Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/3a/dbde8c-a0fc-44d7-993b-2a28416d45b2/1/CQgNfUpOJC8QaLbEtmSpMX-at14.roa
File: CQgNfUpOJC8QaLbEtmSpMX-at14.roa (raw, json)
Hash identifier: WXLsoeSL/T9SPWGWXUbMMxyrWAogu51Dz8EpSX0lwKA=
Subject key identifier: 09:08:0D:7D:4A:4E:24:2F:10:68:B6:C4:B6:64:A9:31:7F:9A:B7:5E
Certificate issuer: /CN=068cc8f57a2b3c2299b1f482b67e15d9de43ad3c
Certificate serial: 018571DAC86CF0F1222F713059E97F5D7B40
Authority key identifier: 06:8C:C8:F5:7A:2B:3C:22:99:B1:F4:82:B6:7E:15:D9:DE:43:AD:3C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/BozI9XorPCKZsfSCtn4V2d5DrTw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/3a/dbde8c-a0fc-44d7-993b-2a28416d45b2/1/CQgNfUpOJC8QaLbEtmSpMX-at14.roa
Signing time: Mon 02 Jan 2023 09:40:41 +0000
ROA not before: Mon 02 Jan 2023 09:40:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 25133
IP address blocks: 92.43.80.0/22 maxlen: 22
91.211.136.0/22 maxlen: 22
185.228.100.0/22 maxlen: 22
45.158.48.0/22 maxlen: 22
185.208.112.0/22 maxlen: 22
176.67.0.0/21 maxlen: 21
176.67.8.0/22 maxlen: 22
176.67.17.0/24 maxlen: 24
176.67.16.0/24 maxlen: 24
176.67.12.0/22 maxlen: 22
176.67.24.0/24 maxlen: 24
176.67.23.0/24 maxlen: 24
176.67.22.0/24 maxlen: 24
176.67.21.0/24 maxlen: 24
176.67.20.0/24 maxlen: 24
176.67.19.0/24 maxlen: 24
176.67.18.0/24 maxlen: 24
176.67.30.0/24 maxlen: 24
176.67.29.0/24 maxlen: 24
176.67.28.0/24 maxlen: 24
176.67.27.0/24 maxlen: 24
176.67.26.0/24 maxlen: 24
176.67.25.0/24 maxlen: 24
109.227.96.0/19 maxlen: 19
185.62.96.0/22 maxlen: 22
185.96.28.0/22 maxlen: 22
185.203.244.0/22 maxlen: 22
194.1.220.0/23 maxlen: 23
78.137.33.0/24 maxlen: 24
78.137.32.0/24 maxlen: 24
78.137.36.0/22 maxlen: 22
78.137.35.0/24 maxlen: 24
78.137.34.0/24 maxlen: 24
78.137.40.0/21 maxlen: 21
78.137.48.0/20 maxlen: 20
46.255.32.0/22 maxlen: 22
46.255.36.0/22 maxlen: 22
185.103.42.0/23 maxlen: 23
185.103.40.0/23 maxlen: 23
193.254.197.0/24 maxlen: 24
193.254.196.0/24 maxlen: 24
78.137.0.0/19 maxlen: 19
217.115.96.0/21 maxlen: 21
217.115.104.0/21 maxlen: 21
193.0.240.0/24 maxlen: 24
92.118.220.0/22 maxlen: 22
91.244.0.0/18 maxlen: 18
212.55.92.0/22 maxlen: 22
152.89.20.0/22 maxlen: 22
37.139.160.0/22 maxlen: 22
37.139.164.0/22 maxlen: 22
109.227.64.0/19 maxlen: 19
37.139.172.0/24 maxlen: 24
37.139.171.0/24 maxlen: 24
37.139.170.0/24 maxlen: 24
37.139.169.0/24 maxlen: 24
37.139.168.0/24 maxlen: 24
37.139.179.0/24 maxlen: 24
37.139.178.0/24 maxlen: 24
37.139.177.0/24 maxlen: 24
195.95.232.0/23 maxlen: 23
37.139.176.0/24 maxlen: 24
37.139.175.0/24 maxlen: 24
37.139.174.0/24 maxlen: 24
37.139.173.0/24 maxlen: 24
37.139.184.0/22 maxlen: 22
37.139.180.0/22 maxlen: 22
37.139.188.0/22 maxlen: 22
185.176.112.0/22 maxlen: 22
185.176.108.0/22 maxlen: 22
185.41.192.0/23 maxlen: 23
45.95.164.0/22 maxlen: 22
212.55.64.0/22 maxlen: 22
