Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/av7imkEqw7Y4md6XH-OplQA2qcE.roa
File: av7imkEqw7Y4md6XH-OplQA2qcE.roa (raw, json)
Hash identifier: RbXKLDSfWHVo/bkPSQ8enX0YFhsNn03nIRrWA2HVAX0=
Subject key identifier: 6A:FE:E2:9A:41:2A:C3:B6:38:99:DE:97:1F:E3:A9:95:00:36:A9:C1
Certificate issuer: /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial: 0B3957A5
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/av7imkEqw7Y4md6XH-OplQA2qcE.roa
Signing time: Fri 20 May 2022 11:51:18 +0000
ROA not before: Fri 20 May 2022 11:51:18 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 202505
IP address blocks: 193.31.117.0/24 maxlen: 24
185.225.37.0/24 maxlen: 24
185.225.38.0/24 maxlen: 24
185.225.36.0/24 maxlen: 24
193.31.119.0/24 maxlen: 24
89.43.78.0/24 maxlen: 24
93.114.130.0/24 maxlen: 24
86.104.14.0/24 maxlen: 24
84.54.14.0/24 maxlen: 24
185.81.152.0/24 maxlen: 24
185.81.153.0/24 maxlen: 24
185.81.155.0/24 maxlen: 24
213.226.116.0/24 maxlen: 24
185.81.154.0/24 maxlen: 24
176.98.42.0/24 maxlen: 24
176.98.43.0/24 maxlen: 24
2a06:f7c5::/32 maxlen: 32
2a11:d105::/32 maxlen: 32
2a10:7fc2::/32 maxlen: 32
2a10:7f46::/32 maxlen: 32
2a10:7f45::/32 maxlen: 32
2a06:f7c4::/32 maxlen: 32
2a11:d104::/32 maxlen: 32
2a10:7f44::/32 maxlen: 32
2a10:7fc1::/32 maxlen: 32
2a10:7f47::/32 maxlen: 32
2a11:d107::/32 maxlen: 32
2a10:7fc4::/32 maxlen: 32
2a06:f7c7::/32 maxlen: 32
2a10:7fc0::/32 maxlen: 32
2a10:7fc3::/32 maxlen: 32
2a11:d102::/32 maxlen: 32
2a11:d101::/32 maxlen: 32
2a06:f7c1::/32 maxlen: 32
2a10:7f42::/32 maxlen: 32
2a10:7fc6::/32 maxlen: 32
2a10:7f41::/32 maxlen: 32
2a10:7fc7::/32 maxlen: 32
2a06:f7c2::/32 maxlen: 32
2a10:7f40::/32 maxlen: 32
2a06:f7c3::/32 maxlen: 32
2a10:7fc5::/32 maxlen: 32
2a11:d106::/32 maxlen: 32
2a10:7f43::/32 maxlen: 32
2a06:f7c0::/32 maxlen: 32
2a11:d100::/32 maxlen: 32
2a11:d103::/32 maxlen: 32
2a06:f7c6::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 188307365 (0xb3957a5)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
Validity
Not Before: May 20 11:51:18 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=6afee29a412ac3b63899de971fe3a9950036a9c1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:dc:aa:46:9c:20:af:24:c8:d2:51:48:cd:35:1a:
95:54:9c:01:e7:89:0f:4f:8c:bb:4a:07:51:12:83:
23:95:78:1e:39:be:0c:1f:ec:b3:9c:41:52:64:66:
5e:ad:29:89:81:c1:84:02:fa:7b:c7:13:ed:fd:3d:
17:d6:9b:cf:72:9e:a0:85:6a:80:2b:45:d9:56:5f:
bf:e2:88:f6:40:20:04:fd:98:7d:38:11:3d:1e:64:
f8:14:da:6f:25:15:15:b1:c0:f8:d1:6a:87:7b:1d:
a5:57:c7:4c:31:d5:0f:7c:16:5c:b8:d5:c2:7f:df:
87:db:41:71:dd:4c:d8:50:5e:5e:56:a4:78:e5:05:
2c:4a:5f:18:28:6a:20:8c:6d:37:b5:96:74:02:fc:
91:d6:cf:27:95:0e:13:8d:60:c0:8a:52:a2:d3:76:
32:da:c6:18:3a:02:aa:38:fa:7d:4c:f9:4b:c7:c0:
18:cb:69:ae:35:e5:e9:5c:31:9a:ee:a0:18:92:2d:
a3:e0:5f:75:85:24:09:85:ca:07:10:e3:79:f7:ef:
fb:97:b6:9c:11:20:bc:5a:bb:3d:60:fc:bc:3a:81:
e3:45:35:c8:c6:2e:48:56:56:f4:75:3b:82:27:74:
3b:5b:1c:e0:34:f8:48:dc:ee:41:cf:26:ae:c9:29:
ea:49
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6A:FE:E2:9A:41:2A:C3:B6:38:99:DE:97:1F:E3:A9:95:00:36:A9:C1
