Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/TiEK6dt1YehLZTqH1sFhtRJ8cYg.roa
File: TiEK6dt1YehLZTqH1sFhtRJ8cYg.roa (raw, json)
Hash identifier: l//RvuYs38JfG/pcmM5yxSTGLqim6JginFRIUm/aPIs=
Subject key identifier: 4E:21:0A:E9:DB:75:61:E8:4B:65:3A:87:D6:C1:61:B5:12:7C:71:88
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018EADDC84D0EF2A968354A03CC2F4A11DCC
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/TiEK6dt1YehLZTqH1sFhtRJ8cYg.roa
Signing time: Fri 05 Apr 2024 10:44:54 +0000
ROA not before: Fri 05 Apr 2024 10:44:54 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 42864
IP address blocks: 45.9.169.0/24 maxlen: 24
45.9.170.0/24 maxlen: 24
45.9.171.0/24 maxlen: 24
45.14.10.0/24 maxlen: 24
45.14.11.0/24 maxlen: 24
45.88.93.0/24 maxlen: 24
77.242.144.0/22 maxlen: 24
77.242.148.0/24 maxlen: 24
77.242.151.0/24 maxlen: 24
88.209.193.0/24 maxlen: 24
88.209.196.0/24 maxlen: 24
88.209.208.0/24 maxlen: 24
88.209.210.0/24 maxlen: 24
88.209.212.0/24 maxlen: 24
88.209.213.0/24 maxlen: 24
88.209.214.0/24 maxlen: 24
88.209.215.0/24 maxlen: 24
88.209.246.0/24 maxlen: 24
88.209.247.0/24 maxlen: 24
92.52.208.0/24 maxlen: 24
92.52.209.0/24 maxlen: 24
92.52.210.0/23 maxlen: 23
92.52.212.0/22 maxlen: 24
92.52.215.0/24 maxlen: 24
92.52.219.0/24 maxlen: 24
178.210.224.0/24 maxlen: 24
178.210.225.0/24 maxlen: 24
178.210.226.0/23 maxlen: 23
178.210.228.0/22 maxlen: 24
178.210.232.0/22 maxlen: 22
178.210.236.0/24 maxlen: 24
178.210.237.0/24 maxlen: 24
178.210.240.0/22 maxlen: 22
178.210.244.0/22 maxlen: 22
178.210.248.0/24 maxlen: 24
178.210.249.0/24 maxlen: 24
178.210.250.0/24 maxlen: 24
178.210.251.0/24 maxlen: 24
178.210.252.0/22 maxlen: 22
178.248.200.0/21 maxlen: 21
193.138.125.0/24 maxlen: 24
2a00:1f40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:ad:dc:84:d0:ef:2a:96:83:54:a0:3c:c2:f4:a1:1d:cc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Apr 5 10:44:54 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=4e210ae9db7561e84b653a87d6c161b5127c7188
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:b2:8a:eb:1b:10:65:aa:1e:7b:79:79:e7:de:
f6:be:22:f1:e4:b4:d5:3d:69:ad:db:3b:c0:ba:ed:
f4:8b:c6:1d:35:76:ac:01:5f:a4:0c:eb:63:fc:b8:
dd:c5:0e:6f:48:47:6c:02:ec:fe:39:5b:0c:53:cc:
18:3b:7c:56:fb:4c:cd:8b:de:67:f0:21:f4:44:2a:
e3:22:82:2c:f6:02:38:c2:96:63:77:ea:38:2f:fd:
63:1f:ae:6f:1c:a5:e7:cd:89:f5:99:c4:67:2d:f1:
b1:61:b6:d0:eb:4f:ba:29:d3:1a:c5:8b:c6:89:47:
64:57:04:19:86:3e:96:97:e2:60:01:e9:6d:1b:94:
c8:0b:97:94:c0:89:ac:63:44:d0:d5:74:6e:bd:65:
7e:23:b7:12:2a:7f:d5:53:f6:ac:7c:9a:4c:6b:62:
00:e1:2a:4b:88:c8:8f:82:1c:b3:1e:75:ec:c3:7c:
e1:79:72:25:a1:66:7a:6c:b7:e8:d9:6d:60:13:23:
ee:01:7e:b0:ba:8d:48:30:45:51:2f:71:90:ba:3b:
a5:33:c6:2c:95:59:cf:d7:c0:82:46:a1:7a:83:dc:
e7:d3:f5:a4:b8:0d:7e:a6:53:29:e0:cf:26:ad:a4:
94:9f:dc:7f:36:8c:71:b0:a0:65:73:ea:49:38:a2:
27:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4E:21:0A:E9:DB:75:61:E8:4B:65:3A:87:D6:C1:61:B5:12:7C:71:88
