Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/XfQm1oZCoBBpiCVVgs-LbQlk3HM.roa
File: XfQm1oZCoBBpiCVVgs-LbQlk3HM.roa (raw, json)
Hash identifier: My0p0bQA1Z/XsdPN+1Tc234ClLcbg5w0w3ofVfNBa9c=
Subject key identifier: 5D:F4:26:D6:86:42:A0:10:69:88:25:55:82:CF:8B:6D:09:64:DC:73
Certificate issuer: /CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Certificate serial: 0186509AE19005EFDD6449609C809F017E9B
Authority key identifier: AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/XfQm1oZCoBBpiCVVgs-LbQlk3HM.roa
Signing time: Tue 14 Feb 2023 15:46:12 +0000
ROA not before: Tue 14 Feb 2023 15:46:12 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 5430
IP address blocks: 194.97.46.0/23 maxlen: 24
194.97.58.0/24 maxlen: 24
194.97.0.0/18 maxlen: 18
194.97.119.0/24 maxlen: 24
62.104.56.0/24 maxlen: 24
62.104.66.0/23 maxlen: 23
194.97.160.0/19 maxlen: 19
62.104.95.0/24 maxlen: 24
62.104.96.0/22 maxlen: 22
194.97.164.0/22 maxlen: 22
62.104.104.0/22 maxlen: 22
194.97.167.0/24 maxlen: 24
194.97.168.0/24 maxlen: 24
62.104.0.0/16 maxlen: 16
62.104.8.0/21 maxlen: 21
62.104.16.0/24 maxlen: 24
62.104.17.0/24 maxlen: 24
62.104.20.0/24 maxlen: 24
62.104.20.0/23 maxlen: 23
62.104.18.0/23 maxlen: 23
194.97.96.0/24 maxlen: 24
194.97.96.0/19 maxlen: 19
194.97.102.0/24 maxlen: 24
62.104.48.0/23 maxlen: 23
194.97.118.0/24 maxlen: 24
62.104.50.0/24 maxlen: 24
62.104.46.0/23 maxlen: 23
62.104.45.0/24 maxlen: 24
89.49.127.0/24 maxlen: 24
89.49.126.0/24 maxlen: 24
89.48.0.0/13 maxlen: 24
195.4.70.0/24 maxlen: 24
195.4.71.0/24 maxlen: 24
195.4.104.0/22 maxlen: 22
195.4.234.0/23 maxlen: 24
195.4.176.0/24 maxlen: 24
62.104.164.0/24 maxlen: 24
62.104.164.0/22 maxlen: 22
62.104.168.0/22 maxlen: 22
62.104.172.0/23 maxlen: 23
62.104.174.0/24 maxlen: 24
62.104.175.0/24 maxlen: 24
62.104.176.0/22 maxlen: 22
62.104.178.0/24 maxlen: 24
62.104.182.0/24 maxlen: 24
194.97.192.0/18 maxlen: 18
195.4.0.0/16 maxlen: 16
195.4.16.0/24 maxlen: 24
195.4.16.0/22 maxlen: 22
195.4.28.0/23 maxlen: 23
195.4.27.0/24 maxlen: 24
195.4.43.0/24 maxlen: 24
2001:748::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:50:9a:e1:90:05:ef:dd:64:49:60:9c:80:9f:01:7e:9b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=af801984cc38f0a4fc5afe1adeab680c1b89e95b
Validity
Not Before: Feb 14 15:46:12 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5df426d68642a0106988255582cf8b6d0964dc73
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:87:a3:83:8d:31:88:16:51:10:78:48:b8:e1:95:
2c:b3:31:97:e7:78:53:f7:75:0d:f8:50:d6:0a:c9:
69:ef:d7:57:a9:28:d8:57:f4:d4:0e:0b:c5:17:47:
0f:aa:5e:dd:6e:f0:f3:ac:ab:62:68:a6:9a:f1:0a:
5f:81:e1:74:f2:09:44:05:6a:8b:76:fe:53:32:39:
e1:de:5b:da:e9:56:1c:50:dc:f9:1e:dc:2e:32:0a:
4d:d4:f7:b6:0d:83:5e:a9:0e:64:32:15:19:5f:da:
c1:8b:da:ee:36:d0:58:cf:0c:83:0c:e8:ef:4e:88:
b1:88:3a:3a:ff:02:e3:d4:aa:d5:a3:50:5c:f4:d9:
1b:75:88:47:73:28:19:9c:16:c2:c2:e6:6b:5b:59:
ec:39:55:48:b1:34:e0:6a:d4:48:e3:58:90:c0:40:
c2:02:5e:46:0a:02:c8:6d:e5:8c:44:51:85:1a:96:
ba:bb:8f:d7:7a:04:dc:b1:7e:f9:b2:dd:6f:43:29:
37:a9:d0:96:6a:1a:3e:f4:0e:ba:bc:ca:ce:f1:48:
71:f5:83:35:b6:68:72:96:df:f6:21:53:38:07:f0:
87:86:8e:7e:23:f4:76:b8:46:c6:23:2a:1d:0c:51:
11:61:85:72:76:73:a9:34:0e:18:f4:42:48:07:7a:
72:f9
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5D:F4:26:D6:86:42:A0:10:69:88:25:55:82:CF:8B:6D:09:64:DC:73
X509v3 Authority Key Identifier:
keyid:AF:80:19:84:CC:38:F0:A4:FC:5A:FE:1A:DE:AB:68:0C:1B:89:E9:5B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/XfQm1oZCoBBpiCVVgs-LbQlk3HM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e6/bfd37c-cb12-4a9c-8f5d-4021265c39b0/1/r4AZhMw48KT8Wv4a3qtoDBuJ6Vs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.104.0.0/16
89.48.0.0/13
194.97.0.0/18
194.97.96.0/19
194.97.160.0-194.97.255.255
195.4.0.0/16
IPv6:
2001:748::/32
Signature Algorithm: sha256WithRSAEncryption
61:2e:27:35:10:a0:f7:cb:b1:cf:8d:1c:ed:c7:69:04:75:0b:
41:85:22:30:80:0e:c3:fc:14:80:57:e8:47:79:07:af:fa:ba:
e6:b2:e5:ab:34:7e:00:f1:8a:91:1b:41:c5:45:e3:96:8c:0a:
a9:2b:b3:b3:58:87:db:e9:dd:2b:eb:5f:a3:0a:5b:76:8d:bf:
65:fa:ed:ad:6c:95:03:92:0c:39:6a:5f:d4:c8:a4:07:af:94:
ae:23:26:9f:f5:72:78:32:33:48:f5:05:e3:60:66:8a:12:74:
fc:dc:2c:72:51:b6:ba:cc:5a:66:88:a7:2a:61:4f:f6:b9:83:
f1:d6:5e:e4:48:8b:e2:94:f5:c9:38:28:7f:ec:dc:ac:05:b8:
fd:8e:3b:fe:54:97:f7:ac:b3:04:55:42:d2:9b:32:a9:f7:9b:
93:20:e4:6f:51:64:d4:98:4e:f5:a6:97:cc:71:8e:9c:54:8c:
cc:63:2c:a8:67:c2:01:dd:0b:a2:12:4a:4b:0d:f8:39:93:c4:
57:63:e9:6a:60:8b:e8:9e:41:64:a5:2e:97:63:87:4d:d6:97:
e0:35:a5:8e:94:89:33:73:b8:8f:95:3a:6c:9f:91:92:d0:66:
9a:bf:58:90:64:0b:f2:64:da:65:e4:5f:b6:38:05:38:c2:cb:
50:93:6d:25
-----BEGIN CERTIFICATE-----
MIIFLjCCBBagAwIBAgISAYZQmuGQBe/dZElgnICfAX6bMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFmODAxOTg0Y2MzOGYwYTRmYzVhZmUxYWRlYWI2ODBjMWI4
OWU5NWIwHhcNMjMwMjE0MTU0NjEyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGY0MjZkNjg2NDJhMDEwNjk4ODI1NTU4MmNmOGI2ZDA5NjRkYzczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAh6ODjTGIFlEQeEi44ZUsszGX53hT
93UN+FDWCslp79dXqSjYV/TUDgvFF0cPql7dbvDzrKtiaKaa8QpfgeF08glEBWqL
dv5TMjnh3lva6VYcUNz5HtwuMgpN1Pe2DYNeqQ5kMhUZX9rBi9ruNtBYzwyDDOjv
ToixiDo6/wLj1KrVo1Bc9NkbdYhHcygZnBbCwuZrW1nsOVVIsTTgatRI41iQwEDC
Al5GCgLIbeWMRFGFGpa6u4/XegTcsX75st1vQyk3qdCWaho+9A66vMrO8Uhx9YM1
tmhylt/2IVM4B/CHho5+I/R2uEbGIyodDFERYYVydnOpNA4Y9EJIB3py+QIDAQAB
o4ICOjCCAjYwHQYDVR0OBBYEFF30JtaGQqAQaYglVYLPi20JZNxzMB8GA1UdIwQY
MBaAFK+AGYTMOPCk/Fr+Gt6raAwbielbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQt
NDAyMTI2NWMzOWIwLzEvWGZRbTFvWkNvQkJwaUNWVmdzLUxiUWxrM0hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lNi9iZmQzN2MtY2IxMi00YTljLThmNWQtNDAyMTI2NWMzOWIw
LzEvcjRBWmhNdzQ4S1Q4V3Y0YTNxdG9EQnVKNlZzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFAGCCsGAQUFBwEHAQH/BEEwPzAuBAIAATAoAwMAPmgDAwNZ
MAMEBsJhAAMEBcJhYDALAwQFwmGgAwMBwmADAwDDBDANBAIAAjAHAwUAIAEHSDAN
BgkqhkiG9w0BAQsFAAOCAQEAYS4nNRCg98uxz40c7cdpBHULQYUiMIAOw/wUgFfo
R3kHr/q65rLlqzR+APGKkRtBxUXjlowKqSuzs1iH2+ndK+tfowpbdo2/ZfrtrWyV
A5IMOWpf1MikB6+UriMmn/VyeDIzSPUF42BmihJ0/NwsclG2usxaZoinKmFP9rmD
8dZe5EiL4pT1yTgof+zcrAW4/Y47/lSX96yzBFVC0psyqfebkyDkb1Fk1JhO9aaX
zHGOnFSMzGMsqGfCAd0LohJKSw34OZPEV2PpamCL6J5BZKUul2OHTdaX4DWljpSJ
M3O4j5U6bJ+RktBmmr9YkGQL8mTaZeRftjgFOMLLUJNtJQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:49:53 2024 by rpki-client on console-ams.rpki-client.org