Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/8mvqS9f1iSV8C-V4O756D0vWS84.roa
File: 8mvqS9f1iSV8C-V4O756D0vWS84.roa (raw, json)
Hash identifier: n13tZLnQtEEa59E0NffHe7cRd89LgO9UhG530AtlcYM=
Subject key identifier: F2:6B:EA:4B:D7:F5:89:25:7C:0B:E5:78:3B:BE:7A:0F:4B:D6:4B:CE
Certificate issuer: /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial: 018A767D862EF2324BD7C904711172438A1E
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/8mvqS9f1iSV8C-V4O756D0vWS84.roa
Signing time: Fri 08 Sep 2023 20:30:52 +0000
ROA not before: Fri 08 Sep 2023 20:30:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200740
IP address blocks: 94.142.136.0/23 maxlen: 23
94.142.137.0/24 maxlen: 24
94.142.136.0/24 maxlen: 24
185.112.81.0/24 maxlen: 24
185.103.252.0/24 maxlen: 24
185.117.116.0/24 maxlen: 24
185.103.253.0/24 maxlen: 24
185.103.252.0/23 maxlen: 23
45.9.72.0/24 maxlen: 24
185.233.80.0/23 maxlen: 23
185.233.82.0/24 maxlen: 24
185.102.136.0/24 maxlen: 24
185.252.144.0/24 maxlen: 24
185.103.254.0/24 maxlen: 24
185.117.119.0/24 maxlen: 24
185.103.255.0/24 maxlen: 24
185.103.254.0/23 maxlen: 23
185.40.7.0/24 maxlen: 24
194.36.178.0/23 maxlen: 23
185.233.202.0/23 maxlen: 23
185.232.170.0/23 maxlen: 23
185.94.164.0/24 maxlen: 24
185.200.190.0/24 maxlen: 24
185.94.164.0/23 maxlen: 23
185.94.165.0/24 maxlen: 24
80.76.32.0/23 maxlen: 23
80.76.34.0/23 maxlen: 23
91.217.76.0/24 maxlen: 24
95.214.9.0/24 maxlen: 24
95.214.11.0/24 maxlen: 24
95.214.10.0/23 maxlen: 23
95.214.10.0/24 maxlen: 24
46.17.105.0/24 maxlen: 24
2a04:5200:68::/48 maxlen: 48
2a0d:2cc4::/31 maxlen: 31
2a04:5201:2::/48 maxlen: 48
2a04:5201:7::/48 maxlen: 48
2a04:5201:8018::/48 maxlen: 48
2a04:5201:4::/48 maxlen: 48
2a0d:2cc2::/31 maxlen: 31
2a04:5201:6::/48 maxlen: 48
2a0d:2cc0::/31 maxlen: 31
2a0d:2cc6::/31 maxlen: 31
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:76:7d:86:2e:f2:32:4b:d7:c9:04:71:11:72:43:8a:1e
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Validity
Not Before: Sep 8 20:30:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=f26bea4bd7f589257c0be5783bbe7a0f4bd64bce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d1:92:db:f7:ad:96:81:12:da:70:03:a1:ab:3f:
96:2a:e6:2f:22:c4:73:36:9d:ac:47:5c:06:48:b9:
c3:d2:13:c1:96:4f:b7:10:b4:ad:b1:23:82:ff:d4:
ff:4c:a1:d2:23:4b:4d:db:42:a6:e0:b3:2d:dd:23:
f3:4d:3e:5f:f6:7a:a3:ac:6b:47:6a:82:4a:07:10:
47:b4:e8:4a:26:3e:df:84:70:d9:7a:90:d8:66:01:
97:68:42:ac:4c:25:57:76:13:c6:f5:39:3b:48:fc:
ec:81:19:2f:79:22:c6:7e:6c:39:8c:b8:74:df:16:
80:c5:ba:ca:3e:25:9f:d4:7d:04:dc:d3:d2:b3:0b:
e2:ce:61:9f:9b:46:a9:89:73:91:42:db:3a:8d:1b:
c0:23:64:1c:a7:0a:83:ef:48:a0:ee:78:71:a2:ec:
01:89:b5:63:b3:28:dc:e5:bd:e7:4b:0e:c5:63:3f:
25:4a:de:10:91:3e:6f:b7:94:0f:f9:23:67:ff:49:
1f:ca:78:81:73:3f:8c:70:c6:3b:4f:eb:49:40:ae:
32:da:7d:b7:da:fe:58:20:18:71:4b:d3:a1:21:a9:
dc:a8:af:d9:b5:63:48:d9:b7:02:ab:a1:90:e4:7d:
03:a0:8b:50:e7:75:b3:89:63:14:04:a8:45:cd:7f:
25:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F2:6B:EA:4B:D7:F5:89:25:7C:0B:E5:78:3B:BE:7A:0F:4B:D6:4B:CE
