Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/c8010e-3289-4a36-a2b8-12b2bc58053a/1/GibYYivh6HGn8SzCXviaDDyl9u4.roa
File: GibYYivh6HGn8SzCXviaDDyl9u4.roa (raw, json)
Hash identifier: AZ3C7vC8H+VU3wQXQfg+9lYTI+wZ0IqGEb8hczVPH5k=
Subject key identifier: 1A:26:D8:62:2B:E1:E8:71:A7:F1:2C:C2:5E:F8:9A:0C:3C:A5:F6:EE
Certificate issuer: /CN=dba12207af4d186c44da2533c0b8f1fd1f55d8db
Certificate serial: 019426D96242F16351E603E87DA35AC98409
Authority key identifier: DB:A1:22:07:AF:4D:18:6C:44:DA:25:33:C0:B8:F1:FD:1F:55:D8:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/26EiB69NGGxE2iUzwLjx_R9V2Ns.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/c8010e-3289-4a36-a2b8-12b2bc58053a/1/GibYYivh6HGn8SzCXviaDDyl9u4.roa
Signing time: Thu 02 Jan 2025 11:49:27 +0000
ROA not before: Thu 02 Jan 2025 11:49:27 +0000
ROA not after: Wed 01 Jul 2026 00:00:00 +0000
asID: 41960
IP address blocks: 2.56.216.0/22 maxlen: 24
5.183.132.0/22 maxlen: 24
37.148.184.0/21 maxlen: 24
45.10.124.0/22 maxlen: 24
45.95.252.0/22 maxlen: 24
45.140.156.0/22 maxlen: 24
45.151.116.0/22 maxlen: 24
77.73.224.0/21 maxlen: 24
85.184.8.0/21 maxlen: 24
91.211.160.0/22 maxlen: 24
91.216.34.0/24 maxlen: 24
93.188.64.0/22 maxlen: 24
171.22.176.0/22 maxlen: 24
185.116.12.0/22 maxlen: 24
185.234.152.0/23 maxlen: 24
185.234.154.0/24 maxlen: 24
185.239.168.0/23 maxlen: 24
185.239.170.0/24 maxlen: 24
185.249.136.0/22 maxlen: 24
185.251.152.0/22 maxlen: 24
185.253.48.0/22 maxlen: 24
193.105.183.0/24 maxlen: 24
194.61.84.0/24 maxlen: 24
194.61.86.0/24 maxlen: 24
195.184.86.0/23 maxlen: 24
195.184.90.0/23 maxlen: 24
195.238.86.0/23 maxlen: 24
212.19.192.0/19 maxlen: 19
212.26.192.0/19 maxlen: 19
212.57.48.0/20 maxlen: 24
213.156.0.0/20 maxlen: 24
213.173.56.0/22 maxlen: 22
217.8.96.0/20 maxlen: 20
2001:6e0::/32 maxlen: 32
2a02:690::/29 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:94:26:d9:62:42:f1:63:51:e6:03:e8:7d:a3:5a:c9:84:09
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dba12207af4d186c44da2533c0b8f1fd1f55d8db
Validity
Not Before: Jan 2 11:49:27 2025 GMT
Not After : Jul 1 00:00:00 2026 GMT
Subject: CN=1a26d8622be1e871a7f12cc25ef89a0c3ca5f6ee
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b8:dc:c7:83:14:9d:ca:c2:6e:f5:55:85:a5:53:
fd:4f:c5:83:44:4c:90:50:b3:a8:2f:fa:04:30:98:
b1:4c:a1:82:0c:66:11:6e:a6:6a:60:89:24:fa:44:
