Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/17o6GgadFDPOxiT9k3YaWJE96kQ.roa
File: 17o6GgadFDPOxiT9k3YaWJE96kQ.roa (raw, json)
Hash identifier: 7zruzG575695rp8J2bt7TsTFSpN81i/6dGXUvY4kR/k=
Subject key identifier: D7:BA:3A:1A:06:9D:14:33:CE:C6:24:FD:93:76:1A:58:91:3D:EA:44
Certificate issuer: /CN=53b62ace615b906b42ab27f4fb1d203df36d5436
Certificate serial: 01888F34A483D004F7B88830F64EBB932AA1
Authority key identifier: 53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/17o6GgadFDPOxiT9k3YaWJE96kQ.roa
Signing time: Tue 06 Jun 2023 05:36:11 +0000
ROA not before: Tue 06 Jun 2023 05:36:11 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31708
IP address blocks: 109.70.136.0/21 maxlen: 21
109.70.143.0/24 maxlen: 24
109.70.141.0/24 maxlen: 24
193.26.222.0/24 maxlen: 24
31.193.168.0/21 maxlen: 21
31.193.170.0/24 maxlen: 24
85.13.192.0/24 maxlen: 24
185.101.80.0/22 maxlen: 24
185.101.80.0/23 maxlen: 23
185.101.83.0/24 maxlen: 24
85.13.192.0/18 maxlen: 18
89.187.64.0/19 maxlen: 19
85.13.199.0/24 maxlen: 24
85.13.208.0/24 maxlen: 24
89.187.72.0/24 maxlen: 24
85.13.209.0/24 maxlen: 24
89.187.78.0/24 maxlen: 24
89.187.85.0/24 maxlen: 24
89.187.80.0/24 maxlen: 24
89.187.81.0/24 maxlen: 24
85.13.214.0/24 maxlen: 24
89.187.79.0/24 maxlen: 24
89.187.84.0/24 maxlen: 24
85.13.216.0/24 maxlen: 24
85.13.222.0/24 maxlen: 24
89.187.86.0/24 maxlen: 24
89.187.91.0/24 maxlen: 24
62.197.44.0/24 maxlen: 24
62.197.44.0/23 maxlen: 23
62.197.40.0/23 maxlen: 23
62.197.50.0/23 maxlen: 23
83.142.28.0/24 maxlen: 24
83.142.29.0/24 maxlen: 24
89.187.95.0/24 maxlen: 24
85.13.228.0/24 maxlen: 24
89.187.93.0/24 maxlen: 24
85.13.230.0/24 maxlen: 24
85.13.234.0/24 maxlen: 24
85.13.251.0/24 maxlen: 24
85.13.247.0/24 maxlen: 24
83.142.24.0/21 maxlen: 21
2a01:c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:8f:34:a4:83:d0:04:f7:b8:88:30:f6:4e:bb:93:2a:a1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=53b62ace615b906b42ab27f4fb1d203df36d5436
Validity
Not Before: Jun 6 05:36:11 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d7ba3a1a069d1433cec624fd93761a58913dea44
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9a:ea:b0:43:cc:ba:e3:77:56:4f:f9:d1:35:31:
c8:96:7a:3b:14:b7:91:a2:9c:9e:36:95:21:81:bb:
21:ca:2c:17:e8:95:19:61:19:58:19:e8:16:80:fb:
5d:25:4d:e5:37:44:31:60:3b:9e:09:cb:6c:97:d3:
0b:74:e0:9b:26:47:9a:c3:d6:ee:fd:ce:af:bd:6d:
0b:ff:c4:dd:7c:ba:53:25:12:3f:6c:07:0a:f5:a6:
b3:5c:58:56:5c:db:80:87:2e:cc:05:9c:db:5d:09:
9b:16:b5:51:41:60:66:fe:9e:fa:bf:a6:1c:d7:4c:
0e:23:bb:35:ff:d8:fc:7c:88:14:56:f3:17:3d:da:
2c:89:e2:28:7a:49:9b:cf:88:03:57:df:cf:07:a2:
09:34:f2:6e:cc:82:2b:32:0b:a8:ae:79:55:a9:b5:
2a:c0:e1:8d:b0:ed:cf:f4:04:6c:62:09:e3:19:c5:
aa:79:33:ab:31:d8:3c:88:38:46:c2:c7:0e:68:a9:
61:54:0b:64:63:5f:98:10:cd:12:a5:18:8e:54:f1:
66:b0:a1:65:2e:3b:cc:6d:d4:17:b9:4e:59:08:2a:
12:c5:83:70:cb:74:a8:d8:e1:c8:27:e5:d2:60:2f:
cd:86:65:14:d6:aa:50:83:c2:84:15:ea:66:af:41:
05:09
