Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/fd/47a9c9-d457-4579-b2b0-e5212574f9ec/1/BfoGjV8r19zDuOay-TB6v44x8Jg.roa
File: BfoGjV8r19zDuOay-TB6v44x8Jg.roa (raw, json)
Hash identifier: 0H050xzm4QFu19uZssgUzOCFtmKxlEmoQsoQV8fxoIw=
Subject key identifier: 05:FA:06:8D:5F:2B:D7:DC:C3:B8:E6:B2:F9:30:7A:BF:8E:31:F0:98
Certificate issuer: /CN=add9207994ba9c7d91ea7e479fefd1b8099f62ce
Certificate serial: 0188043FF740C5FAA0AA63F6702F522DE0CD
Authority key identifier: AD:D9:20:79:94:BA:9C:7D:91:EA:7E:47:9F:EF:D1:B8:09:9F:62:CE
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdkgeZS6nH2R6n5Hn-_RuAmfYs4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/fd/47a9c9-d457-4579-b2b0-e5212574f9ec/1/BfoGjV8r19zDuOay-TB6v44x8Jg.roa
Signing time: Wed 10 May 2023 06:01:20 +0000
ROA not before: Wed 10 May 2023 06:01:20 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 203877
IP address blocks: 178.22.219.0/24 maxlen: 24
178.22.218.0/24 maxlen: 24
178.22.216.0/24 maxlen: 24
178.22.217.0/24 maxlen: 24
178.22.223.0/24 maxlen: 24
178.22.222.0/24 maxlen: 24
178.22.221.0/24 maxlen: 24
178.22.220.0/24 maxlen: 24
185.102.236.0/22 maxlen: 22
91.226.240.0/24 maxlen: 24
62.240.3.0/24 maxlen: 24
62.240.2.0/24 maxlen: 24
62.240.4.0/24 maxlen: 24
62.240.1.0/24 maxlen: 24
62.240.0.0/24 maxlen: 24
62.240.6.0/24 maxlen: 24
62.240.5.0/24 maxlen: 24
62.240.8.0/22 maxlen: 22
62.240.7.0/24 maxlen: 24
62.240.17.0/24 maxlen: 24
62.240.16.0/24 maxlen: 24
62.240.13.0/24 maxlen: 24
62.240.12.0/24 maxlen: 24
62.240.15.0/24 maxlen: 24
62.240.14.0/24 maxlen: 24
62.240.20.0/24 maxlen: 24
62.240.19.0/24 maxlen: 24
62.240.18.0/24 maxlen: 24
91.226.242.0/24 maxlen: 24
91.226.241.0/24 maxlen: 24
91.226.243.0/24 maxlen: 24
85.202.112.0/24 maxlen: 24
85.202.117.0/24 maxlen: 24
85.202.116.0/24 maxlen: 24
85.202.118.0/24 maxlen: 24
85.202.113.0/24 maxlen: 24
85.202.115.0/24 maxlen: 24
85.202.114.0/24 maxlen: 24
85.202.120.0/24 maxlen: 24
85.202.122.0/24 maxlen: 24
85.202.121.0/24 maxlen: 24
85.202.127.0/24 maxlen: 24
85.202.126.0/24 maxlen: 24
109.94.112.0/21 maxlen: 21
109.94.124.0/23 maxlen: 23
109.94.119.0/24 maxlen: 24
109.94.120.0/22 maxlen: 22
185.118.169.0/24 maxlen: 24
185.118.168.0/24 maxlen: 24
185.118.170.0/24 maxlen: 24
185.118.171.0/24 maxlen: 24
109.94.224.0/22 maxlen: 22
