Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/9p7zHB9J3mQdojBQWfgTopKdFs4.roa
File: 9p7zHB9J3mQdojBQWfgTopKdFs4.roa (raw, json)
Hash identifier: CteeJs5L18tmULxqkDpM41xStGHlioMA/t+EoGHhhcc=
Subject key identifier: F6:9E:F3:1C:1F:49:DE:64:1D:A2:30:50:59:F8:13:A2:92:9D:16:CE
Certificate issuer: /CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Certificate serial: 373B960A
Authority key identifier: E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/9p7zHB9J3mQdojBQWfgTopKdFs4.roa
Signing time: Sat 01 Jan 2022 05:59:15 +0000
ROA not before: Sat 01 Jan 2022 05:59:15 +0000
ROA not after: Sat 01 Jul 2023 00:00:00 +0000
asID: 5400
IP address blocks: 213.9.138.0/24 maxlen: 24
213.9.148.0/24 maxlen: 24
213.9.160.0/24 maxlen: 24
212.49.175.0/24 maxlen: 24
212.49.181.0/24 maxlen: 24
212.49.190.0/24 maxlen: 24
212.49.191.0/24 maxlen: 24
212.163.40.0/24 maxlen: 24
212.163.42.0/24 maxlen: 24
213.9.232.0/24 maxlen: 24
212.163.55.0/24 maxlen: 24
213.9.173.0/24 maxlen: 24
213.9.177.0/24 maxlen: 24
213.9.188.0/24 maxlen: 24
212.163.3.0/24 maxlen: 24
212.163.6.0/24 maxlen: 24
213.9.195.0/24 maxlen: 24
212.163.24.0/24 maxlen: 24
212.163.169.0/24 maxlen: 24
212.163.174.0/24 maxlen: 24
212.163.194.0/24 maxlen: 24
212.163.141.0/24 maxlen: 24
212.49.131.0/24 maxlen: 24
212.49.132.0/24 maxlen: 24
212.49.142.0/24 maxlen: 24
212.49.147.0/24 maxlen: 24
212.49.163.0/24 maxlen: 24
212.49.167.0/24 maxlen: 24
212.49.168.0/24 maxlen: 24
212.163.206.0/24 maxlen: 24
212.163.215.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 926651914 (0x373b960a)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e8403b5e45cd58be5f6c5d33fa565ab49223e3db
Validity
Not Before: Jan 1 05:59:15 2022 GMT
Not After : Jul 1 00:00:00 2023 GMT
Subject: CN=f69ef31c1f49de641da2305059f813a2929d16ce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e3:d1:46:8b:e2:18:51:7f:37:d9:3c:5c:3b:4a:
4f:1a:2d:b5:9c:2f:91:76:22:4d:94:61:31:25:c0:
93:99:9c:d4:6d:7b:76:6d:3f:34:b3:18:a8:5c:52:
08:13:53:72:70:1b:14:76:98:3d:38:77:36:73:47:
cf:1f:c6:5b:dc:a9:1e:52:f3:2a:e1:3c:9c:ee:cf:
28:26:4c:d7:22:9c:fb:e4:e8:dd:b4:32:2e:3c:6c:
0e:f2:7a:3d:5f:3c:e8:8f:f7:71:13:25:76:3d:36:
cb:79:92:79:7d:03:a6:be:09:fc:cf:1c:36:4d:c6:
