Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/J4y83igEMHQh4yyMQoFpqN3OwwY.roa
File: J4y83igEMHQh4yyMQoFpqN3OwwY.roa (raw, json)
Hash identifier: DUVjW6j0+t3rXnbX1wGJwjcMuKyxy9Eh8OoyDr9i1Qs=
Subject key identifier: 27:8C:BC:DE:28:04:30:74:21:E3:2C:8C:42:81:69:A8:DD:CE:C3:06
Certificate issuer: /CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Certificate serial: 018DF8CEF1DDE38EC773CE6ADD163D0CDECF
Authority key identifier: 3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/J4y83igEMHQh4yyMQoFpqN3OwwY.roa
Signing time: Fri 01 Mar 2024 06:58:48 +0000
ROA not before: Fri 01 Mar 2024 06:58:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 208913
IP address blocks: 45.14.76.0/22 maxlen: 24
46.102.105.0/24 maxlen: 24
46.102.118.0/23 maxlen: 24
46.247.144.0/20 maxlen: 24
77.223.214.0/23 maxlen: 24
79.139.80.0/23 maxlen: 24
86.104.72.0/22 maxlen: 24
86.105.241.0/24 maxlen: 24
86.106.108.0/24 maxlen: 24
89.32.125.0/24 maxlen: 24
89.32.130.0/23 maxlen: 24
89.37.58.0/24 maxlen: 24
89.40.41.0/24 maxlen: 24
89.40.164.0/23 maxlen: 24
89.42.52.0/23 maxlen: 24
89.47.38.0/23 maxlen: 24
89.47.43.0/24 maxlen: 24
89.47.48.0/22 maxlen: 24
89.200.240.0/23 maxlen: 24
91.198.23.0/24 maxlen: 24
91.214.188.0/22 maxlen: 24
91.216.138.0/24 maxlen: 24
91.223.183.0/24 maxlen: 24
91.227.33.0/24 maxlen: 24
91.229.228.0/24 maxlen: 24
91.238.148.0/23 maxlen: 24
93.114.84.0/24 maxlen: 24
93.180.208.0/22 maxlen: 24
94.177.6.0/23 maxlen: 24
94.177.23.0/24 maxlen: 24
176.126.198.0/23 maxlen: 24
188.210.254.0/24 maxlen: 24
188.213.128.0/22 maxlen: 24
188.214.89.0/24 maxlen: 24
188.215.76.0/23 maxlen: 24
188.241.59.0/24 maxlen: 24
193.33.94.0/23 maxlen: 24
193.36.44.0/24 maxlen: 24
193.37.136.0/24 maxlen: 24
193.39.119.0/24 maxlen: 24
193.93.40.0/22 maxlen: 24
193.105.176.0/24 maxlen: 24
193.108.52.0/22 maxlen: 24
193.138.97.0/24 maxlen: 24
193.169.8.0/23 maxlen: 24
193.192.44.0/23 maxlen: 24
193.192.52.0/23 maxlen: 24
193.239.172.0/23 maxlen: 24
193.239.246.0/23 maxlen: 24
194.8.81.0/24 maxlen: 24
194.24.234.0/23 maxlen: 24
194.42.100.0/23 maxlen: 24
194.88.134.0/23 maxlen: 24
194.106.204.0/23 maxlen: 24
194.106.212.0/23 maxlen: 24
194.140.235.0/24 maxlen: 24
194.246.106.0/23 maxlen: 24
195.2.196.0/23 maxlen: 24
195.13.48.0/23 maxlen: 24
195.34.80.0/23 maxlen: 24
195.42.232.0/22 maxlen: 24
195.93.140.0/23 maxlen: 24
195.128.188.0/23 maxlen: 24
195.135.192.0/23 maxlen: 24
195.189.176.0/24 maxlen: 24
195.189.186.0/23 maxlen: 24
195.189.250.0/23 maxlen: 24
195.210.44.0/23 maxlen: 24
195.254.140.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:f8:ce:f1:dd:e3:8e:c7:73:ce:6a:dd:16:3d:0c:de:cf
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Validity
