Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/qsW74z0m9_Iak3d2Seh_p0IHbeE.roa
File: qsW74z0m9_Iak3d2Seh_p0IHbeE.roa (raw, json)
Hash identifier: wRRGHwUzGY+L2+zpm81UJ/jeV3SKqHUj0ohvOBeNqDg=
Subject key identifier: AA:C5:BB:E3:3D:26:F7:F2:1A:93:77:76:49:E8:7F:A7:42:07:6D:E1
Certificate issuer: /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial: 018D69DDBF69E3D1BF9CD72C25E1F0557EB6
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/qsW74z0m9_Iak3d2Seh_p0IHbeE.roa
Signing time: Fri 02 Feb 2024 12:49:16 +0000
ROA not before: Fri 02 Feb 2024 12:49:16 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200740
IP address blocks: 45.9.72.0/24 maxlen: 24
45.138.73.0/24 maxlen: 24
46.17.105.0/24 maxlen: 24
80.76.32.0/23 maxlen: 23
80.76.34.0/23 maxlen: 23
91.217.76.0/24 maxlen: 24
92.118.8.0/23 maxlen: 23
94.142.136.0/23 maxlen: 23
94.142.136.0/24 maxlen: 24
94.142.137.0/24 maxlen: 24
95.214.9.0/24 maxlen: 24
95.214.10.0/23 maxlen: 23
95.214.10.0/24 maxlen: 24
95.214.11.0/24 maxlen: 24
185.40.7.0/24 maxlen: 24
185.94.164.0/23 maxlen: 23
185.94.164.0/24 maxlen: 24
185.94.165.0/24 maxlen: 24
185.102.136.0/24 maxlen: 24
185.103.252.0/23 maxlen: 23
185.103.252.0/24 maxlen: 24
185.103.253.0/24 maxlen: 24
185.103.254.0/23 maxlen: 23
185.103.254.0/24 maxlen: 24
185.103.255.0/24 maxlen: 24
185.112.81.0/24 maxlen: 24
185.114.72.0/23 maxlen: 23
185.114.72.0/24 maxlen: 24
185.114.73.0/24 maxlen: 24
185.117.116.0/24 maxlen: 24
185.117.119.0/24 maxlen: 24
185.200.190.0/24 maxlen: 24
185.232.170.0/23 maxlen: 23
185.233.80.0/23 maxlen: 23
185.233.82.0/24 maxlen: 24
185.233.202.0/23 maxlen: 23
185.252.144.0/24 maxlen: 24
193.239.160.0/23 maxlen: 23
193.239.166.0/23 maxlen: 23
194.36.178.0/23 maxlen: 23
2a04:5200:68::/48 maxlen: 48
2a04:5201:2::/48 maxlen: 48
2a04:5201:4::/48 maxlen: 48
2a04:5201:6::/48 maxlen: 48
2a04:5201:7::/48 maxlen: 48
2a04:5201:9::/48 maxlen: 48
2a04:5201:8018::/48 maxlen: 48
2a0d:2cc0::/31 maxlen: 31
2a0d:2cc2::/31 maxlen: 31
2a0d:2cc4::/31 maxlen: 31
2a0d:2cc6::/31 maxlen: 31
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:69:dd:bf:69:e3:d1:bf:9c:d7:2c:25:e1:f0:55:7e:b6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Validity
Not Before: Feb 2 12:49:16 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=aac5bbe33d26f7f21a93777649e87fa742076de1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:93:19:89:c6:95:42:60:cc:f6:c8:3e:00:df:23:
fc:73:84:c4:00:b3:92:11:b9:e7:1d:46:31:47:72:
c0:9e:58:77:e1:f3:0f:b9:a0:e8:4a:b6:9b:5c:b4:
3d:ce:2c:b5:6d:72:f7:78:4c:b8:01:c9:69:59:40:
3d:3e:c3:ba:72:1c:ae:8f:1e:b6:2c:fc:04:8b:61:
f4:36:77:ea:96:d7:93:61:ae:08:9d:cb:db:46:ea:
95:51:78:93:b9:98:aa:3d:a5:da:2e:40:66:65:b4:
d4:09:03:fe:71:fe:3d:b5:93:5b:88:9c:7a:97:30:
4a:05:0d:9f:5a:2d:d4:41:e9:18:d3:8b:0b:93:7b:
8d:7a:75:7e:70:94:86:a4:05:c9:97:05:bd:17:e7:
b5:9c:87:26:9e:39:cd:f7:7e:8b:d7:0a:47:67:41:
e6:3f:8f:bd:ad:6d:6b:91:8d:67:2d:01:98:99:83:
9d:36:13:29:ca:ee:31:75:ee:bd:1b:e4:a0:ea:81:
cd:9e:80:80:d1:e3:9f:9d:b7:65:54:9a:35:f6:19:
60:e9:df:04:b7:4a:72:9a:6f:21:8c:7a:6d:01:28:
e9:c1:b5:16:40:cf:03:54:95:a5:40:b3:07:4b:13:
c3:15:18:63:1a:07:19:5e:95:ac:ef:b7:1f:c4:86:
c0:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AA:C5:BB:E3:3D:26:F7:F2:1A:93:77:76:49:E8:7F:A7:42:07:6D:E1