ba:0e:84:e0:96:56:c6:55:34:3b:a8:0a:39:57:a4:
72:27:98:66:56:e5:05:ee:10:55:d3:2e:d8:50:43:
90:2f:92:fa:de:93:53:f8:59:e0:52:34:97:36:b0:
4a:78:7e:a5:c9:e4:8c:b9:d1:79:3b:3c:50:47:14:
b6:3d:c5:35:7e:66:8b:74:e0:96:c3:6a:e2:44:5e:
c2:34:bf:62:c3:b5:35:77:07:b9:9d:c5:7f:e8:42:
51:f9:5d:4c:66:25:fa:c0:09:38:a1:4d:94:dc:40:
6b:f4:72:43:20:bf:f6:bc:f0:7b:fc:ca:af:72:1d:
4e:52:96:a2:e4:5d:07:8d:bf:f1:de:ad:ee:13:25:
9e:3b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F6:9E:F3:1C:1F:49:DE:64:1D:A2:30:50:59:F8:13:A2:92:9D:16:CE
X509v3 Authority Key Identifier:
keyid:E8:40:3B:5E:45:CD:58:BE:5F:6C:5D:33:FA:56:5A:B4:92:23:E3:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/6EA7XkXNWL5fbF0z-lZatJIj49s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/9p7zHB9J3mQdojBQWfgTopKdFs4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e7/8976ed-da0a-49a5-a751-a871ecc212a6/1/6EA7XkXNWL5fbF0z-lZatJIj49s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.49.131.0-212.49.132.255
212.49.142.0/24
212.49.147.0/24
212.49.163.0/24
212.49.167.0-212.49.168.255
212.49.175.0/24
212.49.181.0/24
212.49.190.0/23
212.163.3.0/24
212.163.6.0/24
212.163.24.0/24
212.163.40.0/24
212.163.42.0/24
212.163.55.0/24
212.163.141.0/24
212.163.169.0/24
212.163.174.0/24
212.163.194.0/24
212.163.206.0/24
212.163.215.0/24
213.9.138.0/24
213.9.148.0/24
213.9.160.0/24
213.9.173.0/24
213.9.177.0/24
213.9.188.0/24
213.9.195.0/24
213.9.232.0/24
Signature Algorithm: sha256WithRSAEncryption
a2:58:05:91:b0:af:a2:2e:17:f3:51:a7:39:a3:ca:5c:dc:ec:
23:c2:df:2f:11:4e:56:3e:83:0f:9e:96:ac:0d:7a:28:82:70:
c3:22:19:bd:1a:c1:f3:96:c3:88:89:f7:4f:aa:6d:89:c6:81:
9c:fe:f7:ad:4f:9b:47:a5:f0:5b:f6:9b:d1:bb:16:fc:8a:16:
8f:00:06:f8:49:f3:54:61:0d:61:af:89:9c:bd:62:80:5f:85:
ca:03:64:07:d1:62:b1:d3:66:eb:89:68:4b:0a:5c:27:52:d4:
9a:d5:38:29:74:b2:32:aa:bd:7c:3a:66:43:35:2d:15:14:6b:
33:7a:96:55:b1:3b:6e:a0:28:34:30:0b:5f:92:4e:8b:c2:bf:
38:29:96:94:99:34:3f:12:16:33:13:12:60:d6:47:96:50:74:
a9:a1:52:fc:b8:70:db:2e:48:7c:56:ac:88:ce:90:b3:a5:c8:
0f:e5:fc:32:11:ba:00:84:85:73:0d:40:68:f0:69:cd:c9:48:
20:8e:26:5b:ad:91:82:ce:e4:0c:2d:1a:e3:9f:a5:e3:c0:2f:
80:ed:7f:83:0f:76:b5:e1:cd:8c:72:36:5c:d3:fa:d3:66:aa:
75:ac:98:97:60:f8:9f:80:6a:9b:74:5c:66:6b:3b:5c:4c:3e:
99:d3:21:13
-----BEGIN CERTIFICATE-----
MIIFpjCCBI6gAwIBAgIENzuWCjANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhl
ODQwM2I1ZTQ1Y2Q1OGJlNWY2YzVkMzNmYTU2NWFiNDkyMjNlM2RiMB4XDTIyMDEw
MTA1NTkxNVoXDTIzMDcwMTAwMDAwMFowMzExMC8GA1UEAxMoZjY5ZWYzMWMxZjQ5
ZGU2NDFkYTIzMDUwNTlmODEzYTI5MjlkMTZjZTCCASIwDQYJKoZIhvcNAQEBBQAD
ggEPADCCAQoCggEBAOPRRoviGFF/N9k8XDtKTxottZwvkXYiTZRhMSXAk5mc1G17
dm0/NLMYqFxSCBNTcnAbFHaYPTh3NnNHzx/GW9ypHlLzKuE8nO7PKCZM1yKc++To
3bQyLjxsDvJ6PV886I/3cRMldj02y3mSeX0Dpr4J/M8cNk3Gug6E4JZWxlU0O6gK
OVekcieYZlblBe4QVdMu2FBDkC+S+t6TU/hZ4FI0lzawSnh+pcnkjLnReTs8UEcU
tj3FNX5mi3TglsNq4kRewjS/YsO1NXcHuZ3Ff+hCUfldTGYl+sAJOKFNlNxAa/Ry
QyC/9rzwe/zKr3IdTlKWouRdB42/8d6t7hMlnjsCAwEAAaOCAsAwggK8MB0GA1Ud
DgQWBBT2nvMcH0neZB2iMFBZ+BOikp0WzjAfBgNVHSMEGDAWgBToQDteRc1Yvl9s
XTP6Vlq0kiPj2zAOBgNVHQ8BAf8EBAMCB4AwZAYIKwYBBQUHAQEEWDBWMFQGCCsG
AQUFBzAChkhyc3luYzovL3Jwa2kucmlwZS5uZXQvcmVwb3NpdG9yeS9ERUZBVUxU
LzZFQTdYa1hOV0w1ZmJGMHotbFphdEpJajQ5cy5jZXIwgY0GCCsGAQUFBwELBIGA
MH4wfAYIKwYBBQUHMAuGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5
L0RFRkFVTFQvZTcvODk3NmVkLWRhMGEtNDlhNS1hNzUxLWE4NzFlY2MyMTJhNi8x
LzlwN3pIQjlKM21RZG9qQlFXZmdUb3BLZEZzNC5yb2EwgYEGA1UdHwR6MHgwdqB0
oHKGcHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBvc2l0b3J5L0RFRkFVTFQvZTcv
ODk3NmVkLWRhMGEtNDlhNS1hNzUxLWE4NzFlY2MyMTJhNi8xLzZFQTdYa1hOV0w1
ZmJGMHotbFphdEpJajQ5cy5jcmwwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjCB
1QYIKwYBBQUHAQcBAf8EgcUwgcIwgb8EAgABMIG4MAwDBADUMYMDBADUMYQDBADU
MY4DBADUMZMDBADUMaMwDAMEANQxpwMEANQxqAMEANQxrwMEANQxtQMEAdQxvgME
ANSjAwMEANSjBgMEANSjGAMEANSjKAMEANSjKgMEANSjNwMEANSjjQMEANSjqQME
ANSjrgMEANSjwgMEANSjzgMEANSj1wMEANUJigMEANUJlAMEANUJoAMEANUJrQME
ANUJsQMEANUJvAMEANUJwwMEANUJ6DANBgkqhkiG9w0BAQsFAAOCAQEAolgFkbCv
oi4X81GnOaPKXNzsI8LfLxFOVj6DD56WrA16KIJwwyIZvRrB85bDiIn3T6pticaB
nP73rU+bR6XwW/ab0bsW/IoWjwAG+EnzVGENYa+JnL1igF+FygNkB9FisdNm64lo
SwpcJ1LUmtU4KXSyMqq9fDpmQzUtFRRrM3qWVbE7bqAoNDALX5JOi8K/OCmWlJk0
PxIWMxMSYNZHllB0qaFS/Lhw2y5IfFasiM6Qs6XID+X8MhG6AISFcw1AaPBpzclI
II4mW62Rgs7kDC0a45+l48AvgO1/gw92teHNjHI2XNP602aqdayYl2D4n4Bqm3Rc
Zms7XEw+mdMhEw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:02 2024 by rpki-client on console-ams.rpki-client.org