Not Before: Mar 1 06:58:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=278cbcde2804307421e32c8c428169a8ddcec306
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:8f:78:b7:bf:fa:e0:b7:79:b1:ef:57:ce:89:
7e:61:bc:b0:40:4b:13:41:d4:28:31:c7:cf:cb:0f:
27:3c:f2:cf:b2:8b:38:c0:0f:8b:da:8a:69:99:02:
32:55:d3:15:9a:a7:10:76:7c:eb:74:70:e7:43:43:
36:e8:98:b1:9c:a4:ed:3a:3c:73:d7:60:ab:a6:7e:
0e:05:73:cb:93:3f:91:4b:cb:c4:40:96:bc:79:1a:
3c:20:1c:62:a9:ba:c4:d3:e1:89:bf:bb:60:1b:3d:
0e:7c:cd:b8:52:1b:f0:36:7d:d3:3f:50:d7:8d:61:
c7:49:ef:c2:22:d1:90:17:19:9d:f3:ef:5d:0d:99:
eb:ac:3b:03:e7:c0:6d:4a:c2:1a:e5:af:ec:0b:84:
66:b6:3f:1a:13:dc:4e:57:92:84:c0:6f:96:0c:59:
af:bb:8f:5f:84:7d:03:70:f6:2f:2b:d9:01:61:20:
af:5d:81:d4:29:ec:a4:18:ca:b0:f4:64:9f:a0:af:
50:68:fe:ea:a5:05:3d:82:de:5b:03:56:70:b0:1c:
c9:c0:18:56:0b:56:ec:cd:14:37:9e:b0:28:11:03:
eb:7a:00:07:c0:f1:46:5e:f5:f7:0b:73:ea:fd:0b:
f4:ea:c8:2b:4f:a3:20:2e:66:60:b5:72:9d:6c:71:
27:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
27:8C:BC:DE:28:04:30:74:21:E3:2C:8C:42:81:69:A8:DD:CE:C3:06
X509v3 Authority Key Identifier:
keyid:3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/J4y83igEMHQh4yyMQoFpqN3OwwY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.14.76.0/22
46.102.105.0/24
46.102.118.0/23
46.247.144.0/20
77.223.214.0/23
79.139.80.0/23
86.104.72.0/22
86.105.241.0/24
86.106.108.0/24
89.32.125.0/24
89.32.130.0/23
89.37.58.0/24
89.40.41.0/24
89.40.164.0/23
89.42.52.0/23
89.47.38.0/23
89.47.43.0/24
89.47.48.0/22
89.200.240.0/23
91.198.23.0/24
91.214.188.0/22
91.216.138.0/24
91.223.183.0/24
91.227.33.0/24
91.229.228.0/24
91.238.148.0/23
93.114.84.0/24
93.180.208.0/22
94.177.6.0/23
94.177.23.0/24
176.126.198.0/23
188.210.254.0/24
188.213.128.0/22
188.214.89.0/24
188.215.76.0/23
188.241.59.0/24
193.33.94.0/23
193.36.44.0/24
193.37.136.0/24
193.39.119.0/24
193.93.40.0/22
193.105.176.0/24
193.108.52.0/22
193.138.97.0/24
193.169.8.0/23
193.192.44.0/23
193.192.52.0/23
193.239.172.0/23
193.239.246.0/23
194.8.81.0/24
194.24.234.0/23
194.42.100.0/23
194.88.134.0/23
194.106.204.0/23
194.106.212.0/23
194.140.235.0/24
194.246.106.0/23
195.2.196.0/23
195.13.48.0/23
195.34.80.0/23
195.42.232.0/22
195.93.140.0/23
195.128.188.0/23
195.135.192.0/23
195.189.176.0/24
195.189.186.0/23
195.189.250.0/23
195.210.44.0/23
195.254.140.0/23
Signature Algorithm: sha256WithRSAEncryption
1d:5e:38:7c:1f:20:a7:0a:8d:69:9a:69:72:7e:1a:db:7c:b1:
73:13:a4:6a:11:5d:14:91:48:38:26:3e:74:a4:c7:43:cc:38:
c6:c6:bf:2a:6a:e6:3b:59:15:70:e3:63:2f:c7:de:01:b9:5f:
61:64:e1:a7:59:99:a3:aa:9f:fd:13:1f:41:c8:28:73:0c:42:
2f:f5:ad:1b:d2:fa:96:58:c4:e4:2c:f2:30:ca:ee:3a:12:55:
a9:6e:41:f1:8e:e8:4d:ca:fd:2f:12:2c:56:cb:8e:1f:ef:45:
d5:e6:88:39:71:bc:8a:25:45:42:c5:65:0a:59:4b:25:f4:c1:
53:db:1b:0d:59:78:b6:38:d1:5a:25:27:52:a4:b1:28:49:ee:
8c:9b:ab:bd:f4:b9:b2:a9:ec:23:99:c6:18:2f:6a:65:35:0d:
a5:62:5f:20:2a:19:d4:2a:3c:dd:01:76:8c:e1:78:96:b1:5a:
49:98:6e:8c:be:c6:2d:3c:d6:9e:fe:93:4d:47:97:0b:b4:5b:
bc:52:35:44:2b:4c:3f:0d:64:72:02:93:1b:b4:49:38:66:fe:
c7:c0:e0:44:3f:dc:31:45:91:6b:66:cd:95:18:0e:02:ba:9f:
6a:ab:5e:ae:ae:89:59:dd:ed:1d:52:b3:d9:e6:34:6c:2a:3d:
9b:85:a2:74
-----BEGIN CERTIFICATE-----
MIIGnzCCBYegAwIBAgISAY34zvHd447Hc85q3RY9DN7PMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWYzMmQwY2ZhN2E4NmQzMGU3ZTExYTczZWJiZDBiMjRk
YmY0MWYwHhcNMjQwMzAxMDY1ODQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNzhjYmNkZTI4MDQzMDc0MjFlMzJjOGM0MjgxNjlhOGRkY2VjMzA2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAso94t7/64Ld5se9Xzol+YbywQEsT
QdQoMcfPyw8nPPLPsos4wA+L2oppmQIyVdMVmqcQdnzrdHDnQ0M26JixnKTtOjxz
12Crpn4OBXPLkz+RS8vEQJa8eRo8IBxiqbrE0+GJv7tgGz0OfM24UhvwNn3TP1DX
jWHHSe/CItGQFxmd8+9dDZnrrDsD58BtSsIa5a/sC4Rmtj8aE9xOV5KEwG+WDFmv
u49fhH0DcPYvK9kBYSCvXYHUKeykGMqw9GSfoK9QaP7qpQU9gt5bA1ZwsBzJwBhW
C1bszRQ3nrAoEQPregAHwPFGXvX3C3Pq/Qv06sgrT6MgLmZgtXKdbHEncQIDAQAB
o4IDqzCCA6cwHQYDVR0OBBYEFCeMvN4oBDB0IeMsjEKBaajdzsMGMB8GA1UdIwQY
MBaAFD4fMtDPp6htMOfhGnPrvQsk2/QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUt
NjA2OGMwNGQxYmUwLzEvSjR5ODNpZ0VNSFFoNHl5TVFvRnBxTjNPd3dZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUtNjA2OGMwNGQxYmUw
LzEvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBvwYIKwYBBQUHAQcBAf8EggGuMIIBqjCCAaYEAgABMIIB
ngMEAi0OTAMEAC5maQMEAS5mdgMEBC73kAMEAU3f1gMEAU+LUAMEAlZoSAMEAFZp
8QMEAFZqbAMEAFkgfQMEAVkgggMEAFklOgMEAFkoKQMEAVkopAMEAVkqNAMEAVkv
JgMEAFkvKwMEAlkvMAMEAVnI8AMEAFvGFwMEAlvWvAMEAFvYigMEAFvftwMEAFvj
IQMEAFvl5AMEAVvulAMEAF1yVAMEAl200AMEAV6xBgMEAF6xFwMEAbB+xgMEALzS
/gMEArzVgAMEALzWWQMEAbzXTAMEALzxOwMEAcEhXgMEAMEkLAMEAMEliAMEAMEn
dwMEAsFdKAMEAMFpsAMEAsFsNAMEAMGKYQMEAcGpCAMEAcHALAMEAcHANAMEAcHv
rAMEAcHv9gMEAMIIUQMEAcIY6gMEAcIqZAMEAcJYhgMEAcJqzAMEAcJq1AMEAMKM
6wMEAcL2agMEAcMCxAMEAcMNMAMEAcMiUAMEAsMq6AMEAcNdjAMEAcOAvAMEAcOH
wAMEAMO9sAMEAcO9ugMEAcO9+gMEAcPSLAMEAcP+jDANBgkqhkiG9w0BAQsFAAOC
AQEAHV44fB8gpwqNaZppcn4a23yxcxOkahFdFJFIOCY+dKTHQ8w4xsa/KmrmO1kV
cONjL8feAblfYWThp1mZo6qf/RMfQcgocwxCL/WtG9L6lljE5CzyMMruOhJVqW5B
8Y7oTcr9LxIsVsuOH+9F1eaIOXG8iiVFQsVlCllLJfTBU9sbDVl4tjjRWiUnUqSx
KEnujJurvfS5sqnsI5nGGC9qZTUNpWJfICoZ1Co83QF2jOF4lrFaSZhujL7GLTzW
nv6TTUeXC7RbvFI1RCtMPw1kcgKTG7RJOGb+x8DgRD/cMUWRa2bNlRgOArqfaqte
rq6JWd3tHVKz2eY0bCo9m4WidA==
-----END CERTIFICATE-----
Generated at Tue Mar 5 17:44:37 2024 by rpki-client on console-fra.rpki-client.org