Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/iRnCuMi6sXvUX2DWOTgik5TcZbM.roa
File: iRnCuMi6sXvUX2DWOTgik5TcZbM.roa (raw, json)
Hash identifier: 5Ck75kFXpcNOByXPgxNsbc7+SegDxz/mPTe+i7H/chk=
Subject key identifier: 89:19:C2:B8:C8:BA:B1:7B:D4:5F:60:D6:39:38:22:93:94:DC:65:B3
Certificate issuer: /CN=dc4e453affe895b6452b84027437c5c00fd37067
Certificate serial: 019228536C5503A22D87D38A06AD0CEAEF48
Authority key identifier: DC:4E:45:3A:FF:E8:95:B6:45:2B:84:02:74:37:C5:C0:0F:D3:70:67
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/iRnCuMi6sXvUX2DWOTgik5TcZbM.roa
Signing time: Wed 25 Sep 2024 08:36:48 +0000
ROA not before: Wed 25 Sep 2024 08:36:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 31122
IP address blocks: 37.46.16.0/21 maxlen: 21
46.183.104.0/23 maxlen: 23
78.137.128.0/18 maxlen: 18
78.143.128.0/18 maxlen: 18
80.93.16.0/20 maxlen: 20
83.147.128.0/18 maxlen: 18
84.203.0.0/16 maxlen: 16
89.16.64.0/19 maxlen: 19
89.184.32.0/22 maxlen: 22
89.184.40.0/21 maxlen: 21
89.184.48.0/21 maxlen: 21
89.184.56.0/23 maxlen: 23
89.234.64.0/18 maxlen: 18
91.142.96.0/20 maxlen: 20
92.51.192.0/19 maxlen: 19
92.51.208.0/20 maxlen: 20
92.51.240.0/21 maxlen: 21
93.92.8.0/21 maxlen: 21
94.247.48.0/21 maxlen: 21
109.106.96.0/20 maxlen: 20
109.106.112.0/21 maxlen: 21
109.106.124.0/22 maxlen: 22
176.52.216.0/22 maxlen: 22
176.52.220.0/23 maxlen: 23
185.47.144.0/22 maxlen: 22
185.53.32.0/24 maxlen: 24
185.53.35.0/24 maxlen: 24
185.182.72.0/22 maxlen: 22
185.205.228.0/22 maxlen: 22
185.233.176.0/22 maxlen: 22
185.242.236.0/23 maxlen: 23
212.126.32.0/19 maxlen: 19
212.126.60.0/22 maxlen: 22
217.78.0.0/20 maxlen: 20
2001:1bb8::/32 maxlen: 32
2a00:15b8::/32 maxlen: 32
2a00:15b8:400::/40 maxlen: 40
2a01:258::/32 maxlen: 32
2a01:8aa0::/32 maxlen: 32
2a02:220::/32 maxlen: 32
2a0a:e780::/29 maxlen: 30
2a0b:bc0::/29 maxlen: 30
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:28:53:6c:55:03:a2:2d:87:d3:8a:06:ad:0c:ea:ef:48
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dc4e453affe895b6452b84027437c5c00fd37067
Validity
Not Before: Sep 25 08:36:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8919c2b8c8bab17bd45f60d63938229394dc65b3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:10:07:2b:c1:0a:dc:de:07:94:b3:fc:ed:0c:
9c:73:87:b5:d9:65:01:84:fa:0e:ea:42:6a:3b:7d:
14:3b:37:ad:2f:7c:c0:1f:5d:4b:c9:6e:cf:bf:0f:
