Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/INvWUgDrVYDF29NkVl1NVszOfyA.roa
File: INvWUgDrVYDF29NkVl1NVszOfyA.roa (raw, json)
Hash identifier: HddW1xOAuVTrEjhnTMXDOUEuWhQQnRd0gTGlXqcP1bM=
Subject key identifier: 20:DB:D6:52:00:EB:55:80:C5:DB:D3:64:56:5D:4D:56:CC:CE:7F:20
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 018AD644CB40258CCC2E508A680D80A27D90
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/INvWUgDrVYDF29NkVl1NVszOfyA.roa
Signing time: Wed 27 Sep 2023 10:52:27 +0000
ROA not before: Wed 27 Sep 2023 10:52:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8851
IP address blocks: 89.213.64.0/18 maxlen: 24
37.252.24.0/21 maxlen: 24
80.240.80.0/20 maxlen: 20
77.107.64.0/18 maxlen: 24
213.210.0.0/18 maxlen: 24
85.159.128.0/21 maxlen: 24
212.38.64.0/19 maxlen: 24
37.98.144.0/22 maxlen: 24
37.98.144.0/21 maxlen: 24
109.176.0.0/16 maxlen: 16
89.213.48.0/20 maxlen: 24
89.213.192.0/25 maxlen: 25
89.213.192.0/18 maxlen: 24
213.218.208.0/20 maxlen: 24
89.31.232.0/21 maxlen: 24
185.20.34.0/24 maxlen: 24
185.20.35.0/24 maxlen: 24
79.99.72.0/21 maxlen: 24
185.20.32.0/22 maxlen: 24
213.218.224.0/19 maxlen: 24
81.168.0.0/17 maxlen: 17
82.163.0.0/19 maxlen: 24
217.144.144.0/20 maxlen: 24
217.145.64.0/20 maxlen: 24
185.24.84.0/22 maxlen: 24
194.105.64.0/19 maxlen: 24
213.130.128.0/19 maxlen: 24
82.152.0.0/16 maxlen: 16
81.5.128.0/18 maxlen: 18
82.152.0.0/15 maxlen: 15
195.128.138.0/24 maxlen: 24
213.152.32.0/19 maxlen: 19
2a02:21f8::/32 maxlen: 32
2a00:c60::/32 maxlen: 32
2001:1a90::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:d6:44:cb:40:25:8c:cc:2e:50:8a:68:0d:80:a2:7d:90
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Sep 27 10:52:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=20dbd65200eb5580c5dbd364565d4d56ccce7f20
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:a3:d8:ce:3b:12:5c:cc:c7:98:4b:e4:c5:52:
dd:46:33:71:46:7e:94:35:d8:29:24:84:36:cc:4d:
e6:3b:13:36:18:1f:cb:07:4a:10:ac:b9:3c:8c:29:
3f:df:60:5a:55:95:68:e2:cc:78:ec:e7:f3:70:e8:
44:c4:97:20:8e:6d:a6:d4:4d:b6:a5:26:0a:d5:b5:
8b:89:ec:bd:5b:51:78:6a:25:ac:a7:38:44:b5:2d:
96:e2:62:3b:b3:3d:5d:bd:da:73:5c:30:7f:01:1e:
2a:aa:a0:b7:14:13:5d:c0:13:14:19:19:3c:e0:d6:
63:52:6d:f2:60:a0:29:96:40:4c:18:49:ec:34:68:
4e:fc:07:1a:3e:5a:11:5a:74:15:3b:d3:1b:18:a0:
09:fd:29:9f:2a:2e:09:1f:c7:4c:64:8e:8a:36:6e:
55:1e:1c:7d:65:33:70:a9:c7:30:9a:b7:c1:53:7f:
b0:aa:30:30:30:82:b7:26:32:3d:64:4d:57:24:67:
99:c6:c2:da:56:10:65:e5:7e:e8:12:06:81:a7:af:
2a:8a:1e:0b:64:bb:cf:44:94:92:06:7f:96:e9:c7:
8b:c6:e6:d7:77:78:dd:e0:2a:15:cf:01:bf:6f:f3:
ce:86:1a:e2:fc:ba:8e:51:38:58:83:29:30:45:97:
b7:1b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:DB:D6:52:00:EB:55:80:C5:DB:D3:64:56:5D:4D:56:CC:CE:7F:20
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/INvWUgDrVYDF29NkVl1NVszOfyA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.98.144.0/21