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D7:BA:3A:1A:06:9D:14:33:CE:C6:24:FD:93:76:1A:58:91:3D:EA:44
X509v3 Authority Key Identifier:
keyid:53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/17o6GgadFDPOxiT9k3YaWJE96kQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/U7YqzmFbkGtCqyf0-x0gPfNtVDY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.193.168.0/21
62.197.40.0/23
62.197.44.0/23
62.197.50.0/23
83.142.24.0/21
85.13.192.0/18
89.187.64.0/19
109.70.136.0/21
185.101.80.0/22
193.26.222.0/24
IPv6:
2a01:c0::/32
Signature Algorithm: sha256WithRSAEncryption
1d:75:0b:b9:e9:4c:92:c0:45:3b:dc:f2:58:0b:ae:a9:09:b0:
0f:06:f4:cb:2c:4b:b6:61:7e:bf:53:f7:a4:54:17:26:db:3f:
c7:89:d0:26:b3:16:4d:e0:97:92:02:a5:70:36:3e:f0:3d:b3:
bb:9a:55:5b:28:57:0b:13:41:2c:54:37:a9:33:19:30:34:10:
12:d5:69:61:71:79:f1:bb:d2:8f:da:65:12:f3:bd:2f:13:27:
f6:b9:30:8a:a6:21:66:b4:c6:d8:04:2c:fd:8e:f4:6b:9e:d0:
b4:c1:d5:ea:66:e1:a0:15:41:34:02:99:a2:98:d4:35:fe:87:
f3:da:5c:64:7b:20:ee:09:d4:4c:7c:86:90:96:0a:7c:5c:70:
a2:63:e7:39:d7:a5:87:87:88:cd:2c:10:29:d2:08:f2:0c:1e:
c2:fd:85:7b:e0:e5:f3:f9:9e:cd:63:d3:17:19:67:d7:6a:e6:
1d:d9:37:b0:76:e1:ff:77:f5:eb:be:5d:b4:0e:20:ad:af:13:
1f:9d:8f:99:78:5d:51:96:0e:3c:7c:7b:94:1a:35:e3:31:e9:
0b:0f:64:5c:a7:65:21:38:95:f0:4a:5b:b0:a3:5d:76:f2:a3:
6c:dd:c3:e6:d5:2d:70:77:a2:cd:dc:6d:ae:80:86:5d:99:9b:
f0:c1:5c:48
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYiPNKSD0AT3uIgw9k67kyqhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjYyYWNlNjE1YjkwNmI0MmFiMjdmNGZiMWQyMDNkZjM2
ZDU0MzYwHhcNMjMwNjA2MDUzNjExWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkN2JhM2ExYTA2OWQxNDMzY2VjNjI0ZmQ5Mzc2MWE1ODkxM2RlYTQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmuqwQ8y643dWT/nRNTHIlno7FLeR
opyeNpUhgbshyiwX6JUZYRlYGegWgPtdJU3lN0QxYDueCctsl9MLdOCbJkeaw9bu
/c6vvW0L/8TdfLpTJRI/bAcK9aazXFhWXNuAhy7MBZzbXQmbFrVRQWBm/p76v6Yc
10wOI7s1/9j8fIgUVvMXPdosieIoekmbz4gDV9/PB6IJNPJuzIIrMguornlVqbUq
wOGNsO3P9ARsYgnjGcWqeTOrMdg8iDhGwscOaKlhVAtkY1+YEM0SpRiOVPFmsKFl
LjvMbdQXuU5ZCCoSxYNwy3So2OHIJ+XSYC/NhmUU1qpQg8KEFepmr0EFCQIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFNe6OhoGnRQzzsYk/ZN2GliRPepEMB8GA1UdIwQY
MBaAFFO2Ks5hW5BrQqsn9PsdID3zbVQ2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDIt
OTcyYTRjM2RjM2YzLzEvMTdvNkdnYWRGRFBPeGlUOWszWWFXSkU5NmtRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDItOTcyYTRjM2RjM2Yz
LzEvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQDH8GoAwQB
PsUoAwQBPsUsAwQBPsUyAwQDU44YAwQGVQ3AAwQFWbtAAwQDbUaIAwQCuWVQAwQA
wRreMA0EAgACMAcDBQAqAQDAMA0GCSqGSIb3DQEBCwUAA4IBAQAddQu56UySwEU7
3PJYC66pCbAPBvTLLEu2YX6/U/ekVBcm2z/HidAmsxZN4JeSAqVwNj7wPbO7mlVb
KFcLE0EsVDepMxkwNBAS1WlhcXnxu9KP2mUS870vEyf2uTCKpiFmtMbYBCz9jvRr
ntC0wdXqZuGgFUE0ApmimNQ1/ofz2lxkeyDuCdRMfIaQlgp8XHCiY+c516WHh4jN
LBAp0gjyDB7C/YV74OXz+Z7NY9MXGWfXauYd2TewduH/d/Xrvl20DiCtrxMfnY+Z
eF1Rlg48fHuUGjXjMekLD2Rcp2UhOJXwSluwo1128qNs3cPm1S1wd6LN3G2ugIZd
mZvwwVxI
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:26:15 2024 by rpki-client on console-ams.rpki-client.org