Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/iSQzAn42T6rikV7DxYpoWjCUkA8.roa
File: iSQzAn42T6rikV7DxYpoWjCUkA8.roa (raw, json)
Hash identifier: UDVtj89v2SUZkq1sUnEvzBq/c5ArDBNluTbocufihgw=
Subject key identifier: 89:24:33:02:7E:36:4F:AA:E2:91:5E:C3:C5:8A:68:5A:30:94:90:0F
Certificate issuer: /CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Certificate serial: 01880BF86A2400DF0626618260C50F6C1C1F
Authority key identifier: 74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/iSQzAn42T6rikV7DxYpoWjCUkA8.roa
Signing time: Thu 11 May 2023 18:00:09 +0000
ROA not before: Thu 11 May 2023 18:00:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7018
IP address blocks: 155.193.32.0/19 maxlen: 19
155.193.48.0/21 maxlen: 21
192.6.64.0/22 maxlen: 22
205.149.36.0/22 maxlen: 22
205.149.32.0/22 maxlen: 22
205.149.44.0/22 maxlen: 22
205.149.40.0/22 maxlen: 22
205.149.48.0/22 maxlen: 22
205.149.56.0/22 maxlen: 22
205.149.52.0/22 maxlen: 22
205.149.60.0/22 maxlen: 22
192.6.172.0/22 maxlen: 22
155.193.163.0/24 maxlen: 24
155.193.161.0/24 maxlen: 24
155.193.162.0/24 maxlen: 24
155.193.160.0/24 maxlen: 24
155.193.229.0/24 maxlen: 24
192.6.252.0/22 maxlen: 22
166.108.20.0/24 maxlen: 24
166.108.24.0/24 maxlen: 24
166.108.23.0/24 maxlen: 24
166.108.21.0/24 maxlen: 24
166.108.22.0/24 maxlen: 24
155.193.250.0/24 maxlen: 24
155.193.251.0/24 maxlen: 24
155.193.248.0/24 maxlen: 24
155.193.249.0/24 maxlen: 24
166.108.26.0/24 maxlen: 24
166.108.27.0/24 maxlen: 24
166.108.25.0/24 maxlen: 24
158.120.58.0/24 maxlen: 24
158.120.56.0/24 maxlen: 24
192.25.232.0/22 maxlen: 22
158.120.54.0/24 maxlen: 24
158.120.52.0/24 maxlen: 24
192.137.24.0/22 maxlen: 22
158.120.62.0/24 maxlen: 24
158.120.60.0/24 maxlen: 24
192.25.244.0/22 maxlen: 22
192.25.180.0/22 maxlen: 22
192.25.200.0/22 maxlen: 22
192.25.208.0/22 maxlen: 22
158.120.48.0/24 maxlen: 24
158.120.50.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:0b:f8:6a:24:00:df:06:26:61:82:60:c5:0f:6c:1c:1f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=743e447edb8a5e0e1b1d7f5cdc287c364a5fb0b5
Validity
Not Before: May 11 18:00:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=892433027e364faae2915ec3c58a685a3094900f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:94:75:f0:9f:91:52:1b:c1:15:12:55:ef:2b:ca:
3b:38:94:c7:47:0c:fd:2e:57:81:17:6b:f5:70:c1:
b6:f8:36:64:cc:62:da:9a:26:0b:09:c0:c4:c0:ef:
87:fe:01:71:2a:5e:53:f1:d4:28:48:18:8e:7d:5a:
ea:63:dc:35:ef:47:44:88:8b:db:57:85:59:52:46:
5d:3f:c5:f1:3e:2c:f5:cc:3e:9e:8d:07:ea:01:2e:
cf:bd:41:a8:8f:9c:2a:2e:f5:e8:4a:8b:ba:d6:b5:
81:36:53:35:79:e1:2e:f9:c7:4d:a7:66:fa:39:e3:
a3:28:5b:48:23:29:07:ab:6e:e6:fb:a6:91:0e:b9:
6c:99:88:51:dc:d0:59:d8:40:ce:b3:9d:dc:38:0d:
2a:7e:b1:4b:bd:3b:c8:cc:eb:14:a1:7f:f4:8a:27:
36:ef:6e:3e:d5:15:d4:d3:b5:bf:4c:28:f7:35:60:
0a:59:b0:ee:c7:92:17:56:ed:7b:80:c9:a8:65:52:
df:32:e7:d4:47:83:6f:15:a4:86:32:90:26:08:28:
62:94:b3:44:b0:d2:ee:18:de:bf:cb:3c:2f:1b:43:
2f:9d:ed:24:e6:cb:24:0b:3a:5a:64:d0:68:20:01:
c4:6f:f5:33:51:9a:a3:4d:1e:42:04:4a:60:0d:ea:
b7:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:24:33:02:7E:36:4F:AA:E2:91:5E:C3:C5:8A:68:5A:30:94:90:0F
X509v3 Authority Key Identifier:
keyid:74:3E:44:7E:DB:8A:5E:0E:1B:1D:7F:5C:DC:28:7C:36:4A:5F:B0:B5
