Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/AyzibTgotZAtik8JOS9G_287nNE.roa
File: AyzibTgotZAtik8JOS9G_287nNE.roa (raw, json)
Hash identifier: y6dYRw9MBLHAM+tXHW3nWMKbUlBpm7EtNGEXoxZxEoM=
Subject key identifier: 03:2C:E2:6D:38:28:B5:90:2D:8A:4F:09:39:2F:46:FF:6F:3B:9C:D1
Certificate issuer: /CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
Certificate serial: 42865135
Authority key identifier: 2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/AyzibTgotZAtik8JOS9G_287nNE.roa
Signing time: Mon 23 May 2022 07:54:02 +0000
ROA not before: Mon 23 May 2022 07:54:02 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 3292
IP address blocks: 194.182.240.0/20 maxlen: 20
188.176.0.0/13 maxlen: 13
195.215.0.0/16 maxlen: 16
62.242.0.0/15 maxlen: 15
193.162.145.0/24 maxlen: 24
193.162.152.0/21 maxlen: 21
193.162.146.0/24 maxlen: 24
95.166.0.0/16 maxlen: 16
85.129.0.0/17 maxlen: 17
194.182.232.0/21 maxlen: 21
81.31.80.0/20 maxlen: 20
2.104.0.0/13 maxlen: 13
195.97.128.0/18 maxlen: 18
194.239.0.0/16 maxlen: 16
176.20.0.0/14 maxlen: 14
93.178.128.0/18 maxlen: 18
87.48.0.0/12 maxlen: 12
193.163.10.0/24 maxlen: 24
193.163.24.0/22 maxlen: 22
80.62.0.0/15 maxlen: 15
195.249.0.0/16 maxlen: 16
93.160.0.0/13 maxlen: 13
80.160.0.0/13 maxlen: 13
193.163.158.0/23 maxlen: 23
128.76.0.0/16 maxlen: 16
193.163.160.0/21 maxlen: 21
128.76.0.0/15 maxlen: 15
212.130.0.0/16 maxlen: 16
94.189.0.0/17 maxlen: 17
128.77.128.0/17 maxlen: 17
194.192.0.0/16 maxlen: 16
193.3.130.0/23 maxlen: 23
193.3.140.0/24 maxlen: 24
193.3.141.0/24 maxlen: 24
193.3.142.0/24 maxlen: 24
83.88.0.0/13 maxlen: 13
194.182.144.0/21 maxlen: 21
193.162.98.0/23 maxlen: 23
80.196.0.0/14 maxlen: 14
62.135.128.0/17 maxlen: 17
193.162.32.0/23 maxlen: 23
193.88.0.0/15 maxlen: 15
193.3.224.0/22 maxlen: 22
195.184.32.0/19 maxlen: 19
194.182.128.0/20 maxlen: 20
195.41.0.0/16 maxlen: 16
2001:6c8::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1116098869 (0x42865135)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
Validity
Not Before: May 23 07:54:02 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=032ce26d3828b5902d8a4f09392f46ff6f3b9cd1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b5:0d:56:47:50:3d:db:88:4e:10:da:a9:73:83:
67:7e:61:7e:0e:c9:24:61:08:24:48:4b:9b:3d:26:
26:3f:15:c3:42:2a:16:c4:fd:9d:a6:1f:19:f8:f8:
cf:a4:13:48:7c:99:85:dc:5d:63:18:7c:97:69:65:
fa:08:66:3b:a1:32:f5:d6:30:a7:74:87:f6:e5:70:
8d:84:d3:f1:03:ac:aa:f8:cc:18:39:46:c3:e2:49:
29:16:83:85:8e:cb:ee:e6:74:82:06:a6:e5:9d:52:
a8:ff:32:92:1d:aa:78:ce:85:87:4b:ce:1c:28:bc:
79:f1:d4:79:48:8a:16:d9:f2:4c:f4:cb:8d:44:fc:
28:6a:2b:fe:a4:9e:82:68:a2:88:1a:97:be:d1:f4:
b9:de:e4:34:6e:9a:3a:50:4f:48:29:b5:20:c9:83:
e2:1b:f0:aa:47:2e:ca:cf:cd:c6:47:83:c4:17:fb:
8f:63:12:c4:ea:1e:35:71:a4:94:a9:13:d8:02:fa:
0d:f3:bd:89:ff:aa:45:d4:02:c5:f8:e9:66:07:05:
9c:ff:a7:fe:af:96:2f:15:76:a3:18:dd:52:90:00:
a9:8f:72:e0:cc:b2:10:6e:0f:4e:c4:49:d6:90:41:
1f:7e:19:d1:60:06:37:5e:cb:c4:65:98:94:72:48:
96:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:2C:E2:6D:38:28:B5:90:2D:8A:4F:09:39:2F:46:FF:6F:3B:9C:D1
X509v3 Authority Key Identifier:
keyid:2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/AyzibTgotZAtik8JOS9G_287nNE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/Loskx2rYemwf7f-vCNmxe0UkmZE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.104.0.0/13
62.135.128.0/17
62.242.0.0/15
80.62.0.0/15
80.160.0.0/13
80.196.0.0/14
81.31.80.0/20
83.88.0.0/13
85.129.0.0/17
87.48.0.0/12
93.160.0.0/13
93.178.128.0/18
94.189.0.0/17
95.166.0.0/16
128.76.0.0/15
176.20.0.0/14
188.176.0.0/13
193.3.130.0/23
193.3.140.0-193.3.142.255
193.3.224.0/22
193.88.0.0/15
193.162.32.0/23
193.162.98.0/23
193.162.145.0-193.162.146.255
193.162.152.0/21
193.163.10.0/24
193.163.24.0/22
193.163.158.0-193.163.167.255
194.182.128.0-194.182.151.255
194.182.232.0-194.182.255.255
194.192.0.0/16
194.239.0.0/16
195.41.0.0/16
195.97.128.0/18
195.184.32.0/19
195.215.0.0/16
195.249.0.0/16
212.130.0.0/16
IPv6:
2001:6c8::/29
Signature Algorithm: sha256WithRSAEncryption
b6:a3:13:1f:f1:7f:ff:10:8d:29:41:74:61:94:64:17:62:5c:
1b:4c:0e:f0:24:ca:7c:1f:1e:c3:6f:09:78:7c:0b:9e:c1:ef:
6a:88:02:4c:60:54:cc:97:c0:dd:4c:76:eb:9b:30:b0:71:d4:
a9:bc:9f:f8:81:43:77:a3:6e:46:62:bc:50:6b:07:83:d5:b1:
b0:a9:02:58:76:f3:fc:75:21:d1:13:ca:9d:2d:d1:5d:67:05:
d2:c8:0d:ff:c6:05:67:0c:5c:f9:9c:16:4e:b0:bc:aa:52:2a:
67:d6:8c:1e:41:0e:4a:0f:7c:7e:13:ca:84:f1:87:18:42:a5:
5f:46:91:fa:a8:ef:50:03:21:ae:fb:46:07:6f:78:57:4e:55:
35:b2:fc:05:12:97:48:ff:a4:40:42:51:9b:0b:a4:fe:4a:67:
10:2c:3a:78:12:fe:16:33:15:8f:72:1c:57:3e:5e:12:84:db:
37:6d:2f:cb:07:13:e6:32:cc:67:19:19:d8:4f:a0:95:95:03:
f7:68:c1:1e:a6:d9:25:76:e1:42:2b:3b:f6:85:e6:08:0f:af:
2b:75:11:d5:de:3c:36:b8:3c:17:7f:70:72:7b:db:2a:72:c8:
62:7d:43:c3:0f:c9:5a:a2:d1:81:d8:58:f2:c0:0b:4a:ff:f3:
c9:0f:83:67
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIEQoZRNTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
ZThiMjRjNzZhZDg3YTZjMWZlZGZmYWYwOGQ5YjE3YjQ1MjQ5OTkxMB4XDTIyMDUy
MzA3NTQwMloXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoMDMyY2UyNmQzODI4
YjU5MDJkOGE0ZjA5MzkyZjQ2ZmY2ZjNiOWNkMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBALUNVkdQPduIThDaqXODZ35hfg7JJGEIJEhLmz0mJj8Vw0Iq
FsT9naYfGfj4z6QTSHyZhdxdYxh8l2ll+ghmO6Ey9dYwp3SH9uVwjYTT8QOsqvjM
GDlGw+JJKRaDhY7L7uZ0ggam5Z1SqP8ykh2qeM6Fh0vOHCi8efHUeUiKFtnyTPTL
jUT8KGor/qSegmiiiBqXvtH0ud7kNG6aOlBPSCm1IMmD4hvwqkcuys/NxkeDxBf7
j2MSxOoeNXGklKkT2AL6DfO9if+qRdQCxfjpZgcFnP+n/q+WLxV2oxjdUpAAqY9y
4MyyEG4PTsRJ1pBBH34Z0WAGN17LxGWYlHJIlusCAwEAAaOCAxIwggMOMB0GA1Ud
DgQWBBQDLOJtOCi1kC2KTwk5L0b/bzuc0TAfBgNVHSMEGDAWgBQuiyTHath6bB/t
/68I2bF7RSSZkTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0xvc2t4MnJZZW13ZjdmLXZDTm14ZTBVa21aRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmUvMDRkMzQ4LTc1YjktNDhkMi1iZTEwLTkxMTkwYTAyZGI3MC8x
L0F5emliVGdvdFpBdGlrOEpPUzlHXzI4N25ORS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmUv
MDRkMzQ4LTc1YjktNDhkMi1iZTEwLTkxMTkwYTAyZGI3MC8xL0xvc2t4MnJZZW13
ZjdmLXZDTm14ZTBVa21aRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCC
ASYGCCsGAQUFBwEHAQH/BIIBFTCCAREwgf8EAgABMIH4AwMDAmgDBAc+h4ADAwE+
8gMDAVA+AwMDUKADAwJQxAMEBFEfUAMDA1NYAwQHVYEAAwMEVzADAwNdoAMEBl2y
gAMEB169AAMDAF+mAwMBgEwDAwKwFAMDA7ywAwQBwQOCMAwDBALBA4wDBADBA44D
BALBA+ADAwHBWAMEAcGiIAMEAcGiYjAMAwQAwaKRAwQAwaKSAwQDwaKYAwQAwaMK
AwQCwaMYMAwDBAHBo54DBAPBo6AwDAMEB8K2gAMEA8K2kDALAwQDwrboAwMAwrYD
AwDCwAMDAMLvAwMAwykDBAbDYYADBAXDuCADAwDD1wMDAMP5AwMA1IIwDQQCAAIw
BwMFAyABBsgwDQYJKoZIhvcNAQELBQADggEBALajEx/xf/8QjSlBdGGUZBdiXBtM
DvAkynwfHsNvCXh8C57B72qIAkxgVMyXwN1MduubMLBx1Km8n/iBQ3ejbkZivFBr
B4PVsbCpAlh28/x1IdETyp0t0V1nBdLIDf/GBWcMXPmcFk6wvKpSKmfWjB5BDkoP
fH4TyoTxhxhCpV9Gkfqo71ADIa77RgdveFdOVTWy/AUSl0j/pEBCUZsLpP5KZxAs
OngS/hYzFY9yHFc+XhKE2zdtL8sHE+YyzGcZGdhPoJWVA/dowR6m2SV24UIrO/aF
5ggPryt1EdXePDa4PBd/cHJ72ypyyGJ9Q8MPyVqi0YHYWPLAC0r/88kPg2c=
-----END CERTIFICATE-----
Generated at Sun Apr 20 18:10:32 2025 by rpki-client