Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/TfktR2RUlCt-GDJGVYoNk4RcBhw.roa
File: TfktR2RUlCt-GDJGVYoNk4RcBhw.roa (raw, json)
Hash identifier: UrWpbSOPbuBZrO8gF4FQ/0zedAKtBqiAuohWucq8yKA=
Subject key identifier: 4D:F9:2D:47:64:54:94:2B:7E:18:32:46:55:8A:0D:93:84:5C:06:1C
Certificate issuer: /CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
Certificate serial: 0B123445
Authority key identifier: 08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/TfktR2RUlCt-GDJGVYoNk4RcBhw.roa
Signing time: Sat 09 Apr 2022 05:07:07 +0000
ROA not before: Sat 09 Apr 2022 05:07:07 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 44285
IP address blocks: 45.87.4.0/22 maxlen: 22
185.18.213.0/24 maxlen: 24
185.18.212.0/22 maxlen: 22
185.18.212.0/24 maxlen: 24
185.18.215.0/24 maxlen: 24
185.18.214.0/24 maxlen: 24
37.32.32.0/24 maxlen: 24
37.32.33.0/24 maxlen: 24
37.32.32.0/21 maxlen: 21
37.32.32.0/22 maxlen: 22
37.32.36.0/22 maxlen: 22
37.32.37.0/24 maxlen: 24
37.32.38.0/24 maxlen: 24
37.32.36.0/24 maxlen: 24
37.32.35.0/24 maxlen: 24
37.32.34.0/24 maxlen: 24
37.32.39.0/24 maxlen: 24
185.51.201.0/24 maxlen: 24
185.51.200.0/24 maxlen: 24
185.51.203.0/24 maxlen: 24
185.51.202.0/24 maxlen: 24
86.57.120.0/23 maxlen: 23
86.57.122.0/23 maxlen: 23
86.57.96.0/20 maxlen: 20
86.57.112.0/23 maxlen: 23
86.57.114.0/23 maxlen: 23
86.57.116.0/22 maxlen: 22
217.172.124.0/23 maxlen: 23
217.172.120.0/24 maxlen: 24
217.172.120.0/21 maxlen: 21
217.172.127.0/24 maxlen: 24
217.172.126.0/23 maxlen: 23
85.198.48.0/20 maxlen: 20
45.9.253.0/24 maxlen: 24
45.9.252.0/24 maxlen: 24
45.9.254.0/24 maxlen: 24
37.75.246.0/24 maxlen: 24
37.75.245.0/24 maxlen: 24
37.75.244.0/24 maxlen: 24
37.75.244.0/22 maxlen: 22
37.75.243.0/24 maxlen: 24
37.75.247.0/24 maxlen: 24
195.110.38.0/24 maxlen: 24
195.110.38.0/23 maxlen: 23
195.110.39.0/24 maxlen: 24
185.182.248.0/22 maxlen: 22
95.82.0.0/21 maxlen: 21
95.82.0.0/20 maxlen: 20
95.82.0.0/18 maxlen: 18
95.82.8.0/21 maxlen: 21
95.82.16.0/21 maxlen: 21
95.82.16.0/20 maxlen: 20
95.82.24.0/21 maxlen: 21
91.236.168.0/23 maxlen: 23
91.236.169.0/24 maxlen: 24
91.236.168.0/24 maxlen: 24
95.82.32.0/21 maxlen: 21
95.82.40.0/21 maxlen: 21
46.28.74.0/24 maxlen: 24
95.82.48.0/21 maxlen: 21
46.28.73.0/24 maxlen: 24
46.28.72.0/24 maxlen: 24
46.28.72.0/21 maxlen: 24
95.82.56.0/21 maxlen: 21
185.121.128.0/22 maxlen: 24
185.121.128.0/24 maxlen: 24
185.121.131.0/24 maxlen: 24
185.121.130.0/24 maxlen: 24
185.121.129.0/24 maxlen: 24
88.135.38.0/24 maxlen: 24
88.135.37.0/24 maxlen: 24
185.141.132.0/24 maxlen: 24
185.141.134.0/24 maxlen: 24
185.141.133.0/24 maxlen: 24
185.141.135.0/24 maxlen: 24
84.47.226.0/24 maxlen: 24
84.47.224.0/22 maxlen: 22
84.47.225.0/24 maxlen: 24
84.47.224.0/21 maxlen: 21
