Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cUXNBHVQ9ZCAunhjUwfM8LmNyfE.roa
File: cUXNBHVQ9ZCAunhjUwfM8LmNyfE.roa (raw, json)
Hash identifier: dEGI1nVd7053vQwTL3GshzLUCYN6U4AH7zDZqZgEfrI=
Subject key identifier: 71:45:CD:04:75:50:F5:90:80:BA:78:63:53:07:CC:F0:B9:8D:C9:F1
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0188C4F7A6494B3CFED3AB55CE58CE1FD289
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cUXNBHVQ9ZCAunhjUwfM8LmNyfE.roa
Signing time: Fri 16 Jun 2023 16:09:04 +0000
ROA not before: Fri 16 Jun 2023 16:09:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8851
IP address blocks: 89.213.64.0/18 maxlen: 24
37.252.24.0/21 maxlen: 24
80.240.80.0/20 maxlen: 20
77.107.64.0/18 maxlen: 24
213.210.0.0/18 maxlen: 24
85.159.128.0/21 maxlen: 24
212.38.64.0/19 maxlen: 24
37.98.144.0/21 maxlen: 24
37.98.144.0/22 maxlen: 24
109.176.0.0/16 maxlen: 16
89.213.48.0/20 maxlen: 24
213.218.208.0/20 maxlen: 24
89.213.192.0/18 maxlen: 24
89.31.232.0/21 maxlen: 24
79.99.72.0/21 maxlen: 24
185.20.32.0/22 maxlen: 24
185.20.34.0/24 maxlen: 24
185.20.35.0/24 maxlen: 24
213.218.224.0/19 maxlen: 24
81.168.0.0/17 maxlen: 17
82.163.0.0/19 maxlen: 24
217.144.144.0/20 maxlen: 24
217.145.64.0/20 maxlen: 24
185.49.124.0/22 maxlen: 24
185.24.84.0/22 maxlen: 24
89.213.0.0/21 maxlen: 24
213.130.128.0/19 maxlen: 24
194.105.64.0/19 maxlen: 24
81.5.128.0/18 maxlen: 18
82.152.0.0/15 maxlen: 15
195.128.138.0/24 maxlen: 24
213.152.32.0/19 maxlen: 19
2a02:21f8::/32 maxlen: 32
2a00:c60::/32 maxlen: 32
2001:1a90::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:c4:f7:a6:49:4b:3c:fe:d3:ab:55:ce:58:ce:1f:d2:89
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jun 16 16:09:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7145cd047550f59080ba78635307ccf0b98dc9f1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9f:50:46:45:34:54:e9:f7:03:14:87:ad:82:aa:
c0:45:12:67:4e:2a:20:b7:12:29:f3:5a:15:bf:d7:
a4:ea:66:f5:e8:9a:6a:bf:b2:0c:87:89:a1:ad:dc:
86:af:4a:e3:cd:59:d8:a8:24:e7:f6:18:b2:2e:ec:
9f:52:e2:77:c8:12:94:34:55:c4:38:6d:15:32:d0:
e2:61:cc:fb:ff:2a:88:25:be:88:6f:05:b9:3e:78:
81:72:85:f2:56:cb:65:13:82:4d:71:42:90:5a:bc:
7e:d7:e0:99:b0:01:ad:99:5b:17:28:48:13:0a:9f:
5e:56:eb:4f:ae:12:32:1e:06:02:63:7d:6f:16:73:
5f:cd:61:7f:05:e9:09:f2:4f:ba:16:be:b4:5c:66:
80:df:86:04:28:3a:ff:4e:7f:0b:d6:10:77:3f:9b:
54:af:04:56:70:31:88:b6:be:bf:2f:49:d2:08:45:
8f:6e:e9:da:b7:2d:ac:12:bf:c4:31:86:03:82:21:
ab:73:4e:c7:d0:33:a3:f2:4f:d5:72:0d:90:54:45:
6f:f2:d9:6e:42:e3:8e:be:b9:5a:f4:56:08:6f:63:
ea:68:2e:0e:90:da:ba:e7:af:f2:8e:38:eb:34:da:
2f:90:6e:4e:f4:33:05:7e:60:32:dd:75:ae:d4:f8:
9d:f1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
71:45:CD:04:75:50:F5:90:80:BA:78:63:53:07:CC:F0:B9:8D:C9:F1
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/cUXNBHVQ9ZCAunhjUwfM8LmNyfE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.98.144.0/21
37.252.24.0/21
