Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/1UguSN_a931h-WfO6AxlCFQVC54.roa
File: 1UguSN_a931h-WfO6AxlCFQVC54.roa (raw, json)
Hash identifier: D0t+fgNT3/Qz4ILKyDgK8WpSYR/VC2FPVQs90Dvvdm4=
Subject key identifier: D5:48:2E:48:DF:DA:F7:7D:61:F9:67:CE:E8:0C:65:08:54:15:0B:9E
Certificate issuer: /CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
Certificate serial: 018C6D723E2073EF4932E0BA29BFFBC47F23
Authority key identifier: 2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/1UguSN_a931h-WfO6AxlCFQVC54.roa
Signing time: Fri 15 Dec 2023 12:27:32 +0000
ROA not before: Fri 15 Dec 2023 12:27:32 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3292
IP address blocks: 195.215.0.0/16 maxlen: 16
87.60.0.0/14 maxlen: 14
62.242.0.0/15 maxlen: 15
87.56.128.0/17 maxlen: 17
192.66.175.0/24 maxlen: 24
192.66.180.0/24 maxlen: 24
192.66.181.0/24 maxlen: 24
2.104.0.0/13 maxlen: 13
176.20.0.0/17 maxlen: 17
195.97.128.0/18 maxlen: 18
194.239.0.0/16 maxlen: 16
2.111.0.0/16 maxlen: 16
93.178.128.0/18 maxlen: 18
2.104.0.0/14 maxlen: 14
195.249.0.0/16 maxlen: 16
87.57.0.0/16 maxlen: 16
93.160.0.0/13 maxlen: 13
80.160.0.0/13 maxlen: 13
193.163.158.0/23 maxlen: 23
128.76.0.0/16 maxlen: 16
193.163.160.0/21 maxlen: 21
212.130.0.0/16 maxlen: 16
87.59.0.0/16 maxlen: 16
176.22.0.0/15 maxlen: 15
194.247.188.0/23 maxlen: 23
131.164.0.0/16 maxlen: 16
193.39.139.0/24 maxlen: 24
192.66.25.0/24 maxlen: 24
87.56.0.0/18 maxlen: 18
192.66.33.0/24 maxlen: 24
192.66.38.0/24 maxlen: 24
192.66.36.0/24 maxlen: 24
2.110.0.0/20 maxlen: 20
195.184.32.0/19 maxlen: 19
2.110.0.0/16 maxlen: 16
2.110.16.0/22 maxlen: 22
194.182.240.0/20 maxlen: 20
188.176.0.0/13 maxlen: 13
87.48.0.0/13 maxlen: 13
95.166.64.0/18 maxlen: 18
87.58.128.0/17 maxlen: 17
193.162.145.0/24 maxlen: 24
193.162.152.0/21 maxlen: 21
193.162.146.0/24 maxlen: 24
85.129.0.0/17 maxlen: 17
194.182.232.0/21 maxlen: 21
81.31.80.0/20 maxlen: 20
91.199.190.0/24 maxlen: 24
193.163.10.0/24 maxlen: 24
195.95.181.0/24 maxlen: 24
193.163.24.0/22 maxlen: 22
80.62.0.0/15 maxlen: 15
95.166.128.0/17 maxlen: 17
2.108.0.0/15 maxlen: 15
94.189.0.0/17 maxlen: 17
128.77.128.0/17 maxlen: 17
194.192.0.0/16 maxlen: 16
193.3.130.0/23 maxlen: 23
193.3.140.0/24 maxlen: 24
193.3.141.0/24 maxlen: 24
193.3.142.0/24 maxlen: 24
83.88.0.0/13 maxlen: 13
194.182.144.0/21 maxlen: 21
193.162.98.0/23 maxlen: 23
87.58.0.0/18 maxlen: 18
80.196.0.0/14 maxlen: 14
62.135.128.0/17 maxlen: 17
176.21.0.0/16 maxlen: 16
193.162.32.0/23 maxlen: 23
193.88.0.0/15 maxlen: 15
193.3.224.0/22 maxlen: 22
176.20.192.0/18 maxlen: 18
194.182.128.0/20 maxlen: 20
195.41.0.0/16 maxlen: 16
2001:6c8::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:6d:72:3e:20:73:ef:49:32:e0:ba:29:bf:fb:c4:7f:23