84.47.224.0/24 maxlen: 24
188.209.152.0/23 maxlen: 23
84.47.231.0/24 maxlen: 24
84.47.227.0/24 maxlen: 24
84.47.230.0/24 maxlen: 24
84.47.229.0/24 maxlen: 24
84.47.228.0/24 maxlen: 24
84.47.228.0/22 maxlen: 22
88.135.39.0/24 maxlen: 24
185.128.138.0/24 maxlen: 24
185.128.137.0/24 maxlen: 24
185.128.136.0/24 maxlen: 24
185.128.139.0/24 maxlen: 24
2a02:828::/32 maxlen: 32
2a02:829::/32 maxlen: 32
2a02:82b::/32 maxlen: 32
2a02:82f::/32 maxlen: 32
2a02:828:1::/48 maxlen: 48
2a02:82a::/32 maxlen: 32
2a02:828::/29 maxlen: 29
2a02:828::/64 maxlen: 64
2a02:828::/48 maxlen: 48
2a02:82e::/32 maxlen: 32
2a02:82c::/32 maxlen: 32
2a02:82d::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 185742405 (0xb123445)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=081b7a22e51cfb9cf84205e4449998ad55d8f065
Validity
Not Before: Apr 9 05:07:07 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=4df92d476454942b7e183246558a0d93845c061c
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c2:64:ea:ea:b3:f6:4d:70:5a:8e:23:c0:69:23:
35:60:c2:c4:14:cf:4f:f4:a3:4f:98:92:f2:3b:e2:
40:41:8d:27:e6:da:f1:9b:28:42:80:42:43:78:cc:
3e:cd:e4:af:53:0e:28:a6:92:6b:da:86:61:66:98:
4b:f4:68:ed:a2:a9:bb:35:e4:ad:61:3b:b3:b6:57:
73:fb:60:ae:78:e9:a7:67:d3:77:3e:86:d6:9f:be:
0a:ed:53:16:bf:3f:fb:99:58:a4:97:6b:16:c9:83:
43:da:5b:54:2e:80:bd:67:08:63:65:2a:4e:ba:72:
e0:cb:b8:b4:a9:50:7d:eb:b9:b7:04:24:93:3e:97:
33:40:ca:e3:0e:3e:7f:e5:50:21:cc:93:95:6c:7c:
4b:72:67:1a:19:a2:99:ac:1c:29:00:13:85:af:26:
0a:55:55:f9:ff:97:c6:3f:23:30:84:6e:02:2f:a9:
03:9f:16:21:c6:ef:b7:00:2f:f8:34:eb:f4:5a:3f:
f7:67:17:0d:4f:e0:08:aa:57:33:f7:92:ad:d3:e6:
1d:bb:65:12:ab:ea:72:ad:86:c0:8c:38:da:0a:fe:
74:ae:b1:17:96:9d:88:f3:31:63:8e:97:32:5c:1e:
b1:8d:44:77:31:3f:44:3b:14:2c:ff:bc:6d:61:17:
3e:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:F9:2D:47:64:54:94:2B:7E:18:32:46:55:8A:0D:93:84:5C:06:1C
X509v3 Authority Key Identifier:
keyid:08:1B:7A:22:E5:1C:FB:9C:F8:42:05:E4:44:99:98:AD:55:D8:F0:65
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/CBt6IuUc-5z4QgXkRJmYrVXY8GU.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/TfktR2RUlCt-GDJGVYoNk4RcBhw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dc/c515c9-df08-426c-80e6-0367268ff871/1/CBt6IuUc-5z4QgXkRJmYrVXY8GU.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.32.32.0/21
37.75.243.0-37.75.247.255
45.9.252.0-45.9.254.255
45.87.4.0/22
46.28.72.0/21
84.47.224.0/21
85.198.48.0/20
86.57.96.0-86.57.123.255
88.135.37.0-88.135.39.255
91.236.168.0/23
95.82.0.0/18
185.18.212.0/22
185.51.200.0/22
185.121.128.0/22
185.128.136.0/22
185.141.132.0/22
185.182.248.0/22
188.209.152.0/23
195.110.38.0/23
217.172.120.0/21
IPv6:
2a02:828::/29
Signature Algorithm: sha256WithRSAEncryption