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/TiEK6dt1YehLZTqH1sFhtRJ8cYg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.169.0-45.9.171.255
45.14.10.0/23
45.88.93.0/24
77.242.144.0-77.242.148.255
77.242.151.0/24
88.209.193.0/24
88.209.196.0/24
88.209.208.0/24
88.209.210.0/24
88.209.212.0/22
88.209.246.0/23
92.52.208.0/21
92.52.219.0/24
178.210.224.0-178.210.237.255
178.210.240.0/20
178.248.200.0/21
193.138.125.0/24
IPv6:
2a00:1f40::/29
Signature Algorithm: sha256WithRSAEncryption
98:15:21:a7:2a:ad:b1:55:bb:d2:7d:ec:74:d6:37:9b:ed:ad:
45:d0:b8:6c:1b:7a:4d:b7:49:e0:ea:78:e3:7a:fa:44:24:a8:
bd:71:4f:5a:e6:24:21:91:f3:01:1e:29:fa:66:07:db:35:5b:
0a:7d:d0:97:d7:c5:8d:e4:45:2c:87:55:ea:19:c2:60:83:77:
b5:ae:f3:08:7c:3d:3a:62:40:e6:d2:70:e2:3d:33:83:3f:97:
b9:75:f3:a1:3f:16:c3:23:2c:9f:44:5f:15:82:7b:bf:f8:f0:
6e:1f:25:90:88:30:69:e7:f4:c3:eb:40:6d:64:00:55:74:12:
f9:76:0c:3b:ef:63:01:3e:97:ab:26:19:d2:9b:3f:82:8a:88:
d7:e1:59:a5:49:c9:77:14:a2:7f:96:d1:27:7e:5e:1a:2a:65:
f4:89:28:9a:c5:42:bf:1e:a8:19:dd:6a:01:b8:5e:d8:a5:f5:
07:76:72:d3:66:87:6d:a0:1a:f7:6a:d4:cc:95:45:93:49:d6:
83:65:66:be:cc:bb:bf:a6:d5:3f:fb:fd:16:97:f8:a5:8d:55:
2d:3c:c6:51:ea:43:05:24:42:1e:d4:77:35:ba:b0:c7:83:94:
22:cf:a2:97:09:65:e6:24:78:e9:e0:74:6c:11:58:59:d9:85:
14:a6:5b:f5
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAY6t3ITQ7yqWg1SgPML0oR3MMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwNDA1MTA0NDU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZTIxMGFlOWRiNzU2MWU4NGI2NTNhODdkNmMxNjFiNTEyN2M3MTg4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAybKK6xsQZaoee3l55972viLx5LTV
PWmt2zvAuu30i8YdNXasAV+kDOtj/LjdxQ5vSEdsAuz+OVsMU8wYO3xW+0zNi95n
8CH0RCrjIoIs9gI4wpZjd+o4L/1jH65vHKXnzYn1mcRnLfGxYbbQ60+6KdMaxYvG
iUdkVwQZhj6Wl+JgAeltG5TIC5eUwImsY0TQ1XRuvWV+I7cSKn/VU/asfJpMa2IA
4SpLiMiPghyzHnXsw3zheXIloWZ6bLfo2W1gEyPuAX6wuo1IMEVRL3GQujulM8Ys
lVnP18CCRqF6g9zn0/WkuA1+plMp4M8mraSUn9x/NoxxsKBlc+pJOKInUQIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFE4hCunbdWHoS2U6h9bBYbUSfHGIMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvVGlFSzZkdDFZZWhMWlRxSDFzRmh0Uko4Y1lnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGpBggrBgEFBQcBBwEB/wSBmTCBljCBhAQCAAEwfjAMAwQA
LQmpAwQCLQmoAwQBLQ4KAwQALVhdMAwDBARN8pADBABN8pQDBABN8pcDBABY0cED
BABY0cQDBABY0dADBABY0dIDBAJY0dQDBAFY0fYDBANcNNADBABcNNswDAMEBbLS
4AMEAbLS7AMEBLLS8AMEA7L4yAMEAMGKfTANBAIAAjAHAwUDKgAfQDANBgkqhkiG
9w0BAQsFAAOCAQEAmBUhpyqtsVW70n3sdNY3m+2tRdC4bBt6TbdJ4Op443r6RCSo
vXFPWuYkIZHzAR4p+mYH2zVbCn3Ql9fFjeRFLIdV6hnCYIN3ta7zCHw9OmJA5tJw
4j0zgz+XuXXzoT8WwyMsn0RfFYJ7v/jwbh8lkIgwaef0w+tAbWQAVXQS+XYMO+9j
AT6XqyYZ0ps/goqI1+FZpUnJdxSif5bRJ35eGipl9IkomsVCvx6oGd1qAbhe2KX1
B3Zy02aHbaAa92rUzJVFk0nWg2Vmvsy7v6bVP/v9Fpf4pY1VLTzGUepDBSRCHtR3
Nbqwx4OUIs+ilwll5iR46eB0bBFYWdmFFKZb9Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:55 2024 by rpki-client on console-ams.rpki-client.org