RSW5bYoJTPQ
5mDKRS0lq09Rpbk37vxelrDXtOtzUtrPg8cofEMwWJxZYwgdWrLqZ+KoSo7BGUvf
uzJL5UTp14NkPorOv2Tv7pTGtmb59D1vBpVBY+i8mb5AlLgnw8mBt2eBbyZWoOoC
ChgsEAy9yIq3m0dRmpsAdMUiyfQ1sqHSyGCOaKuC6w845hPC0ngDZdsAwApJF/4T
EUavQoOROFdMhbei6Z8hnEVOctT2PVglghW+9/S5YNdK8+00tXX6N3LLBi7sEVw=
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:45:51 2023 by rpki-client on console-fra.rpki-client.org