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
Validity
Not Before: Dec 15 12:27:32 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d5482e48dfdaf77d61f967cee80c650854150b9e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:5c:d2:37:33:a5:a5:3e:00:e6:fd:6b:53:e5:
94:64:28:c3:3f:88:3f:e8:bc:ec:6a:a5:b4:e2:79:
58:f0:fc:1a:37:03:46:e0:81:f9:81:5e:56:5b:7d:
ce:b3:9c:da:ab:3a:10:b2:3d:98:2d:12:6e:53:a6:
61:d7:d7:ff:0f:79:5a:e6:cd:47:2a:bb:79:58:c2:
fe:57:28:23:70:f7:e1:ac:b0:a9:35:35:9b:18:ed:
cb:62:b5:de:b1:62:9f:b2:bd:2b:18:74:79:da:6b:
5b:79:19:a3:fb:da:7a:fa:77:09:9e:07:7a:6d:b0:
f2:bd:75:cc:50:a0:1a:a5:08:7b:63:1b:2c:5e:8d:
4d:e0:c7:71:17:e5:be:de:e2:51:cd:04:55:c0:28:
a7:42:71:46:4f:2e:a4:c2:83:9e:0b:e4:25:a8:43:
e5:36:91:03:f5:05:b2:3f:d9:97:ba:5f:20:7f:17:
2e:7c:25:e5:52:35:1f:d8:2e:83:e5:76:01:b2:f1:
e7:12:25:ab:80:b6:4e:bb:b1:57:31:16:d5:f1:21:
18:93:d0:a5:4d:6a:cc:3c:c3:19:11:e2:02:65:74:
e0:57:03:c5:02:ad:b4:f8:39:a8:a9:54:17:b2:b1:
e9:33:19:64:74:85:cd:3c:21:3d:af:09:6e:59:19:
6a:ed
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D5:48:2E:48:DF:DA:F7:7D:61:F9:67:CE:E8:0C:65:08:54:15:0B:9E
X509v3 Authority Key Identifier:
keyid:2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/1UguSN_a931h-WfO6AxlCFQVC54.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/Loskx2rYemwf7f-vCNmxe0UkmZE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.104.0.0/13
62.135.128.0/17
62.242.0.0/15
80.62.0.0/15
80.160.0.0/13
80.196.0.0/14
81.31.80.0/20
83.88.0.0/13
85.129.0.0/17
87.48.0.0-87.56.63.255
87.56.128.0-87.58.63.255
87.58.128.0-87.63.255.255
91.199.190.0/24
93.160.0.0/13
93.178.128.0/18
94.189.0.0/17
95.166.64.0-95.166.255.255
128.76.0.0/16
128.77.128.0/17
131.164.0.0/16
176.20.0.0/17
176.20.192.0-176.23.255.255
188.176.0.0/13
192.66.25.0/24
192.66.33.0/24
192.66.36.0/24
192.66.38.0/24
192.66.175.0/24
192.66.180.0/23
193.3.130.0/23
193.3.140.0-193.3.142.255
193.3.224.0/22
193.39.139.0/24
193.88.0.0/15
193.162.32.0/23
193.162.98.0/23
193.162.145.0-193.162.146.255
193.162.152.0/21
193.163.10.0/24
193.163.24.0/22
193.163.158.0-193.163.167.255
194.182.128.0-194.182.151.255
194.182.232.0-194.182.255.255
194.192.0.0/16
194.239.0.0/16
194.247.188.0/23
195.41.0.0/16
195.95.181.0/24
195.97.128.0/18
195.184.32.0/19
195.215.0.0/16
195.249.0.0/16
212.130.0.0/16
IPv6:
2001:6c8::/29
Signature Algorithm: sha256WithRSAEncryption
74:fa:7e:f4:45:3f:db:10:70:72:d9:df:da:49:ff:fe:10:f0:
38:20:03:dc:c8:32:2f:40:91:04:0f:bf:87:49:cd:7e:d6:17:
1c:ba:06:31:6b:47:cb:28:e8:44:c9:a7:c7:bb:ff:8e:a5:57:
41:b8:e9:a3:7a:f9:91:d6:85:db:e3:5c:93:b4:c6:f7:ea:ed:
08:04:af:9d:08:f8:88:83:a0:74:05:c5:f6:f0:16:6e:a3:62:
00:05:6f:4d:89:d0:cf:97:c0:c7:ee:80:e1:57:01:e7:a6:c6:
5c:71:bd:27:d6:7e:5b:b0:52:ee:73:29:63:f9:9f:86:ea:2e:
4b:85:dd:89:9f:1b:74:84:09:3e:20:d0:74:88:f5:b9:91:13:
68:80:f1:9d:ca:d6:9b:73:19:20:d4:b7:d9:d6:bc:5f:fa:07:
14:e0:73:18:0a:4b:9f:9e:82:9c:f0:c7:55:08:87:10:e1:24:
39:c6:f2:af:d9:43:09:5a:6c:fd:a5:51:3d:53:93:18:7d:c1:
c9:9f:7f:35:e7:f0:71:5d:c7:02:97:1a:f5:a6:33:4a:9b:8f:
bf:a9:e2:26:95:aa:c8:0d:1c:81:c8:d2:f2:70:1b:75:fe:e3:
1e:a1:8b:bb:9c:d9:af:a6:43:c1:10:30:2b:b4:8b:ee:fd:8c:
cb:d8:32:34
-----BEGIN CERTIFICATE-----
MIIGiDCCBXCgAwIBAgISAYxtcj4gc+9JMuC6Kb/7xH8jMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlOGIyNGM3NmFkODdhNmMxZmVkZmZhZjA4ZDliMTdiNDUy
NDk5OTEwHhcNMjMxMjE1MTIyNzMyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNTQ4MmU0OGRmZGFmNzdkNjFmOTY3Y2VlODBjNjUwODU0MTUwYjllMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhFzSNzOlpT4A5v1rU+WUZCjDP4g/
6LzsaqW04nlY8PwaNwNG4IH5gV5WW33Os5zaqzoQsj2YLRJuU6Zh19f/D3la5s1H
Krt5WML+VygjcPfhrLCpNTWbGO3LYrXesWKfsr0rGHR52mtbeRmj+9p6+ncJngd6
bbDyvXXMUKAapQh7YxssXo1N4MdxF+W+3uJRzQRVwCinQnFGTy6kwoOeC+QlqEPl
NpED9QWyP9mXul8gfxcufCXlUjUf2C6D5XYBsvHnEiWrgLZOu7FXMRbV8SEYk9Cl
TWrMPMMZEeICZXTgVwPFAq20+DmoqVQXsrHpMxlkdIXNPCE9rwluWRlq7QIDAQAB
o4IDlDCCA5AwHQYDVR0OBBYEFNVILkjf2vd9YflnzugMZQhUFQueMB8GA1UdIwQY
MBaAFC6LJMdq2HpsH+3/rwjZsXtFJJmRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9za3gyclllbXdmN2YtdkNObXhlMFVrbVpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8wNGQzNDgtNzViOS00OGQyLWJlMTAt
OTExOTBhMDJkYjcwLzEvMVVndVNOX2E5MzFoLVdmTzZBeGxDRlFWQzU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8wNGQzNDgtNzViOS00OGQyLWJlMTAtOTExOTBhMDJkYjcw
LzEvTG9za3gyclllbXdmN2YtdkNObXhlMFVrbVpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBqAYIKwYBBQUHAQcBAf8EggGXMIIBkzCCAYAEAgABMIIB
eAMDAwJoAwQHPoeAAwMBPvIDAwFQPgMDA1CgAwMCUMQDBARRH1ADAwNTWAMEB1WB
ADALAwMEVzADBAZXOAAwDAMEB1c4gAMEBlc6ADALAwQHVzqAAwMGVwADBABbx74D
AwNdoAMEBl2ygAMEB169ADALAwQGX6ZAAwMAX6YDAwCATAMEB4BNgAMDAIOkAwQH
sBQAMAsDBAawFMADAwOwEAMDA7ywAwQAwEIZAwQAwEIhAwQAwEIkAwQAwEImAwQA
wEKvAwQBwEK0AwQBwQOCMAwDBALBA4wDBADBA44DBALBA+ADBADBJ4sDAwHBWAME
AcGiIAMEAcGiYjAMAwQAwaKRAwQAwaKSAwQDwaKYAwQAwaMKAwQCwaMYMAwDBAHB
o54DBAPBo6AwDAMEB8K2gAMEA8K2kDALAwQDwrboAwMAwrYDAwDCwAMDAMLvAwQB
wve8AwMAwykDBADDX7UDBAbDYYADBAXDuCADAwDD1wMDAMP5AwMA1IIwDQQCAAIw
BwMFAyABBsgwDQYJKoZIhvcNAQELBQADggEBAHT6fvRFP9sQcHLZ39pJ//4Q8Dgg
A9zIMi9AkQQPv4dJzX7WFxy6BjFrR8so6ETJp8e7/46lV0G46aN6+ZHWhdvjXJO0
xvfq7QgEr50I+IiDoHQFxfbwFm6jYgAFb02J0M+XwMfugOFXAeemxlxxvSfWfluw
Uu5zKWP5n4bqLkuF3YmfG3SECT4g0HSI9bmRE2iA8Z3K1ptzGSDUt9nWvF/6BxTg
cxgKS5+egpzwx1UIhxDhJDnG8q/ZQwlabP2lUT1Tkxh9wcmffzXn8HFdxwKXGvWm
M0qbj7+p4iaVqsgNHIHI0vJwG3X+4x6hi7uc2a+mQ8EQMCu0i+79jMvYMjQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:00 2024 by rpki-client on console-fra.rpki-client.org