Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/TRMBLRStwqcWoUYRKktFlna_8qU.roa
File: TRMBLRStwqcWoUYRKktFlna_8qU.roa (raw, json)
Hash identifier: sqat5K2BISjyEQ8wR9DT1fA+wdeNDBoqkueN/oZ7vtU=
Subject key identifier: 4D:13:01:2D:14:AD:C2:A7:16:A1:46:11:2A:4B:45:96:76:BF:F2:A5
Certificate issuer: /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial: 0186B76E3FE24AD728E33F806DFE6EEB06C1
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/TRMBLRStwqcWoUYRKktFlna_8qU.roa
Signing time: Mon 06 Mar 2023 14:58:21 +0000
ROA not before: Mon 06 Mar 2023 14:58:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 5430
IP address blocks: 194.97.46.0/23 maxlen: 24
194.97.58.0/24 maxlen: 24
194.97.0.0/18 maxlen: 18
194.97.120.0/23 maxlen: 23
194.97.119.0/24 maxlen: 24
194.97.122.0/24 maxlen: 24
62.104.56.0/24 maxlen: 24
62.104.66.0/23 maxlen: 23
194.97.160.0/19 maxlen: 19
62.104.95.0/24 maxlen: 24
62.104.96.0/21 maxlen: 22
62.104.96.0/22 maxlen: 22
194.97.164.0/22 maxlen: 22
62.104.104.0/22 maxlen: 22
62.104.0.0/16 maxlen: 16
62.104.10.0/23 maxlen: 23
62.104.12.0/22 maxlen: 22
62.104.16.0/24 maxlen: 24
62.104.17.0/24 maxlen: 24
62.104.20.0/23 maxlen: 24
62.104.18.0/24 maxlen: 24
194.97.96.0/24 maxlen: 24
194.97.96.0/19 maxlen: 19
194.97.102.0/24 maxlen: 24
62.104.48.0/23 maxlen: 23
194.97.118.0/24 maxlen: 24
62.104.50.0/24 maxlen: 24
62.104.46.0/23 maxlen: 23
62.104.45.0/24 maxlen: 24
89.49.127.0/24 maxlen: 24
89.49.126.0/24 maxlen: 24
89.48.0.0/13 maxlen: 24
195.4.70.0/24 maxlen: 24
195.4.71.0/24 maxlen: 24
195.4.104.0/22 maxlen: 22
195.4.234.0/23 maxlen: 24
195.4.176.0/24 maxlen: 24
62.104.164.0/24 maxlen: 24
62.104.164.0/22 maxlen: 22
62.104.168.0/22 maxlen: 22
62.104.172.0/23 maxlen: 23
62.104.174.0/24 maxlen: 24
62.104.175.0/24 maxlen: 24
62.104.176.0/22 maxlen: 22
62.104.182.0/24 maxlen: 24
194.97.192.0/18 maxlen: 18
195.4.0.0/16 maxlen: 16
195.4.16.0/24 maxlen: 24
195.4.16.0/22 maxlen: 22
195.4.28.0/23 maxlen: 23
195.4.27.0/24 maxlen: 24
195.4.43.0/24 maxlen: 24
2001:748::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:b7:6e:3f:e2:4a:d7:28:e3:3f:80:6d:fe:6e:eb:06:c1
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Validity
Not Before: Mar 6 14:58:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4d13012d14adc2a716a146112a4b459676bff2a5
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8d:40:cb:bd:c3:d9:a4:a6:81:c7:c2:85:9f:1a:
f7:5c:4f:df:74:41:2a:5e:aa:aa:96:bc:93:d8:ba:
2e:45:03:1e:27:61:a7:6f:b8:b8:ea:79:4b:23:a3:
c0:a2:a0:63:f4:08:4a:df:bd:c1:1a:24:b3:bd:41:
3d:75:73:f2:08:7d:69:f9:d1:f7:76:2c:b0:d9:7a:
c7:c3:a0:db:04:34:73:24:76:f5:7f:7c:c6:44:37:
c0:77:b4:0b:4b:24:54:77:d6:94:4d:5b:11:0c:bc:
8b:79:e6:f5:16:71:f2:14:26:47:1f:9e:60:59:65:
92:0c:b8:09:94:69:3b:ee:2e:3e:94:fd:55:39:b1:
e5:ca:40:f4:7b:05:09:25:ad:98:c5:12:32:68:41:
b2:6f:3b:ed:17:98:db:c9:56:9a:20:a7:d1:76:75:
33:91:7a:a7:23:8d:48:00:8c:8d:ca:ef:65:47:7b:
c8:22:5a:e5:d0:d3:98:94:c3:a9:a6:3a:0b:fe:19:
19:bd:67:32:1d:59:69:60:79:af:42:72:55:bb:40:
af:83:7f:cd:1d:24:80:70:d2:b3:89:7b:88:e0:39:
dd:7f:94:05:21:35:69:2c:3c:4d:08:10:34:72:73:
b7:8a:71:00:38:4d:6c:01:07:c2:9f:bd:e9:e7:00:
9c:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:13:01:2D:14:AD:C2:A7:16:A1:46:11:2A:4B:45:96:76:BF:F2:A5
X509v3 Authority Key Identifier:
keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/TRMBLRStwqcWoUYRKktFlna_8qU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.104.0.0/16
89.48.0.0/13
194.97.0.0/18
194.97.96.0/19
194.97.160.0-194.97.255.255
195.4.0.0/16
IPv6:
2001:748::/32
Signature Algorithm: sha256WithRSAEncryption
22:0f:9d:ac:9e:7f:9b:06:59:c5:4d:75:02:ee:47:64:37:fd:
54:8b:ca:36:25:34:84:f2:db:80:dc:1b:c8:cd:cf:d7:7f:21:
85:3b:1c:ac:6a:b6:8c:66:a2:34:b7:0e:e5:03:10:87:70:9c:
4b:1b:e5:3d:8b:60:83:ac:90:30:89:3a:b0:99:2c:f3:b5:ea:
9d:a9:3a:d1:ef:17:46:b9:5d:fa:04:2e:6b:bb:da:63:7d:5f:
6d:d5:aa:9c:22:f1:17:e7:a4:a9:8f:d9:95:66:b2:7d:22:f3:
78:84:74:71:32:60:df:42:6b:e2:99:dd:58:b2:ac:14:2d:e9:
9f:69:fb:ba:ab:43:93:27:02:9c:fe:6c:7b:18:53:e9:c2:b6:
09:87:64:34:df:9e:c0:53:48:0c:e7:db:82:93:89:4c:39:b6:
0f:34:5c:5f:4a:89:e8:a3:92:ae:32:3c:f7:fe:33:06:d5:ac:
fd:19:6b:6c:f0:62:35:13:88:80:d6:de:e8:d0:53:c7:65:22:
ef:21:a6:7f:da:4e:3b:e2:5a:ac:22:90:a0:64:ca:f5:c8:94:
51:22:7a:d7:87:06:ca:36:d9:48:20:e1:ce:07:32:65:5f:db:
08:bf:f9:20:68:9d:ef:b3:11:ac:62:80:f4:fe:d1:54:e7:a7:
30:72:11:5d
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYa3bj/iStco4z+Abf5u6wbBMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjMwMzA2MTQ1ODIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDEzMDEyZDE0YWRjMmE3MTZhMTQ2MTEyYTRiNDU5Njc2YmZmMmE1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjUDLvcPZpKaBx8KFnxr3XE/fdEEq
XqqqlryT2LouRQMeJ2Gnb7i46nlLI6PAoqBj9AhK373BGiSzvUE9dXPyCH1p+dH3
diyw2XrHw6DbBDRzJHb1f3zGRDfAd7QLSyRUd9aUTVsRDLyLeeb1FnHyFCZHH55g
WWWSDLgJlGk77i4+lP1VObHlykD0ewUJJa2YxRIyaEGybzvtF5jbyVaaIKfRdnUz
kXqnI41IAIyNyu9lR3vIIlrl0NOYlMOppjoL/hkZvWcyHVlpYHmvQnJVu0Cvg3/N
HSSAcNKziXuI4Dndf5QFITVpLDxNCBA0cnO3inEAOE1sAQfCn73p5wCciwIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFE0TAS0UrcKnFqFGESpLRZZ2v/KlMB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvVFJNQkxSU3R3cWNXb1VZUktrdEZsbmFfOHFVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAuBAIAATAoAwMAPmgDAwNZ
MAMEBsJhAAMEBcJhYDALAwQFwmGgAwMBwmADAwDDBDANBAIAAjAHAwUAIAEHSDAN
BgkqhkiG9w0BAQsFAAOCAQEAIg+drJ5/mwZZxU11Au5HZDf9VIvKNiU0hPLbgNwb
yM3P138hhTscrGq2jGaiNLcO5QMQh3CcSxvlPYtgg6yQMIk6sJks87Xqnak60e8X
Rrld+gQua7vaY31fbdWqnCLxF+ekqY/ZlWayfSLzeIR0cTJg30Jr4pndWLKsFC3p
n2n7uqtDkycCnP5sexhT6cK2CYdkNN+ewFNIDOfbgpOJTDm2DzRcX0qJ6KOSrjI8
9/4zBtWs/RlrbPBiNROIgNbe6NBTx2Ui7yGmf9pOO+JarCKQoGTK9ciUUSJ614cG
yjbZSCDhzgcyZV/bCL/5IGid77MRrGKA9P7RVOenMHIRXQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:53 2024 by rpki-client on console-ams.rpki-client.org