Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/jebJemIFtMZLVkhIgtC6RG3FWvQ.roa
File: jebJemIFtMZLVkhIgtC6RG3FWvQ.roa (raw, json)
Hash identifier: OqJ41AUmLmw9aa5RVKMCeyw20qrQQPiD9UFh3NkaWA4=
Subject key identifier: 8D:E6:C9:7A:62:05:B4:C6:4B:56:48:48:82:D0:BA:44:6D:C5:5A:F4
Certificate issuer: /CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Certificate serial: 018E0DC4216011CE0BEB57C4ACA65D3412A9
Authority key identifier: 81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/jebJemIFtMZLVkhIgtC6RG3FWvQ.roa
Signing time: Tue 05 Mar 2024 08:39:01 +0000
ROA not before: Tue 05 Mar 2024 08:39:01 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 1136
IP address blocks: 37.251.0.0/17 maxlen: 17
62.131.0.0/16 maxlen: 16
62.251.0.0/17 maxlen: 17
77.160.0.0/13 maxlen: 13
77.168.0.0/14 maxlen: 14
77.172.0.0/16 maxlen: 16
77.173.0.0/16 maxlen: 16
77.174.0.0/16 maxlen: 16
77.175.0.0/16 maxlen: 16
77.175.0.0/17 maxlen: 17
77.175.128.0/17 maxlen: 17
80.60.0.0/15 maxlen: 15
81.204.0.0/14 maxlen: 14
82.136.192.0/18 maxlen: 18
82.168.0.0/14 maxlen: 14
82.168.0.0/15 maxlen: 15
82.168.0.0/17 maxlen: 17
82.168.128.0/18 maxlen: 18
82.168.192.0/19 maxlen: 19
82.168.224.0/19 maxlen: 19
82.169.0.0/18 maxlen: 18
82.169.64.0/19 maxlen: 19
82.169.96.0/19 maxlen: 19
82.169.128.0/19 maxlen: 19
82.169.160.0/19 maxlen: 19
82.169.192.0/18 maxlen: 18
82.170.0.0/16 maxlen: 16
82.171.0.0/18 maxlen: 18
82.171.64.0/18 maxlen: 18
82.171.128.0/17 maxlen: 17
84.80.0.0/13 maxlen: 13
84.80.0.0/16 maxlen: 16
84.82.0.0/15 maxlen: 15
84.84.0.0/14 maxlen: 14
85.113.224.0/19 maxlen: 19
86.80.0.0/12 maxlen: 12
86.80.0.0/13 maxlen: 13
86.88.0.0/15 maxlen: 15
86.90.0.0/16 maxlen: 16
86.92.0.0/14 maxlen: 14
88.159.0.0/16 maxlen: 16
188.142.0.0/17 maxlen: 17
195.240.0.0/16 maxlen: 16
195.240.0.0/17 maxlen: 17
195.240.128.0/18 maxlen: 18
195.240.192.0/18 maxlen: 18
195.241.0.0/16 maxlen: 16
212.123.128.0/18 maxlen: 18
212.182.128.0/18 maxlen: 18
212.238.0.0/16 maxlen: 16
213.10.0.0/16 maxlen: 16
213.84.0.0/16 maxlen: 16
213.197.0.0/18 maxlen: 18
2a02:a400::/25 maxlen: 25
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:0d:c4:21:60:11:ce:0b:eb:57:c4:ac:a6:5d:34:12:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=81eed4091383d9ed4056d9f4eff7d2622ddce205
Validity
Not Before: Mar 5 08:39:01 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8de6c97a6205b4c64b56484882d0ba446dc55af4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a5:e4:91:8b:03:99:55:59:dd:ef:3a:c0:f5:26:
ca:0a:bf:62:12:a6:2c:24:67:df:00:9b:37:02:41:
c1:82:43:40:b1:e6:47:18:5b:d3:13:07:72:af:44:
ae:0a:8a:81:b8:e7:bb:dc:71:f1:b9:33:9b:8d:e7:
94:7b:78:6d:cb:f6:76:49:7b:57:a5:43:d9:e7:67:
01:b0:c1:7a:ad:07:f8:fc:28:e0:f7:8d:e8:6e:48:
ee:68:78:cc:bb:5d:89:61:70:01:5b:bf:c8:29:5e:
03:48:b4:ea:56:d9:fb:de:0d:88:c9:bd:2c:91:59:
d0:c8:15:4d:d2:65:0c:89:b0:fc:ac:8a:7e:bd:90:
f3:6b:3c:49:ae:34:c0:5c:12:6f:e6:98:13:85:27:
f7:60:6f:26:c9:6e:a4:c0:3a:4c:d1:fb:3b:a6:b7:
d0:b9:8f:5f:70:1a:61:ff:88:f9:cb:c2:b8:2a:d3:
f3:13:a5:28:ee:b8:c6:41:fb:7e:33:93:f0:c0:3a:
c9:ef:62:ed:b6:36:a7:34:10:43:44:2b:19:c0:86:
1a:a4:2f:1d:11:fb:79:e0:6d:de:e3:f6:d6:7a:4b:
ac:67:50:50:c5:81:2d:2e:1d:9c:6e:55:a7:7a:dd:
6b:ee:89:a0:75:45:68:3e:8a:f3:b7:69:34:b6:e4:
82:cd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8D:E6:C9:7A:62:05:B4:C6:4B:56:48:48:82:D0:BA:44:6D:C5:5A:F4