d1:03:b5:68:7d:66:3a:ef:5e:10:cc:10:91:de:a9:
ef:8a:08:0b:13:0b:1d:38:2b:b3:ac:db:ac:b8:38:
10:82:0a:8c:df:00:c4:67:a7:76:16:66:4d:51:8c:
74:e8:fc:d9:3a:d7:66:a8:a9:25:60:b9:38:0a:10:
98:c4:c0:03:05:c4:d7:ad:7c:7c:95:0c:4b:5b:76:
98:19:ce:87:7f:c2:1d:2e:5d:58:54:20:92:03:2e:
e8:ca:b2:db:b3:7f:c6:20:7d:c8:44:b9:6f:12:1d:
83:a1:f3:6f:e7:3a:3c:23:f9:b9:36:a8:fc:91:df:
32:11:03:f3:8c:b7:49:c4:81:45:84:7f:a2:e5:11:
9d:ec:56:da:f0:79:f3:e1:9c:4d:e7:f3:b6:64:2d:
09:b8:f0:d7:e4:46:46:29:ba:6a:a5:17:45:d1:20:
7b:90:a1:ea:90:0f:68:7a:8d:41:41:b2:d5:cd:2f:
59:a7:61:71:96:ca:27:89:ea:a1:77:2e:31:10:d9:
9d:ff:84:ee:f7:db:07:a4:52:c2:58:61:a6:71:27:
0d:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
89:19:C2:B8:C8:BA:B1:7B:D4:5F:60:D6:39:38:22:93:94:DC:65:B3
X509v3 Authority Key Identifier:
keyid:DC:4E:45:3A:FF:E8:95:B6:45:2B:84:02:74:37:C5:C0:0F:D3:70:67
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/3E5FOv_olbZFK4QCdDfFwA_TcGc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/iRnCuMi6sXvUX2DWOTgik5TcZbM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c9/58e655-e713-45d2-958a-1822867e1596/1/3E5FOv_olbZFK4QCdDfFwA_TcGc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.46.16.0/21
46.183.104.0/23
78.137.128.0/18
78.143.128.0/18
80.93.16.0/20
83.147.128.0/18
84.203.0.0/16
89.16.64.0/19
89.184.32.0/22
89.184.40.0-89.184.57.255
89.234.64.0/18
91.142.96.0/20
92.51.192.0/19
92.51.240.0/21
93.92.8.0/21
94.247.48.0/21
109.106.96.0-109.106.119.255
109.106.124.0/22
176.52.216.0-176.52.221.255
185.47.144.0/22
185.53.32.0/24
185.53.35.0/24
185.182.72.0/22
185.205.228.0/22
185.233.176.0/22
185.242.236.0/23
212.126.32.0/19
217.78.0.0/20
IPv6:
2001:1bb8::/32
2a00:15b8::/32
2a01:258::/32
2a01:8aa0::/32
2a02:220::/32
2a0a:e780::/29
2a0b:bc0::/29
Signature Algorithm: sha256WithRSAEncryption
86:70:84:fd:b3:e4:18:5f:6a:6c:5b:da:77:89:64:a1:4b:dd:
da:23:7e:d0:d5:c8:54:27:c6:f5:f6:6f:22:42:74:04:b6:a6:
1d:65:14:5e:72:05:cb:77:83:3e:6d:f9:49:07:b0:71:ee:2c:
7c:37:7b:cf:be:b9:85:35:37:f3:f2:87:28:21:f8:3b:9b:c8:
9a:73:0f:a2:40:fb:f6:f4:2f:fc:a3:c1:28:c6:a0:14:fc:04:
6f:91:d9:c9:64:3a:fb:7c:93:e0:1b:1f:1d:c8:94:60:6b:f4:
68:f9:fd:70:cc:c2:f8:3d:18:19:f3:69:2f:0c:93:44:07:e8:
df:ac:03:25:f8:9c:a2:39:50:69:61:95:ed:80:85:f7:b1:57:
b4:ec:45:e7:3f:5b:6e:ff:fb:2c:70:eb:37:7e:57:34:de:a1:
90:01:cc:1d:4f:be:e8:56:c4:12:d8:e6:c6:35:5f:78:2b:a3:
