Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/t3S_-ZikI99bpYSQAp_DfJmWlbc.roa
File: t3S_-ZikI99bpYSQAp_DfJmWlbc.roa (raw, json)
Hash identifier: 7/KG6K6JBfr0Hj+xqY/lsZKFoavYgkMPHyuYeq76Rcw=
Subject key identifier: B7:74:BF:F9:98:A4:23:DF:5B:A5:84:90:02:9F:C3:7C:99:96:95:B7
Certificate issuer: /CN=53b62ace615b906b42ab27f4fb1d203df36d5436
Certificate serial: 01862B4213165FFBE447F14151CE86293FF8
Authority key identifier: 53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/t3S_-ZikI99bpYSQAp_DfJmWlbc.roa
Signing time: Tue 07 Feb 2023 09:43:15 +0000
ROA not before: Tue 07 Feb 2023 09:43:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31708
IP address blocks: 109.70.136.0/21 maxlen: 21
109.70.143.0/24 maxlen: 24
109.70.141.0/24 maxlen: 24
145.255.224.0/22 maxlen: 22
145.255.231.0/24 maxlen: 24
145.255.230.0/24 maxlen: 24
145.255.230.0/23 maxlen: 23
193.26.222.0/24 maxlen: 24
31.193.168.0/21 maxlen: 21
31.193.170.0/24 maxlen: 24
85.13.192.0/24 maxlen: 24
185.101.80.0/22 maxlen: 24
185.101.80.0/23 maxlen: 23
185.101.83.0/24 maxlen: 24
85.13.192.0/18 maxlen: 18
89.187.64.0/19 maxlen: 19
85.13.199.0/24 maxlen: 24
85.13.208.0/24 maxlen: 24
89.187.72.0/24 maxlen: 24
85.13.209.0/24 maxlen: 24
89.187.78.0/24 maxlen: 24
89.187.85.0/24 maxlen: 24
89.187.80.0/24 maxlen: 24
89.187.81.0/24 maxlen: 24
85.13.214.0/24 maxlen: 24
89.187.79.0/24 maxlen: 24
89.187.84.0/24 maxlen: 24
85.13.216.0/24 maxlen: 24
85.13.222.0/24 maxlen: 24
89.187.86.0/24 maxlen: 24
89.187.91.0/24 maxlen: 24
62.197.44.0/24 maxlen: 24
62.197.44.0/23 maxlen: 23
62.197.40.0/23 maxlen: 23
62.197.50.0/23 maxlen: 23
83.142.28.0/24 maxlen: 24
83.142.29.0/24 maxlen: 24
89.187.95.0/24 maxlen: 24
85.13.228.0/24 maxlen: 24
89.187.93.0/24 maxlen: 24
85.13.230.0/24 maxlen: 24
85.13.234.0/24 maxlen: 24
85.13.247.0/24 maxlen: 24
83.142.24.0/21 maxlen: 21
2a01:c0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:2b:42:13:16:5f:fb:e4:47:f1:41:51:ce:86:29:3f:f8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=53b62ace615b906b42ab27f4fb1d203df36d5436
Validity
Not Before: Feb 7 09:43:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=b774bff998a423df5ba58490029fc37c999695b7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a8:61:c7:ac:6a:93:8d:d3:7a:2d:70:55:16:d5:
eb:11:97:73:8a:2e:25:28:24:90:4c:e1:55:86:ba:
01:3c:6f:42:5f:9e:53:db:49:bf:4f:08:db:6e:84:
9a:bf:2c:e8:0a:fe:c5:4a:2e:e3:a2:fe:57:b6:c2:
84:cb:18:7a:c8:2d:ba:dc:be:8d:4b:91:83:3f:71:
0a:fa:38:c6:ce:72:8c:9e:ee:b9:8a:03:9b:af:d6:
ec:c0:a6:73:95:fd:60:30:bb:b1:a5:00:af:f3:db:
19:0d:99:e5:2a:44:16:ba:ae:5a:d2:98:f1:ed:e1:
5c:35:17:05:1c:3b:1c:4b:cc:6b:57:83:c3:22:7a:
d2:b5:8c:d5:c7:8f:8e:e9:b7:91:e3:43:90:7a:e1:
cb:d5:9b:12:05:e6:54:47:b3:f9:84:e4:62:47:4a:
4d:66:19:19:0f:6a:6d:89:69:2e:44:a0:18:4a:92:
f6:1f:bc:b4:16:2b:84:bb:cc:bb:e1:57:09:3b:f6:
4e:81:8a:83:2b:fe:29:a0:00:5f:06:af:24:a5:a7:
37:36:87:0d:54:34:bd:c9:3d:eb:62:6b:13:35:84:
bc:40:b1:b1:d0:2f:86:97:6a:b4:6e:d1:b9:54:49:
af:63:52:be:64:df:b9:03:f8:e0:64:7d:b1:3a:3d:
25:af
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:74:BF:F9:98:A4:23:DF:5B:A5:84:90:02:9F:C3:7C:99:96:95:B7
X509v3 Authority Key Identifier:
keyid:53:B6:2A:CE:61:5B:90:6B:42:AB:27:F4:FB:1D:20:3D:F3:6D:54:36
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/U7YqzmFbkGtCqyf0-x0gPfNtVDY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/t3S_-ZikI99bpYSQAp_DfJmWlbc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/9d/8b07cd-0ced-4afc-8d02-972a4c3dc3f3/1/U7YqzmFbkGtCqyf0-x0gPfNtVDY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.193.168.0/21
62.197.40.0/23
62.197.44.0/23
62.197.50.0/23
83.142.24.0/21
85.13.192.0/18
89.187.64.0/19
109.70.136.0/21
145.255.224.0/22
145.255.230.0/23
185.101.80.0/22
193.26.222.0/24
IPv6:
2a01:c0::/32
Signature Algorithm: sha256WithRSAEncryption
aa:7c:b7:d5:34:2b:0d:4d:f2:77:77:6e:dc:b3:d1:a8:ea:0b:
e9:1b:de:a6:dc:93:2a:27:d9:1c:23:f3:e7:d4:56:f4:21:91:
2e:69:ab:33:bb:be:9b:62:00:8e:39:74:aa:ce:0a:34:bc:c3:
38:41:e2:94:05:9f:56:10:dc:f1:d8:b2:4f:e6:f0:a9:fe:b2:
05:01:64:d4:27:fd:96:0a:42:dc:95:e7:de:74:45:fb:04:91:
90:34:fb:55:c4:30:b4:42:fa:3e:b7:b5:64:df:fa:c5:7b:7f:
94:16:25:8b:3b:04:ab:cb:d9:52:93:76:b5:11:7b:05:55:35:
6b:72:56:bf:00:15:fe:58:29:9e:73:04:bf:5f:76:6a:d4:24:
63:81:67:18:35:0a:bb:f5:6d:be:e7:9d:bf:45:ad:29:2f:7a:
90:fb:ca:8e:c2:b5:83:1b:65:a6:ed:77:92:a6:0f:f3:a1:92:
67:3e:cc:71:c1:26:ae:09:60:3a:a4:69:75:6f:96:21:d2:5f:
3e:a8:ac:58:fe:77:fe:cd:68:15:97:23:bb:6b:49:9e:4c:38:
6f:a8:e7:37:d7:81:d4:1a:37:dd:67:59:56:43:bd:08:ac:d9:
ad:ec:a3:51:52:9c:ed:ab:d4:a7:c1:b7:91:e6:41:2e:61:34:
42:88:2d:13
-----BEGIN CERTIFICATE-----
MIIFTjCCBDagAwIBAgISAYYrQhMWX/vkR/FBUc6GKT/4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDUzYjYyYWNlNjE1YjkwNmI0MmFiMjdmNGZiMWQyMDNkZjM2
ZDU0MzYwHhcNMjMwMjA3MDk0MzE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzc0YmZmOTk4YTQyM2RmNWJhNTg0OTAwMjlmYzM3Yzk5OTY5NWI3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGHHrGqTjdN6LXBVFtXrEZdzii4l
KCSQTOFVhroBPG9CX55T20m/TwjbboSavyzoCv7FSi7jov5XtsKEyxh6yC263L6N
S5GDP3EK+jjGznKMnu65igObr9bswKZzlf1gMLuxpQCv89sZDZnlKkQWuq5a0pjx
7eFcNRcFHDscS8xrV4PDInrStYzVx4+O6beR40OQeuHL1ZsSBeZUR7P5hORiR0pN
ZhkZD2ptiWkuRKAYSpL2H7y0FiuEu8y74VcJO/ZOgYqDK/4poABfBq8kpac3NocN
VDS9yT3rYmsTNYS8QLGx0C+Gl2q0btG5VEmvY1K+ZN+5A/jgZH2xOj0lrwIDAQAB
o4ICWjCCAlYwHQYDVR0OBBYEFLd0v/mYpCPfW6WEkAKfw3yZlpW3MB8GA1UdIwQY
MBaAFFO2Ks5hW5BrQqsn9PsdID3zbVQ2MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDIt
OTcyYTRjM2RjM2YzLzEvdDNTXy1aaWtJOTlicFlTUUFwX0RmSm1XbGJjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85ZC84YjA3Y2QtMGNlZC00YWZjLThkMDItOTcyYTRjM2RjM2Yz
LzEvVTdZcXptRmJrR3RDcXlmMC14MGdQZk50VkRZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHAGCCsGAQUFBwEHAQH/BGEwXzBOBAIAATBIAwQDH8GoAwQB
PsUoAwQBPsUsAwQBPsUyAwQDU44YAwQGVQ3AAwQFWbtAAwQDbUaIAwQCkf/gAwQB
kf/mAwQCuWVQAwQAwRreMA0EAgACMAcDBQAqAQDAMA0GCSqGSIb3DQEBCwUAA4IB
AQCqfLfVNCsNTfJ3d27cs9Go6gvpG96m3JMqJ9kcI/Pn1Fb0IZEuaaszu76bYgCO
OXSqzgo0vMM4QeKUBZ9WENzx2LJP5vCp/rIFAWTUJ/2WCkLclefedEX7BJGQNPtV
xDC0Qvo+t7Vk3/rFe3+UFiWLOwSry9lSk3a1EXsFVTVrcla/ABX+WCmecwS/X3Zq
1CRjgWcYNQq79W2+552/Ra0pL3qQ+8qOwrWDG2Wm7XeSpg/zoZJnPsxxwSauCWA6
pGl1b5Yh0l8+qKxY/nf+zWgVlyO7a0meTDhvqOc314HUGjfdZ1lWQ70IrNmt7KNR
Upztq9SnwbeR5kEuYTRCiC0T
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:00:02 2023 by rpki-client on console-fra.rpki-client.org