Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/EeQ8wvj_Cs8vNbha0qkMtV7U0NQ.roa
File: EeQ8wvj_Cs8vNbha0qkMtV7U0NQ.roa (raw, json)
Hash identifier: 3IQ0a4ogQ4VBFkrIlMEQtivVMRj5zbWPTeW7PigcFCQ=
Subject key identifier: 11:E4:3C:C2:F8:FF:0A:CF:2F:35:B8:5A:D2:A9:0C:B5:5E:D4:D0:D4
Certificate issuer: /CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Certificate serial: 01857102F7637326BDE0F8F5ACDB81BA667A
Authority key identifier: 36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/EeQ8wvj_Cs8vNbha0qkMtV7U0NQ.roa
Signing time: Mon 02 Jan 2023 05:44:57 +0000
ROA not before: Mon 02 Jan 2023 05:44:57 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 1239
IP address blocks: 89.33.14.0/24 maxlen: 24
188.241.242.0/23 maxlen: 23
188.241.248.0/24 maxlen: 24
188.241.182.0/24 maxlen: 24
193.19.106.0/24 maxlen: 24
89.46.92.0/24 maxlen: 24
188.214.208.0/23 maxlen: 23
213.32.248.0/22 maxlen: 22
188.241.214.0/24 maxlen: 24
92.114.84.0/23 maxlen: 23
89.40.76.0/24 maxlen: 24
92.114.107.0/24 maxlen: 24
193.23.128.0/22 maxlen: 22
213.232.92.0/22 maxlen: 22
89.43.199.0/24 maxlen: 24
103.205.24.0/22 maxlen: 22
89.33.84.0/23 maxlen: 23
185.255.168.0/22 maxlen: 22
45.123.40.0/22 maxlen: 22
188.214.27.0/24 maxlen: 24
89.35.159.0/24 maxlen: 24
89.35.154.0/23 maxlen: 23
87.247.148.0/22 maxlen: 22
188.240.224.0/22 maxlen: 22
188.240.230.0/24 maxlen: 24
188.240.232.0/23 maxlen: 23
192.166.208.0/21 maxlen: 21
193.42.52.0/22 maxlen: 22
204.75.229.0/24 maxlen: 24
185.35.136.0/22 maxlen: 22
89.36.22.0/23 maxlen: 23
188.241.159.0/24 maxlen: 24
185.9.54.0/23 maxlen: 23
185.255.36.0/22 maxlen: 22
62.197.128.0/24 maxlen: 24
62.197.132.0/22 maxlen: 22
185.238.8.0/22 maxlen: 22
185.103.72.0/22 maxlen: 22
188.241.110.0/24 maxlen: 24
188.240.68.0/24 maxlen: 24
77.75.60.0/22 maxlen: 22
89.38.70.0/24 maxlen: 24
194.4.156.0/22 maxlen: 22
93.115.109.0/24 maxlen: 24
185.115.144.0/22 maxlen: 24
89.44.207.0/24 maxlen: 24
93.115.254.0/23 maxlen: 23
78.142.242.0/23 maxlen: 23
78.142.241.0/24 maxlen: 24
89.38.136.0/24 maxlen: 24
188.213.202.0/23 maxlen: 23
45.156.156.0/22 maxlen: 22
94.176.110.0/23 maxlen: 23
89.38.101.0/24 maxlen: 24
91.209.12.0/24 maxlen: 24
93.114.192.0/23 maxlen: 23
89.40.160.0/24 maxlen: 24
93.114.195.0/24 maxlen: 24
188.212.132.0/23 maxlen: 23
188.212.155.0/24 maxlen: 24
188.212.158.0/23 maxlen: 23
185.245.236.0/22 maxlen: 22
203.0.8.0/23 maxlen: 23
89.43.208.0/21 maxlen: 21
103.212.80.0/23 maxlen: 23
103.212.82.0/24 maxlen: 24
91.188.204.0/22 maxlen: 22
89.47.89.0/24 maxlen: 24
89.37.62.0/23 maxlen: 23
178.239.204.0/23 maxlen: 23
185.121.228.0/22 maxlen: 22
178.239.200.0/22 maxlen: 22
185.135.140.0/22 maxlen: 22
89.34.126.0/23 maxlen: 23
93.114.246.0/24 maxlen: 24
223.27.112.0/23 maxlen: 23
223.27.114.0/24 maxlen: 24
178.239.192.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:02:f7:63:73:26:bd:e0:f8:f5:ac:db:81:ba:66:7a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=36c2a4b7d5d73c5b57046223bf30eb653005b0e2
