Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/Z6HUnWOf_1JN04rOqOvPQE_F07Q.roa
File: Z6HUnWOf_1JN04rOqOvPQE_F07Q.roa (raw, json)
Hash identifier: eMJPPoEUo+tfIn8WmVI9BiMRus9RghWJYjPK4CBobX0=
Subject key identifier: 67:A1:D4:9D:63:9F:FF:52:4D:D3:8A:CE:A8:EB:CF:40:4F:C5:D3:B4
Certificate issuer: /CN=f4c0aa7b3e3cbff88262add92b339e35051ce1a0
Certificate serial: 018CC4244A628E5993EC1F7D3BD57F9EE78B
Authority key identifier: F4:C0:AA:7B:3E:3C:BF:F8:82:62:AD:D9:2B:33:9E:35:05:1C:E1:A0
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/9MCqez48v_iCYq3ZKzOeNQUc4aA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/Z6HUnWOf_1JN04rOqOvPQE_F07Q.roa
Signing time: Mon 01 Jan 2024 08:29:21 +0000
ROA not before: Mon 01 Jan 2024 08:29:21 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 47956
IP address blocks: 141.226.144.0/20 maxlen: 24
141.226.144.0/21 maxlen: 21
141.226.152.0/21 maxlen: 21
188.120.128.0/19 maxlen: 24
141.226.160.0/20 maxlen: 24
141.226.160.0/22 maxlen: 22
141.226.160.0/21 maxlen: 21
141.226.168.0/21 maxlen: 21
141.226.176.0/21 maxlen: 24
94.230.80.0/20 maxlen: 24
141.226.0.0/22 maxlen: 22
141.226.0.0/21 maxlen: 21
141.226.0.0/19 maxlen: 24
141.226.4.0/22 maxlen: 22
141.226.8.0/22 maxlen: 22
141.226.8.0/21 maxlen: 21
141.226.12.0/22 maxlen: 22
5.102.192.0/18 maxlen: 24
91.205.152.0/22 maxlen: 24
31.210.176.0/20 maxlen: 24
37.46.32.0/20 maxlen: 24
141.226.32.0/20 maxlen: 24
141.226.48.0/22 maxlen: 24
141.226.52.0/23 maxlen: 24
141.226.54.0/24 maxlen: 24
141.226.56.0/21 maxlen: 24
141.226.64.0/22 maxlen: 24
141.226.68.0/23 maxlen: 24
141.226.70.0/24 maxlen: 24
141.226.72.0/21 maxlen: 24
2a02:ed5::/32 maxlen: 32
2a02:ed0::/29 maxlen: 29
2a02:ed1::/32 maxlen: 32
2a02:ed2::/32 maxlen: 32
2a02:ed3::/32 maxlen: 48
2a02:ed0::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c4:24:4a:62:8e:59:93:ec:1f:7d:3b:d5:7f:9e:e7:8b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=f4c0aa7b3e3cbff88262add92b339e35051ce1a0
Validity
Not Before: Jan 1 08:29:21 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=67a1d49d639fff524dd38acea8ebcf404fc5d3b4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:85:bf:66:d8:2a:4f:4a:83:81:bd:1f:33:ef:0b:
14:62:a0:1c:86:13:31:1a:b4:29:14:97:1e:67:b5:
c1:5b:97:72:ca:c7:20:4b:49:11:45:bf:55:0b:87:
b3:59:42:80:71:42:e0:14:ec:70:64:10:69:c4:dd:
17:82:ad:46:fe:04:ac:38:3a:92:ad:32:74:a7:13:
eb:46:70:34:00:d8:9e:e0:16:23:cf:64:0a:d6:cd:
ac:75:3a:e5:c8:e1:ed:3f:55:f2:6b:98:c9:95:39:
61:14:20:cb:87:1c:85:49:5d:88:6b:5d:53:d6:49:
1c:40:81:28:56:54:ec:67:13:4c:35:a4:d1:7b:8b:
23:d1:ee:11:34:53:f7:96:29:c3:21:31:83:4a:8a:
87:31:26:2f:9a:19:6c:99:a8:ae:cd:99:43:05:4a:
cc:81:9b:54:07:44:10:5a:94:f3:03:70:ca:25:f6:
61:d0:93:d1:c5:b4:74:79:2f:f9:d2:02:1d:80:7a:
f5:6c:f3:ea:ab:ce:99:b6:89:99:73:58:45:ab:27:
36:e8:d8:66:58:39:ef:98:96:80:60:6b:17:10:70:
0a:02:91:2d:a4:3b:39:fd:97:c0:64:68:f5:f7:be:
bc:28:53:85:0f:a0:22:88:9e:e8:06:20:3c:8a:be:
1d:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:A1:D4:9D:63:9F:FF:52:4D:D3:8A:CE:A8:EB:CF:40:4F:C5:D3:B4
X509v3 Authority Key Identifier:
keyid:F4:C0:AA:7B:3E:3C:BF:F8:82:62:AD:D9:2B:33:9E:35:05:1C:E1:A0
