Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/TLD22ZIKSghAB6Z1s3dwFmFBpMc.roa
File: TLD22ZIKSghAB6Z1s3dwFmFBpMc.roa (raw, json)
Hash identifier: +TW+1ilxrd9VCHyD8ZpeKv9b4TybCJ+7VEIHYrR+HDs=
Subject key identifier: 4C:B0:F6:D9:92:0A:4A:08:40:07:A6:75:B3:77:70:16:61:41:A4:C7
Certificate issuer: /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial: 018C1BAF499D9C8967A4772B98F09B9EC0E8
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/TLD22ZIKSghAB6Z1s3dwFmFBpMc.roa
Signing time: Wed 29 Nov 2023 15:25:21 +0000
ROA not before: Wed 29 Nov 2023 15:25:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209641
IP address blocks: 185.5.248.0/23 maxlen: 23
185.5.250.0/23 maxlen: 23
185.5.248.0/22 maxlen: 22
185.5.250.0/24 maxlen: 24
185.87.48.0/22 maxlen: 22
185.87.50.0/24 maxlen: 24
185.87.48.0/24 maxlen: 24
185.87.51.0/24 maxlen: 24
185.87.49.0/24 maxlen: 24
185.117.152.0/22 maxlen: 22
185.200.188.0/24 maxlen: 24
45.89.67.0/24 maxlen: 24
45.89.66.0/24 maxlen: 24
91.217.80.0/24 maxlen: 24
94.142.136.0/21 maxlen: 21
94.142.139.0/24 maxlen: 24
94.142.143.0/24 maxlen: 24
94.142.141.0/24 maxlen: 24
94.142.140.0/24 maxlen: 24
94.142.142.0/24 maxlen: 24
185.125.218.0/23 maxlen: 23
185.125.216.0/22 maxlen: 22
185.105.116.0/24 maxlen: 24
185.105.117.0/24 maxlen: 24
193.109.85.0/24 maxlen: 24
185.58.206.0/24 maxlen: 24
185.58.204.0/24 maxlen: 24
185.58.204.0/22 maxlen: 22
185.58.207.0/24 maxlen: 24
185.125.231.0/24 maxlen: 24
185.125.229.0/24 maxlen: 24
185.125.228.0/22 maxlen: 22
185.125.230.0/24 maxlen: 24
185.125.228.0/24 maxlen: 24
194.67.192.0/19 maxlen: 19
194.67.196.0/22 maxlen: 22
194.67.194.0/23 maxlen: 23
194.67.193.0/24 maxlen: 24
193.124.176.0/21 maxlen: 21
193.124.176.0/20 maxlen: 20
193.124.184.0/21 maxlen: 21
45.128.176.0/24 maxlen: 24
45.128.178.0/24 maxlen: 24
45.128.176.0/22 maxlen: 22
45.128.177.0/24 maxlen: 24
45.128.179.0/24 maxlen: 24
195.47.250.0/24 maxlen: 24
194.67.203.0/24 maxlen: 24
194.67.200.0/21 maxlen: 21
194.67.202.0/24 maxlen: 24
194.67.204.0/22 maxlen: 22
193.168.224.0/24 maxlen: 24
194.67.208.0/20 maxlen: 20
2a0a:9300:d1::/48 maxlen: 48
2a0a:9300::/48 maxlen: 48
2a0a:9301:1::/48 maxlen: 48
2a0a:9301::/48 maxlen: 48
2a0a:9300:d2::/48 maxlen: 48
2a0a:9301:2::/48 maxlen: 48
2a0c:77c0::/32 maxlen: 32
2a0c:74c0::/29 maxlen: 29
2a0a:9300:2::/48 maxlen: 48
