Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/EXR6jOzEtCx1v8b-TcepSonB7qw.roa
File: EXR6jOzEtCx1v8b-TcepSonB7qw.roa (raw, json)
Hash identifier: XXR+88xut8Gg0rTbE25trgOsO2u4dfaxt47j6JBENp0=
Subject key identifier: 11:74:7A:8C:EC:C4:B4:2C:75:BF:C6:FE:4D:C7:A9:4A:89:C1:EE:AC
Certificate issuer: /CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Certificate serial: 018EF4F032F2AFE418A231D1DF2177DCD185
Authority key identifier: 3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/EXR6jOzEtCx1v8b-TcepSonB7qw.roa
Signing time: Fri 19 Apr 2024 05:59:26 +0000
ROA not before: Fri 19 Apr 2024 05:59:26 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 208913
IP address blocks: 46.102.105.0/24 maxlen: 24
46.247.144.0/20 maxlen: 24
79.139.80.0/23 maxlen: 24
86.105.241.0/24 maxlen: 24
86.106.108.0/24 maxlen: 24
89.32.125.0/24 maxlen: 24
89.37.58.0/24 maxlen: 24
89.40.41.0/24 maxlen: 24
89.40.164.0/23 maxlen: 24
89.47.43.0/24 maxlen: 24
89.200.240.0/23 maxlen: 24
91.198.23.0/24 maxlen: 24
91.216.138.0/24 maxlen: 24
91.227.33.0/24 maxlen: 24
91.229.228.0/24 maxlen: 24
91.238.148.0/23 maxlen: 24
93.114.84.0/24 maxlen: 24
93.180.208.0/22 maxlen: 24
94.177.6.0/23 maxlen: 24
94.177.23.0/24 maxlen: 24
176.126.198.0/23 maxlen: 24
188.210.254.0/24 maxlen: 24
188.214.89.0/24 maxlen: 24
188.241.59.0/24 maxlen: 24
193.36.44.0/24 maxlen: 24
193.37.136.0/24 maxlen: 24
193.39.119.0/24 maxlen: 24
193.93.40.0/22 maxlen: 24
193.105.176.0/24 maxlen: 24
193.169.8.0/23 maxlen: 24
193.192.52.0/23 maxlen: 24
193.239.172.0/23 maxlen: 24
193.239.246.0/23 maxlen: 24
194.8.81.0/24 maxlen: 24
194.24.234.0/23 maxlen: 24
194.42.100.0/23 maxlen: 24
194.88.134.0/23 maxlen: 24
194.106.204.0/23 maxlen: 24
194.106.212.0/23 maxlen: 24
194.140.235.0/24 maxlen: 24
194.246.106.0/23 maxlen: 24
195.2.196.0/23 maxlen: 24
195.13.48.0/23 maxlen: 24
195.34.80.0/23 maxlen: 24
195.93.140.0/23 maxlen: 24
195.128.188.0/23 maxlen: 24
195.135.192.0/23 maxlen: 24
195.189.176.0/24 maxlen: 24
195.189.186.0/23 maxlen: 24
195.189.250.0/23 maxlen: 24
195.210.44.0/23 maxlen: 24
195.254.140.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:f4:f0:32:f2:af:e4:18:a2:31:d1:df:21:77:dc:d1:85
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Validity
Not Before: Apr 19 05:59:26 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=11747a8cecc4b42c75bfc6fe4dc7a94a89c1eeac
