Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/S6XJvI4EyT28kHNOHQyYMF0HaRY.roa
File: S6XJvI4EyT28kHNOHQyYMF0HaRY.roa (raw, json)
Hash identifier: wabHD/go3bDfFtiJwKcI/imAMiZdfyxtV/Q9lonwEYw=
Subject key identifier: 4B:A5:C9:BC:8E:04:C9:3D:BC:90:73:4E:1D:0C:98:30:5D:07:69:16
Certificate issuer: /CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
Certificate serial: 01856B6EA962B15117DCAF499281112A7533
Authority key identifier: 2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/S6XJvI4EyT28kHNOHQyYMF0HaRY.roa
Signing time: Sun 01 Jan 2023 03:44:52 +0000
ROA not before: Sun 01 Jan 2023 03:44:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3292
IP address blocks: 195.215.0.0/16 maxlen: 16
62.242.0.0/15 maxlen: 15
2.104.0.0/13 maxlen: 13
176.20.0.0/17 maxlen: 17
195.97.128.0/18 maxlen: 18
194.239.0.0/16 maxlen: 16
176.20.0.0/14 maxlen: 14
93.178.128.0/18 maxlen: 18
195.249.0.0/16 maxlen: 16
93.160.0.0/13 maxlen: 13
80.160.0.0/13 maxlen: 13
193.163.158.0/23 maxlen: 23
128.76.0.0/16 maxlen: 16
193.163.160.0/21 maxlen: 21
212.130.0.0/16 maxlen: 16
176.22.0.0/15 maxlen: 15
194.247.188.0/23 maxlen: 23
193.39.139.0/24 maxlen: 24
195.184.32.0/19 maxlen: 19
194.182.240.0/20 maxlen: 20
188.176.0.0/13 maxlen: 13
95.166.64.0/18 maxlen: 18
193.162.145.0/24 maxlen: 24
193.162.152.0/21 maxlen: 21
193.162.146.0/24 maxlen: 24
95.166.0.0/16 maxlen: 16
85.129.0.0/17 maxlen: 17
194.182.232.0/21 maxlen: 21
81.31.80.0/20 maxlen: 20
91.199.190.0/24 maxlen: 24
87.48.0.0/12 maxlen: 12
193.163.10.0/24 maxlen: 24
195.95.181.0/24 maxlen: 24
193.163.24.0/22 maxlen: 22
80.62.0.0/15 maxlen: 15
95.166.128.0/17 maxlen: 17
94.189.0.0/17 maxlen: 17
128.77.128.0/17 maxlen: 17
194.192.0.0/16 maxlen: 16
193.3.130.0/23 maxlen: 23
193.3.140.0/24 maxlen: 24
193.3.141.0/24 maxlen: 24
193.3.142.0/24 maxlen: 24
83.88.0.0/13 maxlen: 13
194.182.144.0/21 maxlen: 21
193.162.98.0/23 maxlen: 23
80.196.0.0/14 maxlen: 14
62.135.128.0/17 maxlen: 17
176.21.0.0/16 maxlen: 16
193.162.32.0/23 maxlen: 23
193.88.0.0/15 maxlen: 15
193.3.224.0/22 maxlen: 22
176.20.192.0/18 maxlen: 18
194.182.128.0/20 maxlen: 20
195.41.0.0/16 maxlen: 16
2001:6c8::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6b:6e:a9:62:b1:51:17:dc:af:49:92:81:11:2a:75:33
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
Validity
Not Before: Jan 1 03:44:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4ba5c9bc8e04c93dbc90734e1d0c98305d076916