2a0a:9302::/32 maxlen: 32
2a07:4a00::/29 maxlen: 29
2a0b:9800::/29 maxlen: 29
2a0c:77c0::/29 maxlen: 29
2a0a:9300:d0::/48 maxlen: 48
2a0d:3880::/29 maxlen: 29
2a0a:9302:1::/48 maxlen: 48
2a0d:2cc0::/29 maxlen: 29
2a0b:7780::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:1b:af:49:9d:9c:89:67:a4:77:2b:98:f0:9b:9e:c0:e8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Validity
Not Before: Nov 29 15:25:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4cb0f6d9920a4a084007a675b37770166141a4c7
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:b5:82:24:03:18:ad:84:ac:19:82:44:e2:14:
f9:ef:9d:cb:d1:30:0f:c7:e2:90:0a:02:be:66:13:
15:0d:da:99:26:70:a8:0f:15:96:44:1e:14:7a:a5:
cb:57:5a:8f:77:ce:ae:ba:7f:ab:bb:83:f2:2b:a6:
08:94:c2:1a:6d:47:4d:b8:ac:c9:cd:ef:74:3e:5a:
c7:53:6e:75:bf:55:c1:1a:46:1b:b8:34:50:c3:c7:
17:da:d5:44:ce:19:b9:fd:9d:7b:0e:1d:1a:eb:ee:
78:aa:dc:03:a4:a4:06:d7:3a:3e:e4:54:51:f2:37:
48:4e:ea:eb:cc:d7:a1:14:46:d1:7c:2b:06:a3:4f:
2e:9b:51:dd:8a:52:24:07:a9:02:d6:fc:9f:cf:46:
d8:53:5c:82:4f:b5:9a:a9:1e:39:da:1e:f5:c7:f4:
17:3d:ee:e2:5d:f9:47:31:a3:b9:26:7f:38:7d:36:
d3:12:28:7e:bb:41:a6:e7:ee:c8:d1:58:90:78:07:
09:55:4c:78:ef:2b:0d:08:5b:8d:50:79:62:70:4f:
1a:be:31:28:40:f8:28:35:bd:cc:38:e5:32:c1:93:
54:0e:fa:2a:d8:d7:56:62:54:c8:20:bc:5f:38:76:
5f:68:c0:f4:35:e3:40:4a:e0:da:e0:82:f8:49:7c:
d1:4b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4C:B0:F6:D9:92:0A:4A:08:40:07:A6:75:B3:77:70:16:61:41:A4:C7
X509v3 Authority Key Identifier:
keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/TLD22ZIKSghAB6Z1s3dwFmFBpMc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.89.66.0/23
45.128.176.0/22
91.217.80.0/24
94.142.136.0/21
185.5.248.0/22
185.58.204.0/22
185.87.48.0/22
185.105.116.0/23
185.117.152.0/22
185.125.216.0/22
185.125.228.0/22
185.200.188.0/24
193.109.85.0/24
193.124.176.0/20
193.168.224.0/24
194.67.192.0/19
195.47.250.0/24
IPv6:
2a07:4a00::/29
2a0a:9300::/48
2a0a:9300:2::/48
2a0a:9300:d0::-2a0a:9300:d2:ffff:ffff:ffff:ffff:ffff
2a0a:9301::-2a0a:9301:2:ffff:ffff:ffff:ffff:ffff
2a0a:9302::/32
2a0b:7780::/29
2a0b:9800::/29
2a0c:74c0::/29
2a0c:77c0::/29
2a0d:2cc0::/29
2a0d:3880::/29
Signature Algorithm: sha256WithRSAEncryption
3c:8a:c1:7e:bb:9c:a9:8d:9c:61:40:f3:b7:24:fa:85:4b:79:
6b:59:98:61:2e:fa:c7:c0:18:cc:19:16:19:b2:28:3e:ad:91:
