Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/4Tqw6ElSmbMRB-SyHDmMLEowX-I.roa
File: 4Tqw6ElSmbMRB-SyHDmMLEowX-I.roa (raw, json)
Hash identifier: F3zzV2kd/OubJYS4nCRppBHXPeVy8mIjloNpjY1066I=
Subject key identifier: E1:3A:B0:E8:49:52:99:B3:11:07:E4:B2:1C:39:8C:2C:4A:30:5F:E2
Certificate issuer: /CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Certificate serial: 0185C3F08D3228C05C671562C4A3EB8D7FEE
Authority key identifier: 1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/4Tqw6ElSmbMRB-SyHDmMLEowX-I.roa
Signing time: Wed 18 Jan 2023 08:13:19 +0000
ROA not before: Wed 18 Jan 2023 08:13:19 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3301
IP address blocks: 217.208.0.0/13 maxlen: 13
2.252.0.0/15 maxlen: 15
194.18.0.0/16 maxlen: 16
195.252.32.0/19 maxlen: 19
2.255.128.0/18 maxlen: 18
194.16.0.0/15 maxlen: 15
195.198.0.0/16 maxlen: 16
62.20.0.0/16 maxlen: 16
195.67.0.0/16 maxlen: 16
2.254.0.0/16 maxlen: 16
2.255.191.0/24 maxlen: 24
192.16.152.0/23 maxlen: 23
2.255.190.0/24 maxlen: 24
192.16.153.0/24 maxlen: 24
193.44.0.0/15 maxlen: 15
194.236.0.0/15 maxlen: 15
192.150.58.0/23 maxlen: 23
192.150.64.0/22 maxlen: 22
192.150.60.0/22 maxlen: 22
192.150.68.0/23 maxlen: 23
192.150.78.0/23 maxlen: 23
213.64.0.0/14 maxlen: 14
212.28.192.0/19 maxlen: 19
194.22.0.0/15 maxlen: 15
81.228.4.0/24 maxlen: 24
81.228.4.0/23 maxlen: 23
2.248.0.0/13 maxlen: 13
81.228.5.0/24 maxlen: 24
2.255.0.0/17 maxlen: 17
194.218.0.0/16 maxlen: 16
212.181.0.0/16 maxlen: 16
78.64.0.0/12 maxlen: 12
95.192.0.0/12 maxlen: 12
90.224.0.0/12 maxlen: 12
81.224.0.0/12 maxlen: 12
192.150.80.0/23 maxlen: 23
2.248.0.0/14 maxlen: 14
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:c3:f0:8d:32:28:c0:5c:67:15:62:c4:a3:eb:8d:7f:ee
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1f68138d4ec2ea51cacef09ff1058a370a5be190
Validity
Not Before: Jan 18 08:13:19 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=e13ab0e8495299b31107e4b21c398c2c4a305fe2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:a0:d0:b0:f5:08:0e:90:29:8b:2c:39:7f:6c:
2e:cc:b7:a1:bc:72:8d:7f:9e:23:cf:04:45:6a:1d:
1c:f7:57:26:de:41:b8:fd:13:e4:c5:19:bf:ea:74:
01:1c:a3:af:a4:c7:0f:42:a1:2c:5d:08:33:de:f6:
cd:58:37:ab:72:4a:65:c5:00:91:64:a5:41:b6:e0:
c7:80:7d:45:ea:09:6a:0a:c5:19:08:74:f1:e7:58:
db:e2:d1:49:0c:0a:c1:2e:0d:e7:e4:27:64:dd:23:
c4:9f:ab:48:d6:89:b6:61:e8:02:46:cd:d9:e7:47:
b7:a3:0b:a8:c7:dd:76:f3:c4:98:e8:a1:73:0e:c0:
70:b6:6d:d0:2d:72:2f:c2:08:22:cd:91:23:61:b2:
a7:d6:93:8a:ed:b6:84:03:d0:0c:0c:bc:a1:b3:6c:
8d:f5:e1:ef:78:f3:1c:5a:0c:96:4e:9b:c5:66:4e:
c5:ff:61:f3:76:35:cd:33:92:7c:ee:95:64:b4:0b:
9a:94:30:b2:e7:57:24:43:7f:93:7c:80:8a:68:9f:
52:30:13:65:6e:32:d6:44:e6:95:2d:fc:b2:df:5b:
e7:da:50:3d:0c:56:b0:cf:f1:6e:b4:b6:9b:4d:0b:
96:70:4a:d6:c3:70:f8:c6:d4:b2:f1:ce:23:0c:60:
22:47
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
E1:3A:B0:E8:49:52:99:B3:11:07:E4:B2:1C:39:8C:2C:4A:30:5F:E2
X509v3 Authority Key Identifier:
keyid:1F:68:13:8D:4E:C2:EA:51:CA:CE:F0:9F:F1:05:8A:37:0A:5B:E1:90
