Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/l0-e7TmsynZadLVI6NatQ9ZipyA.roa
File: l0-e7TmsynZadLVI6NatQ9ZipyA.roa (raw, json)
Hash identifier: s2XC8jBmxA5ShKHZPiNC5S1L5UE7kdPagR6e6TzMZAg=
Subject key identifier: 97:4F:9E:ED:39:AC:CA:76:5A:74:B5:48:E8:D6:AD:43:D6:62:A7:20
Certificate issuer: /CN=8db34774b01979284fd9e754fea68fa3c61783d0
Certificate serial: 0186B6CD01886B605DB4284794B2A2888624
Authority key identifier: 8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/l0-e7TmsynZadLVI6NatQ9ZipyA.roa
Signing time: Mon 06 Mar 2023 12:02:13 +0000
ROA not before: Mon 06 Mar 2023 12:02:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 202505
IP address blocks: 89.43.78.0/24 maxlen: 24
86.104.14.0/24 maxlen: 24
193.31.118.0/24 maxlen: 24
193.31.117.0/24 maxlen: 24
193.31.119.0/24 maxlen: 24
84.54.14.0/24 maxlen: 24
185.81.152.0/24 maxlen: 24
185.81.153.0/24 maxlen: 24
185.81.155.0/24 maxlen: 24
185.81.154.0/24 maxlen: 24
176.98.42.0/24 maxlen: 24
176.98.43.0/24 maxlen: 24
2a06:f7c5::/32 maxlen: 32
2a05:88c5::/32 maxlen: 32
2a10:7f46::/32 maxlen: 32
2a10:7f45::/32 maxlen: 32
2a10:3302::/32 maxlen: 32
2a05:88c4::/32 maxlen: 32
2a06:f7c4::/32 maxlen: 32
2a10:3301::/32 maxlen: 32
2a10:7f44::/32 maxlen: 32
2a10:7f47::/32 maxlen: 32
2a06:f7c7::/32 maxlen: 32
2a05:88c7::/32 maxlen: 32
2a10:3303::/32 maxlen: 32
2a10:3300::/32 maxlen: 32
2a11:d102::/32 maxlen: 32
2a11:d101::/32 maxlen: 32
2a10:3304::/32 maxlen: 32
2a10:3307::/32 maxlen: 32
2a10:7f40::/32 maxlen: 32
2a06:f7c3::/32 maxlen: 32
2a05:88c6::/32 maxlen: 32
2a10:7fc5::/32 maxlen: 32
2a10:7f43::/32 maxlen: 32
2a06:f7c0::/32 maxlen: 32
2a05:88c0::/32 maxlen: 32
2a05:88c3::/32 maxlen: 32
2a06:f7c6::/32 maxlen: 32
2a11:d105::/32 maxlen: 32
2a10:7fc2::/32 maxlen: 32
2a11:d104::/32 maxlen: 32
2a10:7fc1::/32 maxlen: 32
2a11:d107::/32 maxlen: 32
2a10:7fc4::/32 maxlen: 32
2a10:7fc0::/32 maxlen: 32
2a10:7fc3::/32 maxlen: 32
2a10:3306::/32 maxlen: 32
2a05:88c1::/32 maxlen: 32
2a10:3305::/32 maxlen: 32
2a06:f7c1::/32 maxlen: 32
2a10:7f42::/32 maxlen: 32
2a10:7fc6::/32 maxlen: 32
2a10:7f41::/32 maxlen: 32
2a10:7fc7::/32 maxlen: 32
2a06:f7c2::/32 maxlen: 32
2a05:88c2::/32 maxlen: 32
2a11:d106::/32 maxlen: 32
2a11:d100::/32 maxlen: 32
