Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/I-X4epN0tsWtl5qH9Pt-RpgOnQI.roa
File: I-X4epN0tsWtl5qH9Pt-RpgOnQI.roa (raw, json)
Hash identifier: A/3yX6srFYhFuFxED0Fr5VarFR5aqhwSPDPtacaRgRM=
Subject key identifier: 23:E5:F8:7A:93:74:B6:C5:AD:97:9A:87:F4:FB:7E:46:98:0E:9D:02
Certificate issuer: /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial: 01891529A6862EBB49D219290591BCA20E5E
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/I-X4epN0tsWtl5qH9Pt-RpgOnQI.roa
Signing time: Sun 02 Jul 2023 05:53:18 +0000
ROA not before: Sun 02 Jul 2023 05:53:18 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 31362
IP address blocks: 89.33.45.0/24 maxlen: 24
89.36.148.0/23 maxlen: 23
84.247.29.0/24 maxlen: 24
86.105.169.0/24 maxlen: 24
86.105.170.0/24 maxlen: 24
188.241.184.0/23 maxlen: 23
31.14.100.0/23 maxlen: 23
89.36.92.0/24 maxlen: 24
86.107.31.0/24 maxlen: 24
89.38.138.0/23 maxlen: 23
89.35.55.0/24 maxlen: 24
89.40.77.0/24 maxlen: 24
89.42.14.0/24 maxlen: 24
185.99.91.0/24 maxlen: 24
84.247.55.0/24 maxlen: 24
84.247.56.0/24 maxlen: 24
94.176.128.0/24 maxlen: 24
89.36.196.0/24 maxlen: 24
89.33.238.0/23 maxlen: 23
37.156.245.0/24 maxlen: 24
89.34.5.0/24 maxlen: 24
89.42.35.0/24 maxlen: 24
86.104.124.0/24 maxlen: 24
89.35.117.0/24 maxlen: 24
89.40.136.0/23 maxlen: 23
89.37.41.0/24 maxlen: 24
89.34.93.0/24 maxlen: 24
31.14.43.0/24 maxlen: 24
89.36.19.0/24 maxlen: 24
31.14.53.0/24 maxlen: 24
31.14.54.0/24 maxlen: 24
89.42.214.0/24 maxlen: 24
89.41.63.0/24 maxlen: 24
217.19.9.0/24 maxlen: 24
86.106.156.0/24 maxlen: 24
188.241.104.0/24 maxlen: 24
188.241.105.0/24 maxlen: 24
89.37.159.0/24 maxlen: 24
188.211.31.0/24 maxlen: 24
188.211.27.0/24 maxlen: 24
188.211.30.0/24 maxlen: 24
89.44.104.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:15:29:a6:86:2e:bb:49:d2:19:29:05:91:bc:a2:0e:5e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
Validity
Not Before: Jul 2 05:53:18 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=23e5f87a9374b6c5ad979a87f4fb7e46980e9d02
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:1e:e2:6b:a6:92:f5:e9:37:37:02:5c:ab:a6:
14:17:89:99:e3:1b:eb:22:b8:ef:74:75:25:7e:42:
91:ff:1d:e9:32:8f:a0:3f:77:7a:4e:7b:82:53:2f:
8a:bc:ac:b2:a1:11:d9:56:30:33:66:e1:15:b5:0a:
96:9e:c4:27:2b:bd:40:c6:5a:23:61:ea:56:2c:53:
26:cf:64:84:b5:00:ac:78:56:b5:26:9e:35:91:b2:
b0:92:1c:df:a9:9b:ae:fe:e6:c4:01:4d:fe:08:7e:
e9:ff:1e:52:ed:16:8c:29:3a:2e:3a:c4:0d:13:0b:
f7:37:68:82:3d:6a:f2:c7:cd:f6:37:8b:24:c3:ad:
43:49:a8:14:b5:be:2c:42:e2:a9:e5:70:e2:67:b3:
76:19:05:16:93:7d:f3:bf:06:df:da:38:31:73:24:
59:a8:c8:13:44:cd:91:96:ad:3c:6b:95:2c:81:9d:
8a:73:dc:73:34:51:db:d9:c9:68:6d:35:f2:c5:db:
9e:40:60:3f:28:0d:e1:6c:11:41:54:a3:d7:e8:46:
21:8f:7c:f2:de:85:7a:99:44:f5:03:f4:3c:0b:f4:
d0:3e:f4:ba:82:db:9b:b9:f7:78:da:59:4b:26:b7:
82:b8:82:21:83:64:4c:99:f8:18:48:fb:bd:a6:7d:
c5:43
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
23:E5:F8:7A:93:74:B6:C5:AD:97:9A:87:F4:FB:7E:46:98:0E:9D:02
X509v3 Authority Key Identifier:
keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/I-X4epN0tsWtl5qH9Pt-RpgOnQI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.14.43.0/24