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/4Tqw6ElSmbMRB-SyHDmMLEowX-I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a7/b9adf4-f910-4355-bfc8-608564839fd0/1/H2gTjU7C6lHKzvCf8QWKNwpb4ZA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.248.0.0/13
62.20.0.0/16
78.64.0.0/12
81.224.0.0/12
90.224.0.0/12
95.192.0.0/12
192.16.152.0/23
192.150.58.0-192.150.69.255
192.150.78.0-192.150.81.255
193.44.0.0/15
194.16.0.0-194.18.255.255
194.22.0.0/15
194.218.0.0/16
194.236.0.0/15
195.67.0.0/16
195.198.0.0/16
195.252.32.0/19
212.28.192.0/19
212.181.0.0/16
213.64.0.0/14
217.208.0.0/13
Signature Algorithm: sha256WithRSAEncryption
e6:6c:dc:68:be:bd:d8:d3:e3:2a:35:b6:e2:91:fc:4c:64:b9:
17:88:78:18:79:fa:18:0f:ed:23:14:11:66:c5:66:9e:a4:98:
47:9a:16:d7:fb:25:3a:a0:a6:0e:44:59:76:65:93:8d:8a:3b:
2f:5a:90:07:9b:bf:8c:c1:26:86:c2:ff:58:bf:a1:19:05:35:
95:d3:48:b6:02:f7:ab:83:79:ce:0b:74:90:5c:3d:e4:90:21:
ea:93:91:e9:c1:df:fc:45:c7:dd:b4:ec:5a:40:57:8a:d4:5c:
ab:e1:cf:54:e0:44:dc:17:56:11:36:ae:a3:fd:af:8a:6f:de:
cd:b2:be:62:d3:98:34:32:36:dd:77:cb:24:a4:d1:b0:e2:4c:
4a:df:92:72:6b:10:9d:22:8a:62:dc:da:4f:26:fb:ef:9d:45:
f3:91:31:74:98:9d:14:f3:b0:cc:21:48:49:1f:7a:2f:19:d5:
29:91:9a:fe:d0:4e:2c:73:54:6c:d3:70:45:88:00:67:01:60:
49:6d:77:de:cd:fd:1d:77:06:9a:aa:c3:6b:04:4b:62:31:46:
93:b0:c3:60:3a:34:d0:b3:40:05:e2:73:1b:16:41:8d:47:b8:
89:90:61:37:bb:89:6e:27:34:29:8e:89:d3:83:9a:9b:43:22:
48:76:28:6a
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgISAYXD8I0yKMBcZxVixKPrjX/uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFmNjgxMzhkNGVjMmVhNTFjYWNlZjA5ZmYxMDU4YTM3MGE1
YmUxOTAwHhcNMjMwMTE4MDgxMzE5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlMTNhYjBlODQ5NTI5OWIzMTEwN2U0YjIxYzM5OGMyYzRhMzA1ZmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyKDQsPUIDpApiyw5f2wuzLehvHKN
f54jzwRFah0c91cm3kG4/RPkxRm/6nQBHKOvpMcPQqEsXQgz3vbNWDerckplxQCR
ZKVBtuDHgH1F6glqCsUZCHTx51jb4tFJDArBLg3n5Cdk3SPEn6tI1om2YegCRs3Z
50e3owuox91288SY6KFzDsBwtm3QLXIvwggizZEjYbKn1pOK7baEA9AMDLyhs2yN
9eHvePMcWgyWTpvFZk7F/2HzdjXNM5J87pVktAualDCy51ckQ3+TfICKaJ9SMBNl
bjLWROaVLfyy31vn2lA9DFawz/FutLabTQuWcErWw3D4xtSy8c4jDGAiRwIDAQAB
o4ICjTCCAokwHQYDVR0OBBYEFOE6sOhJUpmzEQfkshw5jCxKMF/iMB8GA1UdIwQY
MBaAFB9oE41OwupRys7wn/EFijcKW+GQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgt
NjA4NTY0ODM5ZmQwLzEvNFRxdzZFbFNtYk1SQi1TeUhEbU1MRW93WC1JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hNy9iOWFkZjQtZjkxMC00MzU1LWJmYzgtNjA4NTY0ODM5ZmQw
LzEvSDJnVGpVN0M2bEhLenZDZjhRV0tOd3BiNFpBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGiBggrBgEFBQcBBwEB/wSBkjCBjzCBjAQCAAEwgYUDAwMC
+AMDAD4UAwMETkADAwRR4AMDBFrgAwMEX8ADBAHAEJgwDAMEAcCWOgMEAcCWRDAM
AwQBwJZOAwQBwJZQAwMBwSwwCgMDBMIQAwMAwhIDAwHCFgMDAMLaAwMBwuwDAwDD
QwMDAMPGAwQFw/wgAwQF1BzAAwMA1LUDAwLVQAMDA9nQMA0GCSqGSIb3DQEBCwUA
A4IBAQDmbNxovr3Y0+MqNbbikfxMZLkXiHgYefoYD+0jFBFmxWaepJhHmhbX+yU6
oKYORFl2ZZONijsvWpAHm7+MwSaGwv9Yv6EZBTWV00i2Averg3nOC3SQXD3kkCHq
k5Hpwd/8RcfdtOxaQFeK1Fyr4c9U4ETcF1YRNq6j/a+Kb97Nsr5i05g0Mjbdd8sk
pNGw4kxK35JyaxCdIopi3NpPJvvvnUXzkTF0mJ0U87DMIUhJH3ovGdUpkZr+0E4s
c1Rs03BFiABnAWBJbXfezf0ddwaaqsNrBEtiMUaTsMNgOjTQs0AF4nMbFkGNR7iJ
kGE3u4luJzQpjonTg5qbQyJIdihq
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:05:44 2023 by rpki-client on console-ams.rpki-client.org