28:b3:1c:36:f3:4b:42:f4:f8:6f:9d:de:a7:d0:82:0f:9a:f8:
cf:f5:02:b0:30:41:32:ba:7e:2c:06:f1:46:bc:ee:84:a1:a1:
82:b5:21:45:89:99:aa:64:5b:12:ef:f3:1b:08:cd:84:42:97:
32:bf:98:7f:8a:c0:e5:95:c1:b9:4f:81:22:ee:d6:5e:16:25:
3e:39:f2:e2
-----BEGIN CERTIFICATE-----
MIIF9zCCBN+gAwIBAgISAZIoU2xVA6Ith9OKBq0M6u9IMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRjNGU0NTNhZmZlODk1YjY0NTJiODQwMjc0MzdjNWMwMGZk
MzcwNjcwHhcNMjQwOTI1MDgzNjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OTE5YzJiOGM4YmFiMTdiZDQ1ZjYwZDYzOTM4MjI5Mzk0ZGM2NWIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuBAHK8EK3N4HlLP87Qycc4e12WUB
hPoO6kJqO30UOzetL3zAH11LyW7Pvw/RA7VofWY6714QzBCR3qnviggLEwsdOCuz
rNusuDgQggqM3wDEZ6d2FmZNUYx06PzZOtdmqKklYLk4ChCYxMADBcTXrXx8lQxL
W3aYGc6Hf8IdLl1YVCCSAy7oyrLbs3/GIH3IRLlvEh2DofNv5zo8I/m5Nqj8kd8y
EQPzjLdJxIFFhH+i5RGd7Fba8Hnz4ZxN5/O2ZC0JuPDX5EZGKbpqpRdF0SB7kKHq
kA9oeo1BQbLVzS9Zp2Fxlsonieqhdy4xENmd/4Tu99sHpFLCWGGmcScNXwIDAQAB
o4IDAzCCAv8wHQYDVR0OBBYEFIkZwrjIurF71F9g1jk4IpOU3GWzMB8GA1UdIwQY
MBaAFNxORTr/6JW2RSuEAnQ3xcAP03BnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvM0U1Rk92X29sYlpGSzRRQ2REZkZ3QV9UY0djLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jOS81OGU2NTUtZTcxMy00NWQyLTk1OGEt
MTgyMjg2N2UxNTk2LzEvaVJuQ3VNaTZzWHZVWDJEV09UZ2lrNVRjWmJNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jOS81OGU2NTUtZTcxMy00NWQyLTk1OGEtMTgyMjg2N2UxNTk2
LzEvM0U1Rk92X29sYlpGSzRRQ2REZkZ3QV9UY0djLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBFwYIKwYBBQUHAQcBAf8EggEGMIIBAjCBxgQCAAEwgb8D
BAMlLhADBAEut2gDBAZOiYADBAZOj4ADBARQXRADBAZTk4ADAwBUywMEBVkQQAME
Alm4IDAMAwQDWbgoAwQBWbg4AwQGWepAAwQEW45gAwQFXDPAAwQDXDPwAwQDXVwI
AwQDXvcwMAwDBAVtamADBANtanADBAJtanwwDAMEA7A02AMEAbA03AMEArkvkAME
ALk1IAMEALk1IwMEArm2SAMEArnN5AMEArnpsAMEAbny7AMEBdR+IAMEBNlOADA3
BAIAAjAxAwUAIAEbuAMFACoAFbgDBQAqAQJYAwUAKgGKoAMFACoCAiADBQMqCueA
AwUDKgsLwDANBgkqhkiG9w0BAQsFAAOCAQEAhnCE/bPkGF9qbFvad4lkoUvd2iN+
0NXIVCfG9fZvIkJ0BLamHWUUXnIFy3eDPm35SQewce4sfDd7z765hTU38/KHKCH4
O5vImnMPokD79vQv/KPBKMagFPwEb5HZyWQ6+3yT4BsfHciUYGv0aPn9cMzC+D0Y
GfNpLwyTRAfo36wDJficojlQaWGV7YCF97FXtOxF5z9bbv/7LHDrN35XNN6hkAHM
HU++6FbEEtjmxjVfeCujKLMcNvNLQvT4b53ep9CCD5r4z/UCsDBBMrp+LAbxRrzu
hKGhgrUhRYmZqmRbEu/zGwjNhEKXMr+Yf4rA5ZXBuU+BIu7WXhYlPjny4g==
-----END CERTIFICATE-----
Generated at Thu Oct 31 11:02:23 2024 by rpki-client on console-ams.rpki-client.org