Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/zgPoWan3J1G-jvUZonf2FQXilAc.roa
File: zgPoWan3J1G-jvUZonf2FQXilAc.roa (raw, json)
Hash identifier: 9VzV0E+GsJ8PbiOP0C2B/qKhRK5WFB3et/brKesmAJU=
Subject key identifier: CE:03:E8:59:A9:F7:27:51:BE:8E:F5:19:A2:77:F6:15:05:E2:94:07
Certificate issuer: /CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Certificate serial: 018D22BCC0049489FDF8766CE6BF89E59824
Authority key identifier: 6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/zgPoWan3J1G-jvUZonf2FQXilAc.roa
Signing time: Fri 19 Jan 2024 17:20:11 +0000
ROA not before: Fri 19 Jan 2024 17:20:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 44477
IP address blocks: 94.131.2.0/24 maxlen: 24
94.131.3.0/24 maxlen: 24
94.131.8.0/21 maxlen: 24
94.131.96.0/24 maxlen: 24
94.131.97.0/24 maxlen: 24
94.131.98.0/24 maxlen: 24
94.131.99.0/24 maxlen: 24
94.131.100.0/24 maxlen: 24
94.131.101.0/24 maxlen: 24
94.131.102.0/24 maxlen: 24
94.131.103.0/24 maxlen: 24
94.131.104.0/24 maxlen: 24
94.131.105.0/24 maxlen: 24
94.131.106.0/24 maxlen: 24
94.131.107.0/24 maxlen: 24
94.131.108.0/24 maxlen: 24
94.131.109.0/24 maxlen: 24
94.131.110.0/24 maxlen: 24
94.131.111.0/24 maxlen: 24
94.131.112.0/24 maxlen: 24
94.131.113.0/24 maxlen: 24
94.131.114.0/24 maxlen: 24
94.131.115.0/24 maxlen: 24
94.131.116.0/24 maxlen: 24
94.131.117.0/24 maxlen: 24
94.131.118.0/24 maxlen: 24
94.131.119.0/24 maxlen: 24
94.131.120.0/22 maxlen: 24
95.164.8.0/22 maxlen: 24
95.164.16.0/22 maxlen: 24
95.164.21.0/24 maxlen: 24
95.164.22.0/24 maxlen: 24
95.164.23.0/24 maxlen: 24
95.164.32.0/21 maxlen: 24
95.164.44.0/22 maxlen: 24
95.164.51.0/24 maxlen: 24
95.164.60.0/22 maxlen: 24
95.164.68.0/24 maxlen: 24
95.164.69.0/24 maxlen: 24
95.164.84.0/22 maxlen: 24
95.164.88.0/24 maxlen: 24
95.164.89.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:22:bc:c0:04:94:89:fd:f8:76:6c:e6:bf:89:e5:98:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6d743ed63e868ef50f6d84c0003a83483fc62a03
Validity
Not Before: Jan 19 17:20:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ce03e859a9f72751be8ef519a277f61505e29407
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:3a:a8:05:6a:05:78:8f:42:82:6d:a9:15:7a:
a5:a1:9d:7a:62:f2:38:12:4b:64:fd:74:f8:0b:7e:
ee:22:0e:ac:6b:35:62:2d:df:6f:27:97:f0:f5:e1:
94:fa:c7:56:23:d8:66:29:54:fd:a6:c3:a1:81:b1:
21:21:f2:ea:fc:7e:12:42:1f:0c:8f:7c:1b:7c:df:
b7:09:e3:44:79:83:55:11:8a:30:d1:76:92:3a:cc:
47:bc:b3:d9:95:08:91:06:cf:68:7d:75:4c:ab:3e:
d8:56:4d:bc:35:03:dc:7c:90:76:d1:4b:5d:4f:90:
bb:91:cf:9a:a8:f7:0d:69:eb:d3:15:51:8a:fa:eb:
38:5e:2b:93:18:84:4c:89:8e:16:f6:66:5a:73:94:
6e:79:f6:e9:ad:a1:9e:da:6d:44:23:19:81:95:67:
39:ee:42:13:8b:da:d5:1c:9d:a5:a6:70:f7:a8:83:
f5:a5:52:01:d3:eb:e7:88:a1:ca:cf:99:b4:3c:ce:
58:70:fd:e2:92:3f:bb:f2:c6:e6:9c:f6:73:9f:e3:
37:02:25:ac:15:43:b8:96:bb:92:7b:95:4a:ad:46:
fe:34:b1:3b:31:59:d5:05:86:28:c5:0c:53:fc:d8:
0b:da:f1:04:fa:e8:03:af:76:7d:fb:bb:59:15:8c:
da:c9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
CE:03:E8:59:A9:F7:27:51:BE:8E:F5:19:A2:77:F6:15:05:E2:94:07
X509v3 Authority Key Identifier:
keyid:6D:74:3E:D6:3E:86:8E:F5:0F:6D:84:C0:00:3A:83:48:3F:C6:2A:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/bXQ-1j6GjvUPbYTAADqDSD_GKgM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/zgPoWan3J1G-jvUZonf2FQXilAc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2d/e05352-f148-40a0-87a4-e9724a7a6bc8/1/bXQ-1j6GjvUPbYTAADqDSD_GKgM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
94.131.2.0/23
94.131.8.0/21
94.131.96.0-94.131.123.255
95.164.8.0/22
95.164.16.0/22
95.164.21.0-95.164.23.255
95.164.32.0/21
95.164.44.0/22
95.164.51.0/24
95.164.60.0/22
95.164.68.0/23
95.164.84.0-95.164.89.255
Signature Algorithm: sha256WithRSAEncryption
78:b6:92:3f:a6:84:54:9a:0b:0a:0b:f6:40:a8:13:25:e2:70:
44:09:3e:6e:e4:8f:fa:6b:9b:bf:7b:9f:28:d4:d7:2c:ec:c2:
05:56:9e:35:ac:61:58:39:1b:2c:0d:08:d7:f3:be:1e:ee:25:
95:40:0d:2c:39:25:91:ce:23:49:a4:a0:9c:ce:eb:31:66:59:
93:d5:29:fe:3b:c9:84:23:15:c6:a9:00:d9:f7:4d:26:76:07:
0b:7a:32:65:98:ec:76:97:7d:d9:47:c9:49:25:a2:86:42:02:
22:07:99:df:bd:73:5c:82:a4:59:ee:5c:ee:15:a6:fe:54:c4:
ad:d6:24:d9:67:3b:d9:9d:e1:e6:92:17:84:41:3a:88:29:5a:
ba:fb:c2:eb:bb:11:70:05:3e:d0:21:4b:04:ae:03:47:5e:0b:
7b:95:83:31:50:7c:94:c6:5c:4c:ee:c2:99:05:92:41:77:d1:
82:1a:f3:42:d2:ef:8f:bd:3e:44:2d:fc:36:95:7e:3a:63:85:
26:02:d9:09:90:ad:30:96:76:12:89:97:81:c2:b6:0e:a7:73:
bd:c4:ce:3d:87:5a:dc:36:1d:f7:f0:1f:9a:15:ce:79:ed:e8:
75:5c:e8:cc:dd:3d:30:9b:eb:dd:6c:9a:43:93:30:6f:84:c5:
2d:6e:41:a3
-----BEGIN CERTIFICATE-----
MIIFVzCCBD+gAwIBAgISAY0ivMAElIn9+HZs5r+J5ZgkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZkNzQzZWQ2M2U4NjhlZjUwZjZkODRjMDAwM2E4MzQ4M2Zj
NjJhMDMwHhcNMjQwMTE5MTcyMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjZTAzZTg1OWE5ZjcyNzUxYmU4ZWY1MTlhMjc3ZjYxNTA1ZTI5NDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhTqoBWoFeI9Cgm2pFXqloZ16YvI4
Ektk/XT4C37uIg6sazViLd9vJ5fw9eGU+sdWI9hmKVT9psOhgbEhIfLq/H4SQh8M
j3wbfN+3CeNEeYNVEYow0XaSOsxHvLPZlQiRBs9ofXVMqz7YVk28NQPcfJB20Utd
T5C7kc+aqPcNaevTFVGK+us4XiuTGIRMiY4W9mZac5RuefbpraGe2m1EIxmBlWc5
7kITi9rVHJ2lpnD3qIP1pVIB0+vniKHKz5m0PM5YcP3ikj+78sbmnPZzn+M3AiWs
FUO4lruSe5VKrUb+NLE7MVnVBYYoxQxT/NgL2vEE+ugDr3Z9+7tZFYzayQIDAQAB
o4ICYzCCAl8wHQYDVR0OBBYEFM4D6Fmp9ydRvo71GaJ39hUF4pQHMB8GA1UdIwQY
MBaAFG10PtY+ho71D22EwAA6g0g/xioDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQt
ZTk3MjRhN2E2YmM4LzEvemdQb1dhbjNKMUctanZVWm9uZjJGUVhpbEFjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZC9lMDUzNTItZjE0OC00MGEwLTg3YTQtZTk3MjRhN2E2YmM4
LzEvYlhRLTFqNkdqdlVQYllUQUFEcURTRF9HS2dNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHkGCCsGAQUFBwEHAQH/BGowaDBmBAIAATBgAwQBXoMCAwQD
XoMIMAwDBAVeg2ADBAJeg3gDBAJfpAgDBAJfpBAwDAMEAF+kFQMEA1+kEAMEA1+k
IAMEAl+kLAMEAF+kMwMEAl+kPAMEAV+kRDAMAwQCX6RUAwQBX6RYMA0GCSqGSIb3
DQEBCwUAA4IBAQB4tpI/poRUmgsKC/ZAqBMl4nBECT5u5I/6a5u/e58o1Ncs7MIF
Vp41rGFYORssDQjX874e7iWVQA0sOSWRziNJpKCczusxZlmT1Sn+O8mEIxXGqQDZ
900mdgcLejJlmOx2l33ZR8lJJaKGQgIiB5nfvXNcgqRZ7lzuFab+VMSt1iTZZzvZ
neHmkheEQTqIKVq6+8LruxFwBT7QIUsErgNHXgt7lYMxUHyUxlxM7sKZBZJBd9GC
GvNC0u+PvT5ELfw2lX46Y4UmAtkJkK0wlnYSiZeBwrYOp3O9xM49h1rcNh338B+a
Fc557eh1XOjM3T0wm+vdbJpDkzBvhMUtbkGj
-----END CERTIFICATE-----
Generated at Thu Mar 13 20:54:33 2025 by rpki-client