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:68:ae:5c:a1:cf:4b:c9:c2:d5:0e:ea:b6:d7:
28:c0:67:d4:0a:c0:e0:d4:5d:d5:e6:5f:64:f5:4e:
c5:47:df:35:0d:17:aa:a9:a3:7f:41:35:b6:b2:c9:
b1:f7:91:d0:6b:d8:1c:ff:4c:d8:e7:cd:66:ef:d2:
67:34:80:3b:35:28:bf:26:00:31:f3:58:4a:a1:55:
fa:85:13:3e:ef:0a:6b:43:45:bc:e0:9d:48:ea:94:
17:70:1c:6c:0c:dd:5c:bf:e9:00:b2:fb:e7:f8:7b:
17:94:ae:9d:e3:58:a0:aa:bc:84:0f:a7:b2:43:61:
60:c8:be:f9:23:0f:b0:30:81:ef:a5:5e:d9:f1:d3:
6f:b4:f8:0a:95:a8:fd:88:6e:25:ac:c9:b6:ff:c0:
ad:fd:af:eb:f6:08:7a:79:97:f0:68:f4:85:15:84:
69:61:d0:1b:39:e2:44:55:b0:bc:0b:4d:54:d7:85:
4e:4b:08:55:98:c2:56:38:5f:3f:3e:92:e7:47:cd:
4b:c3:c0:01:cd:43:64:24:68:ae:bb:2e:4b:3e:58:
40:f0:51:f0:80:d1:69:13:71:ab:dc:28:4d:6e:76:
21:cd:a6:07:96:a9:b1:96:52:e9:b7:da:3a:d2:9a:
6d:ce:ac:90:f4:40:7e:b0:1d:6a:ef:a2:ad:a2:d3:
2f:41
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
11:74:7A:8C:EC:C4:B4:2C:75:BF:C6:FE:4D:C7:A9:4A:89:C1:EE:AC
X509v3 Authority Key Identifier:
keyid:3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/EXR6jOzEtCx1v8b-TcepSonB7qw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.102.105.0/24
46.247.144.0/20
79.139.80.0/23
86.105.241.0/24
86.106.108.0/24
89.32.125.0/24
89.37.58.0/24
89.40.41.0/24
89.40.164.0/23
89.47.43.0/24
89.200.240.0/23
91.198.23.0/24
91.216.138.0/24
91.227.33.0/24
91.229.228.0/24
91.238.148.0/23
93.114.84.0/24
93.180.208.0/22
94.177.6.0/23
94.177.23.0/24
176.126.198.0/23
188.210.254.0/24
188.214.89.0/24
188.241.59.0/24
193.36.44.0/24
193.37.136.0/24
193.39.119.0/24
193.93.40.0/22
193.105.176.0/24
193.169.8.0/23
193.192.52.0/23
193.239.172.0/23
193.239.246.0/23
194.8.81.0/24
194.24.234.0/23
194.42.100.0/23
194.88.134.0/23
194.106.204.0/23
194.106.212.0/23
194.140.235.0/24
194.246.106.0/23
195.2.196.0/23
195.13.48.0/23
195.34.80.0/23
195.93.140.0/23
195.128.188.0/23
195.135.192.0/23
195.189.176.0/24
195.189.186.0/23
195.189.250.0/23
195.210.44.0/23
195.254.140.0/23
Signature Algorithm: sha256WithRSAEncryption
41:d2:7a:60:f2:f6:9d:29:d5:fd:9d:4e:b6:91:07:1d:35:3c:
db:33:e0:f1:b3:8d:92:bd:aa:f3:30:24:7d:35:46:16:b2:31:
40:f0:fe:19:3a:9b:c5:72:93:9b:66:aa:67:b4:d2:52:06:99:
4d:eb:0b:06:f6:61:40:4e:54:51:64:e6:12:61:6b:30:38:52:
18:48:44:7a:10:f3:95:54:2c:bf:97:dc:13:a7:ac:d8:c8:c0:
06:7f:ae:f3:34:41:dd:8c:27:aa:be:c2:8d:56:57:7b:90:33:
4f:2f:34:de:32:ac:e8:d9:82:b3:9c:b8:af:28:ae:ac:b8:c9:
68:01:e3:98:49:e4:0a:c8:58:cc:ae:18:b1:57:39:11:79:ee:
f9:7e:26:d0:77:8f:22:9a:12:fb:1d:3b:e5:39:34:19:21:7a:
35:b6:fc:0d:5e:d9:b5:93:51:ca:a9:b8:fe:c3:40:96:df:72:
e0:a0:13:d2:a4:d4:8f:7f:1f:a1:bf:c8:01:04:4f:f3:3c:1c:
31:b9:43:94:aa:16:41:56:69:ec:b5:50:96:1d:a3:b0:83:5c:
ad:84:8d:d6:c9:c2:20:f8:4f:8e:06:a7:0a:5c:60:5e:83:1e:
e6:75:1c:0a:a3:7e:58:61:3b:31:43:d2:44:8a:af:36:b8:f7:
46:4f:c3:a4
-----BEGIN CERTIFICATE-----
MIIGOTCCBSGgAwIBAgISAY708DLyr+QYojHR3yF33NGFMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWYzMmQwY2ZhN2E4NmQzMGU3ZTExYTczZWJiZDBiMjRk
YmY0MWYwHhcNMjQwNDE5MDU1OTI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMTc0N2E4Y2VjYzRiNDJjNzViZmM2ZmU0ZGM3YTk0YTg5YzFlZWFjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8GiuXKHPS8nC1Q7qttcowGfUCsDg
1F3V5l9k9U7FR981DReqqaN/QTW2ssmx95HQa9gc/0zY581m79JnNIA7NSi/JgAx
81hKoVX6hRM+7wprQ0W84J1I6pQXcBxsDN1cv+kAsvvn+HsXlK6d41igqryED6ey
Q2FgyL75Iw+wMIHvpV7Z8dNvtPgKlaj9iG4lrMm2/8Ct/a/r9gh6eZfwaPSFFYRp
YdAbOeJEVbC8C01U14VOSwhVmMJWOF8/PpLnR81Lw8ABzUNkJGiuuy5LPlhA8FHw
gNFpE3Gr3ChNbnYhzaYHlqmxllLpt9o60pptzqyQ9EB+sB1q76KtotMvQQIDAQAB
o4IDRTCCA0EwHQYDVR0OBBYEFBF0eozsxLQsdb/G/k3HqUqJwe6sMB8GA1UdIwQY
MBaAFD4fMtDPp6htMOfhGnPrvQsk2/QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUt
NjA2OGMwNGQxYmUwLzEvRVhSNmpPekV0Q3gxdjhiLVRjZXBTb25CN3F3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUtNjA2OGMwNGQxYmUw
LzEvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBWQYIKwYBBQUHAQcBAf8EggFIMIIBRDCCAUAEAgABMIIB
OAMEAC5maQMEBC73kAMEAU+LUAMEAFZp8QMEAFZqbAMEAFkgfQMEAFklOgMEAFko
KQMEAVkopAMEAFkvKwMEAVnI8AMEAFvGFwMEAFvYigMEAFvjIQMEAFvl5AMEAVvu
lAMEAF1yVAMEAl200AMEAV6xBgMEAF6xFwMEAbB+xgMEALzS/gMEALzWWQMEALzx
OwMEAMEkLAMEAMEliAMEAMEndwMEAsFdKAMEAMFpsAMEAcGpCAMEAcHANAMEAcHv
rAMEAcHv9gMEAMIIUQMEAcIY6gMEAcIqZAMEAcJYhgMEAcJqzAMEAcJq1AMEAMKM
6wMEAcL2agMEAcMCxAMEAcMNMAMEAcMiUAMEAcNdjAMEAcOAvAMEAcOHwAMEAMO9
sAMEAcO9ugMEAcO9+gMEAcPSLAMEAcP+jDANBgkqhkiG9w0BAQsFAAOCAQEAQdJ6
YPL2nSnV/Z1OtpEHHTU82zPg8bONkr2q8zAkfTVGFrIxQPD+GTqbxXKTm2aqZ7TS
UgaZTesLBvZhQE5UUWTmEmFrMDhSGEhEehDzlVQsv5fcE6es2MjABn+u8zRB3Ywn
qr7CjVZXe5AzTy803jKs6NmCs5y4ryiurLjJaAHjmEnkCshYzK4YsVc5EXnu+X4m
0HePIpoS+x075Tk0GSF6Nbb8DV7ZtZNRyqm4/sNAlt9y4KAT0qTUj38fob/IAQRP
8zwcMblDlKoWQVZp7LVQlh2jsINcrYSN1snCIPhPjganClxgXoMe5nUcCqN+WGE7
MUPSRIqvNrj3Rk/DpA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:05 2024 by rpki-client on console-ams.rpki-client.org