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:40:60:bf:4f:37:f9:d4:d1:98:0b:29:0c:0a:
1b:64:5e:bb:e7:42:e7:9f:de:e9:ea:6c:40:1b:0b:
e6:8c:ca:d3:ad:8c:b2:98:46:1a:f2:c1:dd:ba:1f:
d7:63:17:fe:19:fb:be:a8:14:58:47:56:96:76:63:
17:db:ac:6e:61:af:8c:e6:e1:79:08:b4:ed:96:64:
c7:93:81:51:66:1b:47:e6:d6:91:01:f4:21:f2:14:
c5:56:4a:cd:53:7a:01:64:02:7b:7e:5c:5b:23:ab:
cc:fc:a9:d5:f8:69:d4:40:c7:c3:9a:5d:b0:bf:0c:
c9:91:4f:fb:48:bd:39:9c:b4:56:d0:09:f3:a5:95:
19:9c:9c:d3:73:d9:e7:8f:09:9e:30:b1:40:e9:b5:
31:cb:9c:d5:b4:d4:a7:43:2a:27:6b:e7:50:f7:a9:
7d:2f:96:8a:22:94:39:cf:ce:e7:93:3c:93:64:4a:
cb:40:75:c3:11:a1:b0:5e:c9:ca:99:e8:d3:f9:b1:
0b:87:34:c9:c8:4b:a8:01:ba:4a:3c:ea:80:91:4a:
cd:e9:3e:be:96:50:5d:dd:74:4e:27:3e:c8:a2:0b:
c6:59:ec:8c:82:e8:2d:75:92:6d:af:ba:46:a2:ef:
b0:65:f8:93:94:26:2d:c0:08:86:e2:3c:db:8f:7c:
6a:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4B:A5:C9:BC:8E:04:C9:3D:BC:90:73:4E:1D:0C:98:30:5D:07:69:16
X509v3 Authority Key Identifier:
keyid:2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/S6XJvI4EyT28kHNOHQyYMF0HaRY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/Loskx2rYemwf7f-vCNmxe0UkmZE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.104.0.0/13
62.135.128.0/17
62.242.0.0/15
80.62.0.0/15
80.160.0.0/13
80.196.0.0/14
81.31.80.0/20
83.88.0.0/13
85.129.0.0/17
87.48.0.0/12
91.199.190.0/24
93.160.0.0/13
93.178.128.0/18
94.189.0.0/17
95.166.0.0/16
128.76.0.0/16
128.77.128.0/17
176.20.0.0/14
188.176.0.0/13
193.3.130.0/23
193.3.140.0-193.3.142.255
193.3.224.0/22
193.39.139.0/24
193.88.0.0/15
193.162.32.0/23
193.162.98.0/23
193.162.145.0-193.162.146.255
193.162.152.0/21
193.163.10.0/24
193.163.24.0/22
193.163.158.0-193.163.167.255
194.182.128.0-194.182.151.255
194.182.232.0-194.182.255.255
194.192.0.0/16
194.239.0.0/16
194.247.188.0/23
195.41.0.0/16
195.95.181.0/24
195.97.128.0/18
195.184.32.0/19
195.215.0.0/16
195.249.0.0/16
212.130.0.0/16
IPv6:
2001:6c8::/29
Signature Algorithm: sha256WithRSAEncryption
24:1e:02:3d:e6:5f:43:44:70:77:37:b9:5a:eb:be:8a:97:da:
09:94:48:2c:fa:83:e5:af:fc:71:2a:48:1e:7d:4f:4e:ba:3e:
11:fe:c5:ad:1a:bb:82:2e:ca:31:04:ff:86:b9:79:d2:4f:31:
c4:67:6b:e1:bc:55:c0:db:16:16:6a:d4:f7:18:c2:00:b6:e6:
45:1f:e4:78:9d:77:28:73:60:55:9e:77:b3:94:60:c2:64:3e:
df:71:b9:a0:54:e5:25:de:76:e9:d1:cb:07:76:40:e7:0b:f3:
6b:6e:c4:1b:91:5a:b6:0c:35:01:2b:e7:e1:ed:9e:fb:7e:e6:
87:fe:c7:34:fa:20:c3:ac:a2:76:21:01:34:06:1f:8d:ce:56:
41:6e:41:ae:16:22:7c:97:35:48:7e:08:10:10:07:c7:8a:7f:
b4:dc:5c:2a:d8:7b:4b:4a:8d:96:18:46:b0:d7:00:6e:5b:c6:
66:9f:56:54:e0:5b:8c:41:38:fa:f8:8e:88:a3:9c:f5:d6:95:
e9:17:69:6d:23:19:c3:6f:75:70:59:e7:b2:bf:49:1b:1b:ba:
34:95:d0:c4:e2:95:fd:c7:13:56:1d:c3:a3:90:27:29:a9:24:
bc:66:ed:42:23:9d:f7:43:35:8f:44:ed:b4:89:98:22:29:e1:
f4:94:28:a4
-----BEGIN CERTIFICATE-----
MIIGJjCCBQ6gAwIBAgISAYVrbqlisVEX3K9JkoERKnUzMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlOGIyNGM3NmFkODdhNmMxZmVkZmZhZjA4ZDliMTdiNDUy
NDk5OTEwHhcNMjMwMTAxMDM0NDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YmE1YzliYzhlMDRjOTNkYmM5MDczNGUxZDBjOTgzMDVkMDc2OTE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmUBgv083+dTRmAspDAobZF6750Ln
n97p6mxAGwvmjMrTrYyymEYa8sHduh/XYxf+Gfu+qBRYR1aWdmMX26xuYa+M5uF5
CLTtlmTHk4FRZhtH5taRAfQh8hTFVkrNU3oBZAJ7flxbI6vM/KnV+GnUQMfDml2w
vwzJkU/7SL05nLRW0AnzpZUZnJzTc9nnjwmeMLFA6bUxy5zVtNSnQyona+dQ96l9
L5aKIpQ5z87nkzyTZErLQHXDEaGwXsnKmejT+bELhzTJyEuoAbpKPOqAkUrN6T6+
llBd3XROJz7IogvGWeyMgugtdZJtr7pGou+wZfiTlCYtwAiG4jzbj3xqKwIDAQAB
o4IDMjCCAy4wHQYDVR0OBBYEFEulybyOBMk9vJBzTh0MmDBdB2kWMB8GA1UdIwQY
MBaAFC6LJMdq2HpsH+3/rwjZsXtFJJmRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9za3gyclllbXdmN2YtdkNObXhlMFVrbVpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8wNGQzNDgtNzViOS00OGQyLWJlMTAt
OTExOTBhMDJkYjcwLzEvUzZYSnZJNEV5VDI4a0hOT0hReVlNRjBIYVJZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8wNGQzNDgtNzViOS00OGQyLWJlMTAtOTExOTBhMDJkYjcw
LzEvTG9za3gyclllbXdmN2YtdkNObXhlMFVrbVpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBRgYIKwYBBQUHAQcBAf8EggE1MIIBMTCCAR4EAgABMIIB
FgMDAwJoAwQHPoeAAwMBPvIDAwFQPgMDA1CgAwMCUMQDBARRH1ADAwNTWAMEB1WB
AAMDBFcwAwQAW8e+AwMDXaADBAZdsoADBAdevQADAwBfpgMDAIBMAwQHgE2AAwMC
sBQDAwO8sAMEAcEDgjAMAwQCwQOMAwQAwQOOAwQCwQPgAwQAwSeLAwMBwVgDBAHB
oiADBAHBomIwDAMEAMGikQMEAMGikgMEA8GimAMEAMGjCgMEAsGjGDAMAwQBwaOe
AwQDwaOgMAwDBAfCtoADBAPCtpAwCwMEA8K26AMDAMK2AwMAwsADAwDC7wMEAcL3
vAMDAMMpAwQAw1+1AwQGw2GAAwQFw7ggAwMAw9cDAwDD+QMDANSCMA0EAgACMAcD
BQMgAQbIMA0GCSqGSIb3DQEBCwUAA4IBAQAkHgI95l9DRHB3N7la676Kl9oJlEgs
+oPlr/xxKkgefU9Ouj4R/sWtGruCLsoxBP+GuXnSTzHEZ2vhvFXA2xYWatT3GMIA
tuZFH+R4nXcoc2BVnnezlGDCZD7fcbmgVOUl3nbp0csHdkDnC/NrbsQbkVq2DDUB
K+fh7Z77fuaH/sc0+iDDrKJ2IQE0Bh+NzlZBbkGuFiJ8lzVIfggQEAfHin+03Fwq
2HtLSo2WGEaw1wBuW8Zmn1ZU4FuMQTj6+I6Io5z11pXpF2ltIxnDb3VwWeeyv0kb
G7o0ldDE4pX9xxNWHcOjkCcpqSS8Zu1CI533QzWPRO20iZgiKeH0lCik
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:52 2024 by rpki-client on console-ams.rpki-client.org