Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_9cha9lPH_gphWzemeTf_T7u-nU.roa
File: _9cha9lPH_gphWzemeTf_T7u-nU.roa (raw, json)
Hash identifier: 9/Vag2kYNRs13m3ih509VLcrt+f7gPbT3K9cDjY+Cz8=
Subject key identifier: FF:D7:21:6B:D9:4F:1F:F8:29:85:6C:DE:99:E4:DF:FD:3E:EE:FA:75
Certificate issuer: /CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Certificate serial: 0188B973A2FEA573CFC4F016D418DFA2D903
Authority key identifier: 3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_9cha9lPH_gphWzemeTf_T7u-nU.roa
Signing time: Wed 14 Jun 2023 10:29:03 +0000
ROA not before: Wed 14 Jun 2023 10:29:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8851
IP address blocks: 89.213.64.0/18 maxlen: 24
37.252.24.0/21 maxlen: 24
80.240.80.0/20 maxlen: 20
77.107.64.0/18 maxlen: 24
213.210.0.0/18 maxlen: 24
85.159.128.0/21 maxlen: 24
212.38.64.0/19 maxlen: 24
37.98.144.0/21 maxlen: 24
37.98.144.0/22 maxlen: 24
109.176.0.0/16 maxlen: 16
89.213.48.0/20 maxlen: 24
213.218.208.0/20 maxlen: 24
89.31.232.0/21 maxlen: 24
79.99.72.0/21 maxlen: 24
185.20.32.0/22 maxlen: 24
185.20.34.0/24 maxlen: 24
185.20.35.0/24 maxlen: 24
213.218.224.0/19 maxlen: 24
81.168.0.0/17 maxlen: 17
89.213.128.0/17 maxlen: 24
82.163.0.0/19 maxlen: 24
217.144.144.0/20 maxlen: 24
217.145.64.0/20 maxlen: 24
185.49.124.0/22 maxlen: 24
185.24.84.0/22 maxlen: 24
89.213.0.0/21 maxlen: 24
213.130.128.0/19 maxlen: 24
194.105.64.0/19 maxlen: 24
81.5.128.0/18 maxlen: 18
82.152.0.0/15 maxlen: 15
195.128.138.0/24 maxlen: 24
213.152.32.0/19 maxlen: 19
2a02:21f8::/32 maxlen: 32
2a00:c60::/32 maxlen: 32
2001:1a90::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:b9:73:a2:fe:a5:73:cf:c4:f0:16:d4:18:df:a2:d9:03
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3fd30d8a7e12fc7bf62e0c121e7cc226dea53b9b
Validity
Not Before: Jun 14 10:29:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=ffd7216bd94f1ff829856cde99e4dffd3eeefa75
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:e5:2d:a9:84:1e:8c:e8:3c:17:a0:90:65:a6:bf:
94:0d:9b:6e:53:9d:18:4b:ed:0d:4e:15:e1:ab:9c:
eb:e2:36:14:8f:27:2d:bb:81:3f:bb:9c:27:ac:16:
3d:d4:8d:61:54:4b:48:04:83:f3:ef:13:33:df:63:
2d:ec:3b:fa:e4:19:6b:04:ff:69:75:4f:cb:31:86:
1b:b9:a2:df:f7:78:17:b9:9e:f8:2c:e4:5f:c8:56:
9f:5a:c3:1e:19:76:00:2b:17:8e:4e:6b:40:ac:e3:
ae:ba:e8:18:e2:70:f5:70:f9:d3:88:60:9d:fb:04:
81:d3:f2:69:88:c2:1b:40:5f:46:c4:c0:43:2e:48:
2a:fc:e6:73:2b:61:63:b6:2b:ef:45:37:97:66:cb:
9e:ea:ee:25:1a:4a:68:2e:a8:ea:39:ac:33:c2:92:
48:14:71:6b:b3:c6:36:e7:9d:d7:61:d5:34:52:01:
f4:f3:0f:68:97:b1:35:4c:fa:4e:2a:d8:29:81:cd:
87:3f:16:f9:2e:93:5b:37:72:a5:32:d3:65:69:20:
cc:41:d9:86:e2:d8:25:81:62:1b:66:50:fa:4c:f5:
40:ca:de:1f:ba:11:ac:f5:6b:f2:27:9e:58:7e:02:
50:ee:9a:42:77:e5:bd:24:05:42:2d:54:d4:fd:7e:
51:a7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
FF:D7:21:6B:D9:4F:1F:F8:29:85:6C:DE:99:E4:DF:FD:3E:EE:FA:75
X509v3 Authority Key Identifier:
keyid:3F:D3:0D:8A:7E:12:FC:7B:F6:2E:0C:12:1E:7C:C2:26:DE:A5:3B:9B
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/P9MNin4S_Hv2LgwSHnzCJt6lO5s.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/_9cha9lPH_gphWzemeTf_T7u-nU.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/49dc00-97e2-4628-ae39-41228e39ff7c/1/P9MNin4S_Hv2LgwSHnzCJt6lO5s.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.98.144.0/21