77.107.64.0/18
79.99.72.0/21
80.240.80.0/20
81.5.128.0/18
81.168.0.0/17
82.152.0.0/15
82.163.0.0/19
85.159.128.0/21
89.31.232.0/21
89.213.0.0/21
89.213.48.0-89.213.127.255
89.213.192.0/18
109.176.0.0/16
185.20.32.0/22
185.24.84.0/22
185.49.124.0/22
194.105.64.0/19
195.128.138.0/24
212.38.64.0/19
213.130.128.0/19
213.152.32.0/19
213.210.0.0/18
213.218.208.0-213.218.255.255
217.144.144.0/20
217.145.64.0/20
IPv6:
2001:1a90::/32
2a00:c60::/32
2a02:21f8::/32
Signature Algorithm: sha256WithRSAEncryption
3a:79:4b:67:56:94:a6:ad:99:66:e1:06:11:f4:75:58:1c:e9:
70:64:38:c9:a1:b6:a2:82:12:39:e3:8c:ad:43:83:c4:be:47:
59:4a:d1:87:5c:17:fb:cc:f4:36:26:7c:ca:97:22:c3:5f:a7:
b5:65:dd:57:cb:3a:4b:b9:3b:a7:30:97:59:18:af:e0:a0:dd:
04:e6:1c:e8:35:b4:f6:60:a5:2c:c9:40:b0:40:95:0b:df:97:
00:e6:9c:b8:4e:db:b4:ef:13:f2:8a:c6:2a:35:0d:f3:0b:f7:
bd:dc:3f:19:5b:38:e5:b5:bd:92:ca:b8:e0:38:69:59:74:a5:
8d:d4:e4:7f:34:80:fe:9e:33:4a:c6:a8:1d:49:6b:a6:4b:5d:
33:7f:b7:b6:01:c7:05:fe:19:e9:17:ed:6e:e6:e9:41:cb:83:
6f:4c:a3:29:54:c9:0a:3f:b5:b4:24:ec:3d:0c:e3:87:65:5d:
51:22:74:27:d5:aa:9a:00:75:11:8a:8e:13:60:39:ce:d1:1f:
3e:1e:8a:50:42:4f:94:4b:2d:59:2c:b4:a7:d9:8c:53:d4:50:
10:ff:ab:aa:9b:0a:ec:37:9b:99:7f:c6:bb:32:1c:7d:a8:d9:
bc:ce:61:59:be:c5:e2:f7:84:9b:fa:83:67:a2:04:2a:99:2a:
c2:68:4d:54
-----BEGIN CERTIFICATE-----
MIIFyDCCBLCgAwIBAgISAYjE96ZJSzz+06tVzljOH9KJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNjE2MTYwOTA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MTQ1Y2QwNDc1NTBmNTkwODBiYTc4NjM1MzA3Y2NmMGI5OGRjOWYxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn1BGRTRU6fcDFIetgqrARRJnTiog
txIp81oVv9ek6mb16Jpqv7IMh4mhrdyGr0rjzVnYqCTn9hiyLuyfUuJ3yBKUNFXE
OG0VMtDiYcz7/yqIJb6IbwW5PniBcoXyVstlE4JNcUKQWrx+1+CZsAGtmVsXKEgT
Cp9eVutPrhIyHgYCY31vFnNfzWF/BekJ8k+6Fr60XGaA34YEKDr/Tn8L1hB3P5tU
rwRWcDGItr6/L0nSCEWPbunaty2sEr/EMYYDgiGrc07H0DOj8k/Vcg2QVEVv8tlu
QuOOvrla9FYIb2PqaC4OkNq656/yjjjrNNovkG5O9DMFfmAy3XWu1Pid8QIDAQAB
o4IC1DCCAtAwHQYDVR0OBBYEFHFFzQR1UPWQgLp4Y1MHzPC5jcnxMB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvY1VYTkJIVlE5WkNBdW5oalV3Zk04TG1OeWZFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHpBggrBgEFBQcBBwEB/wSB2TCB1jCBtgQCAAEwga8DBAMl
YpADBAMl/BgDBAZNa0ADBANPY0gDBARQ8FADBAZRBYADBAdRqAADAwFSmAMEBVKj
AAMEA1WfgAMEA1kf6AMEA1nVADAMAwQEWdUwAwQHWdUAAwQGWdXAAwMAbbADBAK5
FCADBAK5GFQDBAK5MXwDBAXCaUADBADDgIoDBAXUJkADBAXVgoADBAXVmCADBAbV
0gAwCwMEBNXa0AMDANXaAwQE2ZCQAwQE2ZFAMBsEAgACMBUDBQAgARqQAwUAKgAM
YAMFACoCIfgwDQYJKoZIhvcNAQELBQADggEBADp5S2dWlKatmWbhBhH0dVgc6XBk
OMmhtqKCEjnjjK1Dg8S+R1lK0YdcF/vM9DYmfMqXIsNfp7Vl3VfLOku5O6cwl1kY
r+Cg3QTmHOg1tPZgpSzJQLBAlQvflwDmnLhO27TvE/KKxio1DfML973cPxlbOOW1
vZLKuOA4aVl0pY3U5H80gP6eM0rGqB1Ja6ZLXTN/t7YBxwX+GekX7W7m6UHLg29M
oylUyQo/tbQk7D0M44dlXVEidCfVqpoAdRGKjhNgOc7RHz4eilBCT5RLLVkstKfZ
jFPUUBD/q6qbCuw3m5l/xrsyHH2o2bzOYVm+xeL3hJv6g2eiBCqZKsJoTVQ=
-----END CERTIFICATE-----
Generated at Thu Mar 13 19:13:26 2025 by rpki-client