ae:ab:35:d7:c5:2b:75:35:63:48:ae:77:60:a1:b2:96:c4:8a:
31:0a:81:bd:5d:48:9e:3a:c4:27:0b:8b:e7:1b:50:c7:39:f0:
4e:82:7b:f3:65:32:f8:6c:b3:02:7d:46:cf:a8:86:af:b6:7f:
23:dd:a5:37:cb:e5:80:d2:f3:b6:f7:97:46:35:89:dd:79:1d:
8d:4f:49:ab:3a:76:91:a8:92:3e:9a:45:b3:6b:24:5a:68:96:
d8:4c:e8:53:d0:3e:a6:55:e4:09:2e:b8:46:cf:4d:76:26:95:
56:b0:d1:fb:d2:37:bf:37:06:c4:fe:16:40:08:b2:9e:47:e5:
d1:10:02:33:fc:37:28:c4:43:9a:a9:4b:d7:17:f5:f7:07:9b:
46:8e:72:ec:be:c8:92:12:cd:c9:f5:ee:db:16:c9:71:9a:07:
ec:9f:49:bd:5b:ac:36:ca:f4:d4:2f:34:5c:a5:1e:be:24:2c:
b6:53:35:f7:e1:d1:98:85:39:2a:03:b2:36:0b:68:d3:ca:58:
62:5a:15:d6:91:55:fd:8c:fe:b7:10:8b:f2:62:a7:4f:42:c5:
19:75:7b:d5:d0:d2:b4:fb:f9:25:61:23:6d:b8:76:78:4d:2c:
26:12:d8:3b:d8:bb:77:53:c8:07:15:b3:e8:ac:b7:ac:65:de:
67:c3:c8:ac
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgIECxI0RTANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEygw
ODFiN2EyMmU1MWNmYjljZjg0MjA1ZTQ0NDk5OThhZDU1ZDhmMDY1MB4XDTIyMDQw
OTA1MDcwN1oXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoNGRmOTJkNDc2NDU0
OTQyYjdlMTgzMjQ2NTU4YTBkOTM4NDVjMDYxYzCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAMJk6uqz9k1wWo4jwGkjNWDCxBTPT/SjT5iS8jviQEGNJ+ba
8ZsoQoBCQ3jMPs3kr1MOKKaSa9qGYWaYS/Ro7aKpuzXkrWE7s7ZXc/tgrnjpp2fT
dz6G1p++Cu1TFr8/+5lYpJdrFsmDQ9pbVC6AvWcIY2UqTrpy4Mu4tKlQfeu5twQk
kz6XM0DK4w4+f+VQIcyTlWx8S3JnGhmimawcKQATha8mClVV+f+Xxj8jMIRuAi+p
A58WIcbvtwAv+DTr9Fo/92cXDU/gCKpXM/eSrdPmHbtlEqvqcq2GwIw42gr+dK6x
F5adiPMxY46XMlwesY1EdzE/RDsULP+8bWEXPikCAwEAAaOCAq8wggKrMB0GA1Ud
DgQWBBRN+S1HZFSUK34YMkZVig2ThFwGHDAfBgNVHSMEGDAWgBQIG3oi5Rz7nPhC
BeREmZitVdjwZTAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
L0NCdDZJdVVjLTV6NFFnWGtSSm1ZclZYWThHVS5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZGMvYzUxNWM5LWRmMDgtNDI2Yy04MGU2LTAzNjcyNjhmZjg3MS8x
L1Rma3RSMlJVbEN0LUdESkdWWW9OazRSY0Jody5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZGMv
YzUxNWM5LWRmMDgtNDI2Yy04MGU2LTAzNjcyNjhmZjg3MS8xL0NCdDZJdVVjLTV6
NFFnWGtSSm1ZclZYWThHVS5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
xAYIKwYBBQUHAQcBAf8EgbQwgbEwgZ8EAgABMIGYAwQDJSAgMAwDBAAlS/MDBAMl
S/AwDAMEAi0J/AMEAC0J/gMEAi1XBAMEAy4cSAMEA1Qv4AMEBFXGMDAMAwQFVjlg
AwQCVjl4MAwDBABYhyUDBANYhyADBAFb7KgDBAZfUgADBAK5EtQDBAK5M8gDBAK5
eYADBAK5gIgDBAK5jYQDBAK5tvgDBAG80ZgDBAHDbiYDBAPZrHgwDQQCAAIwBwMF
AyoCCCgwDQYJKoZIhvcNAQELBQADggEBAK6rNdfFK3U1Y0iud2ChspbEijEKgb1d
SJ46xCcLi+cbUMc58E6Ce/NlMvhsswJ9Rs+ohq+2fyPdpTfL5YDS87b3l0Y1id15
HY1PSas6dpGokj6aRbNrJFpolthM6FPQPqZV5AkuuEbPTXYmlVaw0fvSN783BsT+
FkAIsp5H5dEQAjP8NyjEQ5qpS9cX9fcHm0aOcuy+yJISzcn17tsWyXGaB+yfSb1b
rDbK9NQvNFylHr4kLLZTNffh0ZiFOSoDsjYLaNPKWGJaFdaRVf2M/rcQi/Jip09C
xRl1e9XQ0rT7+SVhI224dnhNLCYS2DvYu3dTyAcVs+ist6xl3mfDyKw=
-----END CERTIFICATE-----
Generated at Mon Feb 17 08:02:54 2025 by rpki-client