Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/q0oherOJOQWzkKu00_FnHEXTcXw.roa
File: q0oherOJOQWzkKu00_FnHEXTcXw.roa (raw, json)
Hash identifier: WWr1suhq6rSAsHn25yQt5hKqcZdV+kxcsJEeYwYHrz8=
Subject key identifier: AB:4A:21:7A:B3:89:39:05:B3:90:AB:B4:D3:F1:67:1C:45:D3:71:7C
Certificate issuer: /CN=e7fed4e778209c3cae93d4b76d350704462c3aab
Certificate serial: 040DEAB6
Authority key identifier: E7:FE:D4:E7:78:20:9C:3C:AE:93:D4:B7:6D:35:07:04:46:2C:3A:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5_7U53ggnDyuk9S3bTUHBEYsOqs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/q0oherOJOQWzkKu00_FnHEXTcXw.roa
Signing time: Sat 01 Jan 2022 15:55:34 +0000
ROA not before: Sat 01 Jan 2022 15:55:34 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 39501
IP address blocks: 89.33.18.0/23 maxlen: 23
89.43.70.0/23 maxlen: 23
89.46.94.0/23 maxlen: 23
89.43.36.0/23 maxlen: 23
188.158.32.0/19 maxlen: 19
188.158.32.0/20 maxlen: 20
89.36.226.0/23 maxlen: 23
89.33.128.0/23 maxlen: 23
89.40.78.0/23 maxlen: 23
188.158.64.0/19 maxlen: 19
89.40.90.0/23 maxlen: 23
89.36.252.0/23 maxlen: 23
89.43.182.0/23 maxlen: 23
89.165.0.0/18 maxlen: 18
89.43.188.0/23 maxlen: 23
89.165.0.0/17 maxlen: 17
89.165.8.0/21 maxlen: 21
89.43.96.0/21 maxlen: 21
188.158.0.0/19 maxlen: 19
188.158.0.0/18 maxlen: 18
89.36.194.0/23 maxlen: 23
188.158.0.0/16 maxlen: 16
188.158.0.0/15 maxlen: 15
188.158.16.0/20 maxlen: 20
89.40.38.0/23 maxlen: 23
85.204.30.0/23 maxlen: 23
89.35.194.0/23 maxlen: 23
89.45.126.0/23 maxlen: 23
89.42.56.0/23 maxlen: 23
89.35.132.0/23 maxlen: 23
89.42.68.0/23 maxlen: 23
89.36.16.0/23 maxlen: 23
89.32.196.0/23 maxlen: 23
89.46.60.0/23 maxlen: 23
89.42.228.0/23 maxlen: 23
94.177.72.0/21 maxlen: 21
89.42.150.0/23 maxlen: 23
85.204.76.0/23 maxlen: 23
185.46.0.0/22 maxlen: 22
85.204.104.0/23 maxlen: 23
188.159.96.0/19 maxlen: 19
89.34.200.0/23 maxlen: 23
188.159.128.0/19 maxlen: 19
188.159.128.0/18 maxlen: 18
188.159.64.0/19 maxlen: 19
89.44.190.0/23 maxlen: 23
94.176.32.0/21 maxlen: 21
89.38.24.0/23 maxlen: 23
89.45.80.0/23 maxlen: 23
89.41.240.0/21 maxlen: 21
188.159.224.0/19 maxlen: 19
89.38.102.0/23 maxlen: 23
188.159.192.0/19 maxlen: 19
89.165.64.0/18 maxlen: 18
89.33.240.0/23 maxlen: 23
89.165.80.0/21 maxlen: 21
188.158.160.0/21 maxlen: 21
188.158.160.0/20 maxlen: 20
188.158.160.0/19 maxlen: 19
89.165.105.0/24 maxlen: 24
89.37.102.0/23 maxlen: 23
89.34.20.0/23 maxlen: 23
89.165.16.0/21 maxlen: 21
89.40.106.0/23 maxlen: 23
188.158.96.0/21 maxlen: 21
188.158.96.0/20 maxlen: 20
188.158.96.0/19 maxlen: 19
89.165.56.0/21 maxlen: 21
188.158.128.0/18 maxlen: 18
188.158.128.0/19 maxlen: 19
89.41.16.0/21 maxlen: 21
188.159.0.0/18 maxlen: 18
188.159.0.0/19 maxlen: 19
89.41.32.0/23 maxlen: 23
188.159.0.0/16 maxlen: 16
89.37.198.0/23 maxlen: 23