37.252.24.0/21
77.107.64.0/18
79.99.72.0/21
80.240.80.0/20
81.5.128.0/18
81.168.0.0/17
82.152.0.0/15
82.163.0.0/19
85.159.128.0/21
89.31.232.0/21
89.213.48.0-89.213.127.255
89.213.192.0/18
109.176.0.0/16
185.20.32.0/22
185.24.84.0/22
194.105.64.0/19
195.128.138.0/24
212.38.64.0/19
213.130.128.0/19
213.152.32.0/19
213.210.0.0/18
213.218.208.0-213.218.255.255
217.144.144.0/20
217.145.64.0/20
IPv6:
2001:1a90::/32
2a00:c60::/32
2a02:21f8::/32
Signature Algorithm: sha256WithRSAEncryption
41:79:01:c6:ce:06:cd:42:21:9c:10:d2:a0:08:54:19:dc:71:
34:8c:00:58:c1:06:cf:42:d8:26:df:26:de:c2:c3:6b:53:39:
2c:3e:81:d2:a0:c4:8f:9d:02:8e:1b:f7:23:0d:79:86:4e:6d:
11:3f:ca:17:b0:f9:8a:de:9b:e1:04:c4:60:1c:92:89:75:5e:
d3:f0:66:c5:ca:7a:ae:10:eb:2d:7d:c9:df:3f:26:f7:85:89:
75:f4:5d:37:29:00:78:60:bb:11:b6:f0:92:78:e8:88:b3:0b:
2c:82:2d:e7:98:12:0c:5f:e2:ff:1d:ac:3e:99:46:93:ab:87:
71:dc:f8:66:98:11:f9:db:51:da:51:2a:a6:ae:9f:31:31:67:
d1:a4:61:6f:82:aa:e4:1a:12:8a:32:6b:13:49:09:d5:7f:c6:
b6:fe:78:4b:32:c9:79:c3:a8:60:bb:43:40:47:b8:6d:b3:3d:
13:1b:ea:bd:51:d9:77:46:05:83:01:6d:3d:2a:dc:97:f1:50:
8a:ae:4d:d3:d9:45:9d:4e:96:e8:96:c1:88:e1:7d:f8:ad:7c:
22:39:d9:d1:24:b4:01:0a:42:77:06:37:10:0f:d1:33:47:74:
62:7c:4f:4f:33:22:ed:57:a3:42:77:1e:c6:e5:e1:e8:e4:83:
6b:e5:af:12
-----BEGIN CERTIFICATE-----
MIIFvDCCBKSgAwIBAgISAYrWRMtAJYzMLlCKaA2Aon2QMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwOTI3MTA1MjI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGRiZDY1MjAwZWI1NTgwYzVkYmQzNjQ1NjVkNGQ1NmNjY2U3ZjIwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnaPYzjsSXMzHmEvkxVLdRjNxRn6U
NdgpJIQ2zE3mOxM2GB/LB0oQrLk8jCk/32BaVZVo4sx47OfzcOhExJcgjm2m1E22
pSYK1bWLiey9W1F4aiWspzhEtS2W4mI7sz1dvdpzXDB/AR4qqqC3FBNdwBMUGRk8
4NZjUm3yYKAplkBMGEnsNGhO/AcaPloRWnQVO9MbGKAJ/SmfKi4JH8dMZI6KNm5V
Hhx9ZTNwqccwmrfBU3+wqjAwMIK3JjI9ZE1XJGeZxsLaVhBl5X7oEgaBp68qih4L
ZLvPRJSSBn+W6ceLxubXd3jd4CoVzwG/b/POhhri/LqOUThYgykwRZe3GwIDAQAB
o4ICyDCCAsQwHQYDVR0OBBYEFCDb1lIA61WAxdvTZFZdTVbMzn8gMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvSU52V1VnRHJWWURGMjlOa1ZsMU5Wc3pPZnlBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHdBggrBgEFBQcBBwEB/wSBzTCByjCBqgQCAAEwgaMDBAMl
YpADBAMl/BgDBAZNa0ADBANPY0gDBARQ8FADBAZRBYADBAdRqAADAwFSmAMEBVKj
AAMEA1WfgAMEA1kf6DAMAwQEWdUwAwQHWdUAAwQGWdXAAwMAbbADBAK5FCADBAK5
GFQDBAXCaUADBADDgIoDBAXUJkADBAXVgoADBAXVmCADBAbV0gAwCwMEBNXa0AMD
ANXaAwQE2ZCQAwQE2ZFAMBsEAgACMBUDBQAgARqQAwUAKgAMYAMFACoCIfgwDQYJ
KoZIhvcNAQELBQADggEBAEF5AcbOBs1CIZwQ0qAIVBnccTSMAFjBBs9C2CbfJt7C
w2tTOSw+gdKgxI+dAo4b9yMNeYZObRE/yhew+Yrem+EExGAckol1XtPwZsXKeq4Q
6y19yd8/JveFiXX0XTcpAHhguxG28JJ46IizCyyCLeeYEgxf4v8drD6ZRpOrh3Hc
+GaYEfnbUdpRKqaunzExZ9GkYW+CquQaEooyaxNJCdV/xrb+eEsyyXnDqGC7Q0BH
uG2zPRMb6r1R2XdGBYMBbT0q3JfxUIquTdPZRZ1OluiWwYjhffitfCI52dEktAEK
QncGNxAP0TNHdGJ8T08zIu1Xo0J3Hsbl4ejkg2vlrxI=
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:09:19 2025 by rpki-client