Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/kfsK9AgKGWsZfLIFogCuj37ZsJg.roa
File: kfsK9AgKGWsZfLIFogCuj37ZsJg.roa (raw, json)
Hash identifier: Nrlmx2JG4CO03mc4DtUWMObVo8XPYE4/kOJFGzFMu4o=
Subject key identifier: 91:FB:0A:F4:08:0A:19:6B:19:7C:B2:05:A2:00:AE:8F:7E:D9:B0:98
Certificate issuer: /CN=27c007e5082b8e8d8289018718cfd527a7893e5e
Certificate serial: 018B60C26AFF6DA2DCBBD8B5EB23654E68E6
Authority key identifier: 27:C0:07:E5:08:2B:8E:8D:82:89:01:87:18:CF:D5:27:A7:89:3E:5E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/kfsK9AgKGWsZfLIFogCuj37ZsJg.roa
Signing time: Tue 24 Oct 2023 08:17:15 +0000
ROA not before: Tue 24 Oct 2023 08:17:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 48314
IP address blocks: 185.245.97.0/24 maxlen: 24
185.245.98.0/24 maxlen: 24
185.245.99.0/24 maxlen: 24
185.194.238.0/24 maxlen: 24
185.194.239.0/24 maxlen: 24
185.194.236.0/24 maxlen: 24
185.194.237.0/24 maxlen: 24
193.32.221.0/24 maxlen: 24
193.32.222.0/24 maxlen: 24
193.32.220.0/24 maxlen: 24
193.32.223.0/24 maxlen: 24
185.248.141.0/24 maxlen: 24
185.248.142.0/24 maxlen: 24
185.248.143.0/24 maxlen: 24
46.251.251.0/24 maxlen: 24
185.242.112.0/24 maxlen: 24
185.242.113.0/24 maxlen: 24
88.218.224.0/24 maxlen: 24
88.218.225.0/24 maxlen: 24
185.242.114.0/24 maxlen: 24
185.242.115.0/24 maxlen: 24
88.218.226.0/24 maxlen: 24
134.255.244.0/24 maxlen: 24
45.10.24.0/24 maxlen: 24
134.255.247.0/24 maxlen: 24
194.26.182.0/24 maxlen: 24
194.26.183.0/24 maxlen: 24
194.26.180.0/24 maxlen: 24
194.26.181.0/24 maxlen: 24
194.45.196.0/23 maxlen: 24
91.210.225.0/24 maxlen: 24
103.241.48.0/22 maxlen: 24
91.210.226.0/24 maxlen: 24
91.210.227.0/24 maxlen: 24
185.250.248.0/24 maxlen: 24
185.250.249.0/24 maxlen: 24
5.180.64.0/24 maxlen: 24
185.250.250.0/24 maxlen: 24
185.250.251.0/24 maxlen: 24
5.180.67.0/24 maxlen: 24
5.180.65.0/24 maxlen: 24
5.180.66.0/24 maxlen: 24
109.230.219.0/24 maxlen: 24
152.89.236.0/24 maxlen: 24
152.89.237.0/24 maxlen: 24
152.89.238.0/24 maxlen: 24
31.214.144.0/24 maxlen: 24
152.89.239.0/24 maxlen: 24
94.199.213.0/24 maxlen: 24
94.199.212.0/24 maxlen: 24
94.199.214.0/24 maxlen: 24
94.199.215.0/24 maxlen: 24
213.190.28.0/24 maxlen: 24
213.190.31.0/24 maxlen: 24
213.190.29.0/24 maxlen: 24
213.190.30.0/24 maxlen: 24
194.48.171.0/24 maxlen: 24
194.48.169.0/24 maxlen: 24
194.48.170.0/24 maxlen: 24
194.48.168.0/24 maxlen: 24
45.133.9.0/24 maxlen: 24
45.133.8.0/24 maxlen: 24
45.133.10.0/23 maxlen: 24
194.45.37.0/24 maxlen: 24
194.45.36.0/24 maxlen: 24
91.216.245.0/24 maxlen: 24
193.135.8.0/24 maxlen: 24
193.135.9.0/24 maxlen: 24
193.135.11.0/24 maxlen: 24
45.10.26.0/24 maxlen: 24
45.10.25.0/24 maxlen: 24
45.10.27.0/24 maxlen: 24
193.142.41.0/24 maxlen: 24
