Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/xYhnXmcHxxePg4vso1UVOQe0oT4.roa
File: xYhnXmcHxxePg4vso1UVOQe0oT4.roa (raw, json)
Hash identifier: rr4nrK6ABicUwiga84F35VfkIxAiKckAU+UV5vZ+QeA=
Subject key identifier: C5:88:67:5E:67:07:C7:17:8F:83:8B:EC:A3:55:15:39:07:B4:A1:3E
Certificate issuer: /CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Certificate serial: 018F57E1A536B26918E1198E3CADA1024723
Authority key identifier: A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/xYhnXmcHxxePg4vso1UVOQe0oT4.roa
Signing time: Wed 08 May 2024 11:05:56 +0000
ROA not before: Wed 08 May 2024 11:05:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 13285
IP address blocks: 2.96.0.0/13 maxlen: 24
62.3.192.0/18 maxlen: 24
62.24.128.0/17 maxlen: 24
62.241.160.0/19 maxlen: 24
78.144.0.0/13 maxlen: 24
81.6.192.0/18 maxlen: 24
82.133.0.0/17 maxlen: 24
84.12.0.0/16 maxlen: 24
89.240.0.0/14 maxlen: 24
91.146.112.0/21 maxlen: 24
92.5.0.0/16 maxlen: 24
92.6.0.0/15 maxlen: 24
92.8.0.0/13 maxlen: 24
92.16.0.0/12 maxlen: 24
185.112.212.0/22 maxlen: 24
185.173.116.0/22 maxlen: 24
185.173.120.0/22 maxlen: 24
185.175.144.0/22 maxlen: 24
193.218.99.0/24 maxlen: 24
195.112.0.0/18 maxlen: 24
195.149.0.0/18 maxlen: 24
212.139.24.0/24 maxlen: 24
212.139.133.0/24 maxlen: 24
212.139.148.0/22 maxlen: 22
213.208.64.0/18 maxlen: 24
217.8.0.0/19 maxlen: 24
217.68.128.0/20 maxlen: 24
2001:7e0::/32 maxlen: 32
2001:4a00::/27 maxlen: 27
2a00:4340::/32 maxlen: 32
2a0b:db00::/29 maxlen: 29
2a0b:e900::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:57:e1:a5:36:b2:69:18:e1:19:8e:3c:ad:a1:02:47:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=a9807f6d50d97d971dcf2e2e5064e9b907adb3ec
Validity
Not Before: May 8 11:05:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=c588675e6707c7178f838beca355153907b4a13e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cc:7c:90:a8:c3:61:fa:b0:c1:07:bb:27:90:9e:
24:53:75:89:d0:f3:f6:0b:e1:d9:08:a8:7a:a2:19:
83:97:04:e2:0d:8f:6d:fe:b6:f9:db:03:f2:a4:e8:
f0:27:6d:2a:80:29:2e:63:d4:1e:fd:06:54:54:f9:
9a:3d:43:f8:df:d4:2b:53:ff:c1:ec:1e:56:21:19:
90:ed:71:7e:bf:ab:96:e1:e5:13:53:fa:76:d3:37:
ab:79:dc:05:83:02:63:d2:3f:8c:9a:9d:bd:67:df:
17:b3:5a:dd:b4:87:37:67:0c:af:24:99:ce:d3:e4:
02:be:1a:20:42:e0:19:31:50:9d:41:72:33:ec:e8:
7a:28:b3:63:aa:37:6f:b3:86:8b:45:44:3e:75:eb:
6a:ad:86:39:73:8b:ed:0b:72:1b:a4:ef:0c:d9:bd:
fd:74:2e:f7:02:94:ea:49:b6:27:c9:d8:e9:5e:c1:
ab:10:1e:79:d2:8e:b1:3c:93:e3:da:64:f7:e3:b6:
0a:a3:d6:2a:c2:80:cb:c5:04:4c:d0:32:e8:8f:8e:
6b:fb:3e:a8:66:c5:54:8b:a3:a0:35:7a:10:89:87:
6c:87:b7:4e:64:9c:be:02:cd:01:98:b5:96:c0:14:
f3:da:16:79:bd:85:df:89:6d:94:fb:cd:46:da:a4:
2c:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C5:88:67:5E:67:07:C7:17:8F:83:8B:EC:A3:55:15:39:07:B4:A1:3E
X509v3 Authority Key Identifier:
keyid:A9:80:7F:6D:50:D9:7D:97:1D:CF:2E:2E:50:64:E9:B9:07:AD:B3:EC
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/qYB_bVDZfZcdzy4uUGTpuQets-w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/xYhnXmcHxxePg4vso1UVOQe0oT4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/ca9dbe-0095-40f3-b932-0d8f7dd8cce6/1/qYB_bVDZfZcdzy4uUGTpuQets-w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.96.0.0/13
