Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/47a9c9-d457-4579-b2b0-e5212574f9ec/1/AQa1Vm-h3UEZnIBpOdZ5Kd1yrfI.roa
File: AQa1Vm-h3UEZnIBpOdZ5Kd1yrfI.roa (raw, json)
Hash identifier: fsAZmemcn47C1G9ok8ewlc0LsGW2PpFQmkSePMhSk5E=
Subject key identifier: 01:06:B5:56:6F:A1:DD:41:19:9C:80:69:39:D6:79:29:DD:72:AD:F2
Certificate issuer: /CN=add9207994ba9c7d91ea7e479fefd1b8099f62ce
Certificate serial: 01856D53D39DEF27475F67D3B6E5236E0F2C
Authority key identifier: AD:D9:20:79:94:BA:9C:7D:91:EA:7E:47:9F:EF:D1:B8:09:9F:62:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdkgeZS6nH2R6n5Hn-_RuAmfYs4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/47a9c9-d457-4579-b2b0-e5212574f9ec/1/AQa1Vm-h3UEZnIBpOdZ5Kd1yrfI.roa
Signing time: Sun 01 Jan 2023 12:34:48 +0000
ROA not before: Sun 01 Jan 2023 12:34:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203877
IP address blocks: 178.22.219.0/24 maxlen: 24
178.22.218.0/24 maxlen: 24
178.22.216.0/24 maxlen: 24
178.22.217.0/24 maxlen: 24
178.22.223.0/24 maxlen: 24
178.22.222.0/24 maxlen: 24
178.22.221.0/24 maxlen: 24
178.22.220.0/24 maxlen: 24
185.102.236.0/22 maxlen: 22
91.226.240.0/24 maxlen: 24
62.240.3.0/24 maxlen: 24
62.240.2.0/24 maxlen: 24
62.240.4.0/24 maxlen: 24
62.240.1.0/24 maxlen: 24
62.240.0.0/24 maxlen: 24
62.240.6.0/24 maxlen: 24
62.240.5.0/24 maxlen: 24
62.240.8.0/22 maxlen: 22
62.240.7.0/24 maxlen: 24
62.240.17.0/24 maxlen: 24
62.240.16.0/24 maxlen: 24
62.240.13.0/24 maxlen: 24
62.240.12.0/24 maxlen: 24
62.240.15.0/24 maxlen: 24
62.240.14.0/24 maxlen: 24
62.240.20.0/24 maxlen: 24
62.240.18.0/24 maxlen: 24
91.226.242.0/24 maxlen: 24
91.226.241.0/24 maxlen: 24
91.226.243.0/24 maxlen: 24
85.202.112.0/24 maxlen: 24
85.202.117.0/24 maxlen: 24
85.202.116.0/24 maxlen: 24
85.202.118.0/24 maxlen: 24
85.202.113.0/24 maxlen: 24
85.202.115.0/24 maxlen: 24
85.202.114.0/24 maxlen: 24
85.202.120.0/24 maxlen: 24
85.202.122.0/24 maxlen: 24
85.202.121.0/24 maxlen: 24
85.202.127.0/24 maxlen: 24
109.94.112.0/21 maxlen: 21
109.94.124.0/23 maxlen: 23
109.94.119.0/24 maxlen: 24
109.94.120.0/22 maxlen: 22
185.118.169.0/24 maxlen: 24
185.118.168.0/24 maxlen: 24
185.118.170.0/24 maxlen: 24
185.118.171.0/24 maxlen: 24
109.94.224.0/22 maxlen: 22