2a11:d103::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:b6:cd:01:88:6b:60:5d:b4:28:47:94:b2:a2:88:86:24
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8db34774b01979284fd9e754fea68fa3c61783d0
Validity
Not Before: Mar 6 12:02:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=974f9eed39acca765a74b548e8d6ad43d662a720
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:06:7e:76:cb:8c:0a:4f:73:53:f5:91:e1:13:
92:92:3d:ed:4c:3b:cd:8b:29:cc:62:a2:24:1a:f2:
cc:dd:01:22:76:e2:06:30:40:44:21:ef:cb:32:e6:
5c:dd:8e:3a:de:e1:37:08:77:7b:df:df:6b:b7:84:
4b:54:b7:45:22:29:b2:b5:5d:54:89:44:f0:31:7a:
5d:eb:fd:e3:78:b7:58:2d:4e:2c:2d:28:c7:df:c7:
2f:ee:d1:69:6c:8a:4d:79:2b:6a:c7:86:20:1e:8c:
be:53:5b:dd:c8:d7:11:29:52:dd:33:95:5a:94:29:
38:47:4d:17:c1:39:da:16:be:7a:34:b5:1e:09:77:
ef:b5:03:0a:9a:cf:85:37:e8:d0:86:77:ea:82:67:
a9:60:49:27:f2:54:11:94:06:2d:28:b3:41:9b:fe:
f8:0b:c1:4d:36:d0:67:9c:3e:30:f0:38:04:63:d7:
ac:3f:77:05:77:7b:e0:a7:e4:e4:5b:a9:ac:51:d3:
86:f1:81:d3:c4:8c:b3:3f:f1:f3:3b:9e:1a:01:cf:
93:5e:05:c3:7c:4f:eb:85:9f:f7:16:c5:da:f6:19:
63:b0:7a:12:80:b8:0f:5e:00:34:af:56:a4:8c:b8:
9f:fe:68:09:89:2a:00:df:14:9a:d1:c3:0c:e7:b7:
b5:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
97:4F:9E:ED:39:AC:CA:76:5A:74:B5:48:E8:D6:AD:43:D6:62:A7:20
X509v3 Authority Key Identifier:
keyid:8D:B3:47:74:B0:19:79:28:4F:D9:E7:54:FE:A6:8F:A3:C6:17:83:D0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/jbNHdLAZeShP2edU_qaPo8YXg9A.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/l0-e7TmsynZadLVI6NatQ9ZipyA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/37/70a8f1-d8eb-42b5-bddb-6265521f6df7/1/jbNHdLAZeShP2edU_qaPo8YXg9A.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.54.14.0/24
86.104.14.0/24
89.43.78.0/24
176.98.42.0/23
185.81.152.0/22
193.31.117.0-193.31.119.255
IPv6:
2a05:88c0::/29
2a06:f7c0::/29
2a10:3300::/29
2a10:7f40::/29
2a10:7fc0::/29
2a11:d100::/29
Signature Algorithm: sha256WithRSAEncryption
80:90:d1:20:2e:eb:1f:66:57:65:50:6f:24:6a:1a:c0:b2:ad:
e7:3d:70:93:dd:1f:e0:1d:a4:83:6e:27:6c:96:a1:4d:3a:34:
97:84:87:49:23:58:74:ad:6d:b6:7a:33:1c:ec:e9:96:94:51:
ea:65:de:f4:04:23:ec:86:53:5b:14:4c:24:05:34:16:f6:59:
38:aa:5b:a9:5a:4e:92:a4:ac:91:33:32:14:df:b7:7e:c9:78:
5d:58:cd:9b:9b:34:ee:32:5f:21:c5:79:d6:09:7b:9c:71:a4:
81:e3:90:2b:8e:14:3c:c6:55:5f:7c:f9:78:5d:52:6a:8c:8f:
4e:a8:c5:a3:16:fd:1f:e4:f7:6d:30:71:b0:d7:0e:bb:44:4e:
fe:96:03:ec:98:95:f7:11:f9:84:42:e6:f9:7f:ee:ad:9b:08:
bf:d5:e2:24:a5:16:df:2c:f5:94:9f:e9:bb:95:18:99:c6:d5:
49:3f:7d:39:b0:65:15:ab:52:bf:19:4b:a4:ab:3b:26:d7:cc:
51:7a:4d:9a:60:e7:5f:7f:72:55:2e:0a:b3:9c:47:5d:e8:d6:
8f:c9:2b:de:39:7c:50:7d:92:53:93:c7:23:b8:f4:43:67:fd:
f9:36:59:95:0f:82:1c:66:6f:26:3f:8a:50:89:16:27:70:c3:
60:c2:0c:77
-----BEGIN CERTIFICATE-----
MIIFVTCCBD2gAwIBAgISAYa2zQGIa2BdtChHlLKiiIYkMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhkYjM0Nzc0YjAxOTc5Mjg0ZmQ5ZTc1NGZlYTY4ZmEzYzYx
NzgzZDAwHhcNMjMwMzA2MTIwMjEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NzRmOWVlZDM5YWNjYTc2NWE3NGI1NDhlOGQ2YWQ0M2Q2NjJhNzIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAZ+dsuMCk9zU/WR4ROSkj3tTDvN
iynMYqIkGvLM3QEiduIGMEBEIe/LMuZc3Y463uE3CHd7399rt4RLVLdFIimytV1U
iUTwMXpd6/3jeLdYLU4sLSjH38cv7tFpbIpNeStqx4YgHoy+U1vdyNcRKVLdM5Va
lCk4R00XwTnaFr56NLUeCXfvtQMKms+FN+jQhnfqgmepYEkn8lQRlAYtKLNBm/74
C8FNNtBnnD4w8DgEY9esP3cFd3vgp+TkW6msUdOG8YHTxIyzP/HzO54aAc+TXgXD
fE/rhZ/3FsXa9hljsHoSgLgPXgA0r1akjLif/mgJiSoA3xSa0cMM57e19wIDAQAB
o4ICYTCCAl0wHQYDVR0OBBYEFJdPnu05rMp2WnS1SOjWrUPWYqcgMB8GA1UdIwQY
MBaAFI2zR3SwGXkoT9nnVP6mj6PGF4PQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGIt
NjI2NTUyMWY2ZGY3LzEvbDAtZTdUbXN5blphZExWSTZOYXRROVppcHlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zNy83MGE4ZjEtZDhlYi00MmI1LWJkZGItNjI2NTUyMWY2ZGY3
LzEvamJOSGRMQVplU2hQMmVkVV9xYVBvOFlYZzlBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHcGCCsGAQUFBwEHAQH/BGgwZjAyBAIAATAsAwQAVDYOAwQA
VmgOAwQAWStOAwQBsGIqAwQCuVGYMAwDBADBH3UDBAPBH3AwMAQCAAIwKgMFAyoF
iMADBQMqBvfAAwUDKhAzAAMFAyoQf0ADBQMqEH/AAwUDKhHRADANBgkqhkiG9w0B
AQsFAAOCAQEAgJDRIC7rH2ZXZVBvJGoawLKt5z1wk90f4B2kg24nbJahTTo0l4SH
SSNYdK1ttnozHOzplpRR6mXe9AQj7IZTWxRMJAU0FvZZOKpbqVpOkqSskTMyFN+3
fsl4XVjNm5s07jJfIcV51gl7nHGkgeOQK44UPMZVX3z5eF1SaoyPTqjFoxb9H+T3
bTBxsNcOu0RO/pYD7JiV9xH5hELm+X/urZsIv9XiJKUW3yz1lJ/pu5UYmcbVST99
ObBlFatSvxlLpKs7JtfMUXpNmmDnX39yVS4Ks5xHXejWj8kr3jl8UH2SU5PHI7j0
Q2f9+TZZlQ+CHGZvJj+KUIkWJ3DDYMIMdw==
-----END CERTIFICATE-----
Generated at Thu Apr 17 22:38:46 2025 by rpki-client