Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Mpzgg6tWQfugHxfq3O29koReq3k.roa
File: Mpzgg6tWQfugHxfq3O29koReq3k.roa (raw, json)
Hash identifier: KNtnPH9wJsSOsaoGG5+T+9QP91TSjhuEu9xmIjX3WTA=
Subject key identifier: 32:9C:E0:83:AB:56:41:FB:A0:1F:17:EA:DC:ED:BD:92:84:5E:AB:79
Certificate issuer: /CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Certificate serial: 018E60DC91FBE337A43A699180E83EA23083
Authority key identifier: 3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Mpzgg6tWQfugHxfq3O29koReq3k.roa
Signing time: Thu 21 Mar 2024 11:54:11 +0000
ROA not before: Thu 21 Mar 2024 11:54:11 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 208913
IP address blocks: 46.102.105.0/24 maxlen: 24
46.102.118.0/23 maxlen: 24
46.247.144.0/20 maxlen: 24
77.223.214.0/23 maxlen: 24
79.139.80.0/23 maxlen: 24
86.105.241.0/24 maxlen: 24
86.106.108.0/24 maxlen: 24
89.32.125.0/24 maxlen: 24
89.32.130.0/23 maxlen: 24
89.37.58.0/24 maxlen: 24
89.40.41.0/24 maxlen: 24
89.40.164.0/23 maxlen: 24
89.42.52.0/23 maxlen: 24
89.47.38.0/23 maxlen: 24
89.47.43.0/24 maxlen: 24
89.200.240.0/23 maxlen: 24
91.198.23.0/24 maxlen: 24
91.216.138.0/24 maxlen: 24
91.227.33.0/24 maxlen: 24
91.229.228.0/24 maxlen: 24
91.238.148.0/23 maxlen: 24
93.114.84.0/24 maxlen: 24
93.180.208.0/22 maxlen: 24
94.177.6.0/23 maxlen: 24
94.177.23.0/24 maxlen: 24
176.126.198.0/23 maxlen: 24
188.210.254.0/24 maxlen: 24
188.214.89.0/24 maxlen: 24
188.215.76.0/23 maxlen: 24
188.241.59.0/24 maxlen: 24
193.36.44.0/24 maxlen: 24
193.37.136.0/24 maxlen: 24
193.39.119.0/24 maxlen: 24
193.93.40.0/22 maxlen: 24
193.105.176.0/24 maxlen: 24
193.169.8.0/23 maxlen: 24
193.192.44.0/23 maxlen: 24
193.192.52.0/23 maxlen: 24
193.239.172.0/23 maxlen: 24
193.239.246.0/23 maxlen: 24
194.8.81.0/24 maxlen: 24
194.24.234.0/23 maxlen: 24
194.42.100.0/23 maxlen: 24
194.88.134.0/23 maxlen: 24
194.106.204.0/23 maxlen: 24
194.106.212.0/23 maxlen: 24
194.140.235.0/24 maxlen: 24
194.246.106.0/23 maxlen: 24
195.2.196.0/23 maxlen: 24
195.13.48.0/23 maxlen: 24
195.34.80.0/23 maxlen: 24
195.42.232.0/22 maxlen: 24
195.93.140.0/23 maxlen: 24
195.128.188.0/23 maxlen: 24
195.135.192.0/23 maxlen: 24
195.189.176.0/24 maxlen: 24
195.189.186.0/23 maxlen: 24
195.189.250.0/23 maxlen: 24
195.210.44.0/23 maxlen: 24
195.254.140.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:60:dc:91:fb:e3:37:a4:3a:69:91:80:e8:3e:a2:30:83
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3e1f32d0cfa7a86d30e7e11a73ebbd0b24dbf41f
Validity
Not Before: Mar 21 11:54:11 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=329ce083ab5641fba01f17eadcedbd92845eab79