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/dD5EftuKXg4bHX9c3Ch8NkpfsLU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/iSQzAn42T6rikV7DxYpoWjCUkA8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/75/a1ae70-7996-4687-a0d7-5e0f4ab809bb/1/dD5EftuKXg4bHX9c3Ch8NkpfsLU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
155.193.32.0/19
155.193.160.0/22
155.193.229.0/24
155.193.248.0/22
158.120.48.0/24
158.120.50.0/24
158.120.52.0/24
158.120.54.0/24
158.120.56.0/24
158.120.58.0/24
158.120.60.0/24
158.120.62.0/24
166.108.20.0-166.108.27.255
192.6.64.0/22
192.6.172.0/22
192.6.252.0/22
192.25.180.0/22
192.25.200.0/22
192.25.208.0/22
192.25.232.0/22
192.25.244.0/22
192.137.24.0/22
205.149.32.0/19
Signature Algorithm: sha256WithRSAEncryption
8a:00:28:a0:86:eb:db:c2:fa:ba:c8:a9:fb:70:af:5d:fc:d7:
39:8a:32:3c:26:53:e6:1d:42:8e:c3:3b:9f:51:a1:cd:a8:44:
a7:d9:e4:d1:ee:50:ca:a6:b9:b8:f0:b5:0a:5b:26:4d:7e:27:
88:9f:7e:1c:fa:a3:b4:36:8e:d7:5e:cf:be:3e:62:6d:cc:fd:
e8:16:54:d3:e7:da:43:78:e0:48:fd:1e:4f:c7:94:47:c8:ca:
12:92:f7:c0:7b:63:af:56:2f:63:b1:42:82:70:74:cf:81:ec:
33:05:fb:a2:08:47:ab:f4:18:14:f5:b8:1f:8f:24:3d:22:97:
76:e9:f6:6b:67:7d:ed:5a:e9:ea:56:ef:bc:9a:ac:7c:a3:33:
cc:dd:17:10:8a:6d:7d:b5:79:61:cc:f3:1a:c4:ad:00:4e:9e:
79:7b:bb:aa:7f:8c:0e:37:41:72:81:b4:4f:2a:9e:33:58:38:
3a:a0:85:7d:9f:48:15:5d:e2:af:71:06:20:1f:be:d5:7f:84:
53:60:5b:73:c1:a3:67:b9:91:ad:cc:2e:9a:e1:3c:b7:12:e0:
0b:2e:c4:61:c0:db:19:56:e5:13:ba:d4:37:e1:14:62:a6:29:
71:64:84:73:fc:7c:17:3b:f7:8c:33:42:6d:8a:fb:49:c6:d8:
fc:82:bb:49
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgISAYgL+GokAN8GJmGCYMUPbBwfMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDc0M2U0NDdlZGI4YTVlMGUxYjFkN2Y1Y2RjMjg3YzM2NGE1
ZmIwYjUwHhcNMjMwNTExMTgwMDA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTI0MzMwMjdlMzY0ZmFhZTI5MTVlYzNjNThhNjg1YTMwOTQ5MDBmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlHXwn5FSG8EVElXvK8o7OJTHRwz9
LleBF2v1cMG2+DZkzGLamiYLCcDEwO+H/gFxKl5T8dQoSBiOfVrqY9w170dEiIvb
V4VZUkZdP8XxPiz1zD6ejQfqAS7PvUGoj5wqLvXoSou61rWBNlM1eeEu+cdNp2b6
OeOjKFtIIykHq27m+6aRDrlsmYhR3NBZ2EDOs53cOA0qfrFLvTvIzOsUoX/0iic2
724+1RXU07W/TCj3NWAKWbDux5IXVu17gMmoZVLfMufUR4NvFaSGMpAmCChilLNE
sNLuGN6/yzwvG0Mvne0k5sskCzpaZNBoIAHEb/UzUZqjTR5CBEpgDeq3tQIDAQAB
o4ICmjCCApYwHQYDVR0OBBYEFIkkMwJ+Nk+q4pFew8WKaFowlJAPMB8GA1UdIwQY
MBaAFHQ+RH7bil4OGx1/XNwofDZKX7C1MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDct
NWUwZjRhYjgwOWJiLzEvaVNRekFuNDJUNnJpa1Y3RHhZcG9XakNVa0E4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83NS9hMWFlNzAtNzk5Ni00Njg3LWEwZDctNWUwZjRhYjgwOWJi
LzEvZEQ1RWZ0dUtYZzRiSFg5YzNDaDhOa3Bmc0xVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGvBggrBgEFBQcBBwEB/wSBnzCBnDCBmQQCAAEwgZIDBAWb
wSADBAKbwaADBACbweUDBAKbwfgDBACeeDADBACeeDIDBACeeDQDBACeeDYDBACe
eDgDBACeeDoDBACeeDwDBACeeD4wDAMEAqZsFAMEAqZsGAMEAsAGQAMEAsAGrAME
AsAG/AMEAsAZtAMEAsAZyAMEAsAZ0AMEAsAZ6AMEAsAZ9AMEAsCJGAMEBc2VIDAN
BgkqhkiG9w0BAQsFAAOCAQEAigAooIbr28L6usip+3CvXfzXOYoyPCZT5h1CjsM7
n1GhzahEp9nk0e5Qyqa5uPC1ClsmTX4niJ9+HPqjtDaO117Pvj5ibcz96BZU0+fa
Q3jgSP0eT8eUR8jKEpL3wHtjr1YvY7FCgnB0z4HsMwX7oghHq/QYFPW4H48kPSKX
dun2a2d97Vrp6lbvvJqsfKMzzN0XEIptfbV5YczzGsStAE6eeXu7qn+MDjdBcoG0
TyqeM1g4OqCFfZ9IFV3ir3EGIB++1X+EU2Bbc8GjZ7mRrcwumuE8txLgCy7EYcDb
GVblE7rUN+EUYqYpcWSEc/x8Fzv3jDNCbYr7ScbY/IK7SQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:35:15 2024 by rpki-client on console-fra.rpki-client.org