2a01:6440::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:04:3f:f7:40:c5:fa:a0:aa:63:f6:70:2f:52:2d:e0:cd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add9207994ba9c7d91ea7e479fefd1b8099f62ce
Validity
Not Before: May 10 06:01:20 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=05fa068d5f2bd7dcc3b8e6b2f9307abf8e31f098
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:dc:61:0e:62:74:11:e3:9b:b0:30:46:ba:3d:
2e:4f:52:70:71:de:91:b2:e1:04:a1:7e:89:e4:02:
ef:e8:81:fc:84:22:9c:7d:91:41:a4:61:e3:0a:e4:
bb:36:c9:fb:a3:77:77:60:6f:6d:a9:ff:a1:19:73:
fe:ae:c3:fb:54:75:70:c0:21:54:5f:74:53:5d:24:
f5:76:7c:26:8b:c3:3c:ba:90:54:b0:1b:cf:a1:65:
1a:a6:00:2b:29:81:4d:41:22:94:21:21:e7:90:9e:
37:c9:2b:97:36:4c:9f:41:00:f0:57:30:31:07:8b:
2b:9b:39:a0:63:13:f8:31:5f:3e:81:ee:b5:e9:c0:
5f:91:8b:13:02:a4:1b:6c:6d:38:74:76:77:1b:46:
b4:b9:3a:c1:a9:66:02:ff:77:77:b5:67:43:16:3a:
06:ac:87:6d:27:80:05:e8:64:bf:1a:58:d9:57:77:
3b:c4:b6:40:b0:62:63:55:56:78:48:43:ad:97:e3:
04:b5:67:72:c7:89:c7:8f:ce:a2:7d:bf:dd:17:a3:
ce:e8:51:2c:12:0e:d4:43:8b:5c:c1:e3:99:07:f8:
cd:49:46:75:a9:99:1f:0b:1c:ae:a1:29:19:a5:aa:
21:75:7c:f7:29:bf:a1:f3:d5:b6:02:e8:d1:31:42:
d8:6b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
05:FA:06:8D:5F:2B:D7:DC:C3:B8:E6:B2:F9:30:7A:BF:8E:31:F0:98
X509v3 Authority Key Identifier:
keyid:AD:D9:20:79:94:BA:9C:7D:91:EA:7E:47:9F:EF:D1:B8:09:9F:62:CE
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdkgeZS6nH2R6n5Hn-_RuAmfYs4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/47a9c9-d457-4579-b2b0-e5212574f9ec/1/BfoGjV8r19zDuOay-TB6v44x8Jg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/fd/47a9c9-d457-4579-b2b0-e5212574f9ec/1/rdkgeZS6nH2R6n5Hn-_RuAmfYs4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.240.0.0-62.240.20.255
85.202.112.0-85.202.118.255
85.202.120.0-85.202.122.255
85.202.126.0/23
91.226.240.0/22
109.94.112.0-109.94.125.255
109.94.224.0/22
178.22.216.0/21
185.102.236.0/22
185.118.168.0/22
IPv6:
2a01:6440::/32
Signature Algorithm: sha256WithRSAEncryption
cc:5c:b8:eb:77:08:00:f6:a4:99:7a:33:62:c6:75:a5:cb:bb:
08:2e:9f:1a:22:78:74:4a:76:3a:3b:51:06:a1:88:2d:30:5b:
45:e6:b4:27:fc:77:44:4d:65:d9:ad:4b:27:20:8a:76:8e:6c:
8e:8f:74:5a:cb:df:3c:e3:05:db:0f:47:9b:35:0a:28:0a:73:
6a:e4:4a:a2:e2:15:66:36:ef:9a:4c:58:46:b0:ef:13:db:e2:
de:41:95:0b:f8:15:9a:9f:04:8d:4a:6c:32:a2:18:b7:34:3a:
db:60:a6:99:58:9e:90:b7:8b:39:62:ca:1d:4b:4d:e6:02:77:
9d:d5:8d:3b:7c:12:f9:b4:0d:fd:20:3b:71:97:fd:b4:5a:8d:
ce:79:e8:2f:16:03:43:87:0a:a7:c9:a0:bf:d2:d3:2e:94:5c:
24:9c:78:ce:b7:77:19:de:19:d2:02:1b:f9:c9:7f:31:7b:c8:
92:9d:93:59:09:0a:4b:9a:c6:c5:53:5b:4a:a7:71:59:fc:01:
5d:bd:56:89:cb:e0:8b:66:cb:3e:d9:78:50:e5:b0:38:5a:7a:
98:e9:b7:ea:d1:3d:d8:77:09:82:29:a3:69:fc:c9:55:2d:66:
d5:36:14:4b:97:a1:ad:f6:b4:13:e6:b7:f0:2c:31:66:d3:60:
7d:55:4e:66
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAYgEP/dAxfqgqmP2cC9SLeDNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDkyMDc5OTRiYTljN2Q5MWVhN2U0NzlmZWZkMWI4MDk5
ZjYyY2UwHhcNMjMwNTEwMDYwMTIwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNWZhMDY4ZDVmMmJkN2RjYzNiOGU2YjJmOTMwN2FiZjhlMzFmMDk4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkNxhDmJ0EeObsDBGuj0uT1Jwcd6R
suEEoX6J5ALv6IH8hCKcfZFBpGHjCuS7Nsn7o3d3YG9tqf+hGXP+rsP7VHVwwCFU
X3RTXST1dnwmi8M8upBUsBvPoWUapgArKYFNQSKUISHnkJ43ySuXNkyfQQDwVzAx
B4srmzmgYxP4MV8+ge616cBfkYsTAqQbbG04dHZ3G0a0uTrBqWYC/3d3tWdDFjoG
rIdtJ4AF6GS/GljZV3c7xLZAsGJjVVZ4SEOtl+MEtWdyx4nHj86ifb/dF6PO6FEs
Eg7UQ4tcweOZB/jNSUZ1qZkfCxyuoSkZpaohdXz3Kb+h89W2AujRMULYawIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFAX6Bo1fK9fcw7jmsvkwer+OMfCYMB8GA1UdIwQY
MBaAFK3ZIHmUupx9kep+R5/v0bgJn2LOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmRrZ2VaUzZuSDJSNm41SG4tX1J1QW1mWXM0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZC80N2E5YzktZDQ1Ny00NTc5LWIyYjAt
ZTUyMTI1NzRmOWVjLzEvQmZvR2pWOHIxOXpEdU9heS1UQjZ2NDR4OEpnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZC80N2E5YzktZDQ1Ny00NTc5LWIyYjAtZTUyMTI1NzRmOWVj
LzEvcmRrZ2VaUzZuSDJSNm41SG4tX1J1QW1mWXM0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGDBggrBgEFBQcBBwEB/wR0MHIwYQQCAAEwWzALAwMEPvAD
BAA+8BQwDAMEBFXKcAMEAFXKdjAMAwQDVcp4AwQAVcp6AwQBVcp+AwQCW+LwMAwD
BARtXnADBAFtXnwDBAJtXuADBAOyFtgDBAK5ZuwDBAK5dqgwDQQCAAIwBwMFACoB
ZEAwDQYJKoZIhvcNAQELBQADggEBAMxcuOt3CAD2pJl6M2LGdaXLuwgunxoieHRK
djo7UQahiC0wW0XmtCf8d0RNZdmtSycginaObI6PdFrL3zzjBdsPR5s1CigKc2rk
SqLiFWY275pMWEaw7xPb4t5BlQv4FZqfBI1KbDKiGLc0OttgpplYnpC3izliyh1L
TeYCd53VjTt8Evm0Df0gO3GX/bRajc556C8WA0OHCqfJoL/S0y6UXCSceM63dxne
GdICG/nJfzF7yJKdk1kJCkuaxsVTW0qncVn8AV29VonL4Itmyz7ZeFDlsDhaepjp
t+rRPdh3CYIpo2n8yVUtZtU2FEuXoa32tBPmt/AsMWbTYH1VTmY=
-----END CERTIFICATE-----
Generated at Thu Apr 17 09:49:18 2025 by rpki-client