Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/cjQzHRNaZ-PSGqB-5UeW5w_M1Us.roa
File: cjQzHRNaZ-PSGqB-5UeW5w_M1Us.roa (raw, json)
Hash identifier: ih2j+P/TsRbS4q2E+jXqcUZlNawxV2S9mtypb07oNeA=
Subject key identifier: 72:34:33:1D:13:5A:67:E3:D2:1A:A0:7E:E5:47:96:E7:0F:CC:D5:4B
Certificate issuer: /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial: 018A26CEC9622070CB28F5DDE78A6F9E08EA
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/cjQzHRNaZ-PSGqB-5UeW5w_M1Us.roa
Signing time: Thu 24 Aug 2023 09:10:00 +0000
ROA not before: Thu 24 Aug 2023 09:10:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200740
IP address blocks: 94.142.136.0/23 maxlen: 23
94.142.137.0/24 maxlen: 24
94.142.136.0/24 maxlen: 24
185.112.81.0/24 maxlen: 24
185.103.252.0/24 maxlen: 24
185.117.116.0/24 maxlen: 24
185.103.253.0/24 maxlen: 24
185.103.252.0/23 maxlen: 23
45.9.72.0/24 maxlen: 24
185.233.80.0/23 maxlen: 23
185.233.82.0/24 maxlen: 24
185.102.136.0/24 maxlen: 24
185.252.144.0/24 maxlen: 24
185.103.254.0/24 maxlen: 24
185.117.119.0/24 maxlen: 24
185.103.255.0/24 maxlen: 24
185.103.254.0/23 maxlen: 23
185.40.7.0/24 maxlen: 24
194.36.178.0/23 maxlen: 23
185.233.202.0/23 maxlen: 23
185.232.170.0/23 maxlen: 23
185.94.164.0/24 maxlen: 24
185.200.190.0/24 maxlen: 24
185.94.164.0/23 maxlen: 23
185.94.165.0/24 maxlen: 24
80.76.32.0/23 maxlen: 23
80.76.34.0/23 maxlen: 23
91.217.76.0/24 maxlen: 24
95.214.9.0/24 maxlen: 24
95.214.11.0/24 maxlen: 24
95.214.10.0/23 maxlen: 23
95.214.10.0/24 maxlen: 24
194.67.201.0/24 maxlen: 24
46.17.105.0/24 maxlen: 24
2a04:5200:68::/48 maxlen: 48
2a0d:2cc4::/31 maxlen: 31
2a04:5201:2::/48 maxlen: 48
2a04:5201:7::/48 maxlen: 48
2a04:5201:8018::/48 maxlen: 48
2a04:5201:4::/48 maxlen: 48
2a0d:2cc2::/31 maxlen: 31
2a04:5201:6::/48 maxlen: 48
2a0d:2cc0::/31 maxlen: 31
2a0d:2cc6::/31 maxlen: 31
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:26:ce:c9:62:20:70:cb:28:f5:dd:e7:8a:6f:9e:08:ea
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Validity
Not Before: Aug 24 09:10:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=7234331d135a67e3d21aa07ee54796e70fccd54b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ad:09:33:c5:9a:d4:fb:1d:d8:45:01:8f:7a:72:
e0:a5:4e:ff:d0:c4:ff:b9:8d:e5:c5:ce:4c:92:fc:
9b:49:05:a1:90:80:29:7d:f2:cf:c7:74:a9:74:21:
74:10:ee:7f:1f:30:d5:3b:36:95:d2:69:f6:40:be:
d6:1c:65:3e:99:51:04:45:01:4a:f4:92:a1:c5:9d:
39:5a:f1:f4:15:5e:5e:da:f1:ba:0b:18:34:4f:c8:
7a:84:a2:b3:89:ab:bb:fb:87:14:4d:1f:a7:bc:a0:
a8:35:b8:b1:ab:ab:9c:5e:ad:e5:bd:5f:f3:47:ad:
4c:c3:ff:fc:e2:8a:33:55:44:3c:08:c8:9b:51:4c:
bf:3d:8c:5f:ca:1c:81:88:ff:1e:11:a2:c1:64:7d:
5a:6a:b9:ea:1e:75:9d:4f:45:7c:5a:b7:4b:d6:8b:
4d:df:84:e9:92:86:47:3b:2d:64:81:45:e5:7c:6a:
dd:e7:7d:0a:b4:7d:a4:f1:d5:1d:43:5e:8a:20:c3:
8f:70:99:1f:71:86:b4:ca:e4:8f:87:0b:28:06:50:
cc:9f:11:95:c7:2c:3b:b2:2c:ba:84:71:08:bd:2e:
18:6e:16:1c:f5:ec:09:2b:98:67:8d:dd:0c:9b:fb:
aa:36:17:91:66:1a:ed:9f:02:4e:a2:82:9f:da:b4:
73:df
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
72:34:33:1D:13:5A:67:E3:D2:1A:A0:7E:E5:47:96:E7:0F:CC:D5:4B