33:d7:7c:47:ce:7b:b7:b3:f9:95:a3:ec:57:84:6c:51:47:05:
03:39:dc:15:aa:32:7c:81:f7:8b:6e:9b:d9:63:55:ff:42:37:
a9:54:3a:c3:70:eb:68:0c:16:00:b8:de:d1:d1:01:99:95:6e:
18:17:93:3f:58:df:d9:7f:d5:62:19:61:cf:79:a2:d0:54:90:
7f:fe:f9:8f:fc:e8:ba:2d:f5:8f:83:b3:c0:a5:32:7f:4e:a2:
7b:e6:0e:53:7c:30:18:4d:77:57:6a:81:be:ce:47:d4:6f:ca:
3c:f8:c3:57:e1:e8:61:0f:38:1d:33:54:30:74:fb:81:d2:ed:
cd:c8:c2:d6:a6:29:28:79:94:83:a1:06:c6:04:57:a7:08:df:
0b:69:54:c6:95:47:af:48:45:74:2d:3a:14:8b:a1:74:af:25:
84:79:80:12:85:7c:8d:39:25:a6:9a:d5:41:19:d1:52:2f:ee:
9d:4e:2d:37:de:3c:a7:5e:7b:94:32:85:d4:3e:eb:f7:ee:89:
59:3d:8e:12:d5:1a:60:ed:e8:d8:cf:02:a7:14:b9:91:47:86:
26:f5:0f:07
-----BEGIN CERTIFICATE-----
MIIF2DCCBMCgAwIBAgISAYwbr0mdnIlnpHcrmPCbnsDoMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMxMTI5MTUyNTIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0Y2IwZjZkOTkyMGE0YTA4NDAwN2E2NzViMzc3NzAxNjYxNDFhNGM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAorWCJAMYrYSsGYJE4hT5753L0TAP
x+KQCgK+ZhMVDdqZJnCoDxWWRB4UeqXLV1qPd86uun+ru4PyK6YIlMIabUdNuKzJ
ze90PlrHU251v1XBGkYbuDRQw8cX2tVEzhm5/Z17Dh0a6+54qtwDpKQG1zo+5FRR
8jdITurrzNehFEbRfCsGo08um1HdilIkB6kC1vyfz0bYU1yCT7WaqR452h71x/QX
Pe7iXflHMaO5Jn84fTbTEih+u0Gm5+7I0ViQeAcJVUx47ysNCFuNUHlicE8avjEo
QPgoNb3MOOUywZNUDvoq2NdWYlTIILxfOHZfaMD0NeNASuDa4IL4SXzRSwIDAQAB
o4IC5DCCAuAwHQYDVR0OBBYEFEyw9tmSCkoIQAemdbN3cBZhQaTHMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvVExEMjJaSUtTZ2hBQjZaMXMzZHdGbUZCcE1jLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH5BggrBgEFBQcBBwEB/wSB6TCB5jBsBAIAATBmAwQBLVlC
AwQCLYCwAwQAW9lQAwQDXo6IAwQCuQX4AwQCuTrMAwQCuVcwAwQBuWl0AwQCuXWY
AwQCuX3YAwQCuX3kAwQAuci8AwQAwW1VAwQEwXywAwQAwajgAwQFwkPAAwQAwy/6
MHYEAgACMHADBQMqB0oAAwcAKgqTAAAAAwcAKgqTAAACMBIDBwQqCpMAANADBwAq
CpMAANIwEAMFACoKkwEDBwAqCpMBAAIDBQAqCpMCAwUDKgt3gAMFAyoLmAADBQMq
DHTAAwUDKgx3wAMFAyoNLMADBQMqDTiAMA0GCSqGSIb3DQEBCwUAA4IBAQA8isF+
u5ypjZxhQPO3JPqFS3lrWZhhLvrHwBjMGRYZsig+rZEz13xHznu3s/mVo+xXhGxR
RwUDOdwVqjJ8gfeLbpvZY1X/QjepVDrDcOtoDBYAuN7R0QGZlW4YF5M/WN/Zf9Vi
GWHPeaLQVJB//vmP/Oi6LfWPg7PApTJ/TqJ75g5TfDAYTXdXaoG+zkfUb8o8+MNX
4ehhDzgdM1QwdPuB0u3NyMLWpikoeZSDoQbGBFenCN8LaVTGlUevSEV0LToUi6F0
ryWEeYAShXyNOSWmmtVBGdFSL+6dTi033jynXnuUMoXUPuv37olZPY4S1Rpg7ejY
zwKnFLmRR4Ym9Q8H
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:08 2024 by rpki-client on console-fra.rpki-client.org