Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/Pp3jPyXMUiWTOHAI-iwOF6DyZgI.roa
File: Pp3jPyXMUiWTOHAI-iwOF6DyZgI.roa (raw, json)
Hash identifier: KBmDKgPtK3W82lJEx663088gxKbBN2iCzik8Z+bFIuI=
Subject key identifier: 3E:9D:E3:3F:25:CC:52:25:93:38:70:08:FA:2C:0E:17:A0:F2:66:02
Certificate issuer: /CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Certificate serial: 01923131EE84A238EC416490F3887AAFA3C4
Authority key identifier: AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/Pp3jPyXMUiWTOHAI-iwOF6DyZgI.roa
Signing time: Fri 27 Sep 2024 01:56:48 +0000
ROA not before: Fri 27 Sep 2024 01:56:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 8851
IP address blocks: 91.84.0.0/18 maxlen: 18
91.84.128.0/17 maxlen: 17
91.85.0.0/17 maxlen: 17
91.85.32.0/19 maxlen: 19
91.85.64.0/18 maxlen: 18
91.85.128.0/19 maxlen: 19
91.85.192.0/18 maxlen: 18
194.46.36.0/24 maxlen: 24
194.46.37.0/24 maxlen: 24
194.46.39.0/24 maxlen: 24
194.46.40.0/24 maxlen: 24
194.46.41.0/24 maxlen: 24
194.46.43.0/24 maxlen: 24
194.46.44.0/24 maxlen: 24
194.46.45.0/24 maxlen: 24
194.46.46.0/24 maxlen: 24
194.46.48.0/21 maxlen: 21
194.46.56.0/24 maxlen: 24
194.46.61.0/24 maxlen: 24
194.46.64.0/22 maxlen: 22
194.46.68.0/23 maxlen: 23
194.46.72.0/22 maxlen: 22
194.46.76.0/23 maxlen: 23
194.46.78.0/24 maxlen: 24
194.46.80.0/23 maxlen: 23
194.46.81.0/24 maxlen: 24
194.46.82.0/24 maxlen: 24
212.104.129.0/24 maxlen: 24
212.104.130.0/24 maxlen: 24
212.104.132.0/24 maxlen: 24
212.104.136.0/24 maxlen: 24
212.104.143.0/24 maxlen: 24
212.104.149.0/24 maxlen: 24
212.104.150.0/24 maxlen: 24
212.104.152.0/24 maxlen: 24
212.104.155.0/24 maxlen: 24
212.104.156.0/24 maxlen: 24
212.104.159.0/24 maxlen: 24
212.108.80.0/23 maxlen: 23
212.108.84.0/24 maxlen: 24
212.108.88.0/23 maxlen: 23
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:31:31:ee:84:a2:38:ec:41:64:90:f3:88:7a:af:a3:c4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=add353933674a5608f6d1ee2dab4f64c8bff8f39
Validity
Not Before: Sep 27 01:56:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=3e9de33f25cc522593387008fa2c0e17a0f26602
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b2:d3:03:d3:4a:f9:57:e7:14:7e:b4:c0:f9:0d:
a1:d1:80:a0:11:7b:51:0a:e8:60:91:50:f5:8d:21:
0e:30:52:ce:41:e6:4a:56:5f:f8:f9:a2:23:79:35:
e4:3e:93:c0:79:6a:df:78:12:f6:f4:27:87:45:bf:
48:b2:fa:60:09:35:af:bc:be:90:f1:0b:60:ae:10:
4f:ae:e6:e0:06:3a:be:b4:cc:7d:dc:8b:45:99:9b:
ef:8e:62:38:6a:cb:31:5f:b4:ee:7e:77:48:e5:e6:
1e:d4:a6:de:13:34:5f:44:3e:96:e1:ee:f4:31:3b:
2c:4e:30:0b:2c:85:c5:a4:f3:ec:13:cc:4e:c1:57:
2c:51:e6:aa:4e:ed:ec:ee:57:be:5a:94:a7:e6:7d:
e3:69:04:17:e0:88:44:6f:40:13:46:e0:44:92:11:
d7:52:40:bd:6e:fa:d2:fe:c3:f2:df:0a:4d:73:ad:
ed:00:26:3f:a4:e6:fc:df:a7:92:05:59:46:ef:d8:
3b:4b:44:99:cc:8c:1a:75:3c:7f:d5:c2:09:0f:31:
40:f5:52:9a:c4:32:0c:f4:18:c9:46:2e:1f:33:f8:
06:ed:f0:ae:38:01:3e:d0:8a:ad:21:f4:6b:37:1e:
c5:41:09:ca:f3:0b:79:e6:30:96:55:70:f6:6f:05:
6d:15
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
3E:9D:E3:3F:25:CC:52:25:93:38:70:08:FA:2C:0E:17:A0:F2:66:02
X509v3 Authority Key Identifier:
keyid:AD:D3:53:93:36:74:A5:60:8F:6D:1E:E2:DA:B4:F6:4C:8B:FF:8F:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/Pp3jPyXMUiWTOHAI-iwOF6DyZgI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7c/48b407-6d94-49ae-a3d8-72c83128761b/1/rdNTkzZ0pWCPbR7i2rT2TIv_jzk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.84.0.0/18
