Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/jA6pwMyAgOKUmlHyaL4q9Hai6HA.roa
File: jA6pwMyAgOKUmlHyaL4q9Hai6HA.roa (raw, json)
Hash identifier: xiGjcpt+wDYjY1+AUYnGDLNm7pQpUQJ/mV2qCr43t+4=
Subject key identifier: 8C:0E:A9:C0:CC:80:80:E2:94:9A:51:F2:68:BE:2A:F4:76:A2:E8:70
Certificate issuer: /CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
Certificate serial: 01838D92BFC3BBCAD4FD2AC31EAB20667D88
Authority key identifier: 2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/jA6pwMyAgOKUmlHyaL4q9Hai6HA.roa
Signing time: Fri 30 Sep 2022 08:45:48 +0000
ROA not before: Fri 30 Sep 2022 08:45:48 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 3292
IP address blocks: 195.215.0.0/16 maxlen: 16
62.242.0.0/15 maxlen: 15
2.104.0.0/13 maxlen: 13
176.20.0.0/17 maxlen: 17
195.97.128.0/18 maxlen: 18
194.239.0.0/16 maxlen: 16
176.20.0.0/14 maxlen: 14
93.178.128.0/18 maxlen: 18
195.249.0.0/16 maxlen: 16
80.160.0.0/13 maxlen: 13
93.160.0.0/13 maxlen: 13
193.163.158.0/23 maxlen: 23
128.76.0.0/16 maxlen: 16
193.163.160.0/21 maxlen: 21
212.130.0.0/16 maxlen: 16
176.22.0.0/15 maxlen: 15
195.184.32.0/19 maxlen: 19
194.182.240.0/20 maxlen: 20
188.176.0.0/13 maxlen: 13
95.166.64.0/18 maxlen: 18
193.162.145.0/24 maxlen: 24
193.162.152.0/21 maxlen: 21
193.162.146.0/24 maxlen: 24
95.166.0.0/16 maxlen: 16
85.129.0.0/17 maxlen: 17
194.182.232.0/21 maxlen: 21
81.31.80.0/20 maxlen: 20
91.199.190.0/24 maxlen: 24
87.48.0.0/12 maxlen: 12
193.163.10.0/24 maxlen: 24
193.163.24.0/22 maxlen: 22
80.62.0.0/15 maxlen: 15
95.166.128.0/17 maxlen: 17
94.189.0.0/17 maxlen: 17
128.77.128.0/17 maxlen: 17
194.192.0.0/16 maxlen: 16
193.3.130.0/23 maxlen: 23
193.3.140.0/24 maxlen: 24
193.3.141.0/24 maxlen: 24
193.3.142.0/24 maxlen: 24
83.88.0.0/13 maxlen: 13
194.182.144.0/21 maxlen: 21
193.162.98.0/23 maxlen: 23
80.196.0.0/14 maxlen: 14
62.135.128.0/17 maxlen: 17
176.21.0.0/16 maxlen: 16
193.162.32.0/23 maxlen: 23
193.88.0.0/15 maxlen: 15
193.3.224.0/22 maxlen: 22
176.20.192.0/18 maxlen: 18
194.182.128.0/20 maxlen: 20
195.41.0.0/16 maxlen: 16
2001:6c8::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:8d:92:bf:c3:bb:ca:d4:fd:2a:c3:1e:ab:20:66:7d:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
Validity
Not Before: Sep 30 08:45:48 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=8c0ea9c0cc8080e2949a51f268be2af476a2e870
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:86:fc:a3:ff:4c:37:a5:34:49:9a:27:3f:6d:ea:
ad:f2:38:00:c5:50:fa:9a:17:e8:52:92:8c:8f:ad:
d5:29:44:47:9b:68:8d:df:e9:f1:55:d3:5f:21:5d:
48:bb:5f:dd:6d:d9:0f:8e:da:22:b4:db:de:40:60:
4e:c4:bb:d4:4e:85:dd:14:0a:3f:37:24:85:87:b5:
ae:39:9f:26:c0:4e:eb:7b:ee:19:c2:9f:ae:46:96:
72:ae:e9:23:3c:df:99:b0:99:ee:69:1b:0d:5a:92:
3b:60:fe:66:63:fb:6d:e6:8c:0b:d5:55:4e:70:40:
20:ab:c4:eb:c6:4e:02:a2:e3:3b:13:30:7e:92:09:
9a:7f:61:a2:e3:74:47:1f:5e:4d:d7:ea:ab:22:34:
29:93:f2:03:a6:ea:b3:3e:dc:3b:10:73:54:84:e7:
88:4b:b9:ea:d2:a9:00:23:4c:80:3a:d0:61:ef:05:
5c:a8:be:6a:98:f4:13:89:8a:80:de:c1:2f:86:c2:
6f:e3:d5:a7:0a:8c:6e:a1:06:54:9e:e6:fc:5d:61:
72:ca:52:99:3f:58:72:c7:0d:ce:37:df:a7:22:e6:
29:f1:bf:8e:64:09:2e:43:2a:e0:1f:ff:26:77:12:
7d:e7:c1:d9:9b:72:bb:94:f8:e0:73:0c:11:38:c9:
dc:99
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8C:0E:A9:C0:CC:80:80:E2:94:9A:51:F2:68:BE:2A:F4:76:A2:E8:70
X509v3 Authority Key Identifier:
keyid:2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/jA6pwMyAgOKUmlHyaL4q9Hai6HA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/Loskx2rYemwf7f-vCNmxe0UkmZE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.104.0.0/13
62.135.128.0/17
62.242.0.0/15
80.62.0.0/15
80.160.0.0/13
80.196.0.0/14
81.31.80.0/20
83.88.0.0/13
85.129.0.0/17
87.48.0.0/12
91.199.190.0/24
93.160.0.0/13
93.178.128.0/18
94.189.0.0/17
95.166.0.0/16
128.76.0.0/16
128.77.128.0/17
176.20.0.0/14
188.176.0.0/13
193.3.130.0/23
193.3.140.0-193.3.142.255
193.3.224.0/22
193.88.0.0/15
193.162.32.0/23
193.162.98.0/23
193.162.145.0-193.162.146.255
193.162.152.0/21
193.163.10.0/24
193.163.24.0/22
193.163.158.0-193.163.167.255
194.182.128.0-194.182.151.255
194.182.232.0-194.182.255.255
194.192.0.0/16
194.239.0.0/16
195.41.0.0/16
195.97.128.0/18
195.184.32.0/19
195.215.0.0/16
195.249.0.0/16
212.130.0.0/16
IPv6:
2001:6c8::/29
Signature Algorithm: sha256WithRSAEncryption
28:46:80:4b:76:5b:14:ff:d9:4b:00:74:ea:66:3c:45:d7:0f:
df:6b:8c:ac:2e:82:97:ac:ed:41:18:e2:da:d7:6d:fb:71:34:
6d:b3:2b:5d:1c:a1:48:95:bd:36:aa:0e:85:e4:23:58:0f:1a:
c4:ea:80:1e:00:56:e8:3f:22:81:a5:05:62:0f:37:f5:52:df:
6d:d1:3b:17:06:45:e7:47:eb:30:93:f0:93:d6:af:b7:3f:6f:
a3:ec:e3:76:35:d2:5a:b6:4d:ee:5a:a4:15:54:9b:f9:9a:e7:
d5:bd:5a:b8:d1:06:60:59:88:61:0c:d4:40:c1:0f:84:14:e6:
65:fd:b1:c7:8a:d6:9f:87:4d:f0:fd:e6:8d:e1:a2:34:d2:d7:
5b:79:ba:48:02:cb:75:0e:21:d4:50:b6:56:44:ff:a0:40:03:
39:1f:27:c7:b1:b8:5e:18:9f:fc:d4:be:39:36:ff:03:2d:3b:
cd:66:f9:c5:84:44:fd:33:23:c2:67:66:64:3a:76:11:53:c0:
eb:f9:6e:bc:c8:12:05:a5:35:f5:50:74:eb:4f:bc:35:c2:ee:
15:12:64:d6:42:55:d2:23:01:11:a2:28:ef:b0:bc:09:8a:17:
e9:86:72:59:04:06:af:97:1e:f2:88:51:f1:00:a3:e1:62:77:
2a:a2:07:79
-----BEGIN CERTIFICATE-----
MIIGFDCCBPygAwIBAgISAYONkr/Du8rU/SrDHqsgZn2IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJlOGIyNGM3NmFkODdhNmMxZmVkZmZhZjA4ZDliMTdiNDUy
NDk5OTEwHhcNMjIwOTMwMDg0NTQ4WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YzBlYTljMGNjODA4MGUyOTQ5YTUxZjI2OGJlMmFmNDc2YTJlODcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhvyj/0w3pTRJmic/beqt8jgAxVD6
mhfoUpKMj63VKURHm2iN3+nxVdNfIV1Iu1/dbdkPjtoitNveQGBOxLvUToXdFAo/
NySFh7WuOZ8mwE7re+4Zwp+uRpZyrukjPN+ZsJnuaRsNWpI7YP5mY/tt5owL1VVO
cEAgq8Trxk4CouM7EzB+kgmaf2Gi43RHH15N1+qrIjQpk/IDpuqzPtw7EHNUhOeI
S7nq0qkAI0yAOtBh7wVcqL5qmPQTiYqA3sEvhsJv49WnCoxuoQZUnub8XWFyylKZ
P1hyxw3ON9+nIuYp8b+OZAkuQyrgH/8mdxJ958HZm3K7lPjgcwwROMncmQIDAQAB
o4IDIDCCAxwwHQYDVR0OBBYEFIwOqcDMgIDilJpR8mi+KvR2ouhwMB8GA1UdIwQY
MBaAFC6LJMdq2HpsH+3/rwjZsXtFJJmRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTG9za3gyclllbXdmN2YtdkNObXhlMFVrbVpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yZS8wNGQzNDgtNzViOS00OGQyLWJlMTAt
OTExOTBhMDJkYjcwLzEvakE2cHdNeUFnT0tVbWxIeWFMNHE5SGFpNkhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yZS8wNGQzNDgtNzViOS00OGQyLWJlMTAtOTExOTBhMDJkYjcw
LzEvTG9za3gyclllbXdmN2YtdkNObXhlMFVrbVpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBNAYIKwYBBQUHAQcBAf8EggEjMIIBHzCCAQwEAgABMIIB
BAMDAwJoAwQHPoeAAwMBPvIDAwFQPgMDA1CgAwMCUMQDBARRH1ADAwNTWAMEB1WB
AAMDBFcwAwQAW8e+AwMDXaADBAZdsoADBAdevQADAwBfpgMDAIBMAwQHgE2AAwMC
sBQDAwO8sAMEAcEDgjAMAwQCwQOMAwQAwQOOAwQCwQPgAwMBwVgDBAHBoiADBAHB
omIwDAMEAMGikQMEAMGikgMEA8GimAMEAMGjCgMEAsGjGDAMAwQBwaOeAwQDwaOg
MAwDBAfCtoADBAPCtpAwCwMEA8K26AMDAMK2AwMAwsADAwDC7wMDAMMpAwQGw2GA
AwQFw7ggAwMAw9cDAwDD+QMDANSCMA0EAgACMAcDBQMgAQbIMA0GCSqGSIb3DQEB
CwUAA4IBAQAoRoBLdlsU/9lLAHTqZjxF1w/fa4ysLoKXrO1BGOLa1237cTRtsytd
HKFIlb02qg6F5CNYDxrE6oAeAFboPyKBpQViDzf1Ut9t0TsXBkXnR+swk/CT1q+3
P2+j7ON2NdJatk3uWqQVVJv5mufVvVq40QZgWYhhDNRAwQ+EFOZl/bHHitafh03w
/eaN4aI00tdbebpIAst1DiHUULZWRP+gQAM5HyfHsbheGJ/81L45Nv8DLTvNZvnF
hET9MyPCZ2ZkOnYRU8Dr+W68yBIFpTX1UHTrT7w1wu4VEmTWQlXSIwERoijvsLwJ
ihfphnJZBAavlx7yiFHxAKPhYncqogd5
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:00 2024 by rpki-client on console-fra.rpki-client.org