Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/tyijOp4_BS8o1EOgDBs0Rmg4FdI.roa
File: tyijOp4_BS8o1EOgDBs0Rmg4FdI.roa (raw, json)
Hash identifier: vwlrITxAQrzUDNOHOsmLZS3GDKWjyAnVlGXm71arkp8=
Subject key identifier: B7:28:A3:3A:9E:3F:05:2F:28:D4:43:A0:0C:1B:34:46:68:38:15:D2
Certificate issuer: /CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Certificate serial: 018FCC959D0C66E2B48B8D68D1C906F84754
Authority key identifier: D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/tyijOp4_BS8o1EOgDBs0Rmg4FdI.roa
Signing time: Fri 31 May 2024 02:58:28 +0000
ROA not before: Fri 31 May 2024 02:58:28 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200598
IP address blocks: 24.235.22.0/23 maxlen: 24
31.187.92.0/22 maxlen: 24
66.9.96.0/20 maxlen: 24
66.117.8.0/22 maxlen: 24
69.72.72.0/22 maxlen: 24
74.124.204.0/22 maxlen: 24
77.223.192.0/21 maxlen: 24
77.223.200.0/23 maxlen: 24
79.110.184.0/22 maxlen: 24
79.139.64.0/23 maxlen: 24
83.142.200.0/21 maxlen: 24
85.204.28.0/23 maxlen: 24
86.106.28.0/23 maxlen: 24
89.20.50.0/23 maxlen: 24
89.37.60.0/23 maxlen: 24
89.39.184.0/23 maxlen: 24
89.40.236.0/23 maxlen: 24
91.210.80.0/22 maxlen: 24
91.217.106.0/23 maxlen: 24
95.215.144.0/22 maxlen: 24
121.127.48.0/20 maxlen: 24
128.0.60.0/22 maxlen: 24
134.199.80.0/20 maxlen: 24
141.193.108.0/22 maxlen: 24
141.193.214.0/23 maxlen: 24
158.247.56.0/22 maxlen: 24
162.216.138.0/23 maxlen: 24
162.250.216.0/22 maxlen: 24
168.149.248.0/23 maxlen: 24
173.214.200.0/22 maxlen: 24
176.111.54.0/23 maxlen: 24
176.222.48.0/22 maxlen: 24
178.216.184.0/21 maxlen: 24
188.215.12.0/22 maxlen: 24
193.91.8.0/23 maxlen: 24
194.149.76.0/22 maxlen: 24
195.78.90.0/23 maxlen: 24
198.14.16.0/20 maxlen: 24
198.145.112.0/22 maxlen: 24
199.48.230.0/23 maxlen: 24
204.15.4.0/22 maxlen: 24
205.134.244.0/22 maxlen: 24
205.220.216.0/23 maxlen: 24
217.144.108.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8f:cc:95:9d:0c:66:e2:b4:8b:8d:68:d1:c9:06:f8:47:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=d48a27f44b10404c52f6ffc4e08dc82bf8b5dee4
Validity
Not Before: May 31 02:58:28 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b728a33a9e3f052f28d443a00c1b3446683815d2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ae:02:85:bf:72:bf:7f:23:50:aa:6f:50:4b:ff:
d1:46:01:d9:09:12:ee:83:59:ad:c2:be:b4:6f:9a:
52:3c:8b:ba:08:7a:08:2f:4b:68:7f:5b:0f:97:13:
12:c3:02:4b:1c:8e:8a:91:4c:5d:07:83:60:23:b5:
1c:cc:66:39:f0:5b:38:d4:e5:e4:2d:50:33:5a:24:
ff:03:62:4f:2b:5e:1a:82:21:7a:eb:fb:ad:a3:07:
61:24:cf:36:13:63:94:df:4c:28:7d:93:de:9b:fb:
8e:ca:cb:b7:b1:5f:44:81:42:45:f7:4e:94:2c:4b:
9b:b3:ef:64:c0:b7:a4:c7:1e:49:a4:8b:cb:4b:9a:
7c:fe:75:df:85:a7:5e:f3:0e:d4:11:85:9c:2a:4d:
3d:5c:1f:43:54:e1:5f:22:11:df:35:c3:ff:5a:ac:
b7:ee:2d:66:6f:bd:65:cf:e1:62:24:08:56:23:09:
87:26:0d:2c:42:1e:c5:8f:27:f4:6d:8b:30:1c:cf:
d2:04:45:54:be:c5:12:2e:99:d0:ce:cd:d3:9c:e2:
4d:35:18:d4:6b:ce:3c:ec:33:e1:7e:6e:4d:96:b4:
cf:92:93:3b:3a:d0:24:b8:2e:d9:cb:c1:98:15:bf:
77:4b:e2:1d:19:03:90:fb:e7:a9:f9:b9:1a:3c:10:
39:e3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:28:A3:3A:9E:3F:05:2F:28:D4:43:A0:0C:1B:34:46:68:38:15:D2
X509v3 Authority Key Identifier:
keyid:D4:8A:27:F4:4B:10:40:4C:52:F6:FF:C4:E0:8D:C8:2B:F8:B5:DE:E4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/1Ion9EsQQExS9v_E4I3IK_i13uQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/tyijOp4_BS8o1EOgDBs0Rmg4FdI.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b9/4bb5a7-346c-4195-9d0f-59f5984b64ea/1/1Ion9EsQQExS9v_E4I3IK_i13uQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
24.235.22.0/23
31.187.92.0/22
66.9.96.0/20
66.117.8.0/22
69.72.72.0/22
74.124.204.0/22
77.223.192.0-77.223.201.255
79.110.184.0/22
79.139.64.0/23
83.142.200.0/21
85.204.28.0/23
86.106.28.0/23
89.20.50.0/23
89.37.60.0/23
89.39.184.0/23
89.40.236.0/23
91.210.80.0/22
91.217.106.0/23
95.215.144.0/22
121.127.48.0/20
128.0.60.0/22
134.199.80.0/20
141.193.108.0/22
141.193.214.0/23
158.247.56.0/22
162.216.138.0/23
162.250.216.0/22
168.149.248.0/23
173.214.200.0/22
176.111.54.0/23
176.222.48.0/22
178.216.184.0/21
188.215.12.0/22
193.91.8.0/23
194.149.76.0/22
195.78.90.0/23
198.14.16.0/20
198.145.112.0/22
199.48.230.0/23
204.15.4.0/22
205.134.244.0/22
205.220.216.0/23
217.144.108.0/22
Signature Algorithm: sha256WithRSAEncryption
26:4c:90:d7:7a:87:05:2d:35:26:88:d5:d3:8a:f9:94:7c:ec:
85:db:3d:b6:43:85:c2:a9:40:b6:2a:92:39:14:4a:c2:4d:b0:
a6:97:08:76:14:1b:da:fe:c7:9c:46:60:73:26:69:34:9a:e6:
f3:74:2b:3f:d8:a7:b8:b2:63:9a:15:6d:77:b5:6e:5c:ec:a5:
7d:48:88:56:18:dd:68:98:36:4d:38:18:70:8e:b9:8b:ad:23:
5f:be:b8:62:6d:c8:c6:f9:a8:0c:88:41:7b:ca:f1:28:a0:04:
b1:bb:34:d1:bf:d0:05:ef:b2:96:db:f3:2d:65:c4:ab:1f:38:
03:85:e5:3c:0a:d5:00:f7:8d:ea:03:f4:89:a3:40:a6:29:c2:
a4:76:06:88:f7:0e:bf:0e:0b:9d:bf:11:7d:f8:3e:7b:5b:01:
eb:a1:2d:69:31:9c:89:ca:14:e5:bf:cc:22:e8:45:e3:ed:9e:
c7:e4:fd:48:54:05:a6:d5:5f:8d:ce:9f:21:38:81:a3:e6:df:
4d:70:71:a8:c7:21:84:45:2e:b6:ea:f1:8a:0e:3e:08:e6:1b:
83:11:17:b8:a0:d6:43:ac:f0:77:7f:ee:ff:99:58:45:02:08:
7c:ac:fb:66:7d:90:66:92:3e:88:c1:3e:1e:d4:4e:cc:d7:73:
4d:e7:d4:b5
-----BEGIN CERTIFICATE-----
MIIGCzCCBPOgAwIBAgISAY/MlZ0MZuK0i41o0ckG+EdUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQ0OGEyN2Y0NGIxMDQwNGM1MmY2ZmZjNGUwOGRjODJiZjhi
NWRlZTQwHhcNMjQwNTMxMDI1ODI4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzI4YTMzYTllM2YwNTJmMjhkNDQzYTAwYzFiMzQ0NjY4MzgxNWQyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArgKFv3K/fyNQqm9QS//RRgHZCRLu
g1mtwr60b5pSPIu6CHoIL0tof1sPlxMSwwJLHI6KkUxdB4NgI7UczGY58Fs41OXk
LVAzWiT/A2JPK14agiF66/utowdhJM82E2OU30wofZPem/uOysu3sV9EgUJF906U
LEubs+9kwLekxx5JpIvLS5p8/nXfhade8w7UEYWcKk09XB9DVOFfIhHfNcP/Wqy3
7i1mb71lz+FiJAhWIwmHJg0sQh7Fjyf0bYswHM/SBEVUvsUSLpnQzs3TnOJNNRjU
a8487DPhfm5NlrTPkpM7OtAkuC7Zy8GYFb93S+IdGQOQ++ep+bkaPBA54wIDAQAB
o4IDFzCCAxMwHQYDVR0OBBYEFLcoozqePwUvKNRDoAwbNEZoOBXSMB8GA1UdIwQY
MBaAFNSKJ/RLEEBMUvb/xOCNyCv4td7kMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYt
NTlmNTk4NGI2NGVhLzEvdHlpak9wNF9CUzhvMUVPZ0RCczBSbWc0RmRJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOS80YmI1YTctMzQ2Yy00MTk1LTlkMGYtNTlmNTk4NGI2NGVh
LzEvMUlvbjlFc1FRRXhTOXZfRTRJM0lLX2kxM3VRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBKwYIKwYBBQUHAQcBAf8EggEaMIIBFjCCARIEAgABMIIB
CgMEARjrFgMEAh+7XAMEBEIJYAMEAkJ1CAMEAkVISAMEAkp8zDAMAwQGTd/AAwQB
Td/IAwQCT264AwQBT4tAAwQDU47IAwQBVcwcAwQBVmocAwQBWRQyAwQBWSU8AwQB
WSe4AwQBWSjsAwQCW9JQAwQBW9lqAwQCX9eQAwQEeX8wAwQCgAA8AwQEhsdQAwQC
jcFsAwQBjcHWAwQCnvc4AwQBotiKAwQCovrYAwQBqJX4AwQCrdbIAwQBsG82AwQC
sN4wAwQDsti4AwQCvNcMAwQBwVsIAwQCwpVMAwQBw05aAwQExg4QAwQCxpFwAwQB
xzDmAwQCzA8EAwQCzYb0AwQBzdzYAwQC2ZBsMA0GCSqGSIb3DQEBCwUAA4IBAQAm
TJDXeocFLTUmiNXTivmUfOyF2z22Q4XCqUC2KpI5FErCTbCmlwh2FBva/secRmBz
Jmk0mubzdCs/2Ke4smOaFW13tW5c7KV9SIhWGN1omDZNOBhwjrmLrSNfvrhibcjG
+agMiEF7yvEooASxuzTRv9AF77KW2/MtZcSrHzgDheU8CtUA943qA/SJo0CmKcKk
dgaI9w6/DgudvxF9+D57WwHroS1pMZyJyhTlv8wi6EXj7Z7H5P1IVAWm1V+Nzp8h
OIGj5t9NcHGoxyGERS626vGKDj4I5huDERe4oNZDrPB3f+7/mVhFAgh8rPtmfZBm
kj6IwT4e1E7M13NN59S1
-----END CERTIFICATE-----
Generated at Mon Apr 28 07:44:01 2025 by rpki-client