91.84.128.0-91.85.159.255
91.85.192.0/18
194.46.36.0/23
194.46.39.0-194.46.41.255
194.46.43.0-194.46.46.255
194.46.48.0-194.46.56.255
194.46.61.0/24
194.46.64.0-194.46.69.255
194.46.72.0-194.46.78.255
194.46.80.0-194.46.82.255
212.104.129.0-212.104.130.255
212.104.132.0/24
212.104.136.0/24
212.104.143.0/24
212.104.149.0-212.104.150.255
212.104.152.0/24
212.104.155.0-212.104.156.255
212.104.159.0/24
212.108.80.0/23
212.108.84.0/24
212.108.88.0/23
Signature Algorithm: sha256WithRSAEncryption
73:de:89:6c:df:97:87:9c:5a:25:74:5e:d7:44:be:ad:e8:a5:
41:5d:19:82:85:da:b4:b8:24:54:2a:22:8d:e5:8e:62:25:72:
d6:cf:d2:83:34:49:ec:dd:1e:c0:c4:24:e6:23:2d:2c:9a:82:
94:81:f8:5d:26:95:ff:e3:9e:9a:8a:d6:ad:f9:b1:ba:8e:a4:
79:b1:4d:25:1d:fc:3a:36:c3:cd:48:a7:8e:c0:3a:1b:7b:cf:
c4:fa:9f:6b:80:59:38:db:2f:4c:8c:41:3e:f5:aa:5b:57:34:
a8:40:4b:99:1f:a8:8b:f6:91:7c:ef:0c:c1:bf:24:e6:ec:10:
c7:6b:73:b9:49:ef:6b:62:79:9a:09:d7:e2:2e:fd:98:3f:f3:
49:7f:ec:32:f6:eb:02:8d:40:92:bb:93:9a:d2:5d:f1:6d:42:
43:32:4f:ee:aa:da:05:99:39:65:f3:9c:7e:52:80:98:9b:19:
5a:ca:f7:f1:9d:8f:75:dc:c7:9a:b1:18:54:19:37:f8:94:c6:
2b:82:36:78:3e:1b:56:43:7f:a2:24:f5:68:72:1a:05:8b:6e:
80:0b:d3:ef:5d:81:10:16:1e:4a:8f:df:ee:2a:fb:27:47:20:
6b:85:d7:13:29:45:a9:fe:fd:4c:b9:ba:a1:c3:2f:7c:b6:84:
be:e3:25:0c
-----BEGIN CERTIFICATE-----
MIIF0DCCBLigAwIBAgISAZIxMe6EojjsQWSQ84h6r6PEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGFkZDM1MzkzMzY3NGE1NjA4ZjZkMWVlMmRhYjRmNjRjOGJm
ZjhmMzkwHhcNMjQwOTI3MDE1NjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTlkZTMzZjI1Y2M1MjI1OTMzODcwMDhmYTJjMGUxN2EwZjI2NjAyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAstMD00r5V+cUfrTA+Q2h0YCgEXtR
CuhgkVD1jSEOMFLOQeZKVl/4+aIjeTXkPpPAeWrfeBL29CeHRb9IsvpgCTWvvL6Q
8QtgrhBPrubgBjq+tMx93ItFmZvvjmI4assxX7TufndI5eYe1KbeEzRfRD6W4e70
MTssTjALLIXFpPPsE8xOwVcsUeaqTu3s7le+WpSn5n3jaQQX4IhEb0ATRuBEkhHX
UkC9bvrS/sPy3wpNc63tACY/pOb836eSBVlG79g7S0SZzIwadTx/1cIJDzFA9VKa
xDIM9BjJRi4fM/gG7fCuOAE+0IqtIfRrNx7FQQnK8wt55jCWVXD2bwVtFQIDAQAB
o4IC3DCCAtgwHQYDVR0OBBYEFD6d4z8lzFIlkzhwCPosDheg8mYCMB8GA1UdIwQY
MBaAFK3TU5M2dKVgj20e4tq09kyL/485MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgt
NzJjODMxMjg3NjFiLzEvUHAzalB5WE1VaVdUT0hBSS1pd09GNkR5WmdJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83Yy80OGI0MDctNmQ5NC00OWFlLWEzZDgtNzJjODMxMjg3NjFi
LzEvcmROVGt6WjBwV0NQYlI3aTJyVDJUSXZfanprLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHxBggrBgEFBQcBBwEB/wSB4TCB3jCB2wQCAAEwgdQDBAZb
VAAwDAMEB1tUgAMEBVtVgAMEBltVwAMEAcIuJDAMAwQAwi4nAwQBwi4oMAwDBADC
LisDBADCLi4wDAMEBMIuMAMEAMIuOAMEAMIuPTAMAwQGwi5AAwQBwi5EMAwDBAPC
LkgDBADCLk4wDAMEBMIuUAMEAMIuUjAMAwQA1GiBAwQA1GiCAwQA1GiEAwQA1GiI
AwQA1GiPMAwDBADUaJUDBADUaJYDBADUaJgwDAMEANRomwMEANRonAMEANRonwME
AdRsUAMEANRsVAMEAdRsWDANBgkqhkiG9w0BAQsFAAOCAQEAc96JbN+Xh5xaJXRe
10S+reilQV0ZgoXatLgkVCoijeWOYiVy1s/SgzRJ7N0ewMQk5iMtLJqClIH4XSaV
/+OemorWrfmxuo6kebFNJR38OjbDzUinjsA6G3vPxPqfa4BZONsvTIxBPvWqW1c0
qEBLmR+oi/aRfO8Mwb8k5uwQx2tzuUnva2J5mgnX4i79mD/zSX/sMvbrAo1AkruT
mtJd8W1CQzJP7qraBZk5ZfOcflKAmJsZWsr38Z2PddzHmrEYVBk3+JTGK4I2eD4b
VkN/oiT1aHIaBYtugAvT712BEBYeSo/f7ir7J0cga4XXEylFqf79TLm6ocMvfLaE
vuMlDA==
-----END CERTIFICATE-----
Generated at Sun Apr 27 23:50:26 2025 by rpki-client