Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/lUzdRkzvMQdNf3c9dp7hephXptk.roa
File: lUzdRkzvMQdNf3c9dp7hephXptk.roa (raw, json)
Hash identifier: K8aFygEOQ5c7h3+jrDVFyd4wQmP+VXQcFKlbUIRLlMk=
Subject key identifier: 95:4C:DD:46:4C:EF:31:07:4D:7F:77:3D:76:9E:E1:7A:98:57:A6:D9
Certificate issuer: /CN=53b62ace615b906b42ab27f4fb1d203df36d5436
Certificate serial: 018CC94E4A5052337EFBE0805548568B6E8C
Authority key identifier: 53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/lUzdRkzvMQdNf3c9dp7hephXptk.roa
Signing time: Tue 02 Jan 2024 08:33:20 +0000
ROA not before: Tue 02 Jan 2024 08:33:20 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 31708
IP address blocks: 109.70.136.0/21 maxlen: 21
109.70.143.0/24 maxlen: 24
109.70.141.0/24 maxlen: 24
193.26.222.0/24 maxlen: 24
31.193.168.0/21 maxlen: 21
31.193.170.0/24 maxlen: 24
85.13.192.0/24 maxlen: 24
185.101.80.0/23 maxlen: 23
185.101.80.0/22 maxlen: 24
185.101.83.0/24 maxlen: 24
85.13.192.0/18 maxlen: 18
89.187.64.0/19 maxlen: 19
85.13.199.0/24 maxlen: 24
85.13.208.0/24 maxlen: 24
89.187.72.0/24 maxlen: 24
85.13.209.0/24 maxlen: 24
89.187.78.0/24 maxlen: 24
89.187.85.0/24 maxlen: 24
89.187.80.0/24 maxlen: 24
89.187.81.0/24 maxlen: 24
85.13.214.0/24 maxlen: 24
89.187.79.0/24 maxlen: 24
89.187.84.0/24 maxlen: 24
85.13.216.0/24 maxlen: 24
85.13.222.0/24 maxlen: 24
89.187.86.0/24 maxlen: 24
89.187.91.0/24 maxlen: 24
62.197.44.0/24 maxlen: 24
62.197.44.0/23 maxlen: 23
62.197.40.0/23 maxlen: 23
62.197.50.0/23 maxlen: 23
83.142.28.0/24 maxlen: 24
83.142.29.0/24 maxlen: 24
89.187.95.0/24 maxlen: 24
85.13.228.0/24 maxlen: 24
89.187.93.0/24 maxlen: 24
85.13.230.0/24 maxlen: 24
85.13.234.0/24 maxlen: 24
85.13.251.0/24 maxlen: 24
85.13.247.0/24 maxlen: 24
83.142.24.0/21 maxlen: 21
2a01:c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:4e:4a:50:52:33:7e:fb:e0:80:55:48:56:8b:6e:8c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=53b62ace615b906b42ab27f4fb1d203df36d5436
Validity
Not Before: Jan 2 08:33:20 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=954cdd464cef31074d7f773d769ee17a9857a6d9
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:92:4b:c9:bb:12:07:f4:38:77:86:e3:e4:c4:
9f:91:b1:23:b9:3a:d0:0c:81:9e:b6:b9:c3:d6:a0:
bd:c1:02:bd:e0:cf:94:ab:09:cf:5c:5c:51:eb:e4:
d1:fb:20:37:ac:d9:69:07:6c:21:37:4e:36:ff:38:
a5:d7:44:78:7b:b8:ea:cb:6d:20:8b:df:85:47:a0:
ca:a3:f7:fc:d0:42:47:f6:1b:9f:b8:71:1b:82:a1:
f1:5f:ff:6a:98:d3:fc:cb:38:7f:81:b4:d2:a5:bf:
1b:c7:fd:a6:e3:e4:d5:57:f0:bb:07:d0:32:10:96:
4f:44:f6:30:d6:ea:79:0d:ac:e3:da:1b:d6:63:9f:
16:d3:43:a6:10:75:a6:b5:d8:18:e2:48:ba:21:6f:
45:94:79:48:51:ef:29:e9:97:6f:35:42:91:84:a9:
ce:97:31:3c:2b:33:5c:0d:46:0c:fd:d4:6d:a4:0c:
69:f0:a4:e8:94:1f:5c:90:94:55:15:89:80:7e:d9:
5a:cb:8d:e9:17:58:d4:40:dc:08:ad:a7:59:f0:70:
f6:6d:f0:65:b9:d8:b4:88:10:ff:37:e9:65:77:40:
35:d4:0c:3f:2c:c5:df:8d:69:63:39:3a:3e:68:be:
0f:06:5b:6f:40:7a:c9:0d:c9:ee:57:56:7f:fa:07:
71:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