31.14.53.0-31.14.54.255
31.14.100.0/23
37.156.245.0/24
84.247.29.0/24
84.247.55.0-84.247.56.255
86.104.124.0/24
86.105.169.0-86.105.170.255
86.106.156.0/24
86.107.31.0/24
89.33.45.0/24
89.33.238.0/23
89.34.5.0/24
89.34.93.0/24
89.35.55.0/24
89.35.117.0/24
89.36.19.0/24
89.36.92.0/24
89.36.148.0/23
89.36.196.0/24
89.37.41.0/24
89.37.159.0/24
89.38.138.0/23
89.40.77.0/24
89.40.136.0/23
89.41.63.0/24
89.42.14.0/24
89.42.35.0/24
89.42.214.0/24
89.44.104.0/24
94.176.128.0/24
185.99.91.0/24
188.211.27.0/24
188.211.30.0/23
188.241.104.0/23
188.241.184.0/23
217.19.9.0/24
Signature Algorithm: sha256WithRSAEncryption
71:5e:40:36:10:cf:d8:86:3b:1c:6a:98:13:4b:df:bf:1a:00:
e0:d2:9a:81:8f:da:cc:a5:85:0e:9d:a6:fa:20:63:b0:af:f5:
2c:95:23:f9:db:f8:3e:13:5b:b7:5d:29:7c:96:23:75:18:f3:
da:4f:d3:11:89:e8:6e:5e:bc:87:37:0c:8b:cb:6d:99:28:c8:
ef:10:63:ed:1f:55:2f:46:70:86:0e:ec:76:bb:bb:7b:45:91:
12:45:50:18:77:62:db:49:09:2e:77:ae:a2:ef:13:cc:07:5f:
39:aa:e6:4a:8e:a1:9e:14:af:e3:ef:88:06:cc:7b:16:9b:01:
68:c8:75:56:53:64:e8:a6:44:2b:50:34:25:9c:8f:b6:6f:55:
a5:d5:4f:8d:be:e6:50:71:03:87:53:39:68:82:3b:ba:51:18:
97:09:26:56:cb:fc:ec:18:e8:f5:78:d8:39:4b:80:86:2d:63:
d9:e6:af:5c:04:c8:78:5b:da:6a:99:81:a3:a8:8c:af:b1:92:
26:8b:8c:01:2f:a6:b1:84:dc:0a:73:fc:71:8a:24:e5:0a:7a:
ba:14:b4:2f:67:52:f7:dd:ba:1d:49:e8:cd:d8:3e:45:a9:d9:
05:64:53:0a:5f:65:03:5f:25:03:82:22:b5:21:75:00:3c:72:
39:59:a8:73
-----BEGIN CERTIFICATE-----
MIIF9TCCBN2gAwIBAgISAYkVKaaGLrtJ0hkpBZG8og5eMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjMwNzAyMDU1MzE4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyM2U1Zjg3YTkzNzRiNmM1YWQ5NzlhODdmNGZiN2U0Njk4MGU5ZDAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhx7ia6aS9ek3NwJcq6YUF4mZ4xvr
IrjvdHUlfkKR/x3pMo+gP3d6TnuCUy+KvKyyoRHZVjAzZuEVtQqWnsQnK71Axloj
YepWLFMmz2SEtQCseFa1Jp41kbKwkhzfqZuu/ubEAU3+CH7p/x5S7RaMKTouOsQN
Ewv3N2iCPWryx832N4skw61DSagUtb4sQuKp5XDiZ7N2GQUWk33zvwbf2jgxcyRZ
qMgTRM2Rlq08a5UsgZ2Kc9xzNFHb2clobTXyxdueQGA/KA3hbBFBVKPX6EYhj3zy
3oV6mUT1A/Q8C/TQPvS6gtubufd42llLJreCuIIhg2RMmfgYSPu9pn3FQwIDAQAB
o4IDATCCAv0wHQYDVR0OBBYEFCPl+HqTdLbFrZeah/T7fkaYDp0CMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvSS1YNGVwTjB0c1d0bDVxSDlQdC1ScGdPblFJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBFQYIKwYBBQUHAQcBAf8EggEEMIIBADCB/QQCAAEwgfYD
BAAfDiswDAMEAB8ONQMEAB8ONgMEAR8OZAMEACWc9QMEAFT3HTAMAwQAVPc3AwQA
VPc4AwQAVmh8MAwDBABWaakDBABWaaoDBABWapwDBABWax8DBABZIS0DBAFZIe4D
BABZIgUDBABZIl0DBABZIzcDBABZI3UDBABZJBMDBABZJFwDBAFZJJQDBABZJMQD
BABZJSkDBABZJZ8DBAFZJooDBABZKE0DBAFZKIgDBABZKT8DBABZKg4DBABZKiMD
BABZKtYDBABZLGgDBABesIADBAC5Y1sDBAC80xsDBAG80x4DBAG88WgDBAG88bgD
BADZEwkwDQYJKoZIhvcNAQELBQADggEBAHFeQDYQz9iGOxxqmBNL378aAODSmoGP
2sylhQ6dpvogY7Cv9SyVI/nb+D4TW7ddKXyWI3UY89pP0xGJ6G5evIc3DIvLbZko
yO8QY+0fVS9GcIYO7Ha7u3tFkRJFUBh3YttJCS53rqLvE8wHXzmq5kqOoZ4Ur+Pv
iAbMexabAWjIdVZTZOimRCtQNCWcj7ZvVaXVT42+5lBxA4dTOWiCO7pRGJcJJlbL
/OwY6PV42DlLgIYtY9nmr1wEyHhb2mqZgaOojK+xkiaLjAEvprGE3Apz/HGKJOUK
eroUtC9nUvfduh1J6M3YPkWp2QVkUwpfZQNfJQOCIrUhdQA8cjlZqHM=
-----END CERTIFICATE-----
Generated at Mon Apr 21 20:16:55 2025 by rpki-client