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9MCqez48v_iCYq3ZKzOeNQUc4aA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/Z6HUnWOf_1JN04rOqOvPQE_F07Q.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/71/9e2b1a-163b-4854-961a-ea75ddf47b4a/1/9MCqez48v_iCYq3ZKzOeNQUc4aA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.102.192.0/18
31.210.176.0/20
37.46.32.0/20
91.205.152.0/22
94.230.80.0/20
141.226.0.0-141.226.54.255
141.226.56.0-141.226.70.255
141.226.72.0/21
141.226.144.0-141.226.183.255
188.120.128.0/19
IPv6:
2a02:ed0::/29
Signature Algorithm: sha256WithRSAEncryption
1f:52:95:03:2a:cb:97:94:b3:b9:8f:cd:98:87:a7:dc:e6:7d:
19:52:f1:18:16:74:ce:fa:fa:b2:a1:bd:8c:97:19:24:02:15:
db:95:e8:ed:59:9f:d7:a3:56:2d:b7:aa:d3:14:73:58:73:0a:
86:49:3c:11:b3:25:c1:70:2c:87:81:2b:d1:d7:75:d9:80:89:
3c:aa:75:88:06:94:6b:be:48:25:12:58:b3:2d:22:d8:86:81:
27:1c:24:2f:48:c2:92:28:b8:1a:d1:11:8f:e5:3b:b0:7f:e0:
33:ad:b7:e4:23:44:86:58:06:7d:b5:f4:16:9b:eb:1b:fd:6f:
2b:96:57:1f:47:c2:bc:d8:f9:88:b1:ca:17:82:12:37:41:08:
3b:a9:ac:76:b0:90:7c:0e:6a:9d:54:31:46:24:47:e6:48:72:
66:28:37:61:f1:01:78:3c:3f:f9:13:f5:02:5e:e6:70:42:e4:
2c:df:23:8e:62:cc:2e:de:fb:51:5c:77:c1:7d:a5:c0:9e:63:
72:66:07:81:22:ea:e7:c1:75:d2:bf:75:cc:20:a9:ad:b9:83:
73:ca:5c:de:28:c4:b2:e1:a4:0c:ba:fe:12:7c:aa:06:69:ad:
37:94:b9:c0:e6:19:d4:b3:de:db:39:86:e1:8d:b4:9b:67:3c:
e0:9a:e7:d1
-----BEGIN CERTIFICATE-----
MIIFWTCCBEGgAwIBAgISAYzEJEpijlmT7B99O9V/nueLMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY0YzBhYTdiM2UzY2JmZjg4MjYyYWRkOTJiMzM5ZTM1MDUx
Y2UxYTAwHhcNMjQwMTAxMDgyOTIxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2ExZDQ5ZDYzOWZmZjUyNGRkMzhhY2VhOGViY2Y0MDRmYzVkM2I0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhb9m2CpPSoOBvR8z7wsUYqAchhMx
GrQpFJceZ7XBW5dyyscgS0kRRb9VC4ezWUKAcULgFOxwZBBpxN0Xgq1G/gSsODqS
rTJ0pxPrRnA0ANie4BYjz2QK1s2sdTrlyOHtP1Xya5jJlTlhFCDLhxyFSV2Ia11T
1kkcQIEoVlTsZxNMNaTRe4sj0e4RNFP3linDITGDSoqHMSYvmhlsmaiuzZlDBUrM
gZtUB0QQWpTzA3DKJfZh0JPRxbR0eS/50gIdgHr1bPPqq86ZtomZc1hFqyc26Nhm
WDnvmJaAYGsXEHAKApEtpDs5/ZfAZGj19768KFOFD6AiiJ7oBiA8ir4d7wIDAQAB
o4ICZTCCAmEwHQYDVR0OBBYEFGeh1J1jn/9STdOKzqjrz0BPxdO0MB8GA1UdIwQY
MBaAFPTAqns+PL/4gmKt2SsznjUFHOGgMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOU1DcWV6NDh2X2lDWXEzWkt6T2VOUVVjNGFBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83MS85ZTJiMWEtMTYzYi00ODU0LTk2MWEt
ZWE3NWRkZjQ3YjRhLzEvWjZIVW5XT2ZfMUpOMDRyT3FPdlBRRV9GMDdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83MS85ZTJiMWEtMTYzYi00ODU0LTk2MWEtZWE3NWRkZjQ3YjRh
LzEvOU1DcWV6NDh2X2lDWXEzWkt6T2VOUVVjNGFBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHsGCCsGAQUFBwEHAQH/BGwwajBZBAIAATBTAwQGBWbAAwQE
H9KwAwQEJS4gAwQCW82YAwQEXuZQMAsDAwGN4gMEAI3iNjAMAwQDjeI4AwQAjeJG
AwQDjeJIMAwDBASN4pADBAON4rADBAW8eIAwDQQCAAIwBwMFAyoCDtAwDQYJKoZI
hvcNAQELBQADggEBAB9SlQMqy5eUs7mPzZiHp9zmfRlS8RgWdM76+rKhvYyXGSQC
FduV6O1Zn9ejVi23qtMUc1hzCoZJPBGzJcFwLIeBK9HXddmAiTyqdYgGlGu+SCUS
WLMtItiGgSccJC9IwpIouBrREY/lO7B/4DOtt+QjRIZYBn219Bab6xv9byuWVx9H
wrzY+YixyheCEjdBCDuprHawkHwOap1UMUYkR+ZIcmYoN2HxAXg8P/kT9QJe5nBC
5CzfI45izC7e+1Fcd8F9pcCeY3JmB4Ei6ufBddK/dcwgqa25g3PKXN4oxLLhpAy6
/hJ8qgZprTeUucDmGdSz3ts5huGNtJtnPOCa59E=
-----END CERTIFICATE-----
Generated at Tue Apr 22 22:27:20 2025 by rpki-client