X509v3 Authority Key Identifier:
keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/cjQzHRNaZ-PSGqB-5UeW5w_M1Us.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.72.0/24
46.17.105.0/24
80.76.32.0/22
91.217.76.0/24
94.142.136.0/23
95.214.9.0-95.214.11.255
185.40.7.0/24
185.94.164.0/23
185.102.136.0/24
185.103.252.0/22
185.112.81.0/24
185.117.116.0/24
185.117.119.0/24
185.200.190.0/24
185.232.170.0/23
185.233.80.0-185.233.82.255
185.233.202.0/23
185.252.144.0/24
194.36.178.0/23
194.67.201.0/24
IPv6:
2a04:5200:68::/48
2a04:5201:2::/48
2a04:5201:4::/48
2a04:5201:6::/47
2a04:5201:8018::/48
2a0d:2cc0::/29
Signature Algorithm: sha256WithRSAEncryption
a1:8a:82:4f:76:8e:27:f8:f7:0e:f5:fd:7e:8b:ef:c4:da:54:
b4:ed:c1:e0:bc:4e:06:1b:87:9d:de:cf:6b:72:3d:cf:70:ef:
52:42:3f:39:e0:b9:d9:7d:ec:28:40:fa:1b:3e:7a:ca:8d:64:
c3:52:d9:76:48:b0:b6:79:d1:68:30:3c:c8:0f:d7:53:56:a1:
1a:20:ee:b4:e5:4f:c9:e0:15:91:96:a5:f1:85:20:f2:25:77:
f6:c8:c6:d4:7c:22:3d:3f:ce:cd:87:d9:06:91:20:78:91:18:
15:30:c1:39:9d:e9:df:00:78:7f:df:d3:b3:26:2a:76:ea:c3:
43:a4:51:f5:5b:9e:7f:0e:2a:16:76:8d:83:01:fc:38:5c:2a:
63:ae:01:18:ca:4a:18:1f:5e:29:f0:f0:74:5e:e4:b9:9b:ad:
d7:22:f8:5e:e4:17:af:ba:06:cf:6a:ef:01:b1:19:08:32:f5:
66:a0:14:f4:38:2f:11:84:30:ea:53:86:e0:d3:93:06:b5:7e:
b2:18:e4:d3:19:a9:91:29:35:02:20:b4:92:89:bc:ce:3a:47:
5e:78:ee:20:b7:38:43:a2:84:40:ea:51:49:f5:41:48:72:fc:
f3:89:88:08:e8:7d:b4:0a:4a:bf:31:54:10:c7:bc:64:e9:bc:
4c:81:9b:e7
-----BEGIN CERTIFICATE-----
MIIFwDCCBKigAwIBAgISAYomzsliIHDLKPXd54pvngjqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMwODI0MDkxMDAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3MjM0MzMxZDEzNWE2N2UzZDIxYWEwN2VlNTQ3OTZlNzBmY2NkNTRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArQkzxZrU+x3YRQGPenLgpU7/0MT/
uY3lxc5MkvybSQWhkIApffLPx3SpdCF0EO5/HzDVOzaV0mn2QL7WHGU+mVEERQFK
9JKhxZ05WvH0FV5e2vG6Cxg0T8h6hKKziau7+4cUTR+nvKCoNbixq6ucXq3lvV/z
R61Mw//84oozVUQ8CMibUUy/PYxfyhyBiP8eEaLBZH1aarnqHnWdT0V8WrdL1otN
34TpkoZHOy1kgUXlfGrd530KtH2k8dUdQ16KIMOPcJkfcYa0yuSPhwsoBlDMnxGV
xyw7siy6hHEIvS4YbhYc9ewJK5hnjd0Mm/uqNheRZhrtnwJOooKf2rRz3wIDAQAB
o4ICzDCCAsgwHQYDVR0OBBYEFHI0Mx0TWmfj0hqgfuVHlucPzNVLMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvY2pRekhSTmFaLVBTR3FCLTVVZVc1d19NMVVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHhBggrBgEFBQcBBwEB/wSB0TCBzjCBjwQCAAEwgYgDBAAt
CUgDBAAuEWkDBAJQTCADBABb2UwDBAFejogwDAMEAF/WCQMEAl/WCAMEALkoBwME
AblepAMEALlmiAMEArln/AMEALlwUQMEALl1dAMEALl1dwMEALnIvgMEAbnoqjAM
AwQEuelQAwQAuelSAwQBuenKAwQAufyQAwQBwiSyAwQAwkPJMDoEAgACMDQDBwAq
BFIAAGgDBwAqBFIBAAIDBwAqBFIBAAQDBwEqBFIBAAYDBwAqBFIBgBgDBQMqDSzA
MA0GCSqGSIb3DQEBCwUAA4IBAQChioJPdo4n+PcO9f1+i+/E2lS07cHgvE4GG4ed
3s9rcj3PcO9SQj854LnZfewoQPobPnrKjWTDUtl2SLC2edFoMDzID9dTVqEaIO60
5U/J4BWRlqXxhSDyJXf2yMbUfCI9P87Nh9kGkSB4kRgVMME5nenfAHh/39OzJip2
6sNDpFH1W55/DioWdo2DAfw4XCpjrgEYykoYH14p8PB0XuS5m63XIvhe5BevugbP
au8BsRkIMvVmoBT0OC8RhDDqU4bg05MGtX6yGOTTGamRKTUCILSSibzOOkdeeO4g
tzhDooRA6lFJ9UFIcvzziYgI6H20Ckq/MVQQx7xk6bxMgZvn
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:08 2024 by rpki-client on console-fra.rpki-client.org