Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/p_dNdzBIivBN94vhSN1sepecAsM.roa
File: p_dNdzBIivBN94vhSN1sepecAsM.roa (raw, json)
Hash identifier: oxRVca0c8h0tOC+OHd5r+sAKDmwq6pJ9DRAlkMpU5/g=
Subject key identifier: A7:F7:4D:77:30:48:8A:F0:4D:F7:8B:E1:48:DD:6C:7A:97:9C:02:C3
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 0190EF702D8A7A8796FF8B22528F544D4DA1
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/p_dNdzBIivBN94vhSN1sepecAsM.roa
Signing time: Fri 26 Jul 2024 14:27:04 +0000
ROA not before: Fri 26 Jul 2024 14:27:04 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8772
IP address blocks: 62.205.128.0/19 maxlen: 20
62.205.132.0/24 maxlen: 24
62.205.134.0/24 maxlen: 24
62.205.144.0/20 maxlen: 20
62.205.152.0/24 maxlen: 24
62.205.159.0/24 maxlen: 24
94.131.0.0/23 maxlen: 23
94.131.0.0/24 maxlen: 24
94.131.4.0/24 maxlen: 24
94.131.6.0/24 maxlen: 24
94.131.7.0/24 maxlen: 24
94.131.124.0/24 maxlen: 24
94.131.127.0/24 maxlen: 24
95.164.12.0/23 maxlen: 23
95.164.15.0/24 maxlen: 24
95.164.20.0/24 maxlen: 24
95.164.40.0/22 maxlen: 22
95.164.49.0/24 maxlen: 24
95.164.50.0/24 maxlen: 24
95.164.52.0/22 maxlen: 22
95.164.56.0/22 maxlen: 22
95.164.72.0/22 maxlen: 22
95.164.76.0/24 maxlen: 24
95.164.80.0/22 maxlen: 22
95.164.92.0/24 maxlen: 24
95.164.120.0/24 maxlen: 24
95.164.121.0/24 maxlen: 24
95.164.122.0/24 maxlen: 24
95.164.123.0/24 maxlen: 24
95.164.170.0/23 maxlen: 23
95.164.172.0/22 maxlen: 22
95.164.248.0/23 maxlen: 23
95.164.251.0/24 maxlen: 24
195.214.208.0/21 maxlen: 21
195.214.208.0/22 maxlen: 22
195.214.210.0/24 maxlen: 24
195.214.212.0/22 maxlen: 22
2a01:d0::/32 maxlen: 32
2a01:d0:4::/48 maxlen: 48
2a01:d0:a::/48 maxlen: 48
2a01:d0:28::/48 maxlen: 48
2a01:d0:3b::/48 maxlen: 48
2a01:d0:43::/48 maxlen: 48
2a01:d0:105::/48 maxlen: 48
2a01:d0:303::/48 maxlen: 48
2a01:d0:305::/48 maxlen: 48
2a01:d0:308::/48 maxlen: 48
2a01:d0:317::/48 maxlen: 48
2a01:d0:31d::/48 maxlen: 48
2a01:d0:333::/48 maxlen: 48
2a01:d0:962::/48 maxlen: 48
2a01:d0:1657::/48 maxlen: 48
2a01:d0:7fff::/48 maxlen: 48
2a01:d0:8000::/33 maxlen: 33
2a01:d0:ffff::/48 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:ef:70:2d:8a:7a:87:96:ff:8b:22:52:8f:54:4d:4d:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: Jul 26 14:27:04 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=a7f74d7730488af04df78be148dd6c7a979c02c3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e8:a1:a8:2a:a3:04:8c:50:6d:d2:1e:5c:ab:6b:
46:a6:4e:66:55:57:d7:34:3e:0b:64:22:8a:d8:00:
e1:95:57:b4:a6:82:72:e4:22:92:02:86:a7:d8:c1:
6d:d7:5c:29:b6:e1:cf:bd:3b:4f:79:a0:0a:54:33:
6c:13:3b:ba:fa:4d:90:60:32:30:50:8f:38:b3:18:
55:be:cf:51:7a:68:7a:89:da:39:ec:e3:2b:58:ab:
b8:18:3d:69:6e:13:5f:8f:fa:d5:e2:ca:97:3e:9b:
02:3f:97:af:9b:f0:97:ad:ce:36:0f:51:e8:96:cb:
19:a4:74:ec:70:c6:e2:0f:2b:f8:9e:f0:a7:eb:dd:
ab:50:02:00:1d:23:aa:61:b2:90:56:09:25:b3:a5:
d7:fd:42:29:24:e3:ff:c2:09:c0:3d:e8:7f:9d:23:
b7:3e:63:37:ab:ac:e3:dd:44:9c:8d:1a:d4:fc:ba:
86:04:ca:b0:40:72:be:5d:be:40:a6:33:10:c7:f9:
16:1f:69:67:b1:0f:19:36:6c:a2:c8:63:1b:b6:aa:
16:b5:5b:15:3c:6d:e1:ab:dd:ae:33:ce:09:f5:4b:
29:dd:ac:23:25:2e:25:75:79:91:82:9b:30:70:4c:
0c:20:48:54:15:fc:7a:2e:ab:b8:9d:30:ae:87:8a:
2e:89
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A7:F7:4D:77:30:48:8A:F0:4D:F7:8B:E1:48:DD:6C:7A:97:9C:02:C3
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/p_dNdzBIivBN94vhSN1sepecAsM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.205.128.0/19
94.131.0.0/23
94.131.4.0/24
94.131.6.0/23
94.131.124.0/24
94.131.127.0/24
95.164.12.0/23
95.164.15.0/24
95.164.20.0/24
95.164.40.0/22
95.164.49.0-95.164.50.255
95.164.52.0-95.164.59.255
95.164.72.0-95.164.76.255
95.164.80.0/22
95.164.92.0/24
95.164.120.0/22
95.164.170.0-95.164.175.255
95.164.248.0/23
95.164.251.0/24
195.214.208.0/21
IPv6:
2a01:d0::/32
Signature Algorithm: sha256WithRSAEncryption
67:ac:dd:6b:72:da:07:7e:ff:6c:96:50:88:3e:75:72:0b:bd:
d8:00:ae:73:a9:97:93:38:11:a9:db:a4:36:f8:a5:c4:c7:e3:
66:25:a6:b4:6a:65:50:f8:a8:78:e0:38:68:01:43:48:84:4c:
fe:0a:84:60:c0:c6:28:ce:69:38:d1:e6:b0:c0:76:cd:aa:0e:
16:dd:dc:eb:1e:86:85:18:22:96:90:9e:4c:19:8c:db:0c:98:
e1:10:c6:38:92:91:ed:e4:3e:bd:ea:4a:53:2c:97:79:b6:3b:
97:97:07:27:e1:5a:58:75:e0:7d:9b:80:c3:d7:f4:97:90:ba:
8d:65:1b:15:9a:4f:8a:75:89:a1:bc:b0:d3:0c:84:b2:c7:79:
1a:da:7b:39:29:cd:03:8f:1a:d4:fc:1a:53:00:07:e0:09:d5:
21:ce:69:46:73:69:4a:64:a5:e5:21:f9:6a:66:04:32:6e:7b:
a5:4c:ab:d2:76:e3:6e:e3:9c:a6:bf:52:a5:5e:7a:f6:e6:bf:
97:d7:3e:85:c9:a9:af:98:3e:ea:58:fd:55:7b:93:bf:f8:97:
dd:d2:e6:34:25:54:6d:cf:1a:bf:02:d6:f3:6c:6e:a5:40:3c:
1c:37:6c:e0:c4:8a:8f:88:a9:d3:c0:5b:dd:70:9f:6a:2b:42:
4a:0a:ba:39
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgISAZDvcC2KeoeW/4siUo9UTU2hMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwNzI2MTQyNzA0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhN2Y3NGQ3NzMwNDg4YWYwNGRmNzhiZTE0OGRkNmM3YTk3OWMwMmMzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6KGoKqMEjFBt0h5cq2tGpk5mVVfX
ND4LZCKK2ADhlVe0poJy5CKSAoan2MFt11wptuHPvTtPeaAKVDNsEzu6+k2QYDIw
UI84sxhVvs9Remh6ido57OMrWKu4GD1pbhNfj/rV4sqXPpsCP5evm/CXrc42D1Ho
lssZpHTscMbiDyv4nvCn692rUAIAHSOqYbKQVgkls6XX/UIpJOP/wgnAPeh/nSO3
PmM3q6zj3UScjRrU/LqGBMqwQHK+Xb5ApjMQx/kWH2lnsQ8ZNmyiyGMbtqoWtVsV
PG3hq92uM84J9Usp3awjJS4ldXmRgpswcEwMIEhUFfx6Lqu4nTCuh4ouiQIDAQAB
o4ICrzCCAqswHQYDVR0OBBYEFKf3TXcwSIrwTfeL4UjdbHqXnALDMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvcF9kTmR6QklpdkJOOTR2aFNOMXNlcGVjQXNNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHEBggrBgEFBQcBBwEB/wSBtDCBsTCBnwQCAAEwgZgDBAU+
zYADBAFegwADBABegwQDBAFegwYDBABeg3wDBABeg38DBAFfpAwDBABfpA8DBABf
pBQDBAJfpCgwDAMEAF+kMQMEAF+kMjAMAwQCX6Q0AwQCX6Q4MAwDBANfpEgDBABf
pEwDBAJfpFADBABfpFwDBAJfpHgwDAMEAV+kqgMEBF+koAMEAV+k+AMEAF+k+wME
A8PW0DANBAIAAjAHAwUAKgEA0DANBgkqhkiG9w0BAQsFAAOCAQEAZ6zda3LaB37/
bJZQiD51cgu92ACuc6mXkzgRqdukNvilxMfjZiWmtGplUPioeOA4aAFDSIRM/gqE
YMDGKM5pONHmsMB2zaoOFt3c6x6GhRgilpCeTBmM2wyY4RDGOJKR7eQ+vepKUyyX
ebY7l5cHJ+FaWHXgfZuAw9f0l5C6jWUbFZpPinWJobyw0wyEssd5Gtp7OSnNA48a
1PwaUwAH4AnVIc5pRnNpSmSl5SH5amYEMm57pUyr0nbjbuOcpr9SpV569ua/l9c+
hcmpr5g+6lj9VXuTv/iX3dLmNCVUbc8avwLW82xupUA8HDds4MSKj4ip08Bb3XCf
aitCSgq6OQ==
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:53:24 2025 by rpki-client