Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/QtggxBZ13XsnacekmTaNhd1LTlw.roa
File: QtggxBZ13XsnacekmTaNhd1LTlw.roa (raw, json)
Hash identifier: Lsqec7CeNXn0uzfdn+sElqrlNrSwEjN5an0z721ZGxY=
Subject key identifier: 42:D8:20:C4:16:75:DD:7B:27:69:C7:A4:99:36:8D:85:DD:4B:4E:5C
Certificate issuer: /CN=0febfbfd6f937c5ae39e3e38e8ab8384107421a6
Certificate serial: 237649
Authority key identifier: 0F:EB:FB:FD:6F:93:7C:5A:E3:9E:3E:38:E8:AB:83:84:10:74:21:A6
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/QtggxBZ13XsnacekmTaNhd1LTlw.roa
Signing time: Fri 22 Apr 2022 13:36:19 +0000
ROA not before: Fri 22 Apr 2022 13:36:19 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 56630
IP address blocks: 185.224.248.0/22 maxlen: 22
185.6.12.0/23 maxlen: 24
185.6.14.0/23 maxlen: 24
195.238.124.0/22 maxlen: 24
185.131.64.0/24 maxlen: 24
185.131.66.0/24 maxlen: 24
185.131.65.0/24 maxlen: 24
185.131.67.0/24 maxlen: 24
88.218.240.0/22 maxlen: 24
217.30.8.0/22 maxlen: 22
185.140.12.0/22 maxlen: 22
91.201.64.0/22 maxlen: 24
213.183.33.0/24 maxlen: 24
213.183.32.0/24 maxlen: 24
213.183.36.0/24 maxlen: 24
213.183.38.0/24 maxlen: 24
213.183.37.0/24 maxlen: 24
213.183.39.0/24 maxlen: 24
213.183.41.0/24 maxlen: 24
213.183.40.0/24 maxlen: 24
213.183.43.0/24 maxlen: 24
213.183.42.0/24 maxlen: 24
213.183.44.0/24 maxlen: 24
213.183.50.0/24 maxlen: 24
213.183.49.0/24 maxlen: 24
88.210.38.0/24 maxlen: 24
213.183.51.0/24 maxlen: 24
213.183.45.0/24 maxlen: 24
213.183.46.0/24 maxlen: 24
213.183.48.0/24 maxlen: 24
213.183.47.0/24 maxlen: 24
213.183.52.0/24 maxlen: 24
88.210.39.0/24 maxlen: 24
213.183.53.0/24 maxlen: 24
213.183.55.0/24 maxlen: 24
213.183.54.0/24 maxlen: 24
213.183.57.0/24 maxlen: 24
213.183.56.0/24 maxlen: 24
77.72.16.0/23 maxlen: 24
213.183.58.0/24 maxlen: 24
77.72.18.0/23 maxlen: 24
213.183.59.0/24 maxlen: 24
213.183.60.0/24 maxlen: 24
77.72.20.0/23 maxlen: 24
213.183.62.0/24 maxlen: 24
77.72.22.0/23 maxlen: 24
213.183.61.0/24 maxlen: 24
213.183.63.0/24 maxlen: 24
92.119.88.0/22 maxlen: 24
91.192.83.0/24 maxlen: 24
91.192.81.0/24 maxlen: 24
91.192.80.0/24 maxlen: 24
5.188.172.0/24 maxlen: 24
5.188.173.0/24 maxlen: 24
5.188.180.0/22 maxlen: 24
185.246.152.0/24 maxlen: 24
185.246.153.0/24 maxlen: 24
185.246.155.0/24 maxlen: 24
185.246.154.0/24 maxlen: 24
31.40.216.0/22 maxlen: 24
213.226.68.0/22 maxlen: 24
93.189.56.0/24 maxlen: 24
93.189.58.0/24 maxlen: 24
93.189.57.0/24 maxlen: 24
185.135.84.0/22 maxlen: 24
93.189.61.0/24 maxlen: 24
93.189.60.0/24 maxlen: 24
93.189.63.0/24 maxlen: 24
93.189.62.0/24 maxlen: 24
2a06:f906::/36 maxlen: 36
2a06:f903::/36 maxlen: 36
2a06:f905::/36 maxlen: 36
2a06:f900:4000::/36 maxlen: 36
2a06:f900::/36 maxlen: 36
2a06:f902::/36 maxlen: 36
