Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/GC-HqA5phFnYV0tZ6CHADLUUguE.roa
File: GC-HqA5phFnYV0tZ6CHADLUUguE.roa (raw, json)
Hash identifier: POzI9fMFKXhrNjwp1cQ5H7MF0d9l5fw/SKS2dL/LHdk=
Subject key identifier: 18:2F:87:A8:0E:69:84:59:D8:57:4B:59:E8:21:C0:0C:B5:14:82:E1
Certificate issuer: /CN=53b62ace615b906b42ab27f4fb1d203df36d5436
Certificate serial: 01856F796EB208438B6206288466B681AB5E
Authority key identifier: 53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/GC-HqA5phFnYV0tZ6CHADLUUguE.roa
Signing time: Sun 01 Jan 2023 22:35:07 +0000
ROA not before: Sun 01 Jan 2023 22:35:07 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31708
IP address blocks: 109.70.136.0/21 maxlen: 21
109.70.143.0/24 maxlen: 24
109.70.141.0/24 maxlen: 24
145.255.224.0/22 maxlen: 22
145.255.224.0/21 maxlen: 21
145.255.231.0/24 maxlen: 24
145.255.230.0/23 maxlen: 23
145.255.230.0/24 maxlen: 24
193.26.222.0/24 maxlen: 24
31.193.168.0/21 maxlen: 21
31.193.170.0/24 maxlen: 24
85.13.192.0/24 maxlen: 24
185.101.80.0/23 maxlen: 23
185.101.80.0/22 maxlen: 24
185.101.83.0/24 maxlen: 24
85.13.192.0/18 maxlen: 18
89.187.64.0/19 maxlen: 19
85.13.199.0/24 maxlen: 24
85.13.208.0/24 maxlen: 24
89.187.72.0/24 maxlen: 24
85.13.209.0/24 maxlen: 24
89.187.78.0/24 maxlen: 24
89.187.85.0/24 maxlen: 24
89.187.80.0/24 maxlen: 24
89.187.81.0/24 maxlen: 24
85.13.214.0/24 maxlen: 24
89.187.79.0/24 maxlen: 24
89.187.84.0/24 maxlen: 24
85.13.216.0/24 maxlen: 24
85.13.222.0/24 maxlen: 24
89.187.86.0/24 maxlen: 24
89.187.91.0/24 maxlen: 24
62.197.44.0/24 maxlen: 24
62.197.44.0/23 maxlen: 23
62.197.40.0/23 maxlen: 23
62.197.50.0/23 maxlen: 23
83.142.28.0/24 maxlen: 24
83.142.29.0/24 maxlen: 24
89.187.95.0/24 maxlen: 24
85.13.228.0/24 maxlen: 24
89.187.93.0/24 maxlen: 24
85.13.230.0/24 maxlen: 24
85.13.234.0/24 maxlen: 24
85.13.247.0/24 maxlen: 24
83.142.24.0/21 maxlen: 21
2a01:c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:79:6e:b2:08:43:8b:62:06:28:84:66:b6:81:ab:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=53b62ace615b906b42ab27f4fb1d203df36d5436
Validity
Not Before: Jan 1 22:35:07 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=182f87a80e698459d8574b59e821c00cb51482e1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b7:fd:4c:1e:e1:52:6a:6d:61:26:2d:c6:77:fd:
f9:18:3f:1e:3d:17:d6:b9:c9:47:bd:be:a5:b0:c3:
07:93:e9:8e:e1:2f:54:d5:83:5f:e4:b7:49:a8:89:
cf:b9:e8:f7:af:14:73:8b:91:fc:f7:d4:01:7e:59:
0c:92:9a:dc:50:76:86:9d:34:8c:99:67:d7:57:bb:
e8:81:10:3e:b6:ec:8b:bd:13:95:3b:34:f8:b7:70:
1e:a0:25:1d:3e:64:93:6b:39:4c:ff:c9:63:e1:46:
1b:55:54:00:eb:7f:69:03:46:b0:54:54:e4:4a:62:
b1:04:ca:ec:14:2c:a9:b0:b8:75:1a:08:c8:d1:20:
7a:3b:ec:e2:bf:ed:76:94:2d:8b:61:eb:8f:7f:a3:
05:75:77:1c:80:b7:56:54:2c:06:af:e1:cf:92:d7:
40:1f:ca:ed:eb:da:d6:a3:37:ae:0c:01:09:7e:4a:
f3:87:3b:57:38:03:06:dd:58:83:d7:35:37:c4:7e:
3c:64:1a:c1:7d:37:cf:ae:91:e7:07:57:64:61:02:
3f:4f:c1:4c:01:d1:04:9d:6f:5e:85:1b:21:6a:ae:
02:a7:ef:0d:45:35:9a:9c:1f:c3:1d:19:05:60:5a:
97:e5:d5:7e:9f:f5:30:cf:4f:2a:74:ca:42:ee:37:
e0:b1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
18:2F:87:A8:0E:69:84:59:D8:57:4B:59:E8:21:C0:0C:B5:14:82:E1
X509v3 Authority Key Identifier:
keyid:53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/GC-HqA5phFnYV0tZ6CHADLUUguE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/U7YqzmFbkGtCqyf0-x0gPfNtVDY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.193.168.0/21
62.197.40.0/23
62.197.44.0/23
62.197.50.0/23
83.142.24.0/21
85.13.192.0/18
89.187.64.0/19
109.70.136.0/21
145.255.224.0/21
185.101.80.0/22
193.26.222.0/24
IPv6:
2a01:c0::/32
Signature Algorithm: sha256WithRSAEncryption
48:71:e2:99:63:7a:72:bf:d8:57:36:ba:f6:9e:f8:52:ea:5e:
aa:30:77:7f:0d:e4:94:78:c5:ce:12:f4:f9:a2:0c:a8:35:29:
b7:95:63:4a:26:34:44:ba:83:3c:a2:4a:21:75:8d:c3:3c:d2:
03:7a:83:f6:1e:16:e3:03:62:f7:b9:27:2e:7e:e5:06:33:95:
b7:e7:d5:1a:eb:14:1f:4c:95:4c:b0:c3:a6:72:9f:3b:ea:60:
87:a1:9f:c0:7f:da:78:11:d4:cf:81:4e:0c:16:93:31:65:30:
1c:89:c6:72:cb:31:ff:d3:e4:1b:e1:98:87:2c:d8:1a:87:7d:
00:b8:09:65:68:25:cb:81:7f:c1:7a:f5:6f:19:39:08:6f:87:
0a:d3:da:29:c7:ed:ac:4f:ce:87:95:80:2d:e8:a9:a6:25:3c:
06:3a:48:46:ea:19:8e:94:07:2f:ab:fa:86:8c:78:39:a7:e2:
49:22:4f:8f:88:f4:84:73:00:31:cd:7d:26:6e:41:24:37:9a:
c0:b0:ae:67:ae:1a:f6:0f:eb:6c:73:c5:da:ba:b8:eb:3d:39:
e4:8a:3e:61:10:0f:3d:38:51:c7:c2:c3:ec:c6:b6:0d:70:45:
a0:e9:bd:1c:25:cb:21:ee:d6:d0:11:ea:ec:5a:a8:c1:1e:87:
e1:62:6f:1e
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYVveW6yCEOLYgYohGa2gateMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjYyYWNlNjE1YjkwNmI0MmFiMjdmNGZiMWQyMDNkZjM2
ZDU0MzYwHhcNMjMwMTAxMjIzNTA3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxODJmODdhODBlNjk4NDU5ZDg1NzRiNTllODIxYzAwY2I1MTQ4MmUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt/1MHuFSam1hJi3Gd/35GD8ePRfW
uclHvb6lsMMHk+mO4S9U1YNf5LdJqInPuej3rxRzi5H899QBflkMkprcUHaGnTSM
mWfXV7vogRA+tuyLvROVOzT4t3AeoCUdPmSTazlM/8lj4UYbVVQA639pA0awVFTk
SmKxBMrsFCypsLh1GgjI0SB6O+ziv+12lC2LYeuPf6MFdXccgLdWVCwGr+HPktdA
H8rt69rWozeuDAEJfkrzhztXOAMG3ViD1zU3xH48ZBrBfTfPrpHnB1dkYQI/T8FM
AdEEnW9ehRshaq4Cp+8NRTWanB/DHRkFYFqX5dV+n/Uwz08qdMpC7jfgsQIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFBgvh6gOaYRZ2FdLWeghwAy1FILhMB8GA1UdIwQY
MBaAFFO2Ks5hW5BrQqsn9PsdID3zbVQ2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDIt
OTcyYTRjM2RjM2YzLzEvR0MtSHFBNXBoRm5ZVjB0WjZDSEFETFVVZ3VFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDItOTcyYTRjM2RjM2Yz
LzEvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQDH8GoAwQB
PsUoAwQBPsUsAwQBPsUyAwQDU44YAwQGVQ3AAwQFWbtAAwQDbUaIAwQDkf/gAwQC
uWVQAwQAwRreMA0EAgACMAcDBQAqAQDAMA0GCSqGSIb3DQEBCwUAA4IBAQBIceKZ
Y3pyv9hXNrr2nvhS6l6qMHd/DeSUeMXOEvT5ogyoNSm3lWNKJjREuoM8okohdY3D
PNIDeoP2HhbjA2L3uScufuUGM5W359Ua6xQfTJVMsMOmcp876mCHoZ/Af9p4EdTP
gU4MFpMxZTAcicZyyzH/0+Qb4ZiHLNgah30AuAllaCXLgX/BevVvGTkIb4cK09op
x+2sT86HlYAt6KmmJTwGOkhG6hmOlAcvq/qGjHg5p+JJIk+PiPSEcwAxzX0mbkEk
N5rAsK5nrhr2D+tsc8XaurjrPTnkij5hEA89OFHHwsPsxrYNcEWg6b0cJcsh7tbQ
EersWqjBHofhYm8e
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:40:57 2024 by rpki-client on console-fra.rpki-client.org