Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/crTSaBgjzsplMUdpHDkB5e1bpwQ.roa
File: crTSaBgjzsplMUdpHDkB5e1bpwQ.roa (raw, json)
Hash identifier: 8tCSBYm8QcjYq3AApueCNmI3i5ZLprzoQICFg7+QU8U=
Subject key identifier: 72:B4:D2:68:18:23:CE:CA:65:31:47:69:1C:39:01:E5:ED:5B:A7:04
Certificate issuer: /CN=53b62ace615b906b42ab27f4fb1d203df36d5436
Certificate serial: 0183A8AEA1E828046D0AA78E8366D195B045
Authority key identifier: 53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/crTSaBgjzsplMUdpHDkB5e1bpwQ.roa
Signing time: Wed 05 Oct 2022 15:06:00 +0000
ROA not before: Wed 05 Oct 2022 15:06:00 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 31708
IP address blocks: 185.96.220.0/22 maxlen: 22
109.70.136.0/21 maxlen: 21
109.70.143.0/24 maxlen: 24
109.70.141.0/24 maxlen: 24
145.255.224.0/22 maxlen: 22
145.255.224.0/21 maxlen: 21
145.255.231.0/24 maxlen: 24
145.255.230.0/23 maxlen: 23
145.255.230.0/24 maxlen: 24
193.26.222.0/24 maxlen: 24
89.187.64.0/19 maxlen: 19
89.187.78.0/24 maxlen: 24
89.187.72.0/24 maxlen: 24
89.187.85.0/24 maxlen: 24
89.187.80.0/24 maxlen: 24
89.187.81.0/24 maxlen: 24
89.187.79.0/24 maxlen: 24
89.187.84.0/24 maxlen: 24
89.187.86.0/24 maxlen: 24
89.187.91.0/24 maxlen: 24
62.197.32.0/19 maxlen: 19
62.197.44.0/24 maxlen: 24
62.197.44.0/23 maxlen: 23
62.197.40.0/23 maxlen: 23
62.197.50.0/23 maxlen: 23
89.187.95.0/24 maxlen: 24
89.187.93.0/24 maxlen: 24
31.193.168.0/21 maxlen: 21
31.193.170.0/24 maxlen: 24
86.105.196.0/24 maxlen: 24
85.13.192.0/24 maxlen: 24
185.101.80.0/23 maxlen: 23
185.101.80.0/22 maxlen: 22
185.101.83.0/24 maxlen: 24
85.13.199.0/24 maxlen: 24
85.13.192.0/18 maxlen: 18
85.13.208.0/24 maxlen: 24
85.13.209.0/24 maxlen: 24
85.13.214.0/24 maxlen: 24
85.13.216.0/24 maxlen: 24
85.13.222.0/24 maxlen: 24
83.142.28.0/24 maxlen: 24
83.142.29.0/24 maxlen: 24
85.13.228.0/24 maxlen: 24
85.13.230.0/24 maxlen: 24
85.13.234.0/24 maxlen: 24
85.13.247.0/24 maxlen: 24
83.142.24.0/21 maxlen: 21
2a01:c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:83:a8:ae:a1:e8:28:04:6d:0a:a7:8e:83:66:d1:95:b0:45
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=53b62ace615b906b42ab27f4fb1d203df36d5436
Validity
Not Before: Oct 5 15:06:00 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=72b4d2681823ceca653147691c3901e5ed5ba704
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:99:91:f0:07:c6:e5:21:d6:c4:39:5e:8b:d1:6f:
99:fa:76:8d:2c:2a:c2:87:ac:f3:df:c3:84:29:6c:
16:e6:e7:3c:27:d6:23:66:32:48:a7:4c:d0:d7:46:
86:96:7a:cb:0f:08:ef:5e:56:f4:3a:d6:f1:55:d2:
6e:00:40:e6:4b:79:68:aa:40:3c:39:95:d6:14:72:
6f:f5:1b:8e:5d:a6:db:d8:ab:51:37:a6:d8:45:11:
53:a1:ce:0b:f2:9a:45:74:73:ad:69:73:d0:b4:5a:
5b:37:1a:be:28:3e:41:54:59:ed:a0:64:c6:eb:bc:
f0:d7:d4:5d:eb:19:76:ca:b1:b0:9f:6c:ca:9a:7d:
58:22:8f:a5:bc:09:64:f7:a8:e5:03:db:34:e4:3d:
c5:de:b3:66:09:ef:88:34:ae:09:97:89:cf:36:99:
4d:e2:1c:07:09:c2:c1:fd:12:b6:a7:f0:d3:d3:cf:
32:18:9b:22:aa:e2:4e:e7:8f:3c:c6:4d:7a:40:1b:
a2:96:e5:54:fa:99:19:ab:f6:fe:23:0d:95:9e:63:
4b:b2:30:94:1b:25:63:99:b3:73:5c:d1:bd:5f:5a:
88:a6:b5:ea:f2:b2:15:96:ee:c6:cb:00:14:69:b8:
ca:1f:ba:41:b1:be:c9:bf:e2:e9:ff:e4:d0:0a:96:
ff:23
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:B4:D2:68:18:23:CE:CA:65:31:47:69:1C:39:01:E5:ED:5B:A7:04
X509v3 Authority Key Identifier:
keyid:53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/crTSaBgjzsplMUdpHDkB5e1bpwQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/U7YqzmFbkGtCqyf0-x0gPfNtVDY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.193.168.0/21
62.197.32.0/19
83.142.24.0/21
85.13.192.0/18
86.105.196.0/24
89.187.64.0/19
109.70.136.0/21
145.255.224.0/21
185.96.220.0/22
185.101.80.0/22
193.26.222.0/24
IPv6:
2a01:c0::/32
Signature Algorithm: sha256WithRSAEncryption
b4:2c:12:cb:11:9b:b1:1f:64:e1:56:25:b4:6c:05:5c:8f:ae:
30:81:b2:bd:c8:2c:61:25:12:23:01:78:fe:c8:43:71:0e:17:
53:e2:7e:02:8b:dd:32:7d:fb:a0:af:15:8e:d2:5b:61:da:43:
7c:2f:d3:4f:a3:99:cc:9d:ab:44:d9:f7:26:e2:df:99:6a:ac:
d5:f5:16:16:f7:11:b5:a9:f5:26:ec:9e:ff:bc:34:ba:31:e9:
df:44:55:f1:a6:c8:d0:97:95:8f:a1:38:d4:ca:b7:ec:72:d3:
cb:47:8e:1d:c0:3d:df:d7:00:71:c5:ed:54:20:0d:05:eb:b0:
d4:bf:d9:16:81:3e:db:26:88:84:f1:ef:12:fd:59:6a:05:d4:
08:72:b3:a2:ca:82:29:b3:27:63:90:f8:b3:22:8b:e2:16:f0:
4e:de:cf:fd:5f:ee:36:99:b8:30:45:34:c7:c9:3d:4f:95:65:
c8:56:c2:29:bd:5c:ad:af:47:1e:22:7a:46:11:99:02:10:05:
92:d3:f5:0e:e4:3e:1a:f6:14:82:e6:59:e3:64:71:a2:65:dc:
b6:61:2f:b4:f0:dc:11:2c:4a:ab:db:e6:58:02:43:8b:4f:92:
46:97:46:3e:3e:12:4a:54:08:32:c9:28:70:29:7c:d3:35:20:
13:12:a4:49
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYOorqHoKARtCqeOg2bRlbBFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjYyYWNlNjE1YjkwNmI0MmFiMjdmNGZiMWQyMDNkZjM2
ZDU0MzYwHhcNMjIxMDA1MTUwNjAwWhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MmI0ZDI2ODE4MjNjZWNhNjUzMTQ3NjkxYzM5MDFlNWVkNWJhNzA0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmZHwB8blIdbEOV6L0W+Z+naNLCrC
h6zz38OEKWwW5uc8J9YjZjJIp0zQ10aGlnrLDwjvXlb0OtbxVdJuAEDmS3loqkA8
OZXWFHJv9RuOXabb2KtRN6bYRRFToc4L8ppFdHOtaXPQtFpbNxq+KD5BVFntoGTG
67zw19Rd6xl2yrGwn2zKmn1YIo+lvAlk96jlA9s05D3F3rNmCe+INK4Jl4nPNplN
4hwHCcLB/RK2p/DT088yGJsiquJO5488xk16QBuiluVU+pkZq/b+Iw2VnmNLsjCU
GyVjmbNzXNG9X1qIprXq8rIVlu7GywAUabjKH7pBsb7Jv+Lp/+TQCpb/IwIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFHK00mgYI87KZTFHaRw5AeXtW6cEMB8GA1UdIwQY
MBaAFFO2Ks5hW5BrQqsn9PsdID3zbVQ2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDIt
OTcyYTRjM2RjM2YzLzEvY3JUU2FCZ2p6c3BsTVVkcEhEa0I1ZTFicHdRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDItOTcyYTRjM2RjM2Yz
LzEvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBIBAIAATBCAwQDH8GoAwQF
PsUgAwQDU44YAwQGVQ3AAwQAVmnEAwQFWbtAAwQDbUaIAwQDkf/gAwQCuWDcAwQC
uWVQAwQAwRreMA0EAgACMAcDBQAqAQDAMA0GCSqGSIb3DQEBCwUAA4IBAQC0LBLL
EZuxH2ThViW0bAVcj64wgbK9yCxhJRIjAXj+yENxDhdT4n4Ci90yffugrxWO0lth
2kN8L9NPo5nMnatE2fcm4t+ZaqzV9RYW9xG1qfUm7J7/vDS6MenfRFXxpsjQl5WP
oTjUyrfsctPLR44dwD3f1wBxxe1UIA0F67DUv9kWgT7bJoiE8e8S/VlqBdQIcrOi
yoIpsydjkPizIoviFvBO3s/9X+42mbgwRTTHyT1PlWXIVsIpvVytr0ceInpGEZkC
EAWS0/UO5D4a9hSC5lnjZHGiZdy2YS+08NwRLEqr2+ZYAkOLT5JGl0Y+PhJKVAgy
yShwKXzTNSATEqRJ
-----END CERTIFICATE-----
Generated at Mon Apr 7 23:38:57 2025 by rpki-client