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c4:4d:e9:2d:6a:bd:43:01:d9:21:e6:34:3f:38:
c7:a0:44:a0:43:e0:47:cd:97:07:cc:55:da:83:9c:
35:21:52:8b:35:8d:f1:31:62:3e:86:37:6f:cb:6b:
b9:36:f4:ad:c6:b5:31:9c:73:5e:e4:4a:ea:e5:4d:
07:15:c8:9b:ea:be:bb:95:bc:51:06:35:ca:a3:8a:
01:13:0d:0d:55:a3:6c:11:47:e3:ec:e7:9a:33:90:
0d:08:93:97:ff:d2:27:c1:52:60:75:43:db:d5:a8:
5e:b9:eb:ae:bb:ab:d0:93:cb:5d:72:9d:35:60:0b:
71:cd:dd:18:3b:0e:14:cb:8c:b7:29:06:6c:65:d0:
ce:99:e4:1a:bf:84:b1:b9:32:85:89:70:bf:21:82:
43:dc:a2:38:be:04:d3:78:70:a4:1d:d7:cd:3e:e9:
ed:97:04:2b:eb:09:87:d0:f6:38:44:1a:a2:ed:42:
2b:45:c1:93:1f:72:cb:6a:38:07:d0:ef:3a:20:35:
5a:21:3e:c0:ad:d4:be:18:70:d2:2a:ec:86:9b:ab:
4b:8f:b7:b5:3f:77:5a:45:3f:b2:b4:27:5c:e4:c7:
cb:7f:c9:53:5f:1a:2c:c4:8e:bb:b2:49:d1:17:0a:
33:18:61:09:64:c9:ef:df:3e:0f:f0:89:07:9a:77:
56:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
32:9C:E0:83:AB:56:41:FB:A0:1F:17:EA:DC:ED:BD:92:84:5E:AB:79
X509v3 Authority Key Identifier:
keyid:3E:1F:32:D0:CF:A7:A8:6D:30:E7:E1:1A:73:EB:BD:0B:24:DB:F4:1F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Mpzgg6tWQfugHxfq3O29koReq3k.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/de/5f048b-2df3-4140-9f4e-6068c04d1be0/1/Ph8y0M-nqG0w5-Eac-u9CyTb9B8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.102.105.0/24
46.102.118.0/23
46.247.144.0/20
77.223.214.0/23
79.139.80.0/23
86.105.241.0/24
86.106.108.0/24
89.32.125.0/24
89.32.130.0/23
89.37.58.0/24
89.40.41.0/24
89.40.164.0/23
89.42.52.0/23
89.47.38.0/23
89.47.43.0/24
89.200.240.0/23
91.198.23.0/24
91.216.138.0/24
91.227.33.0/24
91.229.228.0/24
91.238.148.0/23
93.114.84.0/24
93.180.208.0/22
94.177.6.0/23
94.177.23.0/24
176.126.198.0/23
188.210.254.0/24
188.214.89.0/24
188.215.76.0/23
188.241.59.0/24
193.36.44.0/24
193.37.136.0/24
193.39.119.0/24
193.93.40.0/22
193.105.176.0/24
193.169.8.0/23
193.192.44.0/23
193.192.52.0/23
193.239.172.0/23
193.239.246.0/23
194.8.81.0/24
194.24.234.0/23
194.42.100.0/23
194.88.134.0/23
194.106.204.0/23
194.106.212.0/23
194.140.235.0/24
194.246.106.0/23
195.2.196.0/23
195.13.48.0/23
195.34.80.0/23
195.42.232.0/22
195.93.140.0/23
195.128.188.0/23
195.135.192.0/23
195.189.176.0/24
195.189.186.0/23
195.189.250.0/23
195.210.44.0/23
195.254.140.0/23
Signature Algorithm: sha256WithRSAEncryption
b6:a5:2c:d8:0d:ea:e5:c7:a4:83:30:0b:73:d7:17:43:02:82:
fe:69:f1:0a:99:e6:72:a7:2e:58:df:a2:af:74:db:82:d6:52:
3f:48:9c:07:8b:1b:42:82:d0:15:54:a7:c0:de:a9:f8:7c:de:
c9:b5:ca:ff:05:19:f4:98:95:c5:4d:ff:01:96:9a:d7:52:2b:
bd:b7:fc:40:2b:f3:20:a6:c6:b0:d3:d2:31:27:77:e7:44:e6:
fb:7f:d1:20:23:a9:29:2d:5f:91:36:79:d4:da:db:8d:dc:f7:
85:da:d9:56:85:eb:1a:fe:d6:1d:26:1a:db:96:a6:07:0f:cc:
65:43:e5:29:3e:c2:68:c8:12:81:89:23:f9:8d:8d:dc:df:08:
81:3b:5d:15:32:ed:d1:b6:2f:8f:d0:f5:6e:04:26:c1:21:e4:
a2:e5:af:eb:b9:b8:cd:db:06:94:45:f8:b9:2b:00:f3:3d:95:
92:81:2a:66:9e:53:e4:63:b3:e2:73:fe:41:ec:fc:2c:f6:a8:
cd:34:2c:5b:c6:6d:8e:a4:27:d5:0c:28:25:97:25:6b:d3:e9:
39:76:db:d6:c4:64:c0:95:f5:43:54:52:69:8e:e0:9e:5a:73:
31:a3:22:96:1f:4f:1b:b7:18:a4:8c:40:83:89:4e:f0:7b:7c:
c7:44:3d:7d
-----BEGIN CERTIFICATE-----
MIIGaTCCBVGgAwIBAgISAY5g3JH74zekOmmRgOg+ojCDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNlMWYzMmQwY2ZhN2E4NmQzMGU3ZTExYTczZWJiZDBiMjRk
YmY0MWYwHhcNMjQwMzIxMTE1NDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzMjljZTA4M2FiNTY0MWZiYTAxZjE3ZWFkY2VkYmQ5Mjg0NWVhYjc5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxE3pLWq9QwHZIeY0PzjHoESgQ+BH
zZcHzFXag5w1IVKLNY3xMWI+hjdvy2u5NvStxrUxnHNe5Erq5U0HFcib6r67lbxR
BjXKo4oBEw0NVaNsEUfj7OeaM5ANCJOX/9InwVJgdUPb1aheueuuu6vQk8tdcp01
YAtxzd0YOw4Uy4y3KQZsZdDOmeQav4SxuTKFiXC/IYJD3KI4vgTTeHCkHdfNPunt
lwQr6wmH0PY4RBqi7UIrRcGTH3LLajgH0O86IDVaIT7ArdS+GHDSKuyGm6tLj7e1
P3daRT+ytCdc5MfLf8lTXxosxI67sknRFwozGGEJZMnv3z4P8IkHmndW9wIDAQAB
o4IDdTCCA3EwHQYDVR0OBBYEFDKc4IOrVkH7oB8X6tztvZKEXqt5MB8GA1UdIwQY
MBaAFD4fMtDPp6htMOfhGnPrvQsk2/QfMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUt
NjA2OGMwNGQxYmUwLzEvTXB6Z2c2dFdRZnVnSHhmcTNPMjlrb1JlcTNrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZS81ZjA0OGItMmRmMy00MTQwLTlmNGUtNjA2OGMwNGQxYmUw
LzEvUGg4eTBNLW5xRzB3NS1FYWMtdTlDeVRiOUI4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBiQYIKwYBBQUHAQcBAf8EggF4MIIBdDCCAXAEAgABMIIB
aAMEAC5maQMEAS5mdgMEBC73kAMEAU3f1gMEAU+LUAMEAFZp8QMEAFZqbAMEAFkg
fQMEAVkgggMEAFklOgMEAFkoKQMEAVkopAMEAVkqNAMEAVkvJgMEAFkvKwMEAVnI
8AMEAFvGFwMEAFvYigMEAFvjIQMEAFvl5AMEAVvulAMEAF1yVAMEAl200AMEAV6x
BgMEAF6xFwMEAbB+xgMEALzS/gMEALzWWQMEAbzXTAMEALzxOwMEAMEkLAMEAMEl
iAMEAMEndwMEAsFdKAMEAMFpsAMEAcGpCAMEAcHALAMEAcHANAMEAcHvrAMEAcHv
9gMEAMIIUQMEAcIY6gMEAcIqZAMEAcJYhgMEAcJqzAMEAcJq1AMEAMKM6wMEAcL2
agMEAcMCxAMEAcMNMAMEAcMiUAMEAsMq6AMEAcNdjAMEAcOAvAMEAcOHwAMEAMO9
sAMEAcO9ugMEAcO9+gMEAcPSLAMEAcP+jDANBgkqhkiG9w0BAQsFAAOCAQEAtqUs
2A3q5cekgzALc9cXQwKC/mnxCpnmcqcuWN+ir3TbgtZSP0icB4sbQoLQFVSnwN6p
+HzeybXK/wUZ9JiVxU3/AZaa11Irvbf8QCvzIKbGsNPSMSd350Tm+3/RICOpKS1f
kTZ51Nrbjdz3hdrZVoXrGv7WHSYa25amBw/MZUPlKT7CaMgSgYkj+Y2N3N8IgTtd
FTLt0bYvj9D1bgQmwSHkouWv67m4zdsGlEX4uSsA8z2VkoEqZp5T5GOz4nP+Qez8
LPaozTQsW8ZtjqQn1QwoJZcla9PpOXbb1sRkwJX1Q1RSaY7gnlpzMaMilh9PG7cY
pIxAg4lO8Ht8x0Q9fQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:48:05 2024 by rpki-client on console-ams.rpki-client.org