2a01:6440::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6d:53:d3:9d:ef:27:47:5f:67:d3:b6:e5:23:6e:0f:2c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add9207994ba9c7d91ea7e479fefd1b8099f62ce
Validity
Not Before: Jan 1 12:34:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0106b5566fa1dd41199c806939d67929dd72adf2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8f:5e:fa:98:b0:c9:eb:a9:ae:a5:8b:2c:a4:6e:
86:7d:18:28:88:9b:20:c5:8a:e5:c9:26:40:54:45:
5d:24:22:70:47:40:38:da:83:51:04:3a:8d:da:48:
60:17:4d:83:ef:fa:a6:25:9e:70:2c:88:95:98:5e:
37:18:27:e5:9b:d7:40:07:8f:04:e7:9e:1a:8e:59:
99:7d:03:7f:97:de:7c:1f:c2:78:9e:81:80:dc:9a:
6b:c4:68:b4:b2:a8:e2:12:c0:3e:9c:2a:d8:b0:4c:
bf:e0:47:d8:fe:38:df:db:f9:23:86:17:46:26:eb:
12:e3:1a:8d:76:5a:93:1d:c5:68:bf:ab:22:7b:a6:
83:68:f7:a8:ed:2a:49:1e:65:45:5e:94:5a:68:57:
9d:4c:3f:10:65:94:8d:65:60:00:c3:e9:21:98:ea:
0c:00:1e:85:6a:1d:99:a7:4a:0d:2d:20:92:16:b3:
31:93:e9:82:63:bd:e2:05:25:03:42:1f:c7:78:d6:
bb:6c:d3:3e:3e:69:17:b4:2e:bd:90:98:c5:0d:91:
4a:97:69:42:08:ea:ad:07:7c:9a:44:96:98:e0:6a:
81:08:fc:74:36:4d:f5:ab:e1:dc:4e:61:d3:a0:70:
d5:ab:31:78:13:8c:8b:03:1b:6f:9e:de:37:53:66:
ca:71
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:06:B5:56:6F:A1:DD:41:19:9C:80:69:39:D6:79:29:DD:72:AD:F2
X509v3 Authority Key Identifier:
keyid:AD:D9:20:79:94:BA:9C:7D:91:EA:7E:47:9F:EF:D1:B8:09:9F:62:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdkgeZS6nH2R6n5Hn-_RuAmfYs4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/47a9c9-d457-4579-b2b0-e5212574f9ec/1/AQa1Vm-h3UEZnIBpOdZ5Kd1yrfI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/47a9c9-d457-4579-b2b0-e5212574f9ec/1/rdkgeZS6nH2R6n5Hn-_RuAmfYs4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.240.0.0-62.240.18.255
62.240.20.0/24
85.202.112.0-85.202.118.255
85.202.120.0-85.202.122.255
85.202.127.0/24
91.226.240.0/22
109.94.112.0-109.94.125.255
109.94.224.0/22
178.22.216.0/21
185.102.236.0/22
185.118.168.0/22
IPv6:
2a01:6440::/32
Signature Algorithm: sha256WithRSAEncryption
63:58:e8:04:be:8a:fc:2d:c2:d2:be:49:06:c2:3f:c3:bc:24:
ea:0c:60:8b:2a:a6:5d:a5:27:07:91:99:87:5b:64:14:1f:42:
39:c9:ef:9b:58:76:7c:26:79:18:c6:4b:79:3a:d9:dd:cc:b1:
9a:7f:2e:3a:93:52:d7:74:0d:56:ff:71:5e:10:a5:dc:29:86:
c9:36:b7:ee:ee:b0:a9:08:3f:99:44:c5:58:e0:5b:d2:5e:a7:
42:ee:ab:ab:45:1e:2b:f2:e6:01:1a:57:1c:a7:58:79:60:c3:
66:20:1f:7e:54:b9:32:4e:8d:ef:2d:69:5c:63:ee:45:15:fd:
f5:93:97:27:bb:a8:35:01:68:7a:b8:9d:be:c1:9d:11:ff:e1:
9e:9f:de:ff:ce:21:7e:7f:02:d1:bd:79:d2:5a:c2:de:91:06:
18:f9:a1:86:ca:b8:58:08:6e:9d:c8:3a:2d:2c:e5:fd:5a:b9:
3d:e0:88:72:d8:88:00:b9:af:40:ec:b2:37:1b:98:f8:cd:58:
a9:15:06:79:ae:95:19:0c:b5:cb:1e:0d:02:e9:bb:e3:9d:9c:
fc:5c:c6:0a:b3:1a:fb:50:b8:ce:c3:e4:f0:36:f9:98:e2:88:
42:5f:3a:c4:cf:ee:b7:db:72:f6:02:44:76:d7:94:0a:d3:13:
96:8c:67:df
-----BEGIN CERTIFICATE-----
MIIFaDCCBFCgAwIBAgISAYVtU9Od7ydHX2fTtuUjbg8sMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDkyMDc5OTRiYTljN2Q5MWVhN2U0NzlmZWZkMWI4MDk5
ZjYyY2UwHhcNMjMwMTAxMTIzNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTA2YjU1NjZmYTFkZDQxMTk5YzgwNjkzOWQ2NzkyOWRkNzJhZGYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj176mLDJ66mupYsspG6GfRgoiJsg
xYrlySZAVEVdJCJwR0A42oNRBDqN2khgF02D7/qmJZ5wLIiVmF43GCflm9dAB48E
554ajlmZfQN/l958H8J4noGA3JprxGi0sqjiEsA+nCrYsEy/4EfY/jjf2/kjhhdG
JusS4xqNdlqTHcVov6sie6aDaPeo7SpJHmVFXpRaaFedTD8QZZSNZWAAw+khmOoM
AB6Fah2Zp0oNLSCSFrMxk+mCY73iBSUDQh/HeNa7bNM+PmkXtC69kJjFDZFKl2lC
COqtB3yaRJaY4GqBCPx0Nk31q+HcTmHToHDVqzF4E4yLAxtvnt43U2bKcQIDAQAB
o4ICdDCCAnAwHQYDVR0OBBYEFAEGtVZvod1BGZyAaTnWeSndcq3yMB8GA1UdIwQY
MBaAFK3ZIHmUupx9kep+R5/v0bgJn2LOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmRrZ2VaUzZuSDJSNm41SG4tX1J1QW1mWXM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC80N2E5YzktZDQ1Ny00NTc5LWIyYjAt
ZTUyMTI1NzRmOWVjLzEvQVFhMVZtLWgzVUVabklCcE9kWjVLZDF5cmZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC80N2E5YzktZDQ1Ny00NTc5LWIyYjAtZTUyMTI1NzRmOWVj
LzEvcmRrZ2VaUzZuSDJSNm41SG4tX1J1QW1mWXM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGJBggrBgEFBQcBBwEB/wR6MHgwZwQCAAEwYTALAwMEPvAD
BAA+8BIDBAA+8BQwDAMEBFXKcAMEAFXKdjAMAwQDVcp4AwQAVcp6AwQAVcp/AwQC
W+LwMAwDBARtXnADBAFtXnwDBAJtXuADBAOyFtgDBAK5ZuwDBAK5dqgwDQQCAAIw
BwMFACoBZEAwDQYJKoZIhvcNAQELBQADggEBAGNY6AS+ivwtwtK+SQbCP8O8JOoM
YIsqpl2lJweRmYdbZBQfQjnJ75tYdnwmeRjGS3k62d3MsZp/LjqTUtd0DVb/cV4Q
pdwphsk2t+7usKkIP5lExVjgW9Jep0Luq6tFHivy5gEaVxynWHlgw2YgH35UuTJO
je8taVxj7kUV/fWTlye7qDUBaHq4nb7BnRH/4Z6f3v/OIX5/AtG9edJawt6RBhj5
oYbKuFgIbp3IOi0s5f1auT3giHLYiAC5r0DssjcbmPjNWKkVBnmulRkMtcseDQLp
u+OdnPxcxgqzGvtQuM7D5PA2+ZjiiEJfOsTP7rfbcvYCRHbXlArTE5aMZ98=
-----END CERTIFICATE-----
Generated at Thu Apr 17 09:47:00 2025 by rpki-client