Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/7xWfahWcQXK2IFE5NIBRbkC6s-Y.roa
File: 7xWfahWcQXK2IFE5NIBRbkC6s-Y.roa (raw, json)
Hash identifier: yzCKnOwF0jL0H4VsTQ6TIpC6x+FO45EQ4A9Vrjy9MBc=
Subject key identifier: EF:15:9F:6A:15:9C:41:72:B6:20:51:39:34:80:51:6E:40:BA:B3:E6
Certificate issuer: /CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
Certificate serial: 02FAC931
Authority key identifier: EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/7xWfahWcQXK2IFE5NIBRbkC6s-Y.roa
Signing time: Wed 25 May 2022 07:00:13 +0000
ROA not before: Wed 25 May 2022 07:00:13 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 12975
IP address blocks: 199.204.215.0/24 maxlen: 24
176.65.12.0/22 maxlen: 22
194.169.123.0/24 maxlen: 24
147.189.176.0/20 maxlen: 20
94.26.112.0/20 maxlen: 20
82.205.0.0/17 maxlen: 21
82.205.0.0/20 maxlen: 20
217.66.233.0/24 maxlen: 24
199.250.128.0/19 maxlen: 21
217.66.237.0/24 maxlen: 24
217.66.234.0/23 maxlen: 23
86.107.16.0/22 maxlen: 22
188.209.208.0/22 maxlen: 22
87.252.108.0/22 maxlen: 22
188.215.100.0/22 maxlen: 22
82.205.96.0/20 maxlen: 20
82.205.104.0/21 maxlen: 21
89.239.32.0/20 maxlen: 20
82.205.16.0/20 maxlen: 20
217.66.240.0/20 maxlen: 20
37.8.0.0/17 maxlen: 20
37.8.0.0/20 maxlen: 20
37.8.16.0/20 maxlen: 20
82.205.27.0/24 maxlen: 24
85.184.240.0/22 maxlen: 22
212.33.96.0/19 maxlen: 20
37.8.32.0/20 maxlen: 20
185.171.132.0/22 maxlen: 22
37.8.48.0/20 maxlen: 20
82.102.240.0/20 maxlen: 20
185.40.192.0/22 maxlen: 22
185.138.132.0/22 maxlen: 22
185.90.242.0/24 maxlen: 24
82.205.120.0/21 maxlen: 21
82.102.192.0/20 maxlen: 20
82.102.192.0/18 maxlen: 24
82.102.208.0/21 maxlen: 21
82.102.218.0/23 maxlen: 23
82.102.224.0/20 maxlen: 20
82.102.220.0/22 maxlen: 22
212.106.64.0/19 maxlen: 20
217.78.60.0/22 maxlen: 22
217.21.2.0/24 maxlen: 24
217.21.0.0/20 maxlen: 24
85.113.96.0/19 maxlen: 20
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 49989937 (0x2fac931)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ec3a633ef2c08251a58603562e56aa6efa93ec25
Validity
Not Before: May 25 07:00:13 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=ef159f6a159c4172b62051393480516e40bab3e6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c6:49:bb:b4:21:fe:fd:65:c6:b7:1a:14:81:a0:
24:b1:13:90:7a:61:d9:87:e9:00:59:39:a7:cb:9f:
20:6b:b5:03:cc:cd:84:f0:fb:5e:2c:8d:3d:7d:5d:
cf:80:6e:69:b3:7a:69:a6:a2:cc:16:35:bf:2b:5f:
cf:6c:86:d4:a9:f0:f6:05:2b:a2:d6:1f:1c:72:a9:
16:01:da:70:6e:56:04:80:96:da:4f:02:e6:e1:7a:
c6:8a:46:fe:58:d7:4a:13:bd:cf:4e:31:a9:0b:5c:
73:8a:71:7a:03:64:7d:18:12:d4:79:58:e0:c5:f0:
20:81:72:59:6d:0f:a1:f2:96:d7:60:46:82:7b:3e:
c1:92:07:3d:b7:1c:e7:3c:1d:bb:84:fd:6f:c9:b9:
81:12:65:7c:5f:49:a1:56:ff:b4:d9:c2:c5:43:20:
e6:48:28:8e:ac:e6:4b:94:c0:83:7b:ac:64:7c:9e:
e6:d5:f4:a9:13:65:43:43:77:54:a1:90:ec:29:8a:
3c:15:bd:da:de:a7:93:a5:6c:a0:0e:8d:f0:42:a1:
20:fd:95:59:43:56:79:f7:eb:f7:04:c6:c8:56:43:
1c:15:2d:bd:ac:3f:e4:98:4c:cc:12:5a:ee:02:34:
c4:05:91:a2:31:fc:66:4a:b0:2d:80:cc:af:84:3b:
02:05
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
EF:15:9F:6A:15:9C:41:72:B6:20:51:39:34:80:51:6E:40:BA:B3:E6
X509v3 Authority Key Identifier:
keyid:EC:3A:63:3E:F2:C0:82:51:A5:86:03:56:2E:56:AA:6E:FA:93:EC:25
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7DpjPvLAglGlhgNWLlaqbvqT7CU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/7xWfahWcQXK2IFE5NIBRbkC6s-Y.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/d4/c1b1f0-234f-45d5-8595-f7c2c2a91bc2/1/7DpjPvLAglGlhgNWLlaqbvqT7CU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.8.0.0/17
