Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/JOIsNhxcSjqP_4rVrthndmncI9U.roa
File: JOIsNhxcSjqP_4rVrthndmncI9U.roa (raw, json)
Hash identifier: WBoIyiUjhGY/sQ3qpr0BWTb3JNVfy+kK1fI8iXnFRMI=
Subject key identifier: 24:E2:2C:36:1C:5C:4A:3A:8F:FF:8A:D5:AE:D8:67:76:69:DC:23:D5
Certificate issuer: /CN=7df132df13e4be53d8250c8c48420264eef6c14c
Certificate serial: 018CC802C400727B58E2D70E32481EDBD7EA
Authority key identifier: 7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/JOIsNhxcSjqP_4rVrthndmncI9U.roa
Signing time: Tue 02 Jan 2024 02:31:13 +0000
ROA not before: Tue 02 Jan 2024 02:31:13 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 31362
IP address blocks: 89.33.45.0/24 maxlen: 24
89.36.148.0/23 maxlen: 23
84.247.29.0/24 maxlen: 24
86.105.169.0/24 maxlen: 24
86.105.170.0/24 maxlen: 24
188.241.184.0/23 maxlen: 23
31.14.100.0/23 maxlen: 23
89.36.92.0/24 maxlen: 24
86.107.31.0/24 maxlen: 24
89.38.138.0/23 maxlen: 23
89.35.55.0/24 maxlen: 24
89.40.77.0/24 maxlen: 24
89.42.14.0/24 maxlen: 24
185.99.91.0/24 maxlen: 24
84.247.55.0/24 maxlen: 24
84.247.56.0/24 maxlen: 24
94.176.128.0/24 maxlen: 24
89.36.196.0/24 maxlen: 24
89.33.238.0/23 maxlen: 23
37.156.245.0/24 maxlen: 24
89.34.5.0/24 maxlen: 24
89.42.35.0/24 maxlen: 24
86.104.124.0/24 maxlen: 24
89.35.117.0/24 maxlen: 24
89.40.136.0/23 maxlen: 23
89.37.41.0/24 maxlen: 24
89.34.93.0/24 maxlen: 24
31.14.43.0/24 maxlen: 24
89.36.19.0/24 maxlen: 24
31.14.53.0/24 maxlen: 24
31.14.54.0/24 maxlen: 24
89.42.214.0/24 maxlen: 24
89.41.63.0/24 maxlen: 24
217.19.9.0/24 maxlen: 24
86.106.156.0/24 maxlen: 24
188.241.104.0/24 maxlen: 24
188.241.105.0/24 maxlen: 24
89.37.159.0/24 maxlen: 24
188.211.31.0/24 maxlen: 24
188.211.27.0/24 maxlen: 24
188.211.30.0/24 maxlen: 24
89.44.104.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:02:c4:00:72:7b:58:e2:d7:0e:32:48:1e:db:d7:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=7df132df13e4be53d8250c8c48420264eef6c14c
Validity
Not Before: Jan 2 02:31:13 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=24e22c361c5c4a3a8fff8ad5aed8677669dc23d5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b0:a9:34:a3:9b:c5:22:49:fe:82:3f:43:8c:57:
25:a6:3e:19:a9:3c:b2:68:c7:0f:06:e4:c1:2d:7c:
25:bd:c2:8f:15:43:96:a8:bf:a1:fc:12:f4:bb:a5:
80:63:67:97:53:ec:9d:58:c7:d6:b9:14:dc:8c:a7:
46:9d:f3:f6:28:2a:d8:83:87:c9:1d:11:69:07:2a:
e0:90:cf:24:04:a9:27:be:84:db:48:40:21:47:3f:
20:d5:11:86:54:b4:28:39:dd:e5:c0:e9:a8:48:02:
a7:3e:52:3f:e0:55:55:4b:42:c4:35:cc:a0:8e:10:
c8:54:9a:d5:45:6f:2c:41:65:9c:ad:00:34:c7:cc:
3c:2d:38:81:e7:bf:94:a0:5c:3e:30:32:3f:93:bb:
68:5e:e3:f5:49:be:4f:1e:a6:33:00:8e:d2:c0:77:
73:be:ca:60:d5:17:0e:d4:28:43:92:7c:c7:4a:41:
1f:5c:1f:75:c3:7e:12:a4:6c:77:2d:28:b4:85:3d:
3a:f8:55:36:2e:24:0b:9e:01:5b:4c:f6:ab:fb:1a:
e5:37:b2:dc:31:fa:e8:38:48:4a:24:bb:1f:83:ef:
74:ef:3a:43:cd:6a:53:1a:dc:f4:1e:c9:5f:a2:76:
a2:9c:0b:39:33:ea:2f:00:f2:df:86:15:44:97:87:
8a:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
24:E2:2C:36:1C:5C:4A:3A:8F:FF:8A:D5:AE:D8:67:76:69:DC:23:D5
X509v3 Authority Key Identifier:
keyid:7D:F1:32:DF:13:E4:BE:53:D8:25:0C:8C:48:42:02:64:EE:F6:C1:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ffEy3xPkvlPYJQyMSEICZO72wUw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/JOIsNhxcSjqP_4rVrthndmncI9U.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/be/c37497-6376-461e-93c6-9778674edc97/1/ffEy3xPkvlPYJQyMSEICZO72wUw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
31.14.43.0/24
31.14.53.0-31.14.54.255
31.14.100.0/23
37.156.245.0/24
84.247.29.0/24
84.247.55.0-84.247.56.255
86.104.124.0/24
86.105.169.0-86.105.170.255
86.106.156.0/24
86.107.31.0/24
89.33.45.0/24
89.33.238.0/23
89.34.5.0/24
89.34.93.0/24
89.35.55.0/24
89.35.117.0/24
89.36.19.0/24
89.36.92.0/24
89.36.148.0/23
89.36.196.0/24
89.37.41.0/24
89.37.159.0/24
89.38.138.0/23
89.40.77.0/24
89.40.136.0/23
89.41.63.0/24
89.42.14.0/24
89.42.35.0/24
89.42.214.0/24
89.44.104.0/24
94.176.128.0/24
185.99.91.0/24
188.211.27.0/24
188.211.30.0/23
188.241.104.0/23
188.241.184.0/23
217.19.9.0/24
Signature Algorithm: sha256WithRSAEncryption
5d:76:4a:cf:df:bb:62:46:a6:bc:99:12:dc:df:ed:49:68:ff:
8b:09:ad:c3:a6:3d:c7:17:cc:fb:a6:f0:b8:7e:f4:55:e6:09:
34:60:5c:46:73:bd:08:91:64:4a:d5:5d:a0:b0:b3:b1:c6:7b:
c2:c2:f1:43:e1:12:29:35:ab:8b:a4:28:b3:cc:cb:7c:51:5a:
eb:1e:e2:a1:32:10:97:55:b7:84:e2:fc:43:71:a9:f8:2a:02:
04:85:71:5e:54:0a:b7:e7:bb:8e:6d:13:00:73:65:5f:b8:72:
b1:c9:65:34:a8:1d:e8:fd:57:1f:82:d6:d4:67:f1:4e:15:a7:
95:42:2a:96:61:63:ca:16:8a:01:58:64:f4:76:3d:44:21:2e:
0f:bb:ab:33:68:05:b4:66:09:bf:2d:3f:0d:df:77:6b:57:21:
fe:04:9a:a3:99:47:c4:15:01:6f:69:71:ac:5c:3b:89:d5:ff:
8a:63:4a:f9:7d:eb:f6:66:88:39:bb:b8:5a:b3:43:f8:88:2d:
ea:c2:9b:e5:04:13:6f:78:8d:3f:11:c6:2f:09:0d:5a:16:68:
04:b3:39:ee:cd:88:14:ca:c8:6d:19:07:ab:a9:dd:36:e9:78:
0e:d4:22:2c:4c:a4:8a:40:da:36:e3:c4:ab:44:b8:3c:ac:4a:
f8:93:f4:dd
-----BEGIN CERTIFICATE-----
MIIF9TCCBN2gAwIBAgISAYzIAsQAcntY4tcOMkge29fqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDdkZjEzMmRmMTNlNGJlNTNkODI1MGM4YzQ4NDIwMjY0ZWVm
NmMxNGMwHhcNMjQwMTAyMDIzMTEzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNGUyMmMzNjFjNWM0YTNhOGZmZjhhZDVhZWQ4Njc3NjY5ZGMyM2Q1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsKk0o5vFIkn+gj9DjFclpj4ZqTyy
aMcPBuTBLXwlvcKPFUOWqL+h/BL0u6WAY2eXU+ydWMfWuRTcjKdGnfP2KCrYg4fJ
HRFpByrgkM8kBKknvoTbSEAhRz8g1RGGVLQoOd3lwOmoSAKnPlI/4FVVS0LENcyg
jhDIVJrVRW8sQWWcrQA0x8w8LTiB57+UoFw+MDI/k7toXuP1Sb5PHqYzAI7SwHdz
vspg1RcO1ChDknzHSkEfXB91w34SpGx3LSi0hT06+FU2LiQLngFbTPar+xrlN7Lc
MfroOEhKJLsfg+907zpDzWpTGtz0HslfonainAs5M+ovAPLfhhVEl4eKzQIDAQAB
o4IDATCCAv0wHQYDVR0OBBYEFCTiLDYcXEo6j/+K1a7YZ3Zp3CPVMB8GA1UdIwQY
MBaAFH3xMt8T5L5T2CUMjEhCAmTu9sFMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYt
OTc3ODY3NGVkYzk3LzEvSk9Jc05oeGNTanFQXzRyVnJ0aG5kbW5jSTlVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iZS9jMzc0OTctNjM3Ni00NjFlLTkzYzYtOTc3ODY3NGVkYzk3
LzEvZmZFeTN4UGt2bFBZSlF5TVNFSUNaTzcyd1V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBFQYIKwYBBQUHAQcBAf8EggEEMIIBADCB/QQCAAEwgfYD
BAAfDiswDAMEAB8ONQMEAB8ONgMEAR8OZAMEACWc9QMEAFT3HTAMAwQAVPc3AwQA
VPc4AwQAVmh8MAwDBABWaakDBABWaaoDBABWapwDBABWax8DBABZIS0DBAFZIe4D
BABZIgUDBABZIl0DBABZIzcDBABZI3UDBABZJBMDBABZJFwDBAFZJJQDBABZJMQD
BABZJSkDBABZJZ8DBAFZJooDBABZKE0DBAFZKIgDBABZKT8DBABZKg4DBABZKiMD
BABZKtYDBABZLGgDBABesIADBAC5Y1sDBAC80xsDBAG80x4DBAG88WgDBAG88bgD
BADZEwkwDQYJKoZIhvcNAQELBQADggEBAF12Ss/fu2JGpryZEtzf7Ulo/4sJrcOm
PccXzPum8Lh+9FXmCTRgXEZzvQiRZErVXaCws7HGe8LC8UPhEik1q4ukKLPMy3xR
Wuse4qEyEJdVt4Ti/ENxqfgqAgSFcV5UCrfnu45tEwBzZV+4crHJZTSoHej9Vx+C
1tRn8U4Vp5VCKpZhY8oWigFYZPR2PUQhLg+7qzNoBbRmCb8tPw3fd2tXIf4EmqOZ
R8QVAW9pcaxcO4nV/4pjSvl96/ZmiDm7uFqzQ/iILerCm+UEE294jT8Rxi8JDVoW
aASzOe7NiBTKyG0ZB6up3TbpeA7UIixMpIpA2jbjxKtEuDysSviT9N0=
-----END CERTIFICATE-----
Generated at Mon Feb 17 07:54:31 2025 by rpki-client