X509v3 Authority Key Identifier:
keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/qsW74z0m9_Iak3d2Seh_p0IHbeE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.72.0/24
45.138.73.0/24
46.17.105.0/24
80.76.32.0/22
91.217.76.0/24
92.118.8.0/23
94.142.136.0/23
95.214.9.0-95.214.11.255
185.40.7.0/24
185.94.164.0/23
185.102.136.0/24
185.103.252.0/22
185.112.81.0/24
185.114.72.0/23
185.117.116.0/24
185.117.119.0/24
185.200.190.0/24
185.232.170.0/23
185.233.80.0-185.233.82.255
185.233.202.0/23
185.252.144.0/24
193.239.160.0/23
193.239.166.0/23
194.36.178.0/23
IPv6:
2a04:5200:68::/48
2a04:5201:2::/48
2a04:5201:4::/48
2a04:5201:6::/47
2a04:5201:9::/48
2a04:5201:8018::/48
2a0d:2cc0::/29
Signature Algorithm: sha256WithRSAEncryption
0b:7b:8d:87:9b:7d:26:6b:80:f7:19:b9:b5:7a:44:22:6d:68:
c9:fa:e8:9e:0f:82:e2:88:09:a5:5e:62:b9:69:5c:37:65:42:
94:3e:88:aa:49:98:65:18:8d:6a:53:4a:4f:98:a3:f1:5a:cb:
d0:50:01:7c:ae:c8:f7:56:5a:f4:dd:9e:4e:77:0f:fb:d6:73:
a8:9b:23:33:94:c8:8e:22:69:4b:23:bf:59:a9:56:df:da:73:
29:6e:b0:c7:74:99:1e:46:48:25:48:a8:e4:02:31:07:35:01:
41:c1:3c:ca:8c:52:7a:5f:37:20:f8:fa:4c:80:93:41:cd:ce:
51:f6:f4:6d:7d:6c:ad:a2:ef:4d:b0:e3:ef:49:6c:a7:23:2c:
43:9b:7b:31:ee:a2:eb:ac:7e:81:58:54:a0:46:e2:64:a5:6b:
8f:f8:d6:73:4e:2a:13:f8:f4:13:3d:7f:69:b6:0a:01:f5:da:
f0:f4:8d:9a:d2:05:dc:7f:f4:e3:85:71:46:aa:d4:7e:b2:1d:
88:cd:b3:a9:6a:f2:4b:41:d0:75:79:24:34:f4:30:36:47:7e:
b5:32:e8:d5:8e:34:47:bb:7e:de:1f:b7:57:c7:3e:7c:d8:d2:
f5:7d:a3:b7:f1:57:f2:5d:cd:19:97:e6:8c:61:ee:af:1e:54:
b5:95:03:2a
-----BEGIN CERTIFICATE-----
MIIF4jCCBMqgAwIBAgISAY1p3b9p49G/nNcsJeHwVX62MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMjAyMTI0OTE2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhYWM1YmJlMzNkMjZmN2YyMWE5Mzc3NzY0OWU4N2ZhNzQyMDc2ZGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkxmJxpVCYMz2yD4A3yP8c4TEALOS
EbnnHUYxR3LAnlh34fMPuaDoSrabXLQ9ziy1bXL3eEy4AclpWUA9PsO6chyujx62
LPwEi2H0NnfqlteTYa4IncvbRuqVUXiTuZiqPaXaLkBmZbTUCQP+cf49tZNbiJx6
lzBKBQ2fWi3UQekY04sLk3uNenV+cJSGpAXJlwW9F+e1nIcmnjnN936L1wpHZ0Hm
P4+9rW1rkY1nLQGYmYOdNhMpyu4xde69G+Sg6oHNnoCA0eOfnbdlVJo19hlg6d8E
t0pymm8hjHptASjpwbUWQM8DVJWlQLMHSxPDFRhjGgcZXpWs77cfxIbAAQIDAQAB
o4IC7jCCAuowHQYDVR0OBBYEFKrFu+M9JvfyGpN3dknof6dCB23hMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvcXNXNzR6MG05X0lhazNkMlNlaF9wMElIYmVFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBAgYIKwYBBQUHAQcBAf8EgfIwge8wgacEAgABMIGgAwQA
LQlIAwQALYpJAwQALhFpAwQCUEwgAwQAW9lMAwQBXHYIAwQBXo6IMAwDBABf1gkD
BAJf1ggDBAC5KAcDBAG5XqQDBAC5ZogDBAK5Z/wDBAC5cFEDBAG5ckgDBAC5dXQD
BAC5dXcDBAC5yL4DBAG56KowDAMEBLnpUAMEALnpUgMEAbnpygMEALn8kAMEAcHv
oAMEAcHvpgMEAcIksjBDBAIAAjA9AwcAKgRSAABoAwcAKgRSAQACAwcAKgRSAQAE
AwcBKgRSAQAGAwcAKgRSAQAJAwcAKgRSAYAYAwUDKg0swDANBgkqhkiG9w0BAQsF
AAOCAQEAC3uNh5t9JmuA9xm5tXpEIm1oyfrong+C4ogJpV5iuWlcN2VClD6IqkmY
ZRiNalNKT5ij8VrL0FABfK7I91Za9N2eTncP+9ZzqJsjM5TIjiJpSyO/WalW39pz
KW6wx3SZHkZIJUio5AIxBzUBQcE8yoxSel83IPj6TICTQc3OUfb0bX1sraLvTbDj
70lspyMsQ5t7Me6i66x+gVhUoEbiZKVrj/jWc04qE/j0Ez1/abYKAfXa8PSNmtIF
3H/044VxRqrUfrIdiM2zqWryS0HQdXkkNPQwNkd+tTLo1Y40R7t+3h+3V8c+fNjS
9X2jt/FX8l3NGZfmjGHurx5UtZUDKg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:08 2024 by rpki-client on console-fra.rpki-client.org