Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/JcbXJvUUbPSRZYuq9X_hh9KRKFA.roa
File: JcbXJvUUbPSRZYuq9X_hh9KRKFA.roa (raw, json)
Hash identifier: 6aqizjZYI6bZcsVhRmn6SoinukD1R777kCTD38+GICA=
Subject key identifier: 25:C6:D7:26:F5:14:6C:F4:91:65:8B:AA:F5:7F:E1:87:D2:91:28:50
Certificate issuer: /CN=27c007e5082b8e8d8289018718cfd527a7893e5e
Certificate serial: 018CC9BBBD83A00897C8CB09CAFBF78360DD
Authority key identifier: 27:C0:07:E5:08:2B:8E:8D:82:89:01:87:18:CF:D5:27:A7:89:3E:5E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/JcbXJvUUbPSRZYuq9X_hh9KRKFA.roa
Signing time: Tue 02 Jan 2024 10:32:53 +0000
ROA not before: Tue 02 Jan 2024 10:32:53 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 48314
IP address blocks: 185.245.97.0/24 maxlen: 24
185.245.98.0/24 maxlen: 24
185.245.99.0/24 maxlen: 24
185.194.238.0/24 maxlen: 24
185.194.239.0/24 maxlen: 24
185.194.236.0/24 maxlen: 24
185.194.237.0/24 maxlen: 24
193.32.221.0/24 maxlen: 24
193.32.222.0/24 maxlen: 24
193.32.220.0/24 maxlen: 24
193.32.223.0/24 maxlen: 24
185.248.141.0/24 maxlen: 24
185.248.142.0/24 maxlen: 24
185.248.143.0/24 maxlen: 24
27.123.244.0/22 maxlen: 24
46.251.251.0/24 maxlen: 24
185.242.112.0/24 maxlen: 24
185.242.113.0/24 maxlen: 24
88.218.224.0/24 maxlen: 24
88.218.225.0/24 maxlen: 24
185.242.114.0/24 maxlen: 24
185.242.115.0/24 maxlen: 24
88.218.226.0/24 maxlen: 24
134.255.244.0/24 maxlen: 24
45.10.24.0/24 maxlen: 24
134.255.247.0/24 maxlen: 24
194.26.182.0/24 maxlen: 24
194.26.183.0/24 maxlen: 24
194.26.180.0/24 maxlen: 24
194.26.181.0/24 maxlen: 24
194.45.196.0/23 maxlen: 24
91.210.225.0/24 maxlen: 24
103.241.48.0/22 maxlen: 24
91.210.226.0/24 maxlen: 24
91.210.227.0/24 maxlen: 24
185.250.248.0/24 maxlen: 24
185.250.249.0/24 maxlen: 24
5.180.64.0/24 maxlen: 24
185.250.250.0/24 maxlen: 24
185.250.251.0/24 maxlen: 24
5.180.67.0/24 maxlen: 24
5.180.65.0/24 maxlen: 24
5.180.66.0/24 maxlen: 24
109.230.219.0/24 maxlen: 24
152.89.236.0/24 maxlen: 24
152.89.237.0/24 maxlen: 24
152.89.238.0/24 maxlen: 24
31.214.144.0/24 maxlen: 24
152.89.239.0/24 maxlen: 24
94.199.213.0/24 maxlen: 24
94.199.212.0/24 maxlen: 24
94.199.214.0/24 maxlen: 24
94.199.215.0/24 maxlen: 24
213.190.28.0/24 maxlen: 24
213.190.31.0/24 maxlen: 24
213.190.29.0/24 maxlen: 24
213.190.30.0/24 maxlen: 24
194.48.171.0/24 maxlen: 24
194.48.169.0/24 maxlen: 24
194.48.170.0/24 maxlen: 24
194.48.168.0/24 maxlen: 24
45.133.9.0/24 maxlen: 24
45.133.8.0/24 maxlen: 24
45.133.10.0/23 maxlen: 24
194.45.37.0/24 maxlen: 24
194.45.36.0/24 maxlen: 24
91.216.245.0/24 maxlen: 24
193.135.8.0/24 maxlen: 24
193.135.9.0/24 maxlen: 24
193.135.11.0/24 maxlen: 24
45.10.26.0/24 maxlen: 24
