Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/9sYDjVqI7Ky7l5d3hhAr_X7VofM.roa
File: 9sYDjVqI7Ky7l5d3hhAr_X7VofM.roa (raw, json)
Hash identifier: RR/pY8+zWtC0qkWo63Dv75cOrmuASLtdmtxgJp3NbLI=
Subject key identifier: F6:C6:03:8D:5A:88:EC:AC:BB:97:97:77:86:10:2B:FD:7E:D5:A1:F3
Certificate issuer: /CN=2c96946c501ddf48696da2cf110fdceb286fac98
Certificate serial: 018571831E41842BEE98D1B51C04A4651944
Authority key identifier: 2C:96:94:6C:50:1D:DF:48:69:6D:A2:CF:11:0F:DC:EB:28:6F:AC:98
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/LJaUbFAd30hpbaLPEQ_c6yhvrJg.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/9sYDjVqI7Ky7l5d3hhAr_X7VofM.roa
Signing time: Mon 02 Jan 2023 08:04:56 +0000
ROA not before: Mon 02 Jan 2023 08:04:56 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8455
IP address blocks: 95.142.96.0/20 maxlen: 24
185.223.85.0/24 maxlen: 24
185.223.86.0/23 maxlen: 24
89.255.203.0/24 maxlen: 24
89.255.205.0/24 maxlen: 24
89.255.204.0/24 maxlen: 24
89.255.200.0/21 maxlen: 24
89.255.200.0/24 maxlen: 24
89.255.202.0/24 maxlen: 24
89.255.201.0/24 maxlen: 24
89.255.206.0/24 maxlen: 24
195.43.158.0/24 maxlen: 24
89.255.207.0/24 maxlen: 24
195.137.242.0/24 maxlen: 24
178.237.32.0/20 maxlen: 24
193.202.88.0/23 maxlen: 24
185.234.96.0/22 maxlen: 24
185.242.220.0/22 maxlen: 22
185.27.16.0/22 maxlen: 24
185.27.19.0/24 maxlen: 24
193.202.74.0/23 maxlen: 24
31.22.84.0/24 maxlen: 24
31.22.80.0/21 maxlen: 24
45.148.184.0/22 maxlen: 24
85.222.237.0/24 maxlen: 24
85.222.236.0/24 maxlen: 24
85.222.239.0/24 maxlen: 24
85.222.238.0/24 maxlen: 24
2a00:1188:11::/48 maxlen: 64
2a00:1188:c::/48 maxlen: 64
2a00:1188:a::/48 maxlen: 64
2a00:1188:5::/48 maxlen: 64
2a00:1188::/32 maxlen: 64
2a00:1188:14::/48 maxlen: 64
2a00:1188:12::/48 maxlen: 64
2a00:1188:d::/48 maxlen: 64
2a00:1188:8::/48 maxlen: 64
2a00:1188:b::/48 maxlen: 64
2a00:1188::/29 maxlen: 64
2a00:1188:e::/48 maxlen: 64
2a00:1188:9::/48 maxlen: 64
2a00:1188:7::/48 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:83:1e:41:84:2b:ee:98:d1:b5:1c:04:a4:65:19:44
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=2c96946c501ddf48696da2cf110fdceb286fac98
Validity
Not Before: Jan 2 08:04:56 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f6c6038d5a88ecacbb97977786102bfd7ed5a1f3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8b:f5:42:36:83:b7:6d:55:a0:47:3d:86:9b:72:
b8:60:44:1f:2a:89:18:d8:17:ac:e0:ba:b5:ff:d8:
28:ed:14:14:da:64:17:6a:cd:7c:b6:90:60:b4:00:
7d:02:cd:cd:3c:10:8b:91:ae:8c:97:90:b8:7b:32:
8d:67:4d:42:fa:df:1f:32:6a:7c:8a:30:a4:e6:72:
ce:b6:cd:9b:17:8f:14:9b:1e:3d:41:33:cc:ad:7d:
90:e8:0e:24:f6:ee:6e:e9:c5:fb:78:02:5b:09:a8:
f7:fa:10:ef:c6:89:c5:eb:38:f5:12:25:e8:17:90:
56:89:3b:0f:f4:8d:a8:96:4c:11:91:a5:e5:9b:e1:
ae:e9:c8:19:e2:c6:6f:e9:c8:dd:fb:ee:65:6e:6c:
26:52:50:11:26:71:63:de:f2:cb:4a:f3:72:d6:c2:
9f:fc:06:82:d8:71:8f:c4:7f:bb:8a:11:92:f7:2f:
2a:23:3b:73:a5:51:2a:fe:99:78:cb:d2:48:8b:be:
36:4b:ab:f3:01:e4:55:8d:30:4a:ec:87:c2:fc:69:
73:75:12:73:5f:a6:01:6e:03:0a:70:0c:1c:85:af:
d0:d1:0e:df:3a:f0:aa:7e:43:a3:f4:98:07:d6:2f:
6a:b3:19:1e:83:55:9d:e8:d3:70:2f:2f:69:42:28:
24:81
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:C6:03:8D:5A:88:EC:AC:BB:97:97:77:86:10:2B:FD:7E:D5:A1:F3
X509v3 Authority Key Identifier:
keyid:2C:96:94:6C:50:1D:DF:48:69:6D:A2:CF:11:0F:DC:EB:28:6F:AC:98
