Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/AK4aAkPVjbIlvVt6h39v2TxcaYk.roa
File: AK4aAkPVjbIlvVt6h39v2TxcaYk.roa (raw, json)
Hash identifier: tis00pKtNWwI6qhTKIw8yt4B077WXUJX54aiPraN9Xo=
Subject key identifier: 00:AE:1A:02:43:D5:8D:B2:25:BD:5B:7A:87:7F:6F:D9:3C:5C:69:89
Certificate issuer: /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial: 018A2E1198F3BD1E8B069CE576D419E679D0
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/AK4aAkPVjbIlvVt6h39v2TxcaYk.roa
Signing time: Fri 25 Aug 2023 19:00:19 +0000
ROA not before: Fri 25 Aug 2023 19:00:19 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7018
IP address blocks: 192.6.64.0/22 maxlen: 22
198.151.94.0/24 maxlen: 24
198.151.92.0/24 maxlen: 24
192.6.172.0/22 maxlen: 22
198.151.64.0/24 maxlen: 24
198.151.66.0/24 maxlen: 24
198.151.70.0/24 maxlen: 24
198.151.68.0/24 maxlen: 24
198.151.78.0/24 maxlen: 24
198.151.76.0/24 maxlen: 24
198.151.74.0/24 maxlen: 24
198.151.72.0/24 maxlen: 24
198.151.84.0/24 maxlen: 24
198.151.82.0/24 maxlen: 24
198.151.80.0/24 maxlen: 24
198.151.90.0/24 maxlen: 24
198.151.88.0/24 maxlen: 24
198.151.86.0/24 maxlen: 24
158.120.58.0/24 maxlen: 24
158.120.56.0/24 maxlen: 24
192.25.232.0/22 maxlen: 22
158.120.54.0/24 maxlen: 24
158.120.52.0/24 maxlen: 24
192.137.24.0/22 maxlen: 22
158.120.62.0/24 maxlen: 24
158.120.60.0/24 maxlen: 24
192.25.244.0/22 maxlen: 22
192.25.180.0/22 maxlen: 22
192.25.200.0/22 maxlen: 22
192.25.208.0/22 maxlen: 22
158.120.48.0/24 maxlen: 24
158.120.50.0/24 maxlen: 24
205.149.36.0/22 maxlen: 22
205.149.32.0/22 maxlen: 22
205.149.44.0/22 maxlen: 22
205.149.40.0/22 maxlen: 22
205.149.48.0/22 maxlen: 22
205.149.56.0/22 maxlen: 22
205.149.52.0/22 maxlen: 22
205.149.60.0/22 maxlen: 22
192.6.252.0/22 maxlen: 22
166.108.24.0/24 maxlen: 24
166.108.23.0/24 maxlen: 24
166.108.21.0/24 maxlen: 24
166.108.22.0/24 maxlen: 24
166.108.20.0/24 maxlen: 24
166.108.26.0/24 maxlen: 24
166.108.27.0/24 maxlen: 24
166.108.25.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:2e:11:98:f3:bd:1e:8b:06:9c:e5:76:d4:19:e6:79:d0
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Validity
Not Before: Aug 25 19:00:19 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=00ae1a0243d58db225bd5b7a877f6fd93c5c6989
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:9a:f9:47:46:bc:d7:91:a1:4f:bf:2b:11:95:
e0:c8:03:a2:42:6c:48:cd:a1:75:2f:6d:b3:1f:89:
db:a8:69:7c:ef:aa:e8:10:22:da:52:be:28:a2:17:
50:25:13:67:45:55:2b:95:92:da:0a:f0:9f:95:39:
d8:e2:b7:fb:99:77:6e:b9:8f:bb:1f:4b:fc:14:4f:
0b:8e:cb:99:0b:35:ec:5e:d0:54:ec:2c:69:98:eb:
75:b5:12:1d:31:11:2f:ad:26:51:1a:99:b7:18:f5:
75:48:07:3b:5b:59:92:5c:e1:7c:d1:12:23:e2:2b:
57:a7:33:c3:8a:64:5d:f9:1a:cb:eb:96:c3:28:77:
74:b3:8b:4e:12:95:68:e6:de:70:3d:2e:fb:ab:90:
2f:2e:89:c8:1a:bf:3c:48:3b:cc:e8:83:83:31:7f:
3c:95:59:24:7e:d4:45:de:33:2a:08:a1:7b:fa:f5:
99:fc:3d:c3:4a:1b:9c:7e:4d:07:fb:d1:87:fd:82:
46:48:db:9a:07:82:1f:23:0e:b8:fd:b8:27:89:dc:
8f:d6:07:75:e1:b7:1e:3f:c7:a2:80:c3:7e:e2:7d:
7b:3d:26:6c:27:d0:86:25:7a:89:e6:99:56:b3:41:
90:84:98:82:0a:78:b6:78:97:97:bd:9d:47:c4:73:
0b:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
00:AE:1A:02:43:D5:8D:B2:25:BD:5B:7A:87:7F:6F:D9:3C:5C:69:89
X509v3 Authority Key Identifier:
keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/AK4aAkPVjbIlvVt6h39v2TxcaYk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
158.120.48.0/24
158.120.50.0/24
158.120.52.0/24
158.120.54.0/24
158.120.56.0/24
158.120.58.0/24
158.120.60.0/24
158.120.62.0/24
166.108.20.0-166.108.27.255
192.6.64.0/22
192.6.172.0/22
192.6.252.0/22
192.25.180.0/22
192.25.200.0/22
192.25.208.0/22
192.25.232.0/22
192.25.244.0/22
192.137.24.0/22
198.151.64.0/24
198.151.66.0/24
198.151.68.0/24
198.151.70.0/24
198.151.72.0/24
198.151.74.0/24
198.151.76.0/24
198.151.78.0/24
198.151.80.0/24
198.151.82.0/24
198.151.84.0/24
198.151.86.0/24
198.151.88.0/24
198.151.90.0/24
198.151.92.0/24
198.151.94.0/24
205.149.32.0/19
Signature Algorithm: sha256WithRSAEncryption
44:d2:4d:e3:e4:43:47:52:f5:2b:e4:db:8f:45:2b:81:cc:a6:
ff:40:42:0b:d2:f2:e9:d9:08:1c:c5:12:99:66:54:09:d7:36:
b0:5a:ba:af:5f:e8:76:eb:e8:08:f8:c1:13:c8:f0:fd:ba:40:
d1:2f:bb:fb:8a:a7:af:df:a4:d7:34:f4:6e:c3:c8:f6:09:7c:
8d:f2:c0:6f:a5:fa:20:89:76:f7:1b:32:1c:11:73:e5:86:e0:
a7:cb:42:05:e9:75:9d:8d:0d:6f:11:09:62:85:98:a0:bd:06:
cd:63:50:92:3f:4b:6c:e2:c1:ad:10:1e:70:b2:de:ae:fa:14:
68:27:9d:fd:d9:bd:d2:ef:73:62:94:d4:66:43:b5:92:b4:fa:
2a:1f:8e:b9:4c:16:c5:39:4e:df:6b:fe:50:d2:34:39:25:19:
1a:7e:40:10:fa:39:cf:1a:92:89:6e:63:d1:15:42:a8:f3:11:
d0:77:f2:44:61:f5:e4:f5:a1:ce:ca:b6:70:7c:e8:2c:94:24:
d4:af:0c:95:2d:f0:4d:42:a5:15:2b:8f:5e:59:2c:a0:99:d8:
52:37:70:9e:41:fe:48:2a:b6:b5:3d:2f:1a:0a:93:20:86:e6:
c9:b0:4d:7b:e7:fc:a1:4d:01:dc:a2:23:d7:cb:ed:b5:87:f2:
ca:bb:27:f1
-----BEGIN CERTIFICATE-----
MIIF1jCCBL6gAwIBAgISAYouEZjzvR6LBpzldtQZ5nnQMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjMwODI1MTkwMDE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMGFlMWEwMjQzZDU4ZGIyMjViZDViN2E4NzdmNmZkOTNjNWM2OTg5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgpr5R0a815GhT78rEZXgyAOiQmxI
zaF1L22zH4nbqGl876roECLaUr4oohdQJRNnRVUrlZLaCvCflTnY4rf7mXduuY+7
H0v8FE8LjsuZCzXsXtBU7CxpmOt1tRIdMREvrSZRGpm3GPV1SAc7W1mSXOF80RIj
4itXpzPDimRd+RrL65bDKHd0s4tOEpVo5t5wPS77q5AvLonIGr88SDvM6IODMX88
lVkkftRF3jMqCKF7+vWZ/D3DShucfk0H+9GH/YJGSNuaB4IfIw64/bgnidyP1gd1
4bceP8eigMN+4n17PSZsJ9CGJXqJ5plWs0GQhJiCCni2eJeXvZ1HxHMLwwIDAQAB
o4IC4jCCAt4wHQYDVR0OBBYEFACuGgJD1Y2yJb1beod/b9k8XGmJMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvQUs0YUFrUFZqYklsdlZ0NmgzOXYyVHhjYVlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH3BggrBgEFBQcBBwEB/wSB5zCB5DCB4QQCAAEwgdoDBACe
eDADBACeeDIDBACeeDQDBACeeDYDBACeeDgDBACeeDoDBACeeDwDBACeeD4wDAME
AqZsFAMEAqZsGAMEAsAGQAMEAsAGrAMEAsAG/AMEAsAZtAMEAsAZyAMEAsAZ0AME
AsAZ6AMEAsAZ9AMEAsCJGAMEAMaXQAMEAMaXQgMEAMaXRAMEAMaXRgMEAMaXSAME
AMaXSgMEAMaXTAMEAMaXTgMEAMaXUAMEAMaXUgMEAMaXVAMEAMaXVgMEAMaXWAME
AMaXWgMEAMaXXAMEAMaXXgMEBc2VIDANBgkqhkiG9w0BAQsFAAOCAQEARNJN4+RD
R1L1K+Tbj0Urgcym/0BCC9Ly6dkIHMUSmWZUCdc2sFq6r1/oduvoCPjBE8jw/bpA
0S+7+4qnr9+k1zT0bsPI9gl8jfLAb6X6IIl29xsyHBFz5Ybgp8tCBel1nY0NbxEJ
YoWYoL0GzWNQkj9LbOLBrRAecLLervoUaCed/dm90u9zYpTUZkO1krT6Kh+OuUwW
xTlO32v+UNI0OSUZGn5AEPo5zxqSiW5j0RVCqPMR0HfyRGH15PWhzsq2cHzoLJQk
1K8MlS3wTUKlFSuPXlksoJnYUjdwnkH+SCq2tT0vGgqTIIbmybBNe+f8oU0B3KIj
18vttYfyyrsn8Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:18:17 2024 by rpki-client on console-ams.rpki-client.org