Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4LQTOiZ8XCJihRzKLdfGcEuxC1k.roa
File: 4LQTOiZ8XCJihRzKLdfGcEuxC1k.roa (raw, json)
Hash identifier: WBCCdWQsZG7PL7p4Dnxl5z00ZdWKtO0lbWQn1bDaL3w=
Subject key identifier: E0:B4:13:3A:26:7C:5C:22:62:85:1C:CA:2D:D7:C6:70:4B:B1:0B:59
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 01874C0D5441413A55698DC0F75DF1429B08
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4LQTOiZ8XCJihRzKLdfGcEuxC1k.roa
Signing time: Tue 04 Apr 2023 11:35:54 +0000
ROA not before: Tue 04 Apr 2023 11:35:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8851
IP address blocks: 89.213.64.0/18 maxlen: 24
37.252.24.0/21 maxlen: 24
80.240.80.0/20 maxlen: 20
77.107.64.0/18 maxlen: 24
213.210.0.0/18 maxlen: 24
85.159.128.0/21 maxlen: 24
212.38.64.0/19 maxlen: 24
37.98.144.0/21 maxlen: 24
37.98.144.0/22 maxlen: 24
109.176.0.0/16 maxlen: 16
89.213.40.0/21 maxlen: 24
89.213.48.0/20 maxlen: 24
213.218.208.0/20 maxlen: 24
89.31.232.0/21 maxlen: 24
79.99.72.0/21 maxlen: 24
185.20.32.0/22 maxlen: 24
185.20.34.0/24 maxlen: 24
185.20.35.0/24 maxlen: 24
213.218.224.0/19 maxlen: 24
81.168.0.0/17 maxlen: 17
89.213.128.0/17 maxlen: 24
82.163.0.0/19 maxlen: 24
217.144.144.0/20 maxlen: 24
217.145.64.0/20 maxlen: 24
185.49.124.0/22 maxlen: 24
185.24.84.0/22 maxlen: 24
89.213.0.0/21 maxlen: 24
213.130.128.0/19 maxlen: 24
194.105.64.0/19 maxlen: 24
81.5.128.0/18 maxlen: 18
82.152.0.0/15 maxlen: 15
195.128.138.0/24 maxlen: 24
213.152.32.0/19 maxlen: 19
2a02:21f8::/32 maxlen: 32
2a00:c60::/32 maxlen: 32
2001:1a90::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:4c:0d:54:41:41:3a:55:69:8d:c0:f7:5d:f1:42:9b:08
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Apr 4 11:35:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e0b4133a267c5c2262851cca2dd7c6704bb10b59
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a7:9a:81:e2:a7:97:17:8a:a7:ee:d5:22:1e:e0:
3e:fd:50:6e:7f:0e:78:ab:27:c5:67:4f:3a:f9:d5:
d8:c3:11:1b:96:1c:94:e5:27:d6:97:63:57:c3:00:
1e:e0:a9:16:3b:be:cb:9d:89:36:21:b5:0e:6f:f2:
97:a7:4b:ef:5e:79:ff:91:5d:24:60:22:18:4b:f3:
fe:8f:4b:b5:e0:5e:bc:f8:66:ff:1a:4c:8f:fb:41:
0b:a5:4c:94:41:ad:13:06:65:fd:0a:20:46:87:e3:
b1:b9:a3:bd:e8:8f:8a:2f:98:7d:cd:d0:ee:37:cb:
6f:06:47:ec:14:25:04:46:2a:ae:37:c7:d0:af:47:
93:1f:bc:e5:34:b8:40:f8:00:61:9a:b6:52:73:e4:
f8:3d:f4:20:23:7f:43:05:28:c3:92:72:9b:4e:e4:
69:33:88:71:1b:83:1a:b6:75:d0:4f:59:eb:99:08:
b9:66:02:b2:b3:af:ae:e8:2f:f0:f8:dc:f7:67:05:
1c:e4:24:50:40:98:3c:43:51:22:04:49:c3:9b:64:
26:18:61:4a:af:42:9a:fb:a9:1b:67:89:32:83:31:
e8:d6:10:de:a7:ec:2c:d1:94:6e:2c:58:57:64:c3:
9d:4b:0f:1f:2e:e5:15:d6:5a:21:04:24:fc:f5:dd:
07:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E0:B4:13:3A:26:7C:5C:22:62:85:1C:CA:2D:D7:C6:70:4B:B1:0B:59
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/4LQTOiZ8XCJihRzKLdfGcEuxC1k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.98.144.0/21