45.10.25.0/24 maxlen: 24
45.10.27.0/24 maxlen: 24
193.142.41.0/24 maxlen: 24
193.142.42.0/24 maxlen: 24
193.142.40.0/24 maxlen: 24
193.142.43.0/24 maxlen: 24
45.91.100.0/24 maxlen: 24
45.91.101.0/24 maxlen: 24
45.91.103.0/24 maxlen: 24
45.91.102.0/24 maxlen: 24
2a0a:51c3::/32 maxlen: 32
2a0a:51c1::/32 maxlen: 48
2a0a:51c4::/32 maxlen: 48
2a0a:51c0::/32 maxlen: 32
2a0a:51c2::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c9:bb:bd:83:a0:08:97:c8:cb:09:ca:fb:f7:83:60:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=27c007e5082b8e8d8289018718cfd527a7893e5e
Validity
Not Before: Jan 2 10:32:53 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=25c6d726f5146cf491658baaf57fe187d2912850
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:b7:8b:aa:29:dd:7b:89:cb:30:89:2f:19:46:
06:3e:36:6c:f5:b4:14:0c:88:24:62:3a:4d:3a:48:
ff:ff:e9:87:40:66:18:a5:c1:ed:d3:bd:1f:88:e0:
45:4b:fb:4b:8a:ad:80:39:89:ad:29:fb:fc:48:ab:
c6:0a:f8:2d:70:e8:87:06:36:58:9a:ee:39:b9:a9:
53:20:5e:88:80:d1:a0:20:38:4a:b1:ea:79:3a:94:
aa:4e:63:2e:bc:5f:bf:3c:c4:ff:22:de:8c:7d:ca:
cb:7c:a8:42:a2:6f:12:8f:3d:b6:20:6d:ca:74:c4:
b5:1c:fe:e3:73:c7:61:91:37:a2:16:13:c8:02:6d:
ff:92:e1:e0:8d:ce:68:5b:4f:87:d7:a6:d2:15:76:
33:3c:0f:be:fa:35:67:84:0a:51:5a:7d:40:7a:7a:
34:62:d0:1b:66:06:8f:b0:66:21:00:e2:61:50:41:
c0:27:27:e8:f0:f0:25:f9:82:a9:cf:4f:39:5b:0d:
36:6d:72:f5:cf:cb:da:b2:c7:eb:9b:b3:c6:14:70:
25:c9:45:3b:0a:4b:52:7c:02:09:78:bf:0c:00:ee:
59:d6:e0:a5:9b:42:18:e1:fc:a6:04:5c:48:ad:dd:
7f:86:7a:a4:a8:f0:00:7d:89:37:01:be:c4:a9:61:
8d:ff
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:C6:D7:26:F5:14:6C:F4:91:65:8B:AA:F5:7F:E1:87:D2:91:28:50
X509v3 Authority Key Identifier:
keyid:27:C0:07:E5:08:2B:8E:8D:82:89:01:87:18:CF:D5:27:A7:89:3E:5E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/JcbXJvUUbPSRZYuq9X_hh9KRKFA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.180.64.0/22
27.123.244.0/22
31.214.144.0/24
45.10.24.0/22
45.91.100.0/22
45.133.8.0/22
46.251.251.0/24
88.218.224.0-88.218.226.255
91.210.225.0-91.210.227.255
91.216.245.0/24
94.199.212.0/22
103.241.48.0/22
109.230.219.0/24
134.255.244.0/24
134.255.247.0/24
152.89.236.0/22
185.194.236.0/22
185.242.112.0/22
185.245.97.0-185.245.99.255
185.248.141.0-185.248.143.255
185.250.248.0/22
193.32.220.0/22
193.135.8.0/23
193.135.11.0/24
193.142.40.0/22
194.26.180.0/22
194.45.36.0/23
194.45.196.0/23
194.48.168.0/22
213.190.28.0/22
IPv6:
2a0a:51c0::-2a0a:51c4:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
8a:bb:1c:16:49:d6:e2:18:0a:30:a5:4e:55:a3:f0:ff:06:e4:
05:1a:d1:f1:c4:8d:71:cc:d8:38:a6:0c:84:93:99:41:2b:a9:
39:f7:3a:00:e6:89:1c:f5:1c:96:ea:85:9e:3e:46:5e:0e:c9:
61:49:fc:58:36:e0:e7:b9:a5:65:db:18:94:ca:93:57:18:be:
7a:bd:11:c0:13:4a:bd:81:2d:97:f0:7e:d7:98:83:0f:7c:92:
c5:81:f6:29:a6:33:24:5e:76:0a:29:37:ff:fb:a8:c1:16:13:
ee:df:71:09:5a:8e:f4:fb:b5:bf:87:e1:39:f4:2b:6d:c9:c6:
0e:cd:f9:b7:03:be:a3:c3:c1:2a:a1:87:20:c8:94:c0:cb:64:
f8:85:ec:9b:df:46:16:72:ba:40:e5:07:78:b5:1a:26:0b:26:
3d:d7:b7:4e:e2:12:a6:41:86:0f:5b:05:3f:51:83:0d:7f:74:
84:18:70:da:ff:d4:cd:2b:1f:eb:98:38:a8:4a:06:00:aa:74:
78:a0:90:55:c3:06:c6:09:59:9d:7b:6c:33:4e:e1:63:1d:70:
32:fb:39:01:81:aa:c5:fd:61:6e:30:ab:c4:01:0f:27:9c:86:
2b:b9:4f:02:cd:68:b4:88:e1:18:f1:f5:7d:b6:ef:6a:c4:97:
13:75:70:2a
-----BEGIN CERTIFICATE-----
MIIF6TCCBNGgAwIBAgISAYzJu72DoAiXyMsJyvv3g2DdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzAwN2U1MDgyYjhlOGQ4Mjg5MDE4NzE4Y2ZkNTI3YTc4
OTNlNWUwHhcNMjQwMTAyMTAzMjUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWM2ZDcyNmY1MTQ2Y2Y0OTE2NThiYWFmNTdmZTE4N2QyOTEyODUwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoreLqinde4nLMIkvGUYGPjZs9bQU
DIgkYjpNOkj//+mHQGYYpcHt070fiOBFS/tLiq2AOYmtKfv8SKvGCvgtcOiHBjZY
mu45ualTIF6IgNGgIDhKsep5OpSqTmMuvF+/PMT/It6MfcrLfKhCom8Sjz22IG3K
dMS1HP7jc8dhkTeiFhPIAm3/kuHgjc5oW0+H16bSFXYzPA+++jVnhApRWn1Aeno0
YtAbZgaPsGYhAOJhUEHAJyfo8PAl+YKpz085Ww02bXL1z8vassfrm7PGFHAlyUU7
CktSfAIJeL8MAO5Z1uClm0IY4fymBFxIrd1/hnqkqPAAfYk3Ab7EqWGN/wIDAQAB
o4IC9TCCAvEwHQYDVR0OBBYEFCXG1yb1FGz0kWWLqvV/4YfSkShQMB8GA1UdIwQY
MBaAFCfAB+UIK46NgokBhxjP1SeniT5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhBSDVRZ3JqbzJDaVFHSEdNX1ZKNmVKUGw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8wNmZlMTQtZDE0Ni00ZTY2LWE4NDEt
MmM2NGMyOTEzNTNlLzEvSmNiWEp2VVViUFNSWll1cTlYX2hoOUtSS0ZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8wNmZlMTQtZDE0Ni00ZTY2LWE4NDEtMmM2NGMyOTEzNTNl
LzEvSjhBSDVRZ3JqbzJDaVFHSEdNX1ZKNmVKUGw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBCQYIKwYBBQUHAQcBAf8EgfkwgfYwgdsEAgABMIHUAwQC
BbRAAwQCG3v0AwQAH9aQAwQCLQoYAwQCLVtkAwQCLYUIAwQALvv7MAwDBAVY2uAD
BABY2uIwDAMEAFvS4QMEAlvS4AMEAFvY9QMEAl7H1AMEAmfxMAMEAG3m2wMEAIb/
9AMEAIb/9wMEAphZ7AMEArnC7AMEArnycDAMAwQAufVhAwQCufVgMAwDBAC5+I0D
BAS5+IADBAK5+vgDBALBINwDBAHBhwgDBADBhwsDBALBjigDBALCGrQDBAHCLSQD
BAHCLcQDBALCMKgDBALVvhwwFgQCAAIwEDAOAwUGKgpRwAMFACoKUcQwDQYJKoZI
hvcNAQELBQADggEBAIq7HBZJ1uIYCjClTlWj8P8G5AUa0fHEjXHM2DimDISTmUEr
qTn3OgDmiRz1HJbqhZ4+Rl4OyWFJ/Fg24Oe5pWXbGJTKk1cYvnq9EcATSr2BLZfw
fteYgw98ksWB9immMyRedgopN//7qMEWE+7fcQlajvT7tb+H4Tn0K23Jxg7N+bcD
vqPDwSqhhyDIlMDLZPiF7JvfRhZyukDlB3i1GiYLJj3Xt07iEqZBhg9bBT9Rgw1/
dIQYcNr/1M0rH+uYOKhKBgCqdHigkFXDBsYJWZ17bDNO4WMdcDL7OQGBqsX9YW4w
q8QBDyechiu5TwLNaLSI4Rjx9X2272rElxN1cCo=
-----END CERTIFICATE-----
Generated at Fri Feb 23 19:25:54 2024 by rpki-client on console-ams.rpki-client.org