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/LJaUbFAd30hpbaLPEQ_c6yhvrJg.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/9sYDjVqI7Ky7l5d3hhAr_X7VofM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a2/04fef8-d2df-4f7a-92b4-7f970a3af9cd/1/LJaUbFAd30hpbaLPEQ_c6yhvrJg.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.22.80.0/21
45.148.184.0/22
85.222.236.0/22
89.255.200.0/21
95.142.96.0/20
178.237.32.0/20
185.27.16.0/22
185.223.85.0-185.223.87.255
185.234.96.0/22
185.242.220.0/22
193.202.74.0/23
193.202.88.0/23
195.43.158.0/24
195.137.242.0/24
IPv6:
2a00:1188::/29
Signature Algorithm: sha256WithRSAEncryption
5a:6e:a0:12:4b:7b:6f:dc:2a:10:6c:be:b1:b6:31:f7:bc:b5:
ce:8c:9d:48:4a:e2:b7:7a:52:e3:ac:4f:20:6e:d9:c1:21:4b:
b9:45:1d:94:d5:0b:09:87:0f:eb:52:b0:0d:a2:c0:a6:82:3c:
10:3a:e1:74:cc:1f:30:fe:7a:8a:c0:e7:fa:2a:a9:bf:f0:5c:
f4:69:93:9a:55:fd:63:ac:11:ed:50:33:10:29:6b:90:78:f8:
13:89:f2:52:f8:ec:a8:a3:d3:34:3f:47:a2:55:66:ec:2b:b3:
a0:d7:83:f6:39:a6:df:65:96:24:72:fe:b8:d3:b2:d9:f5:91:
1f:a8:52:39:0b:70:fc:f0:3f:f7:52:93:bc:57:0a:90:d6:92:
64:28:4e:61:00:81:c3:da:6d:dd:92:35:85:13:ec:30:28:5c:
a0:87:26:87:12:e8:6e:d9:57:a1:eb:92:ef:de:ef:25:ca:7b:
8c:6d:89:7b:96:65:2a:52:a9:20:9b:9a:4e:7a:d7:9c:91:16:
55:ae:0c:0a:8f:60:93:0f:a4:89:49:ec:83:68:9b:33:07:3c:
18:54:39:7a:5b:b5:7e:58:fd:8e:cd:eb:8a:1d:e8:71:ae:c1:
7d:22:71:a2:78:9e:9a:4f:4b:30:77:ed:5c:39:50:33:01:e8:
9d:a4:31:98
-----BEGIN CERTIFICATE-----
MIIFYzCCBEugAwIBAgISAYVxgx5BhCvumNG1HASkZRlEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJjOTY5NDZjNTAxZGRmNDg2OTZkYTJjZjExMGZkY2ViMjg2
ZmFjOTgwHhcNMjMwMTAyMDgwNDU2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNmM2MDM4ZDVhODhlY2FjYmI5Nzk3Nzc4NjEwMmJmZDdlZDVhMWYzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAi/VCNoO3bVWgRz2Gm3K4YEQfKokY
2Bes4Lq1/9go7RQU2mQXas18tpBgtAB9As3NPBCLka6Ml5C4ezKNZ01C+t8fMmp8
ijCk5nLOts2bF48Umx49QTPMrX2Q6A4k9u5u6cX7eAJbCaj3+hDvxonF6zj1EiXo
F5BWiTsP9I2olkwRkaXlm+Gu6cgZ4sZv6cjd++5lbmwmUlARJnFj3vLLSvNy1sKf
/AaC2HGPxH+7ihGS9y8qIztzpVEq/pl4y9JIi742S6vzAeRVjTBK7IfC/GlzdRJz
X6YBbgMKcAwcha/Q0Q7fOvCqfkOj9JgH1i9qsxkeg1Wd6NNwLy9pQigkgQIDAQAB
o4ICbzCCAmswHQYDVR0OBBYEFPbGA41aiOysu5eXd4YQK/1+1aHzMB8GA1UdIwQY
MBaAFCyWlGxQHd9IaW2izxEP3Osob6yYMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTEphVWJGQWQzMGhwYmFMUEVRX2M2eWh2ckpnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hMi8wNGZlZjgtZDJkZi00ZjdhLTkyYjQt
N2Y5NzBhM2FmOWNkLzEvOXNZRGpWcUk3S3k3bDVkM2hoQXJfWDdWb2ZNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hMi8wNGZlZjgtZDJkZi00ZjdhLTkyYjQtN2Y5NzBhM2FmOWNk
LzEvTEphVWJGQWQzMGhwYmFMUEVRX2M2eWh2ckpnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGEBggrBgEFBQcBBwEB/wR1MHMwYgQCAAEwXAMEAx8WUAME
Ai2UuAMEAlXe7AMEA1n/yAMEBF+OYAMEBLLtIAMEArkbEDAMAwQAud9VAwQDud9Q
AwQCuepgAwQCufLcAwQBwcpKAwQBwcpYAwQAwyueAwQAw4nyMA0EAgACMAcDBQMq
ABGIMA0GCSqGSIb3DQEBCwUAA4IBAQBabqASS3tv3CoQbL6xtjH3vLXOjJ1ISuK3
elLjrE8gbtnBIUu5RR2U1QsJhw/rUrANosCmgjwQOuF0zB8w/nqKwOf6Kqm/8Fz0
aZOaVf1jrBHtUDMQKWuQePgTifJS+Oyoo9M0P0eiVWbsK7Og14P2OabfZZYkcv64
07LZ9ZEfqFI5C3D88D/3UpO8VwqQ1pJkKE5hAIHD2m3dkjWFE+wwKFyghyaHEuhu
2Veh65Lv3u8lynuMbYl7lmUqUqkgm5pOeteckRZVrgwKj2CTD6SJSeyDaJszBzwY
VDl6W7V+WP2OzeuKHehxrsF9InGieJ6aT0swd+1cOVAzAeidpDGY
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:48:00 2024 by rpki-client on console-fra.rpki-client.org