37.252.24.0/21
77.107.64.0/18
79.99.72.0/21
80.240.80.0/20
81.5.128.0/18
81.168.0.0/17
82.152.0.0/15
82.163.0.0/19
85.159.128.0/21
89.31.232.0/21
89.213.0.0/21
89.213.48.0-89.213.255.255
109.176.0.0/16
185.20.32.0/22
185.24.84.0/22
185.49.124.0/22
194.105.64.0/19
195.128.138.0/24
212.38.64.0/19
213.130.128.0/19
213.152.32.0/19
213.210.0.0/18
213.218.208.0-213.218.255.255
217.144.144.0/20
217.145.64.0/20
IPv6:
2001:1a90::/32
2a00:c60::/32
2a02:21f8::/32
Signature Algorithm: sha256WithRSAEncryption
a2:f1:0f:c2:c9:17:8c:3e:b0:fd:cc:13:b0:c3:c9:9a:09:cd:
b8:e8:b5:a7:17:e6:8a:0a:c3:14:22:76:a0:e1:97:4b:07:9e:
ab:de:53:bb:c8:23:6a:86:89:a5:41:06:26:30:77:1c:3f:df:
a5:41:24:a3:b5:00:59:63:26:c2:8d:d8:19:e7:12:24:5d:e4:
35:81:1b:1d:95:46:a5:f7:11:89:b4:15:5e:84:66:07:50:eb:
fa:5d:3b:90:d5:b5:c0:0a:fa:56:9f:13:98:04:84:0a:a5:39:
c1:3b:4f:44:17:c0:a8:d4:ad:52:4a:5c:65:78:dd:02:bf:29:
e6:69:8e:74:ef:99:1d:02:df:4d:d4:b3:eb:59:03:4d:6e:2c:
00:06:1c:c0:06:73:c7:5e:48:01:99:3c:11:96:b6:d8:4b:f2:
6b:09:a2:87:9f:6a:f4:70:49:63:8b:de:91:31:42:47:70:60:
e5:50:8e:69:33:24:e0:0d:ab:0e:c9:bf:50:4d:ed:9e:42:15:
2d:2a:48:3b:a0:38:f8:cd:c6:d6:50:42:d8:a4:e5:f9:75:1a:
3f:7f:e6:3a:cb:be:b6:c7:b5:cd:8c:7a:0a:5c:63:4c:2f:8d:
bd:cb:64:90:f3:a7:f6:ce:e8:de:f7:3b:3d:4e:39:a2:50:bc:
fb:dd:53:b9
-----BEGIN CERTIFICATE-----
MIIFwTCCBKmgAwIBAgISAYi5c6L+pXPPxPAW1BjfotkDMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmZDMwZDhhN2UxMmZjN2JmNjJlMGMxMjFlN2NjMjI2ZGVh
NTNiOWIwHhcNMjMwNjE0MTAyOTAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmZmQ3MjE2YmQ5NGYxZmY4Mjk4NTZjZGU5OWU0ZGZmZDNlZWVmYTc1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5S2phB6M6DwXoJBlpr+UDZtuU50Y
S+0NThXhq5zr4jYUjyctu4E/u5wnrBY91I1hVEtIBIPz7xMz32Mt7Dv65BlrBP9p
dU/LMYYbuaLf93gXuZ74LORfyFafWsMeGXYAKxeOTmtArOOuuugY4nD1cPnTiGCd
+wSB0/JpiMIbQF9GxMBDLkgq/OZzK2FjtivvRTeXZsue6u4lGkpoLqjqOawzwpJI
FHFrs8Y2553XYdU0UgH08w9ol7E1TPpOKtgpgc2HPxb5LpNbN3KlMtNlaSDMQdmG
4tglgWIbZlD6TPVAyt4fuhGs9WvyJ55YfgJQ7ppCd+W9JAVCLVTU/X5RpwIDAQAB
o4ICzTCCAskwHQYDVR0OBBYEFP/XIWvZTx/4KYVs3pnk3/0+7vp1MB8GA1UdIwQY
MBaAFD/TDYp+Evx79i4MEh58wibepTubMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzkt
NDEyMjhlMzlmZjdjLzEvXzljaGE5bFBIX2dwaFd6ZW1lVGZfVDd1LW5VLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS80OWRjMDAtOTdlMi00NjI4LWFlMzktNDEyMjhlMzlmZjdj
LzEvUDlNTmluNFNfSHYyTGd3U0huekNKdDZsTzVzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHiBggrBgEFBQcBBwEB/wSB0jCBzzCBrwQCAAEwgagDBAMl
YpADBAMl/BgDBAZNa0ADBANPY0gDBARQ8FADBAZRBYADBAdRqAADAwFSmAMEBVKj
AAMEA1WfgAMEA1kf6AMEA1nVADALAwQEWdUwAwMBWdQDAwBtsAMEArkUIAMEArkY
VAMEArkxfAMEBcJpQAMEAMOAigMEBdQmQAMEBdWCgAMEBdWYIAMEBtXSADALAwQE
1drQAwMA1doDBATZkJADBATZkUAwGwQCAAIwFQMFACABGpADBQAqAAxgAwUAKgIh
+DANBgkqhkiG9w0BAQsFAAOCAQEAovEPwskXjD6w/cwTsMPJmgnNuOi1pxfmigrD
FCJ2oOGXSweeq95Tu8gjaoaJpUEGJjB3HD/fpUEko7UAWWMmwo3YGecSJF3kNYEb
HZVGpfcRibQVXoRmB1Dr+l07kNW1wAr6Vp8TmASECqU5wTtPRBfAqNStUkpcZXjd
Ar8p5mmOdO+ZHQLfTdSz61kDTW4sAAYcwAZzx15IAZk8EZa22Evyawmih59q9HBJ
Y4vekTFCR3Bg5VCOaTMk4A2rDsm/UE3tnkIVLSpIO6A4+M3G1lBC2KTl+XUaP3/m
Osu+tse1zYx6ClxjTC+NvctkkPOn9s7o3vc7PU45olC8+91TuQ==
-----END CERTIFICATE-----
Generated at Tue Apr 29 21:07:16 2025 by rpki-client