a6:b2:95:ec:38:e3:88:ed:7f:c5:fc:8f:56:0b:06:
93:66:b6:ad:e3:b4:30:5c:73:a5:5f:f6:4f:a5:ce:
a9:45:e9:f9:de:6e:2c:63:6e:42:c8:fd:4f:86:74:
34:42:c9:37:1c:8b:99:09:0b:d9:0b:bf:b9:3b:58:
da:3b:98:07:06:b2:60:cc:3b:33:da:7e:2e:ae:e8:
75:eb:87:24:f9:63:59:5d:21:60:39:32:a8:20:99:
f0:b3:62:6d:9e:4b:05:af:16:90:d8:7a:ff:de:3b:
05:a0:f1:ac:64:2a:44:c3:08:a4:f9:80:ff:c6:ce:
ec:6a:0e:76:ed:8e:9c:fa:ce:9c:8f:fe:b5:ed:1d:
a7:66:89:74:66:6f:8d:68:f4:99:33:51:1d:e3:7e:
5f:03:e2:bc:76:26:af:3f:2a:89:1a:b0:52:2a:99:
7b:05:2c:55:13:d3:4c:1e:8d:70:5d:f6:4e:93:48:
1a:cc:19:06:b5:d7:92:23:4d:0c:23:2e:69:2c:86:
25:2d:bd:d1:20:11:73:e8:93:9b:6b:ff:d1:76:a0:
5d:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1A:26:D8:62:2B:E1:E8:71:A7:F1:2C:C2:5E:F8:9A:0C:3C:A5:F6:EE
X509v3 Authority Key Identifier:
keyid:DB:A1:22:07:AF:4D:18:6C:44:DA:25:33:C0:B8:F1:FD:1F:55:D8:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/26EiB69NGGxE2iUzwLjx_R9V2Ns.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/c8010e-3289-4a36-a2b8-12b2bc58053a/1/GibYYivh6HGn8SzCXviaDDyl9u4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/c8010e-3289-4a36-a2b8-12b2bc58053a/1/26EiB69NGGxE2iUzwLjx_R9V2Ns.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.216.0/22
5.183.132.0/22
37.148.184.0/21
45.10.124.0/22
45.95.252.0/22
45.140.156.0/22
45.151.116.0/22
77.73.224.0/21
85.184.8.0/21
91.211.160.0/22
91.216.34.0/24
93.188.64.0/22
171.22.176.0/22
185.116.12.0/22
185.234.152.0-185.234.154.255
185.239.168.0-185.239.170.255
185.249.136.0/22
185.251.152.0/22
185.253.48.0/22
193.105.183.0/24
194.61.84.0/24
194.61.86.0/24
195.184.86.0/23
195.184.90.0/23
195.238.86.0/23
212.19.192.0/19
212.26.192.0/19
212.57.48.0/20
213.156.0.0/20
213.173.56.0/22
217.8.96.0/20
IPv6:
2001:6e0::/32
2a02:690::/29
Signature Algorithm: sha256WithRSAEncryption
c2:42:97:7e:4f:d9:3e:5a:ca:1d:d1:a4:06:b2:48:91:7b:9f:
36:d5:f2:b1:70:93:12:23:35:f2:35:48:9e:c7:69:d8:53:8f:
bd:a4:83:54:a1:e0:91:da:aa:74:55:f8:ac:5e:46:60:ab:e4:
94:fe:b3:ba:34:76:84:fb:3d:f3:4a:51:45:8b:64:39:5e:d7:
14:71:76:33:24:3d:96:6f:1a:36:91:16:be:58:b8:a8:fc:b4:
2e:78:aa:32:cf:da:dd:22:b0:a7:d5:4e:0d:1a:47:d0:db:6b:
33:19:be:1b:b1:bb:eb:67:5d:73:bb:36:e4:77:80:d9:f5:f6:
a2:b4:d5:e9:b3:97:ba:02:22:b3:42:e3:4d:3f:a7:57:10:fc:
b2:49:2e:6f:7e:5b:c7:1b:07:88:68:03:6a:0c:6e:c7:e9:04:
5e:e5:0d:4e:15:82:29:66:34:20:1a:e7:4d:96:6d:3c:66:6c:
3f:2f:2d:2f:01:10:2b:67:58:d2:12:5c:fa:c8:30:c3:ca:71:
9d:e3:b0:91:95:5f:c4:32:b6:1d:f3:bd:db:40:47:a6:5d:64:
99:49:24:7b:49:8d:51:6e:df:cd:1d:ea:79:6f:f3:bb:ca:8a:
2e:74:59:58:42:31:e9:6f:97:d8:16:ca:8b:29:a0:9b:e6:66:
e1:b9:f7:78
-----BEGIN CERTIFICATE-----
MIIF3DCCBMSgAwIBAgISAZQm2WJC8WNR5gPofaNayYQJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYTEyMjA3YWY0ZDE4NmM0NGRhMjUzM2MwYjhmMWZkMWY1
NWQ4ZGIwHhcNMjUwMTAyMTE0OTI3WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYTI2ZDg2MjJiZTFlODcxYTdmMTJjYzI1ZWY4OWEwYzNjYTVmNmVlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuNzHgxSdysJu9VWFpVP9T8WDREyQ
ULOoL/oEMJixTKGCDGYRbqZqYIkk+kSmspXsOOOI7X/F/I9WCwaTZrat47QwXHOl
X/ZPpc6pRen53m4sY25CyP1PhnQ0Qsk3HIuZCQvZC7+5O1jaO5gHBrJgzDsz2n4u
ruh164ck+WNZXSFgOTKoIJnws2JtnksFrxaQ2Hr/3jsFoPGsZCpEwwik+YD/xs7s
ag527Y6c+s6cj/617R2nZol0Zm+NaPSZM1Ed435fA+K8diavPyqJGrBSKpl7BSxV
E9NMHo1wXfZOk0gazBkGtdeSI00MIy5pLIYlLb3RIBFz6JOba//RdqBdXQIDAQAB
o4IC6DCCAuQwHQYDVR0OBBYEFBom2GIr4ehxp/Eswl74mgw8pfbuMB8GA1UdIwQY
MBaAFNuhIgevTRhsRNolM8C48f0fVdjbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjZFaUI2OU5HR3hFMmlVendManhfUjlWMk5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9jODAxMGUtMzI4OS00YTM2LWEyYjgt
MTJiMmJjNTgwNTNhLzEvR2liWVlpdmg2SEduOFN6Q1h2aWFERHlsOXU0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9jODAxMGUtMzI4OS00YTM2LWEyYjgtMTJiMmJjNTgwNTNh
LzEvMjZFaUI2OU5HR3hFMmlVendManhfUjlWMk5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH9BggrBgEFBQcBBwEB/wSB7TCB6jCB0QQCAAEwgcoDBAIC
ONgDBAIFt4QDBAMllLgDBAItCnwDBAItX/wDBAItjJwDBAItl3QDBANNSeADBANV
uAgDBAJb06ADBABb2CIDBAJdvEADBAKrFrADBAK5dAwwDAMEA7nqmAMEALnqmjAM
AwQDue+oAwQAue+qAwQCufmIAwQCufuYAwQCuf0wAwQAwWm3AwQAwj1UAwQAwj1W
AwQBw7hWAwQBw7haAwQBw+5WAwQF1BPAAwQF1BrAAwQE1DkwAwQE1ZwAAwQC1a04
AwQE2QhgMBQEAgACMA4DBQAgAQbgAwUDKgIGkDANBgkqhkiG9w0BAQsFAAOCAQEA
wkKXfk/ZPlrKHdGkBrJIkXufNtXysXCTEiM18jVInsdp2FOPvaSDVKHgkdqqdFX4
rF5GYKvklP6zujR2hPs980pRRYtkOV7XFHF2MyQ9lm8aNpEWvli4qPy0LniqMs/a
3SKwp9VODRpH0NtrMxm+G7G762ddc7s25HeA2fX2orTV6bOXugIis0LjTT+nVxD8
skkub35bxxsHiGgDagxux+kEXuUNThWCKWY0IBrnTZZtPGZsPy8tLwEQK2dY0hJc
+sgww8pxneOwkZVfxDK2HfO920BHpl1kmUkke0mNUW7fzR3qeW/zu8qKLnRZWEIx
6W+X2BbKiymgm+Zm4bn3eA==
-----END CERTIFICATE-----
Generated at Wed Apr 30 05:46:26 2025 by rpki-client