2a06:f904::/36 maxlen: 36
2a06:f907:4000::/36 maxlen: 36
2a06:f907::/36 maxlen: 36
2a06:f901::/36 maxlen: 36
2a0d:8400::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2324041 (0x237649)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=0febfbfd6f937c5ae39e3e38e8ab8384107421a6
Validity
Not Before: Apr 22 13:36:19 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=42d820c41675dd7b2769c7a499368d85dd4b4e5c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e1:c7:8b:85:89:31:34:b5:e8:0c:d6:11:ee:4f:
b0:32:b3:d3:6d:4c:1d:ea:cf:cb:f8:f8:9a:9d:67:
ca:35:55:f5:db:29:0b:c6:b3:1c:1f:4d:38:21:2b:
79:ee:55:5c:bd:c1:59:e6:0d:45:ba:6e:48:43:dd:
84:c6:26:98:ec:61:b9:21:b3:8c:e4:78:33:0a:d4:
b1:13:9e:58:77:35:1c:0e:c9:be:50:60:02:dc:fa:
69:92:c6:df:66:af:f0:97:21:40:f9:c6:bb:3f:0c:
22:b7:57:12:f7:90:21:8f:14:3e:ec:46:fa:4f:f1:
6b:e2:b3:86:fb:58:60:9f:80:64:c3:31:2f:7a:92:
af:00:62:3d:7e:24:84:8e:ec:68:31:82:01:fb:aa:
2c:fa:f8:e4:21:56:3b:b5:f9:70:ef:62:1f:3e:16:
f8:22:1e:ea:1d:25:0e:6f:cf:a4:cd:8c:f8:7a:89:
9c:ac:42:5d:89:ba:5f:88:35:6a:d4:4d:ca:87:5f:
40:da:5f:b2:fa:f2:ec:ed:a4:00:37:e2:ed:1a:01:
dc:98:aa:3c:60:02:30:82:5e:cd:79:ea:8e:de:80:
99:1c:5e:c1:bc:06:83:ec:38:e3:f5:03:93:1f:52:
fa:22:b1:fe:98:00:74:0a:b5:59:3d:f5:a0:9f:b9:
70:a9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
42:D8:20:C4:16:75:DD:7B:27:69:C7:A4:99:36:8D:85:DD:4B:4E:5C
X509v3 Authority Key Identifier:
keyid:0F:EB:FB:FD:6F:93:7C:5A:E3:9E:3E:38:E8:AB:83:84:10:74:21:A6
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/D-v7_W-TfFrjnj446KuDhBB0IaY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/QtggxBZ13XsnacekmTaNhd1LTlw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/67d834-2612-4739-9f4b-7d70374d76d2/1/D-v7_W-TfFrjnj446KuDhBB0IaY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.188.172.0/23
5.188.180.0/22
31.40.216.0/22
77.72.16.0/21
88.210.38.0/23
88.218.240.0/22
91.192.80.0/23
91.192.83.0/24
91.201.64.0/22
92.119.88.0/22
93.189.56.0-93.189.58.255
93.189.60.0/22
185.6.12.0/22
185.131.64.0/22
185.135.84.0/22
185.140.12.0/22
185.224.248.0/22
185.246.152.0/22
195.238.124.0/22
213.183.32.0/23
213.183.36.0-213.183.63.255
213.226.68.0/22
217.30.8.0/22
IPv6:
2a06:f900::/36
2a06:f900:4000::/36
2a06:f901::/36
2a06:f902::/36
2a06:f903::/36
2a06:f904::/36
2a06:f905::/36
2a06:f906::/36
2a06:f907::/36
2a06:f907:4000::/36
2a0d:8400::/32
Signature Algorithm: sha256WithRSAEncryption
28:ee:5c:32:b4:94:5c:82:06:85:f5:bb:fd:ee:19:eb:3d:0a:
57:f0:00:7f:0c:82:b9:22:fc:4e:af:27:4a:ef:16:0e:40:0e:
47:ce:ac:d8:f7:c9:69:b7:79:72:74:fe:3b:c5:3c:18:5f:dc:
20:b7:e2:d1:15:76:98:c1:88:7a:90:d9:22:6c:7c:6e:ca:df:
f0:47:e2:f5:7a:b6:5d:bd:58:04:53:61:95:e5:55:92:02:a5:
d5:e8:e5:56:44:1b:c5:e2:d1:41:88:22:05:b0:5f:9e:c2:c9:
80:2b:c9:83:17:da:69:22:ce:ce:74:46:fe:c6:03:58:88:6f:
b9:12:dd:f2:aa:4c:3a:95:68:5a:4f:91:8e:16:06:92:1c:da:
96:22:0e:6c:28:6f:bd:96:56:81:44:e1:af:8c:3c:dc:21:1a:
81:ec:d3:87:01:8e:0a:98:2f:63:4f:9f:c5:65:64:5a:e2:cf:
41:90:4b:4e:28:f3:43:00:e1:3d:95:b7:73:53:ca:6e:30:51:
02:cb:df:50:bc:c4:80:dc:75:ff:c7:d6:44:0d:e3:8a:39:67:
ec:b7:fc:45:d9:b2:cb:c4:30:3e:9c:a4:ac:ad:f6:78:f4:56:
7e:34:37:8a:6e:c3:38:0f:7d:3a:8c:87:cd:cf:0d:a3:8e:e6:
ae:63:2e:56
-----BEGIN CERTIFICATE-----
MIIF6TCCBNGgAwIBAgIDI3ZJMA0GCSqGSIb3DQEBCwUAMDMxMTAvBgNVBAMTKDBm
ZWJmYmZkNmY5MzdjNWFlMzllM2UzOGU4YWI4Mzg0MTA3NDIxYTYwHhcNMjIwNDIy
MTMzNjE5WhcNMjMwNzAxMDAwMDAwWjAzMTEwLwYDVQQDEyg0MmQ4MjBjNDE2NzVk
ZDdiMjc2OWM3YTQ5OTM2OGQ4NWRkNGI0ZTVjMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEA4ceLhYkxNLXoDNYR7k+wMrPTbUwd6s/L+PianWfKNVX12ykL
xrMcH004ISt57lVcvcFZ5g1Fum5IQ92ExiaY7GG5IbOM5HgzCtSxE55YdzUcDsm+
UGAC3PppksbfZq/wlyFA+ca7Pwwit1cS95AhjxQ+7Eb6T/Fr4rOG+1hgn4BkwzEv
epKvAGI9fiSEjuxoMYIB+6os+vjkIVY7tflw72IfPhb4Ih7qHSUOb8+kzYz4eomc
rEJdibpfiDVq1E3Kh19A2l+y+vLs7aQAN+LtGgHcmKo8YAIwgl7NeeqO3oCZHF7B
vAaD7Djj9QOTH1L6IrH+mAB0CrVZPfWgn7lwqQIDAQABo4IDBDCCAwAwHQYDVR0O
BBYEFELYIMQWdd17J2nHpJk2jYXdS05cMB8GA1UdIwQYMBaAFA/r+/1vk3xa454+
OOirg4QQdCGmMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEFBQcBAQRYMFYwVAYIKwYB
BQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQv
RC12N19XLVRmRnJqbmo0NDZLdURoQkIwSWFZLmNlcjCBjQYIKwYBBQUHAQsEgYAw
fjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkv
REVGQVVMVC9iZS82N2Q4MzQtMjYxMi00NzM5LTlmNGItN2Q3MDM3NGQ3NmQyLzEv
UXRnZ3hCWjEzWHNuYWNla21UYU5oZDFMVGx3LnJvYTCBgQYDVR0fBHoweDB2oHSg
coZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS82
N2Q4MzQtMjYxMi00NzM5LTlmNGItN2Q3MDM3NGQ3NmQyLzEvRC12N19XLVRmRnJq
bmo0NDZLdURoQkIwSWFZLmNybDAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMIIB
GAYIKwYBBQUHAQcBAf8EggEHMIIBAzCBoQQCAAEwgZoDBAEFvKwDBAIFvLQDBAIf
KNgDBANNSBADBAFY0iYDBAJY2vADBAFbwFADBABbwFMDBAJbyUADBAJcd1gwDAME
A129OAMEAF29OgMEAl29PAMEArkGDAMEArmDQAMEArmHVAMEArmMDAMEArng+AME
Arn2mAMEAsPufAMEAdW3IDAMAwQC1bckAwQG1bcAAwQC1eJEAwQC2R4IMF0EAgAC
MFcDBgQqBvkAAAMGBCoG+QBAAwYEKgb5AQADBgQqBvkCAAMGBCoG+QMAAwYEKgb5
BAADBgQqBvkFAAMGBCoG+QYAAwYEKgb5BwADBgQqBvkHQAMFACoNhAAwDQYJKoZI
hvcNAQELBQADggEBACjuXDK0lFyCBoX1u/3uGes9ClfwAH8Mgrki/E6vJ0rvFg5A
DkfOrNj3yWm3eXJ0/jvFPBhf3CC34tEVdpjBiHqQ2SJsfG7K3/BH4vV6tl29WART
YZXlVZICpdXo5VZEG8Xi0UGIIgWwX57CyYAryYMX2mkizs50Rv7GA1iIb7kS3fKq
TDqVaFpPkY4WBpIc2pYiDmwob72WVoFE4a+MPNwhGoHs04cBjgqYL2NPn8VlZFri
z0GQS04o80MA4T2Vt3NTym4wUQLL31C8xIDcdf/H1kQN44o5Z+y3/EXZssvEMD6c
pKyt9nj0Vn40N4puwzgPfTqMh83PDaOO5q5jLlY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:41:37 2024 by rpki-client on console-ams.rpki-client.org