82.102.192.0/18
82.205.0.0/17
85.113.96.0/19
85.184.240.0/22
86.107.16.0/22
87.252.108.0/22
89.239.32.0/20
94.26.112.0/20
147.189.176.0/20
176.65.12.0/22
185.40.192.0/22
185.90.242.0/24
185.138.132.0/22
185.171.132.0/22
188.209.208.0/22
188.215.100.0/22
194.169.123.0/24
199.204.215.0/24
199.250.128.0/19
212.33.96.0/19
212.106.64.0/19
217.21.0.0/20
217.66.233.0-217.66.235.255
217.66.237.0/24
217.66.240.0/20
217.78.60.0/22
Signature Algorithm: sha256WithRSAEncryption
30:7f:86:be:85:41:fb:22:f6:10:e9:55:f5:eb:a4:8c:12:5e:
b9:29:23:f3:ff:ce:b4:7e:97:72:76:bd:ec:31:34:73:29:8e:
c7:82:f7:da:85:85:5f:b4:ba:a8:86:2d:f2:7f:72:b9:7b:80:
ee:4b:74:f6:6f:50:88:d9:96:7e:fb:a3:5c:58:e5:f4:84:1e:
68:f2:3c:ec:01:a7:68:c7:7f:a7:d6:fe:c5:2d:b0:77:a8:a0:
dd:14:d1:87:77:2d:2a:f2:fa:c6:be:e5:f8:bd:2f:8f:d2:fd:
da:15:54:d0:2c:29:ba:d5:7c:95:6e:df:b5:6f:ee:df:68:ec:
10:83:63:31:5c:de:01:7a:09:b8:e7:a7:df:14:91:60:83:a0:
bd:81:f1:98:a5:c7:8d:79:20:23:3a:3f:ce:92:fa:f3:6e:ca:
b9:0c:bd:70:6e:7d:2a:f9:22:e1:60:02:55:bf:55:2e:d5:bc:
54:95:2e:2f:68:4a:64:a0:d0:71:12:7c:50:03:3d:94:53:62:
e9:cf:8e:e9:7e:3a:95:1e:2f:e6:74:0b:5b:78:04:e2:60:1b:
d2:96:16:42:77:89:c4:b2:96:a3:ae:c7:68:49:d2:4d:0b:62:
cb:32:62:28:5e:9a:74:5f:43:1d:fb:66:61:04:f0:52:22:d5:
ad:bb:85:d5
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgIEAvrJMTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
YzNhNjMzZWYyYzA4MjUxYTU4NjAzNTYyZTU2YWE2ZWZhOTNlYzI1MB4XDTIyMDUy
NTA3MDAxM1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZWYxNTlmNmExNTlj
NDE3MmI2MjA1MTM5MzQ4MDUxNmU0MGJhYjNlNjCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMZJu7Qh/v1lxrcaFIGgJLETkHph2YfpAFk5p8ufIGu1A8zN
hPD7XiyNPX1dz4BuabN6aaaizBY1vytfz2yG1Knw9gUrotYfHHKpFgHacG5WBICW
2k8C5uF6xopG/ljXShO9z04xqQtcc4pxegNkfRgS1HlY4MXwIIFyWW0PofKW12BG
gns+wZIHPbcc5zwdu4T9b8m5gRJlfF9JoVb/tNnCxUMg5kgojqzmS5TAg3usZHye
5tX0qRNlQ0N3VKGQ7CmKPBW92t6nk6VsoA6N8EKhIP2VWUNWeffr9wTGyFZDHBUt
vaw/5JhMzBJa7gI0xAWRojH8ZkqwLYDMr4Q7AgUCAwEAAaOCArIwggKuMB0GA1Ud
DgQWBBTvFZ9qFZxBcrYgUTk0gFFuQLqz5jAfBgNVHSMEGDAWgBTsOmM+8sCCUaWG
A1YuVqpu+pPsJTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzdEcGpQdkxBZ2xHbGhnTldMbGFxYnZxVDdDVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZDQvYzFiMWYwLTIzNGYtNDVkNS04NTk1LWY3YzJjMmE5MWJjMi8x
Lzd4V2ZhaFdjUVhLMklGRTVOSUJSYmtDNnMtWS5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZDQv
YzFiMWYwLTIzNGYtNDVkNS04NTk1LWY3YzJjMmE5MWJjMi8xLzdEcGpQdkxBZ2xH
bGhnTldMbGFxYnZxVDdDVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
xwYIKwYBBQUHAQcBAf8EgbcwgbQwgbEEAgABMIGqAwQHJQgAAwQGUmbAAwQHUs0A
AwQFVXFgAwQCVbjwAwQCVmsQAwQCV/xsAwQEWe8gAwQEXhpwAwQEk72wAwQCsEEM
AwQCuSjAAwQAuVryAwQCuYqEAwQCuauEAwQCvNHQAwQCvNdkAwQAwql7AwQAx8zX
AwQFx/qAAwQF1CFgAwQF1GpAAwQE2RUAMAwDBADZQukDBALZQugDBADZQu0DBATZ
QvADBALZTjwwDQYJKoZIhvcNAQELBQADggEBADB/hr6FQfsi9hDpVfXrpIwSXrkp
I/P/zrR+l3J2vewxNHMpjseC99qFhV+0uqiGLfJ/crl7gO5LdPZvUIjZln77o1xY
5fSEHmjyPOwBp2jHf6fW/sUtsHeooN0U0Yd3LSry+sa+5fi9L4/S/doVVNAsKbrV
fJVu37Vv7t9o7BCDYzFc3gF6Cbjnp98UkWCDoL2B8Zilx415ICM6P86S+vNuyrkM
vXBufSr5IuFgAlW/VS7VvFSVLi9oSmSg0HESfFADPZRTYunPjul+OpUeL+Z0C1t4
BOJgG9KWFkJ3icSylqOux2hJ0k0LYssyYihemnRfQx37ZmEE8FIi1a27hdU=
-----END CERTIFICATE-----
Generated at Thu Jul 20 00:08:26 2023 by rpki-client on console-ams.rpki-client.org