185.41.194.0/23 maxlen: 23
212.55.68.0/22 maxlen: 22
212.55.76.0/22 maxlen: 22
212.55.74.0/23 maxlen: 23
212.55.72.0/23 maxlen: 23
212.55.84.0/23 maxlen: 23
212.55.80.0/22 maxlen: 22
185.220.94.0/23 maxlen: 23
212.55.88.0/22 maxlen: 22
212.55.86.0/23 maxlen: 23
185.3.149.0/24 maxlen: 24
185.3.148.0/24 maxlen: 24
185.3.151.0/24 maxlen: 24
185.128.92.0/22 maxlen: 22
83.142.48.0/22 maxlen: 22
213.108.52.0/22 maxlen: 22
178.216.16.0/21 maxlen: 21
2a02:c080::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:da:c8:6c:f0:f1:22:2f:71:30:59:e9:7f:5d:7b:40
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=068cc8f57a2b3c2299b1f482b67e15d9de43ad3c
Validity
Not Before: Jan 2 09:40:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=09080d7d4a4e242f1068b6c4b664a9317f9ab75e
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:81:1f:80:27:64:91:50:be:aa:35:49:cc:df:87:
09:d8:18:c5:3f:64:a3:eb:99:c9:24:43:7f:cf:a3:
4d:0e:3e:54:ae:46:e6:d6:59:f5:94:fa:aa:e5:b2:
47:94:2d:a3:c9:cc:50:b2:f6:7b:df:75:e2:ee:4d:
5a:6f:67:d3:74:71:c5:75:32:79:b6:4f:b8:91:3e:
ae:04:c9:a2:b6:68:81:b4:cb:97:64:96:62:ea:3a:
6b:62:38:c5:07:e6:06:cc:ca:9f:43:04:ba:5f:c2:
21:29:bf:5e:03:3b:7e:a1:bf:78:57:a6:19:9f:a9:
5b:25:06:43:90:24:17:fa:04:db:48:c1:1a:99:e5:
16:4d:01:03:0a:a3:84:4f:fb:b5:27:10:21:d8:5e:
27:33:df:c9:a5:e2:1f:80:bb:e7:81:05:14:4e:71:
da:49:12:ac:7d:a6:d8:46:eb:ec:fe:9b:4c:88:f9:
6a:1a:2e:3e:d0:0f:bd:d8:e7:2f:ad:6f:80:76:16:
40:4f:d0:0e:f6:2f:90:ef:3e:b3:e8:5e:02:a2:3a:
80:f3:d4:59:84:2d:49:e1:d2:fa:db:07:40:54:21:
b7:80:7f:af:a3:d7:ad:32:3d:d5:8b:9f:82:88:ff:
95:0e:33:84:4c:70:6e:23:09:5d:49:2f:b6:5d:d0:
a3:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
09:08:0D:7D:4A:4E:24:2F:10:68:B6:C4:B6:64:A9:31:7F:9A:B7:5E
X509v3 Authority Key Identifier:
keyid:06:8C:C8:F5:7A:2B:3C:22:99:B1:F4:82:B6:7E:15:D9:DE:43:AD:3C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/BozI9XorPCKZsfSCtn4V2d5DrTw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/dbde8c-a0fc-44d7-993b-2a28416d45b2/1/CQgNfUpOJC8QaLbEtmSpMX-at14.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/3a/dbde8c-a0fc-44d7-993b-2a28416d45b2/1/BozI9XorPCKZsfSCtn4V2d5DrTw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.139.160.0/19
45.95.164.0/22
45.158.48.0/22
46.255.32.0/21
78.137.0.0/18
83.142.48.0/22
91.211.136.0/22
91.244.0.0/18
92.43.80.0/22
92.118.220.0/22
109.227.64.0/18
152.89.20.0/22
176.67.0.0-176.67.30.255
178.216.16.0/21
185.3.148.0/23
185.3.151.0/24
185.41.192.0/22
185.62.96.0/22
185.96.28.0/22
185.103.40.0/22
185.128.92.0/22
185.176.108.0-185.176.115.255
185.203.244.0/22
185.208.112.0/22
185.220.94.0/23
185.228.100.0/22
193.0.240.0/24
193.254.196.0/23
194.1.220.0/23
195.95.232.0/23
212.55.64.0/19
213.108.52.0/22
217.115.96.0/20
IPv6:
2a02:c080::/29
Signature Algorithm: sha256WithRSAEncryption