95:4C:DD:46:4C:EF:31:07:4D:7F:77:3D:76:9E:E1:7A:98:57:A6:D9
X509v3 Authority Key Identifier:
keyid:53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/lUzdRkzvMQdNf3c9dp7hephXptk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/U7YqzmFbkGtCqyf0-x0gPfNtVDY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.193.168.0/21
62.197.40.0/23
62.197.44.0/23
62.197.50.0/23
83.142.24.0/21
85.13.192.0/18
89.187.64.0/19
109.70.136.0/21
185.101.80.0/22
193.26.222.0/24
IPv6:
2a01:c0::/32
Signature Algorithm: sha256WithRSAEncryption
1e:33:6d:15:76:bd:73:20:33:bb:2e:b2:6c:bc:79:9f:45:13:
fa:8f:72:ef:7f:fc:d7:dd:53:a4:43:fc:b5:93:17:c7:ef:61:
d9:99:0a:c4:60:ce:2f:0d:39:3c:27:c9:28:90:cb:80:18:e8:
5b:bf:3e:7f:52:95:76:44:d5:9a:25:93:22:b6:fd:49:bf:39:
b9:f9:b7:7d:a8:94:ee:8a:fe:92:d1:fa:8e:45:f7:22:22:e7:
43:d6:35:b9:e8:4b:d8:b1:3d:dc:77:70:33:6c:a6:55:24:c4:
63:56:4f:1d:c8:13:bf:94:e2:87:c4:4a:e8:8c:26:21:3a:80:
b1:29:1f:f9:dd:8e:1b:49:7e:56:42:79:ac:c6:01:0b:d0:1c:
a3:11:3a:66:82:87:8c:13:70:64:57:4d:fb:28:d0:6d:8c:19:
ed:2d:22:4c:5a:61:bc:0d:bd:09:b7:3c:98:8c:ce:41:3e:66:
11:e9:23:e9:88:23:b4:df:72:e6:1a:c8:5f:ed:09:17:34:cb:
50:91:e5:cc:fc:4e:d1:8e:6f:a3:8d:97:a7:8b:70:05:33:1f:
10:bf:3e:d0:18:16:79:0f:5e:e9:2e:f1:ac:5f:73:ee:62:09:
6d:3d:75:38:a1:a3:6b:46:fb:89:08:24:cf:47:9c:42:8e:4a:
74:b8:1a:78
-----BEGIN CERTIFICATE-----
MIIFQjCCBCqgAwIBAgISAYzJTkpQUjN+++CAVUhWi26MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjYyYWNlNjE1YjkwNmI0MmFiMjdmNGZiMWQyMDNkZjM2
ZDU0MzYwHhcNMjQwMTAyMDgzMzIwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTRjZGQ0NjRjZWYzMTA3NGQ3Zjc3M2Q3NjllZTE3YTk4NTdhNmQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk5JLybsSB/Q4d4bj5MSfkbEjuTrQ
DIGetrnD1qC9wQK94M+UqwnPXFxR6+TR+yA3rNlpB2whN042/zil10R4e7jqy20g
i9+FR6DKo/f80EJH9hufuHEbgqHxX/9qmNP8yzh/gbTSpb8bx/2m4+TVV/C7B9Ay
EJZPRPYw1up5Dazj2hvWY58W00OmEHWmtdgY4ki6IW9FlHlIUe8p6ZdvNUKRhKnO
lzE8KzNcDUYM/dRtpAxp8KTolB9ckJRVFYmAftlay43pF1jUQNwIradZ8HD2bfBl
udi0iBD/N+lld0A11Aw/LMXfjWljOTo+aL4PBltvQHrJDcnuV1Z/+gdx+wIDAQAB
o4ICTjCCAkowHQYDVR0OBBYEFJVM3UZM7zEHTX93PXae4XqYV6bZMB8GA1UdIwQY
MBaAFFO2Ks5hW5BrQqsn9PsdID3zbVQ2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDIt
OTcyYTRjM2RjM2YzLzEvbFV6ZFJrenZNUWROZjNjOWRwN2hlcGhYcHRrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDItOTcyYTRjM2RjM2Yz
LzEvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGQGCCsGAQUFBwEHAQH/BFUwUzBCBAIAATA8AwQDH8GoAwQB
PsUoAwQBPsUsAwQBPsUyAwQDU44YAwQGVQ3AAwQFWbtAAwQDbUaIAwQCuWVQAwQA
wRreMA0EAgACMAcDBQAqAQDAMA0GCSqGSIb3DQEBCwUAA4IBAQAeM20Vdr1zIDO7
LrJsvHmfRRP6j3Lvf/zX3VOkQ/y1kxfH72HZmQrEYM4vDTk8J8kokMuAGOhbvz5/
UpV2RNWaJZMitv1Jvzm5+bd9qJTuiv6S0fqORfciIudD1jW56EvYsT3cd3AzbKZV
JMRjVk8dyBO/lOKHxErojCYhOoCxKR/53Y4bSX5WQnmsxgEL0ByjETpmgoeME3Bk
V037KNBtjBntLSJMWmG8Db0JtzyYjM5BPmYR6SPpiCO033LmGshf7QkXNMtQkeXM
/E7Rjm+jjZeni3AFMx8Qvz7QGBZ5D17pLvGsX3PuYgltPXU4oaNrRvuJCCTPR5xC
jkp0uBp4
-----END CERTIFICATE-----
Generated at Mon Apr 7 23:38:56 2025 by rpki-client