X509v3 Authority Key Identifier:
keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/av7imkEqw7Y4md6XH-OplQA2qcE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.54.14.0/24
86.104.14.0/24
89.43.78.0/24
93.114.130.0/24
176.98.42.0/23
185.81.152.0/22
185.225.36.0-185.225.38.255
193.31.117.0/24
193.31.119.0/24
213.226.116.0/24
IPv6:
2a06:f7c0::/29
2a10:7f40::/29
2a10:7fc0::/29
2a11:d100::/29
Signature Algorithm: sha256WithRSAEncryption
64:97:87:a3:bf:61:1a:9c:db:60:c9:35:f8:51:4b:c1:c4:78:
e3:7d:a7:34:80:a1:c5:f2:1a:c5:cf:2d:a4:70:6d:06:82:79:
cd:0b:5f:37:fc:18:d9:b5:e0:50:fc:5c:1d:47:4d:51:05:44:
5c:72:a5:dd:65:24:aa:16:87:78:34:67:7c:58:95:bb:f8:6c:
45:d9:94:6f:84:6c:b3:7a:2f:96:a4:9f:0b:b9:7a:1c:4f:31:
e3:d3:35:e3:f0:96:c2:c1:27:4c:6b:48:ea:9a:6f:b9:93:38:
8c:e3:d1:53:1a:84:56:e4:db:b4:1f:64:10:00:2a:fb:3e:05:
66:6d:ed:f0:ab:b8:79:25:21:20:00:1c:a5:56:ba:bf:90:bd:
a6:14:d7:57:80:c8:7e:bb:b0:c7:8b:35:5d:a3:49:4d:4d:24:
3f:28:30:05:a4:9e:94:da:98:52:95:7b:9a:43:06:7b:88:e5:
26:df:0c:0a:bd:aa:d1:7e:09:89:44:f3:a3:50:3e:ae:3c:ae:
b3:41:6e:04:59:75:03:9d:c9:bb:4e:0b:b0:ad:2f:21:e9:35:
6c:5e:49:85:82:2c:5e:60:4e:b9:78:f8:bf:22:02:fc:d7:fb:
89:aa:a2:fa:3b:6b:9d:8d:51:73:2a:c6:59:6e:82:d2:c9:52:
c9:99:9d:aa
-----BEGIN CERTIFICATE-----
MIIFUjCCBDqgAwIBAgIECzlXpTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyg4
ZGIzNDc3NGIwMTk3OTI4NGZkOWU3NTRmZWE2OGZhM2M2MTc4M2QwMB4XDTIyMDUy
MDExNTExOFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNmFmZWUyOWE0MTJh
YzNiNjM4OTlkZTk3MWZlM2E5OTUwMDM2YTljMTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANyqRpwgryTI0lFIzTUalVScAeeJD0+Mu0oHURKDI5V4Hjm+
DB/ss5xBUmRmXq0piYHBhAL6e8cT7f09F9abz3KeoIVqgCtF2VZfv+KI9kAgBP2Y
fTgRPR5k+BTabyUVFbHA+NFqh3sdpVfHTDHVD3wWXLjVwn/fh9tBcd1M2FBeXlak
eOUFLEpfGChqIIxtN7WWdAL8kdbPJ5UOE41gwIpSotN2MtrGGDoCqjj6fUz5S8fA
GMtprjXl6Vwxmu6gGJIto+BfdYUkCYXKBxDjeffv+5e2nBEgvFq7PWD8vDqB40U1
yMYuSFZW9HU7gid0O1sc4DT4SNzuQc8mrskp6kkCAwEAAaOCAmwwggJoMB0GA1Ud
DgQWBBRq/uKaQSrDtjiZ3pcf46mVADapwTAfBgNVHSMEGDAWgBSNs0d0sBl5KE/Z
51T+po+jxheD0DAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L2piTkhkTEFaZVNoUDJlZFVfcWFQbzhZWGc5QS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvMzcvNzBhOGYxLWQ4ZWItNDJiNS1iZGRiLTYyNjU1MjFmNmRmNy8x
L2F2N2lta0VxdzdZNG1kNlhILU9wbFFBMnFjRS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvMzcv
NzBhOGYxLWQ4ZWItNDJiNS1iZGRiLTYyNjU1MjFmNmRmNy8xL2piTkhkTEFaZVNo
UDJlZFVfcWFQbzhZWGc5QS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
gQYIKwYBBQUHAQcBAf8EcjBwMEoEAgABMEQDBABUNg4DBABWaA4DBABZK04DBABd
coIDBAGwYioDBAK5UZgwDAMEArnhJAMEALnhJgMEAMEfdQMEAMEfdwMEANXidDAi
BAIAAjAcAwUDKgb3wAMFAyoQf0ADBQMqEH/AAwUDKhHRADANBgkqhkiG9w0BAQsF
AAOCAQEAZJeHo79hGpzbYMk1+FFLwcR4432nNIChxfIaxc8tpHBtBoJ5zQtfN/wY
2bXgUPxcHUdNUQVEXHKl3WUkqhaHeDRnfFiVu/hsRdmUb4Rss3ovlqSfC7l6HE8x
49M14/CWwsEnTGtI6ppvuZM4jOPRUxqEVuTbtB9kEAAq+z4FZm3t8Ku4eSUhIAAc
pVa6v5C9phTXV4DIfruwx4s1XaNJTU0kPygwBaSelNqYUpV7mkMGe4jlJt8MCr2q
0X4JiUTzo1A+rjyus0FuBFl1A53Ju04LsK0vIek1bF5JhYIsXmBOuXj4vyIC/Nf7
iaqi+jtrnY1RcyrGWW6C0slSyZmdqg==
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:23:44 2025 by rpki-client