X509v3 Authority Key Identifier:
keyid:81:EE:D4:09:13:83:D9:ED:40:56:D9:F4:EF:F7:D2:62:2D:DC:E2:05
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/ge7UCROD2e1AVtn07_fSYi3c4gU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/jebJemIFtMZLVkhIgtC6RG3FWvQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ca/4a9cc4-2b9a-4ef2-a33a-872b3710c2a1/1/ge7UCROD2e1AVtn07_fSYi3c4gU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.251.0.0/17
62.131.0.0/16
62.251.0.0/17
77.160.0.0/12
80.60.0.0/15
81.204.0.0/14
82.136.192.0/18
82.168.0.0/14
84.80.0.0/13
85.113.224.0/19
86.80.0.0/12
88.159.0.0/16
188.142.0.0/17
195.240.0.0/15
212.123.128.0/18
212.182.128.0/18
212.238.0.0/16
213.10.0.0/16
213.84.0.0/16
213.197.0.0/18
IPv6:
2a02:a400::/25
Signature Algorithm: sha256WithRSAEncryption
a1:91:48:8c:15:78:63:79:5c:91:7f:b9:b4:50:76:02:cb:6d:
60:94:28:7c:17:e7:5b:65:1b:68:16:08:35:2a:01:28:4b:bd:
31:59:1b:42:6d:7d:ba:46:7b:6f:37:d2:cd:cd:56:48:d4:ff:
20:8a:87:5f:d1:26:53:c3:78:80:9a:25:8f:1b:64:fc:db:92:
2c:37:62:7e:40:5a:bc:b1:82:60:f8:65:24:96:be:a6:eb:80:
1d:7e:a8:0c:f7:09:5a:96:8a:a7:62:ee:f1:f0:ee:d9:f5:c7:
81:94:99:b3:12:9d:a7:72:bc:67:72:3f:23:01:d7:19:89:2e:
18:35:bb:db:50:7c:5e:16:74:12:2d:8f:95:77:93:7e:58:4e:
8f:d1:a3:7f:17:74:b6:ae:cc:db:07:2f:7c:44:83:c2:86:2f:
1c:8e:fb:6b:20:34:5c:c3:17:40:22:6d:14:3c:34:4c:62:b9:
db:34:89:24:90:f9:8e:ad:29:40:35:29:76:64:e7:6b:a4:f8:
10:7e:d7:06:34:aa:f2:8b:0c:df:5a:d8:44:f3:f5:b4:0e:88:
80:60:ce:59:44:07:0d:e5:67:9e:19:af:23:54:51:f1:16:9d:
2f:0e:55:37:19:d0:29:a3:3e:c0:84:db:78:e5:25:e9:0d:ad:
17:c5:9e:16
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgISAY4NxCFgEc4L61fErKZdNBKpMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDgxZWVkNDA5MTM4M2Q5ZWQ0MDU2ZDlmNGVmZjdkMjYyMmRk
Y2UyMDUwHhcNMjQwMzA1MDgzOTAxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ZGU2Yzk3YTYyMDViNGM2NGI1NjQ4NDg4MmQwYmE0NDZkYzU1YWY0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEApeSRiwOZVVnd7zrA9SbKCr9iEqYs
JGffAJs3AkHBgkNAseZHGFvTEwdyr0SuCoqBuOe73HHxuTObjeeUe3hty/Z2SXtX
pUPZ52cBsMF6rQf4/Cjg943obkjuaHjMu12JYXABW7/IKV4DSLTqVtn73g2Iyb0s
kVnQyBVN0mUMibD8rIp+vZDzazxJrjTAXBJv5pgThSf3YG8myW6kwDpM0fs7prfQ
uY9fcBph/4j5y8K4KtPzE6Uo7rjGQft+M5PwwDrJ72LttjanNBBDRCsZwIYapC8d
Eft54G3e4/bWekusZ1BQxYEtLh2cblWnet1r7omgdUVoPorzt2k0tuSCzQIDAQAB
o4ICgTCCAn0wHQYDVR0OBBYEFI3myXpiBbTGS1ZISILQukRtxVr0MB8GA1UdIwQY
MBaAFIHu1AkTg9ntQFbZ9O/30mIt3OIFMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2Et
ODcyYjM3MTBjMmExLzEvamViSmVtSUZ0TVpMVmtoSWd0QzZSRzNGV3ZRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jYS80YTljYzQtMmI5YS00ZWYyLWEzM2EtODcyYjM3MTBjMmEx
LzEvZ2U3VUNST0QyZTFBVnRuMDdfZlNZaTNjNGdVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGWBggrBgEFBQcBBwEB/wSBhjCBgzByBAIAATBsAwQHJfsA
AwMAPoMDBAc++wADAwRNoAMDAVA8AwMCUcwDBAZSiMADAwJSqAMDA1RQAwQFVXHg
AwMEVlADAwBYnwMEB7yOAAMDAcPwAwQG1HuAAwQG1LaAAwMA1O4DAwDVCgMDANVU
AwQG1cUAMA0EAgACMAcDBQcqAqQAMA0GCSqGSIb3DQEBCwUAA4IBAQChkUiMFXhj
eVyRf7m0UHYCy21glCh8F+dbZRtoFgg1KgEoS70xWRtCbX26RntvN9LNzVZI1P8g
iodf0SZTw3iAmiWPG2T825IsN2J+QFq8sYJg+GUklr6m64AdfqgM9wlaloqnYu7x
8O7Z9ceBlJmzEp2ncrxncj8jAdcZiS4YNbvbUHxeFnQSLY+Vd5N+WE6P0aN/F3S2
rszbBy98RIPChi8cjvtrIDRcwxdAIm0UPDRMYrnbNIkkkPmOrSlANSl2ZOdrpPgQ
ftcGNKryiwzfWthE8/W0DoiAYM5ZRAcN5WeeGa8jVFHxFp0vDlU3GdApoz7AhNt4
5SXpDa0XxZ4W
-----END CERTIFICATE-----
Generated at Sun Apr 20 04:25:36 2025 by rpki-client