Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/NmIncuCKMSKLG2hEkfBNxqsrvN4.roa
File: NmIncuCKMSKLG2hEkfBNxqsrvN4.roa (raw, json)
Hash identifier: Z90jZhmX8ePnWM8hJSykvzKMXSQ8cr/bl/AcG91aiHo=
Subject key identifier: 36:62:27:72:E0:8A:31:22:8B:1B:68:44:91:F0:4D:C6:AB:2B:BC:DE
Certificate issuer: /CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
Certificate serial: 0182CEF2CFCC4FE75DF125859E3A42D15F83
Authority key identifier: 2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/NmIncuCKMSKLG2hEkfBNxqsrvN4.roa
Signing time: Wed 24 Aug 2022 08:23:15 +0000
ROA not before: Wed 24 Aug 2022 08:23:15 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 3292
IP address blocks: 194.182.240.0/20 maxlen: 20
188.176.0.0/13 maxlen: 13
195.215.0.0/16 maxlen: 16
62.242.0.0/15 maxlen: 15
193.162.145.0/24 maxlen: 24
193.162.152.0/21 maxlen: 21
193.162.146.0/24 maxlen: 24
95.166.0.0/16 maxlen: 16
85.129.0.0/17 maxlen: 17
194.182.232.0/21 maxlen: 21
81.31.80.0/20 maxlen: 20
91.199.190.0/24 maxlen: 24
2.104.0.0/13 maxlen: 13
195.97.128.0/18 maxlen: 18
194.239.0.0/16 maxlen: 16
176.20.0.0/14 maxlen: 14
93.178.128.0/18 maxlen: 18
87.48.0.0/12 maxlen: 12
193.163.10.0/24 maxlen: 24
193.163.24.0/22 maxlen: 22
80.62.0.0/15 maxlen: 15
195.249.0.0/16 maxlen: 16
80.160.0.0/13 maxlen: 13
93.160.0.0/13 maxlen: 13
193.163.158.0/23 maxlen: 23
128.76.0.0/16 maxlen: 16
193.163.160.0/21 maxlen: 21
128.76.0.0/15 maxlen: 15
212.130.0.0/16 maxlen: 16
94.189.0.0/17 maxlen: 17
128.77.128.0/17 maxlen: 17
194.192.0.0/16 maxlen: 16
193.3.130.0/23 maxlen: 23
193.3.140.0/24 maxlen: 24
193.3.141.0/24 maxlen: 24
193.3.142.0/24 maxlen: 24
83.88.0.0/13 maxlen: 13
194.182.144.0/21 maxlen: 21
193.162.98.0/23 maxlen: 23
80.196.0.0/14 maxlen: 14
62.135.128.0/17 maxlen: 17
193.162.32.0/23 maxlen: 23
193.88.0.0/15 maxlen: 15
193.3.224.0/22 maxlen: 22
195.184.32.0/19 maxlen: 19
194.182.128.0/20 maxlen: 20
195.41.0.0/16 maxlen: 16
2001:6c8::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:82:ce:f2:cf:cc:4f:e7:5d:f1:25:85:9e:3a:42:d1:5f:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
Validity
Not Before: Aug 24 08:23:15 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=36622772e08a31228b1b684491f04dc6ab2bbcde
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:97:52:27:86:83:15:03:59:0e:a5:5c:e0:d6:e8:
52:5f:a4:1c:b9:1f:c8:3e:78:15:7d:f7:ef:40:2b:
9c:e4:cf:0e:64:af:b6:59:ac:77:2d:bb:ee:60:aa:
14:d9:8d:72:ad:16:64:47:b2:fc:37:62:97:0e:79:
92:a4:cd:01:18:2a:07:40:1d:88:df:2f:5a:a7:2f:
f1:e9:c7:da:d7:d5:98:49:98:50:a7:89:b5:dd:46:
e6:85:36:60:11:35:fb:6b:cd:c8:48:68:07:1c:7b:
1a:48:02:42:91:c3:7d:10:76:b9:d5:42:f6:37:9e:
14:43:b6:47:09:f5:db:77:a2:37:1b:49:2c:87:49:
17:4c:2b:8a:7a:a6:c7:04:b7:32:60:89:a3:60:15:
63:b7:bf:b5:23:94:39:95:c3:58:fc:8e:0e:50:f0:
0b:8b:09:7d:77:bf:7a:82:bd:1e:82:da:42:a4:a9:
41:e8:04:01:e7:76:93:11:d1:d0:95:a6:35:9d:c5:
fa:69:92:9c:3a:48:f5:32:1d:54:03:cb:77:8d:b1:
8e:cd:d3:b4:b6:ca:65:ba:23:f2:7c:74:87:ad:11:
da:55:1c:84:91:f3:90:5b:c6:b4:ab:ca:9a:e7:ba:
55:4f:82:90:b5:26:1c:16:c3:a8:2e:d1:f2:1a:4c:
09:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
36:62:27:72:E0:8A:31:22:8B:1B:68:44:91:F0:4D:C6:AB:2B:BC:DE
X509v3 Authority Key Identifier:
keyid:2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/NmIncuCKMSKLG2hEkfBNxqsrvN4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/Loskx2rYemwf7f-vCNmxe0UkmZE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.104.0.0/13
62.135.128.0/17
62.242.0.0/15
80.62.0.0/15
80.160.0.0/13
80.196.0.0/14
81.31.80.0/20
83.88.0.0/13
85.129.0.0/17
87.48.0.0/12
91.199.190.0/24
93.160.0.0/13
93.178.128.0/18
94.189.0.0/17
95.166.0.0/16
128.76.0.0/15
176.20.0.0/14
188.176.0.0/13
193.3.130.0/23
193.3.140.0-193.3.142.255
193.3.224.0/22
193.88.0.0/15
193.162.32.0/23
193.162.98.0/23
193.162.145.0-193.162.146.255
193.162.152.0/21
193.163.10.0/24
193.163.24.0/22
193.163.158.0-193.163.167.255
194.182.128.0-194.182.151.255
194.182.232.0-194.182.255.255
194.192.0.0/16
194.239.0.0/16
195.41.0.0/16
195.97.128.0/18
195.184.32.0/19
195.215.0.0/16
195.249.0.0/16
212.130.0.0/16
IPv6:
2001:6c8::/29
Signature Algorithm: sha256WithRSAEncryption
a7:27:10:52:a6:37:ad:f3:8c:42:51:42:56:12:7a:ef:ad:ae:
31:f5:9f:42:75:f9:3f:d9:ca:e0:c7:5f:d2:d1:f1:ec:f6:6b:
4c:57:93:b3:c1:61:a6:4e:39:2d:13:8c:4b:fe:ff:2f:b3:fd:
ad:96:6b:14:c5:02:44:34:65:bd:f6:22:b3:7a:23:d4:1e:a3:
4f:90:95:12:27:df:28:81:f1:ba:60:2c:8f:29:6e:25:6c:50:
58:7c:db:f7:52:41:d5:b2:73:91:97:f3:95:5f:57:2a:64:d2:
b6:53:e5:d1:24:7c:b4:b6:95:1a:5f:da:17:1a:5d:67:88:8c:
9e:cb:74:97:70:8f:81:e6:c3:a6:0b:f2:db:42:a7:80:3e:d3:
3b:94:14:fc:a2:10:32:53:e0:d3:34:cf:6a:86:68:3b:c4:5a:
68:d9:80:df:dc:50:d7:3c:f4:f2:61:91:db:d6:84:af:66:d8:
84:c7:f8:fc:9f:f1:33:49:e4:a8:8a:6b:0a:c6:8a:f1:66:6a:
96:ef:d8:51:0e:e9:63:00:9e:e4:32:bc:4e:7f:6d:c3:89:a6:
5a:f4:36:11:be:57:57:a7:3a:d1:96:1e:fa:0b:6a:a5:a0:c2:
5c:1f:74:05:08:ef:4d:dc:89:3d:0c:91:60:4d:0a:6e:f3:bc:
87:fc:bf:c4
-----BEGIN CERTIFICATE-----
MIIGDTCCBPWgAwIBAgISAYLO8s/MT+dd8SWFnjpC0V+DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlOGIyNGM3NmFkODdhNmMxZmVkZmZhZjA4ZDliMTdiNDUy
NDk5OTEwHhcNMjIwODI0MDgyMzE1WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNjYyMjc3MmUwOGEzMTIyOGIxYjY4NDQ5MWYwNGRjNmFiMmJiY2RlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAl1InhoMVA1kOpVzg1uhSX6QcuR/I
PngVfffvQCuc5M8OZK+2Wax3LbvuYKoU2Y1yrRZkR7L8N2KXDnmSpM0BGCoHQB2I
3y9apy/x6cfa19WYSZhQp4m13UbmhTZgETX7a83ISGgHHHsaSAJCkcN9EHa51UL2
N54UQ7ZHCfXbd6I3G0ksh0kXTCuKeqbHBLcyYImjYBVjt7+1I5Q5lcNY/I4OUPAL
iwl9d796gr0egtpCpKlB6AQB53aTEdHQlaY1ncX6aZKcOkj1Mh1UA8t3jbGOzdO0
tspluiPyfHSHrRHaVRyEkfOQW8a0q8qa57pVT4KQtSYcFsOoLtHyGkwJEQIDAQAB
o4IDGTCCAxUwHQYDVR0OBBYEFDZiJ3LgijEiixtoRJHwTcarK7zeMB8GA1UdIwQY
MBaAFC6LJMdq2HpsH+3/rwjZsXtFJJmRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9za3gyclllbXdmN2YtdkNObXhlMFVrbVpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8wNGQzNDgtNzViOS00OGQyLWJlMTAt
OTExOTBhMDJkYjcwLzEvTm1JbmN1Q0tNU0tMRzJoRWtmQk54cXNydk40LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8wNGQzNDgtNzViOS00OGQyLWJlMTAtOTExOTBhMDJkYjcw
LzEvTG9za3gyclllbXdmN2YtdkNObXhlMFVrbVpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBLQYIKwYBBQUHAQcBAf8EggEcMIIBGDCCAQUEAgABMIH+
AwMDAmgDBAc+h4ADAwE+8gMDAVA+AwMDUKADAwJQxAMEBFEfUAMDA1NYAwQHVYEA
AwMEVzADBABbx74DAwNdoAMEBl2ygAMEB169AAMDAF+mAwMBgEwDAwKwFAMDA7yw
AwQBwQOCMAwDBALBA4wDBADBA44DBALBA+ADAwHBWAMEAcGiIAMEAcGiYjAMAwQA
waKRAwQAwaKSAwQDwaKYAwQAwaMKAwQCwaMYMAwDBAHBo54DBAPBo6AwDAMEB8K2
gAMEA8K2kDALAwQDwrboAwMAwrYDAwDCwAMDAMLvAwMAwykDBAbDYYADBAXDuCAD
AwDD1wMDAMP5AwMA1IIwDQQCAAIwBwMFAyABBsgwDQYJKoZIhvcNAQELBQADggEB
AKcnEFKmN63zjEJRQlYSeu+trjH1n0J1+T/ZyuDHX9LR8ez2a0xXk7PBYaZOOS0T
jEv+/y+z/a2WaxTFAkQ0Zb32IrN6I9Qeo0+QlRIn3yiB8bpgLI8pbiVsUFh82/dS
QdWyc5GX85VfVypk0rZT5dEkfLS2lRpf2hcaXWeIjJ7LdJdwj4Hmw6YL8ttCp4A+
0zuUFPyiEDJT4NM0z2qGaDvEWmjZgN/cUNc89PJhkdvWhK9m2ITH+Pyf8TNJ5KiK
awrGivFmapbv2FEO6WMAnuQyvE5/bcOJplr0NhG+V1enOtGWHvoLaqWgwlwfdAUI
703ciT0MkWBNCm7zvIf8v8Q=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:45:31 2025 by rpki-client