Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/mfq0G4YgcPXAakPciGTbn7f6Qe0.roa
File: mfq0G4YgcPXAakPciGTbn7f6Qe0.roa (raw, json)
Hash identifier: uBkZoaserZ0TlocG6mP0SZOBh6RtXY3boIE8WBDxGy8=
Subject key identifier: 99:FA:B4:1B:86:20:70:F5:C0:6A:43:DC:88:64:DB:9F:B7:FA:41:ED
Certificate issuer: /CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
Certificate serial: 4149700F
Authority key identifier: 2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/mfq0G4YgcPXAakPciGTbn7f6Qe0.roa
Signing time: Sat 01 Jan 2022 05:58:34 +0000
ROA not before: Sat 01 Jan 2022 05:58:34 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 3292
IP address blocks: 194.182.240.0/20 maxlen: 20
188.176.0.0/13 maxlen: 13
195.215.0.0/16 maxlen: 16
62.242.0.0/15 maxlen: 15
193.162.145.0/24 maxlen: 24
193.162.152.0/21 maxlen: 21
193.162.146.0/24 maxlen: 24
95.166.0.0/16 maxlen: 16
85.129.0.0/17 maxlen: 17
194.182.232.0/21 maxlen: 21
81.31.80.0/20 maxlen: 20
2.104.0.0/13 maxlen: 13
195.97.128.0/18 maxlen: 18
194.239.0.0/16 maxlen: 16
176.20.0.0/14 maxlen: 14
93.178.128.0/18 maxlen: 18
87.48.0.0/12 maxlen: 12
193.163.10.0/24 maxlen: 24
193.163.24.0/22 maxlen: 22
80.62.0.0/15 maxlen: 15
195.249.0.0/16 maxlen: 16
93.160.0.0/13 maxlen: 13
80.160.0.0/13 maxlen: 13
193.163.158.0/23 maxlen: 23
193.163.160.0/21 maxlen: 21
128.76.0.0/15 maxlen: 15
212.130.0.0/16 maxlen: 16
94.189.0.0/17 maxlen: 17
194.192.0.0/16 maxlen: 16
193.3.130.0/23 maxlen: 23
193.3.140.0/24 maxlen: 24
193.3.141.0/24 maxlen: 24
193.3.142.0/24 maxlen: 24
83.88.0.0/13 maxlen: 13
194.182.144.0/21 maxlen: 21
193.162.98.0/23 maxlen: 23
80.196.0.0/14 maxlen: 14
62.135.128.0/17 maxlen: 17
193.162.32.0/23 maxlen: 23
193.88.0.0/15 maxlen: 15
193.3.224.0/22 maxlen: 22
195.184.32.0/19 maxlen: 19
194.182.128.0/20 maxlen: 20
195.41.0.0/16 maxlen: 16
2001:6c8::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 1095331855 (0x4149700f)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2e8b24c76ad87a6c1fedffaf08d9b17b45249991
Validity
Not Before: Jan 1 05:58:34 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=99fab41b862070f5c06a43dc8864db9fb7fa41ed
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:cd:8f:0a:3d:15:93:c0:c4:73:ba:c7:36:37:4b:
cb:88:e5:95:62:8c:f4:49:46:bc:4a:eb:bb:72:d5:
eb:88:43:6b:62:cf:9a:86:fc:40:ee:03:14:7c:0e:
76:0a:9e:17:39:1c:80:d8:7d:a4:d4:00:d2:cd:09:
3e:00:f3:22:ac:22:44:61:1d:33:5f:24:72:40:53:
fa:f3:f0:99:16:e9:39:a8:d5:75:08:11:7b:14:e4:
61:7e:df:73:91:3b:e0:1e:ff:e8:57:15:bf:75:c1:
5e:be:d9:92:44:80:1c:fd:88:79:18:b4:3c:81:d0:
ef:f1:95:2a:34:7d:b4:e9:9f:51:14:a3:60:5d:06:
93:59:e3:a8:d2:bc:8d:f2:23:05:a8:b3:ef:77:d0:
a9:77:52:5b:06:9a:b7:de:b7:0a:15:20:2c:b7:56:
85:4b:8c:d1:63:59:af:c1:04:79:aa:2f:92:27:f3:
62:ca:37:49:df:2a:32:67:8d:51:8e:f0:3f:1d:ec:
f3:df:59:24:9a:c7:9a:aa:7c:ae:9d:e4:8a:94:59:
76:a8:0f:c2:87:7d:2a:30:cb:6d:44:09:33:42:c1:
3a:82:15:28:1b:80:80:1f:dd:4b:6e:f2:89:65:62:
32:e3:f3:ce:6f:73:d3:ef:c7:27:29:37:9f:a1:fc:
03:ab
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
99:FA:B4:1B:86:20:70:F5:C0:6A:43:DC:88:64:DB:9F:B7:FA:41:ED
X509v3 Authority Key Identifier:
keyid:2E:8B:24:C7:6A:D8:7A:6C:1F:ED:FF:AF:08:D9:B1:7B:45:24:99:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Loskx2rYemwf7f-vCNmxe0UkmZE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/mfq0G4YgcPXAakPciGTbn7f6Qe0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2e/04d348-75b9-48d2-be10-91190a02db70/1/Loskx2rYemwf7f-vCNmxe0UkmZE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.104.0.0/13
62.135.128.0/17
62.242.0.0/15
80.62.0.0/15
80.160.0.0/13
80.196.0.0/14
81.31.80.0/20
83.88.0.0/13
85.129.0.0/17
87.48.0.0/12
93.160.0.0/13
93.178.128.0/18
94.189.0.0/17
95.166.0.0/16
128.76.0.0/15
176.20.0.0/14
188.176.0.0/13
193.3.130.0/23
193.3.140.0-193.3.142.255
193.3.224.0/22
193.88.0.0/15
193.162.32.0/23
193.162.98.0/23
193.162.145.0-193.162.146.255
193.162.152.0/21
193.163.10.0/24
193.163.24.0/22
193.163.158.0-193.163.167.255
194.182.128.0-194.182.151.255
194.182.232.0-194.182.255.255
194.192.0.0/16
194.239.0.0/16
195.41.0.0/16
195.97.128.0/18
195.184.32.0/19
195.215.0.0/16
195.249.0.0/16
212.130.0.0/16
IPv6:
2001:6c8::/29
Signature Algorithm: sha256WithRSAEncryption
76:7d:2b:a9:9e:dd:50:9f:44:a0:0e:61:d6:4e:e0:05:8a:7f:
97:f7:57:ae:9b:6c:48:c6:9c:e4:8f:5d:a7:80:47:1b:05:f9:
30:88:02:4e:13:d1:79:75:4c:b2:22:46:c8:08:b9:de:e6:00:
0c:59:e8:1c:1b:ce:9c:cd:f8:6d:c0:f6:9a:80:a1:0e:af:63:
94:8a:8c:92:43:7b:1b:1b:76:d1:56:d1:e3:66:07:e7:5d:24:
ca:7c:72:f8:fc:be:2b:d2:fb:1a:69:23:02:cf:50:46:35:a0:
22:fb:e9:7d:ad:fe:53:16:42:2e:1e:35:cd:14:44:c8:a8:5c:
26:df:a1:13:9a:87:76:f5:5d:c7:01:02:0f:30:43:a8:5c:64:
f0:27:96:6a:e1:ef:9b:c6:84:d0:a8:b6:3a:5a:89:32:60:ca:
d7:af:dc:11:41:e3:05:78:88:d6:f8:36:27:7b:aa:08:0e:b3:
42:fb:45:81:6d:86:5d:07:49:05:84:c4:91:55:83:5c:67:a4:
9d:4e:9c:c5:30:dc:c4:8b:90:f3:0e:84:76:fe:b2:61:19:b5:
a2:4d:b6:50:20:c9:2c:5c:b9:31:f1:cf:45:eb:cb:68:63:b7:
9f:b7:be:22:ab:c3:a6:00:29:38:cc:57:e9:26:e8:35:98:6c:
6b:5e:37:6c
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIEQUlwDzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygy
ZThiMjRjNzZhZDg3YTZjMWZlZGZmYWYwOGQ5YjE3YjQ1MjQ5OTkxMB4XDTIyMDEw
MTA1NTgzNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoOTlmYWI0MWI4NjIw
NzBmNWMwNmE0M2RjODg2NGRiOWZiN2ZhNDFlZDCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAM2PCj0Vk8DEc7rHNjdLy4jllWKM9ElGvErru3LV64hDa2LP
mob8QO4DFHwOdgqeFzkcgNh9pNQA0s0JPgDzIqwiRGEdM18kckBT+vPwmRbpOajV
dQgRexTkYX7fc5E74B7/6FcVv3XBXr7ZkkSAHP2IeRi0PIHQ7/GVKjR9tOmfURSj
YF0Gk1njqNK8jfIjBaiz73fQqXdSWwaat963ChUgLLdWhUuM0WNZr8EEeaovkifz
Yso3Sd8qMmeNUY7wPx3s899ZJJrHmqp8rp3kipRZdqgPwod9KjDLbUQJM0LBOoIV
KBuAgB/dS27yiWViMuPzzm9z0+/HJyk3n6H8A6sCAwEAAaOCAxIwggMOMB0GA1Ud
DgQWBBSZ+rQbhiBw9cBqQ9yIZNuft/pB7TAfBgNVHSMEGDAWgBQuiyTHath6bB/t
/68I2bF7RSSZkTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0xvc2t4MnJZZW13ZjdmLXZDTm14ZTBVa21aRS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMmUvMDRkMzQ4LTc1YjktNDhkMi1iZTEwLTkxMTkwYTAyZGI3MC8x
L21mcTBHNFlnY1BYQWFrUGNpR1RibjdmNlFlMC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMmUv
MDRkMzQ4LTc1YjktNDhkMi1iZTEwLTkxMTkwYTAyZGI3MC8xL0xvc2t4MnJZZW13
ZjdmLXZDTm14ZTBVa21aRS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCC
ASYGCCsGAQUFBwEHAQH/BIIBFTCCAREwgf8EAgABMIH4AwMDAmgDBAc+h4ADAwE+
8gMDAVA+AwMDUKADAwJQxAMEBFEfUAMDA1NYAwQHVYEAAwMEVzADAwNdoAMEBl2y
gAMEB169AAMDAF+mAwMBgEwDAwKwFAMDA7ywAwQBwQOCMAwDBALBA4wDBADBA44D
BALBA+ADAwHBWAMEAcGiIAMEAcGiYjAMAwQAwaKRAwQAwaKSAwQDwaKYAwQAwaMK
AwQCwaMYMAwDBAHBo54DBAPBo6AwDAMEB8K2gAMEA8K2kDALAwQDwrboAwMAwrYD
AwDCwAMDAMLvAwMAwykDBAbDYYADBAXDuCADAwDD1wMDAMP5AwMA1IIwDQQCAAIw
BwMFAyABBsgwDQYJKoZIhvcNAQELBQADggEBAHZ9K6me3VCfRKAOYdZO4AWKf5f3
V66bbEjGnOSPXaeARxsF+TCIAk4T0Xl1TLIiRsgIud7mAAxZ6BwbzpzN+G3A9pqA
oQ6vY5SKjJJDexsbdtFW0eNmB+ddJMp8cvj8vivS+xppIwLPUEY1oCL76X2t/lMW
Qi4eNc0URMioXCbfoROah3b1XccBAg8wQ6hcZPAnlmrh75vGhNCotjpaiTJgytev
3BFB4wV4iNb4Nid7qggOs0L7RYFthl0HSQWExJFVg1xnpJ1OnMUw3MSLkPMOhHb+
smEZtaJNtlAgySxcuTHxz0Xry2hjt5+3viKrw6YAKTjMV+km6DWYbGteN2w=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:24:00 2024 by rpki-client on console-fra.rpki-client.org