04:39:ad:5a:c6:22:78:1b:49:ac:f6:7f:2f:d1:f1:ac:3b:d6:
8d:29:e3:94:5f:aa:14:6c:02:00:19:cd:8e:b1:f3:e5:0e:d5:
33:85:b7:bf:d5:9b:02:cf:92:9b:16:f2:2f:58:81:9b:e5:f9:
da:2f:3d:1a:17:7e:fb:08:19:51:a2:8b:93:76:b4:ce:4a:66:
3f:09:be:4b:d4:7a:54:80:b1:49:40:d5:ec:7e:c6:61:91:24:
79:fc:6c:6b:ed:39:00:41:1c:12:08:35:75:1e:41:10:b5:63:
3b:f3:89:38:b3:dc:28:f1:22:5b:a6:dc:14:6a:f0:05:7f:54:
4c:45:d4:dc:a3:cc:47:f3:8a:b6:a6:e1:eb:01:7c:bb:83:3d:
56:7a:e2:ea:0d:77:7f:38:a3:64:ee:45:64:97:23:32:65:29:
20:f1:a7:16:5b:80:60:be:e5:59:1c:b0:90:59:9e:b8:19:f1:
ff:b0:38:1b:d7:4e:e7:3d:aa:54:58:82:17:f4:02:42:db:2d:
1e:11:c7:0c:6c:29:42:40:fb:71:bd:18:a3:21:92:ad:bf:d5:
b8:49:fd:d4:ac:91:5a:38:2e:9f:8d:1c:0c:f4:e7:d4:f3:cc:
3b:18:a7:60:b9:68:ef:37:eb:4a:3a:67:52:66:75:29:92:51:
b3:a0:c0:a1
-----BEGIN CERTIFICATE-----
MIIF4TCCBMmgAwIBAgISAYVx2shs8PEiL3EwWel/XXtAMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDA2OGNjOGY1N2EyYjNjMjI5OWIxZjQ4MmI2N2UxNWQ5ZGU0
M2FkM2MwHhcNMjMwMTAyMDk0MDQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwOTA4MGQ3ZDRhNGUyNDJmMTA2OGI2YzRiNjY0YTkzMTdmOWFiNzVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgR+AJ2SRUL6qNUnM34cJ2BjFP2Sj
65nJJEN/z6NNDj5Urkbm1ln1lPqq5bJHlC2jycxQsvZ733Xi7k1ab2fTdHHFdTJ5
tk+4kT6uBMmitmiBtMuXZJZi6jprYjjFB+YGzMqfQwS6X8IhKb9eAzt+ob94V6YZ
n6lbJQZDkCQX+gTbSMEameUWTQEDCqOET/u1JxAh2F4nM9/JpeIfgLvngQUUTnHa
SRKsfabYRuvs/ptMiPlqGi4+0A+92OcvrW+AdhZAT9AO9i+Q7z6z6F4CojqA89RZ
hC1J4dL62wdAVCG3gH+vo9etMj3Vi5+CiP+VDjOETHBuIwldSS+2XdCjRwIDAQAB
o4IC7TCCAukwHQYDVR0OBBYEFAkIDX1KTiQvEGi2xLZkqTF/mrdeMB8GA1UdIwQY
MBaAFAaMyPV6KzwimbH0grZ+FdneQ608MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvQm96STlYb3JQQ0tac2ZTQ3RuNFYyZDVEclR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8zYS9kYmRlOGMtYTBmYy00NGQ3LTk5M2It
MmEyODQxNmQ0NWIyLzEvQ1FnTmZVcE9KQzhRYUxiRXRtU3BNWC1hdDE0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8zYS9kYmRlOGMtYTBmYy00NGQ3LTk5M2ItMmEyODQxNmQ0NWIy
LzEvQm96STlYb3JQQ0tac2ZTQ3RuNFYyZDVEclR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBAQYIKwYBBQUHAQcBAf8EgfEwge4wgdwEAgABMIHVAwQF
JYugAwQCLV+kAwQCLZ4wAwQDLv8gAwQGTokAAwQCU44wAwQCW9OIAwQGW/QAAwQC
XCtQAwQCXHbcAwQGbeNAAwQCmFkUMAsDAwCwQwMEALBDHgMEA7LYEAMEAbkDlAME
ALkDlwMEArkpwAMEArk+YAMEArlgHAMEArlnKAMEArmAXDAMAwQCubBsAwQCubBw
AwQCucv0AwQCudBwAwQBudxeAwQCueRkAwQAwQDwAwQBwf7EAwQBwgHcAwQBw1/o
AwQF1DdAAwQC1Ww0AwQE2XNgMA0EAgACMAcDBQMqAsCAMA0GCSqGSIb3DQEBCwUA
A4IBAQAEOa1axiJ4G0ms9n8v0fGsO9aNKeOUX6oUbAIAGc2OsfPlDtUzhbe/1ZsC
z5KbFvIvWIGb5fnaLz0aF377CBlRoouTdrTOSmY/Cb5L1HpUgLFJQNXsfsZhkSR5
/Gxr7TkAQRwSCDV1HkEQtWM784k4s9wo8SJbptwUavAFf1RMRdTco8xH84q2puHr
AXy7gz1WeuLqDXd/OKNk7kVklyMyZSkg8acWW4BgvuVZHLCQWZ64GfH/sDgb107n
PapUWIIX9AJC2y0eEccMbClCQPtxvRijIZKtv9W4Sf3UrJFaOC6fjRwM9OfU88w7
GKdguWjvN+tKOmdSZnUpklGzoMCh
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:03:58 2024 by rpki-client on console-ams.rpki-client.org