89.41.58.0/23 maxlen: 23
89.37.218.0/23 maxlen: 23
188.159.32.0/19 maxlen: 19
188.158.192.0/19 maxlen: 19
188.158.224.0/19 maxlen: 19
89.41.8.0/21 maxlen: 21
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 68020918 (0x40deab6)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e7fed4e778209c3cae93d4b76d350704462c3aab
Validity
Not Before: Jan 1 15:55:34 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ab4a217ab3893905b390abb4d3f1671c45d3717c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d8:2b:b9:23:53:c3:ac:bd:48:f3:0d:16:b6:7a:
58:5a:de:ef:40:84:f3:a6:6a:f4:77:56:fe:75:cc:
a3:43:2f:b7:d0:26:45:6f:f5:b4:9d:d1:01:a1:48:
ec:95:5a:17:c5:23:2e:ca:37:70:8d:df:70:f9:a2:
2b:18:f5:74:65:82:a6:b9:e9:cc:a8:bb:bc:ae:2c:
a4:97:30:67:58:d5:00:74:bc:be:c0:4d:34:c6:53:
71:a2:53:6a:f3:62:99:3c:95:19:c2:c2:e4:59:15:
8d:c7:1a:9f:27:de:13:ba:57:ec:70:97:99:bb:af:
39:73:3b:50:58:46:9d:94:ae:01:f7:41:15:e8:bb:
77:2b:98:e3:02:0c:e7:50:88:4f:15:17:f6:6d:b6:
49:7e:d9:8f:64:cb:66:1e:f3:2f:f4:eb:86:5a:d4:
a6:31:7f:9e:a9:df:b2:1c:0b:09:22:41:8e:8a:00:
57:e0:37:ec:fa:37:54:7c:0d:6a:bf:13:d9:12:ca:
ff:66:a3:e4:49:57:51:64:e8:90:f8:51:f5:19:08:
5b:e8:8f:cf:82:21:05:78:e5:c1:34:08:a2:a1:66:
22:3b:2e:72:2b:cc:c2:f8:bb:83:3f:15:6b:c1:b9:
e9:d4:c1:dd:d8:cf:35:42:42:94:8a:f8:42:08:d1:
02:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AB:4A:21:7A:B3:89:39:05:B3:90:AB:B4:D3:F1:67:1C:45:D3:71:7C
X509v3 Authority Key Identifier:
keyid:E7:FE:D4:E7:78:20:9C:3C:AE:93:D4:B7:6D:35:07:04:46:2C:3A:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5_7U53ggnDyuk9S3bTUHBEYsOqs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/q0oherOJOQWzkKu00_FnHEXTcXw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/22a3c7-6fe5-49e1-935d-8bb80152ab34/1/5_7U53ggnDyuk9S3bTUHBEYsOqs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
85.204.30.0/23
85.204.76.0/23
85.204.104.0/23
89.32.196.0/23
89.33.18.0/23
89.33.128.0/23
89.33.240.0/23
89.34.20.0/23
89.34.200.0/23
89.35.132.0/23
89.35.194.0/23
89.36.16.0/23
89.36.194.0/23
89.36.226.0/23
89.36.252.0/23
89.37.102.0/23
89.37.198.0/23
89.37.218.0/23
89.38.24.0/23
89.38.102.0/23
89.40.38.0/23
89.40.78.0/23
89.40.90.0/23
89.40.106.0/23
89.41.8.0-89.41.23.255
89.41.32.0/23
89.41.58.0/23
89.41.240.0/21
89.42.56.0/23
89.42.68.0/23
89.42.150.0/23
89.42.228.0/23
89.43.36.0/23
89.43.70.0/23
89.43.96.0/21
89.43.182.0/23
89.43.188.0/23
89.44.190.0/23
89.45.80.0/23
89.45.126.0/23
89.46.60.0/23
89.46.94.0/23
89.165.0.0/17
94.176.32.0/21
94.177.72.0/21
185.46.0.0/22
188.158.0.0/15
Signature Algorithm: sha256WithRSAEncryption
b2:77:91:30:f4:7c:92:09:47:30:35:e7:8a:7b:02:13:56:7f:
db:9b:0a:61:5d:e2:f8:90:9b:36:32:c0:04:8b:0b:79:fe:a6:
e5:92:f7:fb:8d:bd:3c:4b:82:06:65:d0:14:64:81:f1:5f:4f:
af:3e:22:7f:ee:88:2a:30:21:79:c0:ce:37:ea:b6:5f:ed:44:
f9:47:a5:95:96:f6:b8:d9:3c:d3:51:ce:6e:c3:dc:c5:e3:1a:
dc:95:d5:0d:04:51:29:68:51:c8:88:12:46:a7:8d:a4:67:32:
a1:f6:9b:bc:77:ee:8f:8b:e1:f9:75:f1:82:62:2e:5d:6a:d5:
f7:19:41:c6:94:e6:a1:01:30:d9:e3:6d:68:b3:64:ed:0e:b7:
d9:f5:ee:d5:50:99:63:0d:10:8f:2c:af:bb:41:c7:7d:7f:81:
63:31:05:3f:68:6d:59:54:24:d5:c7:40:0e:5d:20:31:71:83:
89:c3:b9:61:85:b7:ce:aa:31:60:b2:a0:c7:fe:ed:df:3c:42:
98:41:d2:ba:42:a8:c3:97:59:e2:54:9b:e7:cf:15:29:48:91:
9d:81:53:1f:4b:26:d8:a3:fb:f8:87:4b:93:c4:83:93:28:73:
8c:ad:f7:fa:f2:bb:8e:e5:45:36:d2:73:b4:29:0d:01:42:b7:
86:41:d7:b6
-----BEGIN CERTIFICATE-----
MIIGFDCCBPygAwIBAgIEBA3qtjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
N2ZlZDRlNzc4MjA5YzNjYWU5M2Q0Yjc2ZDM1MDcwNDQ2MmMzYWFiMB4XDTIyMDEw
MTE1NTUzNFoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoYWI0YTIxN2FiMzg5
MzkwNWIzOTBhYmI0ZDNmMTY3MWM0NWQzNzE3YzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBANgruSNTw6y9SPMNFrZ6WFre70CE86Zq9HdW/nXMo0Mvt9Am
RW/1tJ3RAaFI7JVaF8UjLso3cI3fcPmiKxj1dGWCprnpzKi7vK4spJcwZ1jVAHS8
vsBNNMZTcaJTavNimTyVGcLC5FkVjccanyfeE7pX7HCXmbuvOXM7UFhGnZSuAfdB
Fei7dyuY4wIM51CITxUX9m22SX7Zj2TLZh7zL/TrhlrUpjF/nqnfshwLCSJBjooA
V+A37Po3VHwNar8T2RLK/2aj5ElXUWTokPhR9RkIW+iPz4IhBXjlwTQIoqFmIjsu
civMwvi7gz8Va8G56dTB3djPNUJClIr4QgjRArUCAwEAAaOCAy4wggMqMB0GA1Ud
DgQWBBSrSiF6s4k5BbOQq7TT8WccRdNxfDAfBgNVHSMEGDAWgBTn/tTneCCcPK6T
1LdtNQcERiw6qzAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzVfN1U1M2dnbkR5dWs5UzNiVFVIQkVZc09xcy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvODAvMjJhM2M3LTZmZTUtNDllMS05MzVkLThiYjgwMTUyYWIzNC8x
L3Ewb2hlck9KT1FXemtLdTAwX0ZuSEVYVGNYdy5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvODAv
MjJhM2M3LTZmZTUtNDllMS05MzVkLThiYjgwMTUyYWIzNC8xLzVfN1U1M2dnbkR5
dWs5UzNiVFVIQkVZc09xcy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCC
AUIGCCsGAQUFBwEHAQH/BIIBMTCCAS0wggEpBAIAATCCASEDBAFVzB4DBAFVzEwD
BAFVzGgDBAFZIMQDBAFZIRIDBAFZIYADBAFZIfADBAFZIhQDBAFZIsgDBAFZI4QD
BAFZI8IDBAFZJBADBAFZJMIDBAFZJOIDBAFZJPwDBAFZJWYDBAFZJcYDBAFZJdoD
BAFZJhgDBAFZJmYDBAFZKCYDBAFZKE4DBAFZKFoDBAFZKGowDAMEA1kpCAMEA1kp
EAMEAVkpIAMEAVkpOgMEA1kp8AMEAVkqOAMEAVkqRAMEAVkqlgMEAVkq5AMEAVkr
JAMEAVkrRgMEA1krYAMEAVkrtgMEAVkrvAMEAVksvgMEAVktUAMEAVktfgMEAVku
PAMEAVkuXgMEB1mlAAMEA16wIAMEA16xSAMEArkuAAMDAbyeMA0GCSqGSIb3DQEB
CwUAA4IBAQCyd5Ew9HySCUcwNeeKewITVn/bmwphXeL4kJs2MsAEiwt5/qblkvf7
jb08S4IGZdAUZIHxX0+vPiJ/7ogqMCF5wM436rZf7UT5R6WVlva42TzTUc5uw9zF
4xrcldUNBFEpaFHIiBJGp42kZzKh9pu8d+6Pi+H5dfGCYi5datX3GUHGlOahATDZ
421os2TtDrfZ9e7VUJljDRCPLK+7Qcd9f4FjMQU/aG1ZVCTVx0AOXSAxcYOJw7lh
hbfOqjFgsqDH/u3fPEKYQdK6QqjDl1niVJvnzxUpSJGdgVMfSybYo/v4h0uTxIOT
KHOMrff68ruO5UU20nO0KQ0BQreGQde2
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:36:46 2024 by rpki-client on console-fra.rpki-client.org