193.142.42.0/24 maxlen: 24
193.142.40.0/24 maxlen: 24
193.142.43.0/24 maxlen: 24
45.91.100.0/24 maxlen: 24
45.91.101.0/24 maxlen: 24
45.91.103.0/24 maxlen: 24
45.91.102.0/24 maxlen: 24
2a0a:51c3::/32 maxlen: 32
2a0a:51c1::/32 maxlen: 48
2a0a:51c4::/32 maxlen: 48
2a0a:51c0::/32 maxlen: 32
2a0a:51c2::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:60:c2:6a:ff:6d:a2:dc:bb:d8:b5:eb:23:65:4e:68:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=27c007e5082b8e8d8289018718cfd527a7893e5e
Validity
Not Before: Oct 24 08:17:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=91fb0af4080a196b197cb205a200ae8f7ed9b098
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:98:f9:47:45:70:45:a5:7f:04:c3:17:46:a0:
a6:82:dc:91:45:1b:bd:f6:80:d3:27:a6:2c:c4:57:
f2:29:2e:8e:ce:b7:91:b1:74:0b:da:5e:2c:42:1f:
a7:b0:04:eb:9c:a6:e0:b2:a8:7c:c1:3f:92:af:1b:
20:65:63:8c:77:61:ef:03:24:eb:7e:62:7e:a9:a9:
b5:a9:79:43:1d:ab:07:35:fd:68:f9:32:92:4e:1a:
ae:c6:e1:da:02:bc:92:a0:3d:5b:e9:28:6f:57:57:
22:38:0b:76:11:5a:76:1e:b0:52:d3:53:df:0c:07:
bb:0f:48:39:b1:0a:16:94:85:aa:35:4d:70:e6:8a:
4d:15:8c:8a:98:33:3e:d1:f8:32:29:8d:56:1b:d0:
5e:b8:8d:5c:da:ee:14:e3:02:f4:9c:a1:a5:4a:10:
94:83:80:1b:88:b6:ff:72:94:d9:c3:48:f2:d6:1f:
43:88:a4:cc:bc:b6:29:76:64:fa:76:4a:61:86:23:
20:25:4e:5c:57:46:de:24:c3:72:cd:77:80:b0:85:
dd:b5:12:54:f2:f0:b8:63:9b:8a:f6:80:67:59:5f:
bb:95:c5:27:68:d3:22:be:5c:81:fe:78:6d:c0:e9:
bf:aa:18:37:a6:0e:34:63:b4:f3:5b:8e:f3:3c:9e:
4a:5f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
91:FB:0A:F4:08:0A:19:6B:19:7C:B2:05:A2:00:AE:8F:7E:D9:B0:98
X509v3 Authority Key Identifier:
keyid:27:C0:07:E5:08:2B:8E:8D:82:89:01:87:18:CF:D5:27:A7:89:3E:5E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/kfsK9AgKGWsZfLIFogCuj37ZsJg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/f6/06fe14-d146-4e66-a841-2c64c291353e/1/J8AH5Qgrjo2CiQGHGM_VJ6eJPl4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.180.64.0/22
31.214.144.0/24
45.10.24.0/22
45.91.100.0/22
45.133.8.0/22
46.251.251.0/24
88.218.224.0-88.218.226.255
91.210.225.0-91.210.227.255
91.216.245.0/24
94.199.212.0/22
103.241.48.0/22
109.230.219.0/24
134.255.244.0/24
134.255.247.0/24
152.89.236.0/22
185.194.236.0/22
185.242.112.0/22
185.245.97.0-185.245.99.255
185.248.141.0-185.248.143.255
185.250.248.0/22
193.32.220.0/22
193.135.8.0/23
193.135.11.0/24
193.142.40.0/22
194.26.180.0/22
194.45.36.0/23
194.45.196.0/23
194.48.168.0/22
213.190.28.0/22
IPv6:
2a0a:51c0::-2a0a:51c4:ffff:ffff:ffff:ffff:ffff:ffff
Signature Algorithm: sha256WithRSAEncryption
b2:14:46:f4:96:c2:f1:57:51:4a:60:f8:92:35:78:85:1f:36:
9e:23:56:de:62:1b:f5:73:79:6e:12:82:b4:e3:1c:b4:96:e9:
7f:ae:5f:42:97:1d:00:4d:c8:8c:04:3c:48:83:b1:d9:45:ac:
97:c1:0a:df:f6:7d:87:c2:18:23:97:bf:6b:3c:22:0c:34:9b:
8f:1b:14:65:aa:f3:e2:33:bd:0b:66:3b:0d:d7:64:aa:6f:30:
98:a7:1d:6a:3e:e4:84:a0:b5:e2:b3:4a:c9:11:92:2c:cb:97:
16:b5:19:f1:d7:cc:4a:85:47:a0:fc:e9:4a:93:69:1c:a0:5d:
14:29:1e:2c:7a:a7:33:38:84:a1:8a:ce:ed:dd:2b:de:1c:82:
4c:07:d1:02:01:6d:32:19:ea:35:39:40:58:4e:6f:9c:b0:e4:
98:43:24:e9:74:a4:bd:7d:f2:62:a6:bf:68:b7:7a:fc:19:86:
ca:05:2b:da:50:6c:9c:de:00:25:30:a6:c9:af:78:9d:01:ba:
f0:35:ef:cb:b8:db:13:33:3c:4f:38:c0:f0:00:f0:51:56:3c:
38:af:28:1b:76:e5:95:92:3a:3c:10:16:78:04:35:9c:fa:6b:
e9:8f:1f:1f:89:26:ef:d0:1f:6f:a4:94:ac:f0:45:b8:1f:30:
f7:33:5c:0e
-----BEGIN CERTIFICATE-----
MIIF4zCCBMugAwIBAgISAYtgwmr/baLcu9i16yNlTmjmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDI3YzAwN2U1MDgyYjhlOGQ4Mjg5MDE4NzE4Y2ZkNTI3YTc4
OTNlNWUwHhcNMjMxMDI0MDgxNzE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MWZiMGFmNDA4MGExOTZiMTk3Y2IyMDVhMjAwYWU4ZjdlZDliMDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8Jj5R0VwRaV/BMMXRqCmgtyRRRu9
9oDTJ6YsxFfyKS6OzreRsXQL2l4sQh+nsATrnKbgsqh8wT+SrxsgZWOMd2HvAyTr
fmJ+qam1qXlDHasHNf1o+TKSThquxuHaArySoD1b6ShvV1ciOAt2EVp2HrBS01Pf
DAe7D0g5sQoWlIWqNU1w5opNFYyKmDM+0fgyKY1WG9BeuI1c2u4U4wL0nKGlShCU
g4AbiLb/cpTZw0jy1h9DiKTMvLYpdmT6dkphhiMgJU5cV0beJMNyzXeAsIXdtRJU
8vC4Y5uK9oBnWV+7lcUnaNMivlyB/nhtwOm/qhg3pg40Y7TzW47zPJ5KXwIDAQAB
o4IC7zCCAuswHQYDVR0OBBYEFJH7CvQIChlrGXyyBaIAro9+2bCYMB8GA1UdIwQY
MBaAFCfAB+UIK46NgokBhxjP1SeniT5eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvSjhBSDVRZ3JqbzJDaVFHSEdNX1ZKNmVKUGw0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mNi8wNmZlMTQtZDE0Ni00ZTY2LWE4NDEt
MmM2NGMyOTEzNTNlLzEva2ZzSzlBZ0tHV3NaZkxJRm9nQ3VqMzdac0pnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mNi8wNmZlMTQtZDE0Ni00ZTY2LWE4NDEtMmM2NGMyOTEzNTNl
LzEvSjhBSDVRZ3JqbzJDaVFHSEdNX1ZKNmVKUGw0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBAwYIKwYBBQUHAQcBAf8EgfMwgfAwgdUEAgABMIHOAwQC
BbRAAwQAH9aQAwQCLQoYAwQCLVtkAwQCLYUIAwQALvv7MAwDBAVY2uADBABY2uIw
DAMEAFvS4QMEAlvS4AMEAFvY9QMEAl7H1AMEAmfxMAMEAG3m2wMEAIb/9AMEAIb/
9wMEAphZ7AMEArnC7AMEArnycDAMAwQAufVhAwQCufVgMAwDBAC5+I0DBAS5+IAD
BAK5+vgDBALBINwDBAHBhwgDBADBhwsDBALBjigDBALCGrQDBAHCLSQDBAHCLcQD
BALCMKgDBALVvhwwFgQCAAIwEDAOAwUGKgpRwAMFACoKUcQwDQYJKoZIhvcNAQEL
BQADggEBALIURvSWwvFXUUpg+JI1eIUfNp4jVt5iG/VzeW4SgrTjHLSW6X+uX0KX
HQBNyIwEPEiDsdlFrJfBCt/2fYfCGCOXv2s8Igw0m48bFGWq8+IzvQtmOw3XZKpv
MJinHWo+5ISgteKzSskRkizLlxa1GfHXzEqFR6D86UqTaRygXRQpHix6pzM4hKGK
zu3dK94cgkwH0QIBbTIZ6jU5QFhOb5yw5JhDJOl0pL198mKmv2i3evwZhsoFK9pQ
bJzeACUwpsmveJ0BuvA178u42xMzPE84wPAA8FFWPDivKBt25ZWSOjwQFngENZz6
a+mPHx+JJu/QH2+klKzwRbgfMPczXA4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:52:54 2024 by rpki-client on console-ams.rpki-client.org