Validity
Not Before: Jan 2 05:44:57 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=11e43cc2f8ff0acf2f35b85ad2a90cb55ed4d0d4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:89:99:32:dd:83:cf:f1:7d:b5:2f:36:d7:8f:5d:
53:cd:ec:03:4a:3f:6f:a9:87:df:c5:4d:7d:73:e2:
90:62:2c:7b:6f:39:f0:24:08:0e:2a:f7:32:0a:f6:
8d:f8:2e:da:24:cc:cf:fc:a0:46:c5:fd:a3:28:69:
6d:8b:6d:ce:11:85:93:ec:88:4d:c4:c0:38:53:5e:
71:7b:f8:b9:2e:81:de:31:24:be:d9:0b:11:12:bd:
b5:91:1f:7b:0b:ee:08:35:06:9a:d7:5a:4a:b7:3b:
aa:16:40:42:73:8f:2e:fe:87:63:8d:50:ef:2b:2d:
87:49:f4:c6:99:05:93:06:38:da:29:31:6b:a8:c1:
a9:83:fe:e3:7a:66:6b:83:6d:fb:24:75:43:ff:ff:
0a:22:7f:d4:1b:6b:e9:6b:69:70:e5:bf:ae:37:24:
5b:8a:b3:ca:12:ca:48:a5:1b:58:6b:95:b3:5f:38:
5c:63:bb:1b:ac:b6:a3:29:eb:bd:91:2b:43:17:9a:
92:8d:e1:c4:33:6e:b1:9a:8b:0e:7a:63:77:2e:bc:
c9:d1:46:01:a9:6a:3a:8e:45:e9:d1:92:00:ce:c2:
42:67:16:d1:f9:9a:13:e3:90:8d:24:1a:48:4c:cb:
8f:57:6b:d8:ec:ba:10:67:b9:9a:2d:a7:71:87:72:
eb:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:E4:3C:C2:F8:FF:0A:CF:2F:35:B8:5A:D2:A9:0C:B5:5E:D4:D0:D4
X509v3 Authority Key Identifier:
keyid:36:C2:A4:B7:D5:D7:3C:5B:57:04:62:23:BF:30:EB:65:30:05:B0:E2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NsKkt9XXPFtXBGIjvzDrZTAFsOI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/EeQ8wvj_Cs8vNbha0qkMtV7U0NQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bc/8dd85a-bf8f-425e-a24b-2ccedb966a58/1/NsKkt9XXPFtXBGIjvzDrZTAFsOI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.123.40.0/22
45.156.156.0/22
62.197.128.0/24
62.197.132.0/22
77.75.60.0/22
78.142.241.0-78.142.243.255
87.247.148.0/22
89.33.14.0/24
89.33.84.0/23
89.34.126.0/23
89.35.154.0/23
89.35.159.0/24
89.36.22.0/23
89.37.62.0/23
89.38.70.0/24
89.38.101.0/24
89.38.136.0/24
89.40.76.0/24
89.40.160.0/24
89.43.199.0/24
89.43.208.0/21
89.44.207.0/24
89.46.92.0/24
89.47.89.0/24
91.188.204.0/22
91.209.12.0/24
92.114.84.0/23
92.114.107.0/24
93.114.192.0/23
93.114.195.0/24
93.114.246.0/24
93.115.109.0/24
93.115.254.0/23
94.176.110.0/23
103.205.24.0/22
103.212.80.0-103.212.82.255
178.239.192.0/22
178.239.200.0-178.239.205.255
185.9.54.0/23
185.35.136.0/22
185.103.72.0/22
185.115.144.0/22
185.121.228.0/22
185.135.140.0/22
185.238.8.0/22
185.245.236.0/22
185.255.36.0/22
185.255.168.0/22
188.212.132.0/23
188.212.155.0/24
188.212.158.0/23
188.213.202.0/23
188.214.27.0/24
188.214.208.0/23
188.240.68.0/24
188.240.224.0/22
188.240.230.0/24
188.240.232.0/23
188.241.110.0/24
188.241.159.0/24
188.241.182.0/24
188.241.214.0/24
188.241.242.0/23
188.241.248.0/24
192.166.208.0/21
193.19.106.0/24
193.23.128.0/22
193.42.52.0/22
194.4.156.0/22
203.0.8.0/23
204.75.229.0/24
213.32.248.0/22
213.232.92.0/22
223.27.112.0-223.27.114.255
Signature Algorithm: sha256WithRSAEncryption
86:77:de:f8:db:ae:f4:d9:a9:f2:9c:82:9d:65:1a:f1:bb:7c:
34:71:f8:eb:43:1c:cd:48:c8:4a:73:e0:1c:8f:1c:74:cb:79:
49:b4:6a:80:16:0a:0f:2b:b3:15:ed:3a:8c:39:45:28:f1:80:
c7:6b:47:94:34:11:2f:34:26:48:0f:f4:bc:cf:98:b3:8d:f1:
61:d3:6a:e3:79:cb:17:60:33:30:6d:c0:84:23:9e:c4:a7:91:
07:9f:89:bd:56:70:66:59:ef:2e:f9:eb:71:65:b6:05:ba:c7:
63:c9:2d:d7:b6:4b:78:55:3e:bc:ef:10:38:a3:fe:d5:a7:f0:
04:fb:ea:ca:aa:47:3e:19:4b:b3:d0:57:c0:86:58:fa:c0:34:
27:37:ae:91:12:a7:0a:a5:5b:eb:46:3b:68:3a:7c:a1:39:b5:
d7:f0:8f:04:a0:56:e9:e6:dd:cc:3d:37:27:8b:b7:d3:a3:76:
1e:a3:4a:ad:c8:04:fe:80:fd:0a:56:1f:02:e1:4a:6c:82:53:
94:27:ac:1f:96:53:24:e2:c5:4d:d6:6b:00:62:11:4f:78:02:
71:ec:86:eb:51:ea:d8:7e:88:94:db:f1:95:bb:ce:d6:72:48:
f6:f8:01:87:c6:67:c4:e8:84:fe:66:42:19:52:d1:31:1b:14:
24:ff:55:93
-----BEGIN CERTIFICATE-----
MIIG3TCCBcWgAwIBAgISAYVxAvdjcya94Pj1rNuBumZ6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM2YzJhNGI3ZDVkNzNjNWI1NzA0NjIyM2JmMzBlYjY1MzAw
NWIwZTIwHhcNMjMwMTAyMDU0NDU3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMWU0M2NjMmY4ZmYwYWNmMmYzNWI4NWFkMmE5MGNiNTVlZDRkMGQ0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiZky3YPP8X21LzbXj11TzewDSj9v
qYffxU19c+KQYix7bznwJAgOKvcyCvaN+C7aJMzP/KBGxf2jKGlti23OEYWT7IhN
xMA4U15xe/i5LoHeMSS+2QsREr21kR97C+4INQaa11pKtzuqFkBCc48u/odjjVDv
Ky2HSfTGmQWTBjjaKTFrqMGpg/7jemZrg237JHVD//8KIn/UG2vpa2lw5b+uNyRb
irPKEspIpRtYa5WzXzhcY7sbrLajKeu9kStDF5qSjeHEM26xmosOemN3LrzJ0UYB
qWo6jkXp0ZIAzsJCZxbR+ZoT45CNJBpITMuPV2vY7LoQZ7maLadxh3LrSwIDAQAB
o4ID6TCCA+UwHQYDVR0OBBYEFBHkPML4/wrPLzW4WtKpDLVe1NDUMB8GA1UdIwQY
MBaAFDbCpLfV1zxbVwRiI78w62UwBbDiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGIt
MmNjZWRiOTY2YTU4LzEvRWVROHd2al9Dczh2TmJoYTBxa010VjdVME5RLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYy84ZGQ4NWEtYmY4Zi00MjVlLWEyNGItMmNjZWRiOTY2YTU4
LzEvTnNLa3Q5WFhQRnRYQkdJanZ6RHJaVEFGc09JLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIB/QYIKwYBBQUHAQcBAf8EggHsMIIB6DCCAeQEAgABMIIB
3AMEAi17KAMEAi2cnAMEAD7FgAMEAj7FhAMEAk1LPDAMAwQATo7xAwQCTo7wAwQC
V/eUAwQAWSEOAwQBWSFUAwQBWSJ+AwQBWSOaAwQAWSOfAwQBWSQWAwQBWSU+AwQA
WSZGAwQAWSZlAwQAWSaIAwQAWShMAwQAWSigAwQAWSvHAwQDWSvQAwQAWSzPAwQA
WS5cAwQAWS9ZAwQCW7zMAwQAW9EMAwQBXHJUAwQAXHJrAwQBXXLAAwQAXXLDAwQA
XXL2AwQAXXNtAwQBXXP+AwQBXrBuAwQCZ80YMAwDBARn1FADBABn1FIDBAKy78Aw
DAMEA7LvyAMEAbLvzAMEAbkJNgMEArkjiAMEArlnSAMEArlzkAMEArl55AMEArmH
jAMEArnuCAMEArn17AMEArn/JAMEArn/qAMEAbzUhAMEALzUmwMEAbzUngMEAbzV
ygMEALzWGwMEAbzW0AMEALzwRAMEArzw4AMEALzw5gMEAbzw6AMEALzxbgMEALzx
nwMEALzxtgMEALzx1gMEAbzx8gMEALzx+AMEA8Cm0AMEAMETagMEAsEXgAMEAsEq
NAMEAsIEnAMEAcsACAMEAMxL5QMEAtUg+AMEAtXoXDAMAwQE3xtwAwQA3xtyMA0G
CSqGSIb3DQEBCwUAA4IBAQCGd97426702anynIKdZRrxu3w0cfjrQxzNSMhKc+Ac
jxx0y3lJtGqAFgoPK7MV7TqMOUUo8YDHa0eUNBEvNCZID/S8z5izjfFh02rjecsX
YDMwbcCEI57Ep5EHn4m9VnBmWe8u+etxZbYFusdjyS3Xtkt4VT687xA4o/7Vp/AE
++rKqkc+GUuz0FfAhlj6wDQnN66REqcKpVvrRjtoOnyhObXX8I8EoFbp5t3MPTcn
i7fTo3Yeo0qtyAT+gP0KVh8C4UpsglOUJ6wfllMk4sVN1msAYhFPeAJx7IbrUerY
foiU2/GVu87Wckj2+AGHxmfE6IT+ZkIZUtExGxQk/1WT
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:06:54 2023 by rpki-client on console-ams.rpki-client.org