37.252.24.0/21
77.107.64.0/18
79.99.72.0/21
80.240.80.0/20
81.5.128.0/18
81.168.0.0/17
82.152.0.0/15
82.163.0.0/19
85.159.128.0/21
89.31.232.0/21
89.213.0.0/21
89.213.40.0-89.213.255.255
109.176.0.0/16
185.20.32.0/22
185.24.84.0/22
185.49.124.0/22
194.105.64.0/19
195.128.138.0/24
212.38.64.0/19
213.130.128.0/19
213.152.32.0/19
213.210.0.0/18
213.218.208.0-213.218.255.255
217.144.144.0/20
217.145.64.0/20
IPv6:
2001:1a90::/32
2a00:c60::/32
2a02:21f8::/32
Signature Algorithm: sha256WithRSAEncryption
92:1b:9f:26:2f:34:05:59:06:1d:65:57:15:e0:9c:e9:5f:16:
9e:a4:2a:92:d9:26:51:de:92:6d:e8:ab:3f:6e:90:74:04:aa:
dd:59:b4:ae:4b:af:83:80:bf:50:a2:08:a8:c7:52:17:8f:6d:
8a:20:1b:f5:0a:8c:0c:69:b0:75:3f:5b:81:16:8f:c7:f0:99:
05:fc:f1:f2:9a:ab:53:73:9d:ee:01:39:19:30:74:ea:6b:eb:
0f:53:f8:da:9c:cc:7d:cf:1d:75:c4:19:2d:50:96:f6:ab:91:
e2:8e:83:66:7f:db:c9:e6:aa:3f:6e:1d:8c:bf:0f:77:9f:8f:
7b:77:4d:4d:8b:43:12:42:27:01:c7:af:af:9e:0a:cd:b4:f0:
c1:26:b4:fe:25:a8:df:f2:e6:e9:17:30:7e:cf:48:34:a6:fe:
52:ea:f6:a1:dc:e7:6f:36:29:07:a0:06:e0:b5:fa:e7:cd:67:
2a:bb:9e:04:df:8c:d8:13:6a:96:26:f3:bd:56:81:fc:cb:b1:
7f:91:45:f0:a7:3e:4f:3d:d4:56:63:bc:2e:bb:b4:2c:c5:b6:
2e:48:cd:14:46:d3:0d:30:03:d7:5d:87:2f:19:e1:4c:5f:87:
fa:c2:8d:ba:93:75:10:d3:c2:a7:dd:1b:a6:4b:c8:db:04:26:
fa:8b:8b:2d
-----BEGIN CERTIFICATE-----
MIIFwTCCBKmgAwIBAgISAYdMDVRBQTpVaY3A913xQpsIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNDA0MTEzNTU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMGI0MTMzYTI2N2M1YzIyNjI4NTFjY2EyZGQ3YzY3MDRiYjEwYjU5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAp5qB4qeXF4qn7tUiHuA+/VBufw54
qyfFZ086+dXYwxEblhyU5SfWl2NXwwAe4KkWO77LnYk2IbUOb/KXp0vvXnn/kV0k
YCIYS/P+j0u14F68+Gb/GkyP+0ELpUyUQa0TBmX9CiBGh+OxuaO96I+KL5h9zdDu
N8tvBkfsFCUERiquN8fQr0eTH7zlNLhA+ABhmrZSc+T4PfQgI39DBSjDknKbTuRp
M4hxG4MatnXQT1nrmQi5ZgKys6+u6C/w+Nz3ZwUc5CRQQJg8Q1EiBEnDm2QmGGFK
r0Ka+6kbZ4kygzHo1hDep+ws0ZRuLFhXZMOdSw8fLuUV1lohBCT89d0H7wIDAQAB
o4ICzTCCAskwHQYDVR0OBBYEFOC0EzomfFwiYoUcyi3XxnBLsQtZMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvNExRVE9pWjhYQ0ppaFJ6S0xkZkdjRXV4QzFrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHiBggrBgEFBQcBBwEB/wSB0jCBzzCBrwQCAAEwgagDBAMl
YpADBAMl/BgDBAZNa0ADBANPY0gDBARQ8FADBAZRBYADBAdRqAADAwFSmAMEBVKj
AAMEA1WfgAMEA1kf6AMEA1nVADALAwQDWdUoAwMBWdQDAwBtsAMEArkUIAMEArkY
VAMEArkxfAMEBcJpQAMEAMOAigMEBdQmQAMEBdWCgAMEBdWYIAMEBtXSADALAwQE
1drQAwMA1doDBATZkJADBATZkUAwGwQCAAIwFQMFACABGpADBQAqAAxgAwUAKgIh
+DANBgkqhkiG9w0BAQsFAAOCAQEAkhufJi80BVkGHWVXFeCc6V8WnqQqktkmUd6S
beirP26QdASq3Vm0rkuvg4C/UKIIqMdSF49tiiAb9QqMDGmwdT9bgRaPx/CZBfzx
8pqrU3Od7gE5GTB06mvrD1P42pzMfc8ddcQZLVCW9quR4o6DZn/byeaqP24djL8P
d5+Pe3dNTYtDEkInAcevr54KzbTwwSa0/iWo3/Lm6Rcwfs9INKb+Uur2odznbzYp
B6AG4LX6581nKrueBN+M2BNqlibzvVaB/Muxf5FF8Kc+Tz3UVmO8Lru0LMW2LkjN
FEbTDTAD112HLxnhTF+H+sKNupN1ENPCp90bpkvI2wQm+ouLLQ==
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:23:44 2025 by rpki-client