X509v3 Authority Key Identifier:
keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/8mvqS9f1iSV8C-V4O756D0vWS84.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.72.0/24
46.17.105.0/24
80.76.32.0/22
91.217.76.0/24
94.142.136.0/23
95.214.9.0-95.214.11.255
185.40.7.0/24
185.94.164.0/23
185.102.136.0/24
185.103.252.0/22
185.112.81.0/24
185.117.116.0/24
185.117.119.0/24
185.200.190.0/24
185.232.170.0/23
185.233.80.0-185.233.82.255
185.233.202.0/23
185.252.144.0/24
194.36.178.0/23
IPv6:
2a04:5200:68::/48
2a04:5201:2::/48
2a04:5201:4::/48
2a04:5201:6::/47
2a04:5201:8018::/48
2a0d:2cc0::/29
Signature Algorithm: sha256WithRSAEncryption
4c:48:64:a5:d7:e2:01:5b:e4:0d:a5:3b:f2:bc:93:7a:5b:23:
4f:d7:a3:ad:01:a6:c3:9f:bf:76:a7:de:bd:b5:26:bc:65:04:
bd:b5:6c:e4:79:14:97:c1:ac:16:03:9a:f6:40:bb:51:ad:e0:
e2:d1:fa:12:8c:0b:d3:9c:5a:03:15:03:b4:82:cf:29:7e:32:
88:00:b6:f3:86:ab:c0:7b:37:04:41:5a:62:f7:99:3d:6e:ea:
63:d8:5b:8c:9d:40:ed:07:79:3e:1a:13:f0:c6:72:11:8a:96:
af:86:b9:a2:1f:56:3c:fa:bd:5b:6b:60:5d:57:b0:ef:b2:70:
e3:97:ad:7a:44:4c:cd:eb:91:99:c2:d0:9b:41:35:d0:57:a1:
e0:1e:fa:08:42:2b:d4:1e:31:f6:dd:00:dd:e8:68:5c:9e:9f:
b5:54:10:24:f8:89:bc:51:e1:91:cc:b7:4c:5f:45:0c:a6:ea:
6e:12:08:d4:c5:73:18:2f:56:f5:b8:de:64:17:9c:ba:01:e0:
3f:37:c7:ae:e2:11:5e:86:64:72:e1:37:b3:17:5d:7a:51:cc:
0e:fc:7a:5f:c8:6a:b7:ef:66:69:1a:f7:f9:c3:5e:50:be:ef:
9a:21:46:b2:ac:d2:0b:3d:5b:e7:f4:cc:01:ed:ae:ae:b1:2d:
ed:b8:95:a8
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgISAYp2fYYu8jJL18kEcRFyQ4oeMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMwOTA4MjAzMDUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMjZiZWE0YmQ3ZjU4OTI1N2MwYmU1NzgzYmJlN2EwZjRiZDY0YmNlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ZLb962WgRLacAOhqz+WKuYvIsRz
Np2sR1wGSLnD0hPBlk+3ELStsSOC/9T/TKHSI0tN20Km4LMt3SPzTT5f9nqjrGtH
aoJKBxBHtOhKJj7fhHDZepDYZgGXaEKsTCVXdhPG9Tk7SPzsgRkveSLGfmw5jLh0
3xaAxbrKPiWf1H0E3NPSswvizmGfm0apiXORQts6jRvAI2QcpwqD70ig7nhxouwB
ibVjsyjc5b3nSw7FYz8lSt4QkT5vt5QP+SNn/0kfyniBcz+McMY7T+tJQK4y2n23
2v5YIBhxS9OhIancqK/ZtWNI2bcCq6GQ5H0DoItQ53WziWMUBKhFzX8l+wIDAQAB
o4ICxjCCAsIwHQYDVR0OBBYEFPJr6kvX9YklfAvleDu+eg9L1kvOMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvOG12cVM5ZjFpU1Y4Qy1WNE83NTZEMHZXUzg0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHbBggrBgEFBQcBBwEB/wSByzCByDCBiQQCAAEwgYIDBAAt
CUgDBAAuEWkDBAJQTCADBABb2UwDBAFejogwDAMEAF/WCQMEAl/WCAMEALkoBwME
AblepAMEALlmiAMEArln/AMEALlwUQMEALl1dAMEALl1dwMEALnIvgMEAbnoqjAM
AwQEuelQAwQAuelSAwQBuenKAwQAufyQAwQBwiSyMDoEAgACMDQDBwAqBFIAAGgD
BwAqBFIBAAIDBwAqBFIBAAQDBwEqBFIBAAYDBwAqBFIBgBgDBQMqDSzAMA0GCSqG
SIb3DQEBCwUAA4IBAQBMSGSl1+IBW+QNpTvyvJN6WyNP16OtAabDn792p969tSa8
ZQS9tWzkeRSXwawWA5r2QLtRreDi0foSjAvTnFoDFQO0gs8pfjKIALbzhqvAezcE
QVpi95k9bupj2FuMnUDtB3k+GhPwxnIRipavhrmiH1Y8+r1ba2BdV7DvsnDjl616
REzN65GZwtCbQTXQV6HgHvoIQivUHjH23QDd6Ghcnp+1VBAk+Im8UeGRzLdMX0UM
pupuEgjUxXMYL1b1uN5kF5y6AeA/N8eu4hFehmRy4TezF116UcwO/HpfyGq372Zp
Gvf5w15Qvu+aIUayrNILPVvn9MwB7a6usS3tuJWo
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:07 2024 by rpki-client on console-fra.rpki-client.org