62.3.192.0/18
62.24.128.0/17
62.241.160.0/19
78.144.0.0/13
81.6.192.0/18
82.133.0.0/17
84.12.0.0/16
89.240.0.0/14
91.146.112.0/21
92.5.0.0-92.31.255.255
185.112.212.0/22
185.173.116.0-185.173.123.255
185.175.144.0/22
193.218.99.0/24
195.112.0.0/18
195.149.0.0/18
212.139.24.0/24
212.139.133.0/24
212.139.148.0/22
213.208.64.0/18
217.8.0.0/19
217.68.128.0/20
IPv6:
2001:7e0::/32
2001:4a00::/27
2a00:4340::/32
2a0b:db00::/29
2a0b:e900::/29
Signature Algorithm: sha256WithRSAEncryption
c8:f2:6b:9a:ec:54:2f:0b:25:6c:f3:11:57:34:31:33:00:86:
62:3e:78:c0:3c:ad:4f:41:41:26:9b:f3:3f:8c:6e:09:29:99:
66:7d:ed:81:2c:ae:a8:3a:b1:75:c7:38:20:70:62:df:9c:73:
c5:8a:5f:05:36:eb:9b:95:60:8c:7b:bc:c5:af:cd:85:5e:f6:
56:01:d4:26:4a:06:bd:2e:61:c3:15:78:36:40:3a:01:5a:f1:
7b:31:2b:e5:67:e1:3b:6d:6a:96:0a:d3:6d:3d:95:0e:d7:b1:
ec:5e:57:6f:f2:6e:6f:a2:b7:c2:fe:86:93:de:0f:9a:d6:b7:
58:55:50:08:13:fe:8a:fb:5d:94:89:93:4f:c6:31:93:fb:db:
08:2e:17:05:f6:bf:a6:70:6f:33:1b:dc:e7:dc:6c:d8:1e:39:
53:17:c2:69:e4:47:a6:84:c0:cd:3e:1c:0b:98:07:55:dc:3d:
ef:a6:94:1f:a6:79:cc:90:a3:a5:d1:6f:2c:7b:fc:a3:38:5e:
87:40:44:59:61:ce:61:71:ca:41:a0:de:41:01:1c:ca:ac:8a:
19:ae:1c:3a:d1:53:ec:d5:9d:db:02:52:00:09:7d:b0:9a:8c:
71:e0:c9:54:0a:c9:8a:0c:ad:86:72:65:82:87:09:5d:3d:59:
a4:73:78:82
-----BEGIN CERTIFICATE-----
MIIFuzCCBKOgAwIBAgISAY9X4aU2smkY4RmOPK2hAkcjMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE5ODA3ZjZkNTBkOTdkOTcxZGNmMmUyZTUwNjRlOWI5MDdh
ZGIzZWMwHhcNMjQwNTA4MTEwNTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjNTg4Njc1ZTY3MDdjNzE3OGY4MzhiZWNhMzU1MTUzOTA3YjRhMTNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzHyQqMNh+rDBB7snkJ4kU3WJ0PP2
C+HZCKh6ohmDlwTiDY9t/rb52wPypOjwJ20qgCkuY9Qe/QZUVPmaPUP439QrU//B
7B5WIRmQ7XF+v6uW4eUTU/p20zeredwFgwJj0j+Mmp29Z98Xs1rdtIc3ZwyvJJnO
0+QCvhogQuAZMVCdQXIz7Oh6KLNjqjdvs4aLRUQ+detqrYY5c4vtC3IbpO8M2b39
dC73ApTqSbYnydjpXsGrEB550o6xPJPj2mT347YKo9YqwoDLxQRM0DLoj45r+z6o
ZsVUi6OgNXoQiYdsh7dOZJy+As0BmLWWwBTz2hZ5vYXfiW2U+81G2qQsIQIDAQAB
o4ICxzCCAsMwHQYDVR0OBBYEFMWIZ15nB8cXj4OL7KNVFTkHtKE+MB8GA1UdIwQY
MBaAFKmAf21Q2X2XHc8uLlBk6bkHrbPsMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzIt
MGQ4ZjdkZDhjY2U2LzEveFloblhtY0h4eGVQZzR2c28xVVZPUWUwb1Q0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi9jYTlkYmUtMDA5NS00MGYzLWI5MzItMGQ4ZjdkZDhjY2U2
LzEvcVlCX2JWRFpmWmNkenk0dVVHVHB1UWV0cy13LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHcBggrBgEFBQcBBwEB/wSBzDCByTCBmwQCAAEwgZQDAwMC
YAMEBj4DwAMEBz4YgAMEBT7xoAMDA06QAwQGUQbAAwQHUoUAAwMAVAwDAwJZ8AME
A1uScDAKAwMAXAUDAwVcAAMEArlw1DAMAwQCua10AwQCua14AwQCua+QAwQAwdpj
AwQGw3AAAwQGw5UAAwQA1IsYAwQA1IuFAwQC1IuUAwQG1dBAAwQF2QgAAwQE2USA
MCkEAgACMCMDBQAgAQfgAwUFIAFKAAMFACoAQ0ADBQMqC9sAAwUDKgvpADANBgkq
hkiG9w0BAQsFAAOCAQEAyPJrmuxULwslbPMRVzQxMwCGYj54wDytT0FBJpvzP4xu
CSmZZn3tgSyuqDqxdcc4IHBi35xzxYpfBTbrm5VgjHu8xa/NhV72VgHUJkoGvS5h
wxV4NkA6AVrxezEr5WfhO21qlgrTbT2VDtex7F5Xb/Jub6K3wv6Gk94Pmta3WFVQ
CBP+ivtdlImTT8Yxk/vbCC4XBfa/pnBvMxvc59xs2B45UxfCaeRHpoTAzT4cC5gH
Vdw976aUH6Z5zJCjpdFvLHv8ozheh0BEWWHOYXHKQaDeQQEcyqyKGa4cOtFT7NWd
2wJSAAl9sJqMceDJVArJigythnJlgocJXT1ZpHN4gg==
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:20:52 2025 by rpki-client