Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/22/3879dd-ef95-45e6-8767-e681ebba4a4a/1/OGqMzbbsdpkIefl5-AzSsaOJeYs.roa
File: OGqMzbbsdpkIefl5-AzSsaOJeYs.roa (raw, json)
Hash identifier: +TcxqZgBxjRidEhEwz/MBEAeXwhwvBnNTx/sYmaX0X0=
Subject key identifier: 38:6A:8C:CD:B6:EC:76:99:08:79:F9:79:F8:0C:D2:B1:A3:89:79:8B
Certificate issuer: /CN=40d933e82474650c6aa3e9cbf0574d27286592e7
Certificate serial: 01862C2F19D5EE1287707B0092007686E8B8
Authority key identifier: 40:D9:33:E8:24:74:65:0C:6A:A3:E9:CB:F0:57:4D:27:28:65:92:E7
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/QNkz6CR0ZQxqo-nL8FdNJyhlkuc.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/22/3879dd-ef95-45e6-8767-e681ebba4a4a/1/OGqMzbbsdpkIefl5-AzSsaOJeYs.roa
Signing time: Tue 07 Feb 2023 14:02:09 +0000
ROA not before: Tue 07 Feb 2023 14:02:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 207044
IP address blocks: 94.156.228.0/22 maxlen: 24
94.156.28.0/22 maxlen: 24
91.92.28.0/22 maxlen: 24
88.151.24.0/21 maxlen: 24
109.106.120.0/23 maxlen: 23
109.106.120.0/22 maxlen: 22
94.156.204.0/22 maxlen: 24
213.133.64.0/21 maxlen: 24
185.167.196.0/22 maxlen: 24
89.184.60.0/22 maxlen: 24
46.183.108.0/22 maxlen: 24
87.121.252.0/22 maxlen: 24
37.128.192.0/21 maxlen: 24
94.156.148.0/22 maxlen: 24
87.120.240.0/22 maxlen: 24
89.184.36.0/22 maxlen: 24
87.120.248.0/22 maxlen: 24
87.120.48.0/21 maxlen: 24
2a0b:ae00::/29 maxlen: 29
2a0b:ae00:1800::/38 maxlen: 38
2a0b:ae00:1400::/38 maxlen: 38
2a0b:ae00:1000::/38 maxlen: 38
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:2c:2f:19:d5:ee:12:87:70:7b:00:92:00:76:86:e8:b8
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=40d933e82474650c6aa3e9cbf0574d27286592e7
Validity
Not Before: Feb 7 14:02:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=386a8ccdb6ec76990879f979f80cd2b1a389798b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:33:ee:b6:45:b6:19:07:82:8e:93:27:76:5d:
e5:6e:51:6c:a0:8a:d8:a2:a9:bf:85:7e:48:3e:55:
c1:ad:e0:ec:3f:e9:db:ff:01:79:85:e9:f3:bc:37:
96:98:42:e1:15:b2:b5:cf:f8:1a:85:d6:2e:16:5c:
3f:63:c6:7f:21:76:99:2b:07:3c:11:0f:01:96:53:
48:d8:63:33:ad:52:83:8c:95:68:74:af:96:99:75:
a9:6d:9c:28:6f:ac:93:8b:a6:84:7e:2b:65:46:74:
42:be:05:3e:28:51:a3:62:98:d1:f9:9f:0f:6d:79:
14:24:c6:f1:bc:cc:2c:8e:a6:d5:9d:b7:9c:ca:72:
90:36:0d:bc:03:7f:14:d1:f6:28:74:e4:8c:0f:7d:
ed:09:31:65:16:63:e6:65:2b:59:ad:b9:70:36:ad:
94:36:68:bd:0b:e8:2a:75:81:36:d6:40:68:11:35:
91:7a:9e:0e:bb:04:3d:42:57:d2:f5:13:d1:f8:7c:
d4:b6:d9:42:ff:0d:86:82:21:76:aa:1d:11:57:a8:
9c:38:9f:8d:08:2f:82:9c:c5:9d:0c:b8:e2:5b:8e:
52:e9:c3:09:f9:68:85:00:b8:42:19:32:cc:41:97:
08:c2:9d:2e:fa:66:3d:66:af:64:6f:17:d2:86:34:
cc:ef
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:6A:8C:CD:B6:EC:76:99:08:79:F9:79:F8:0C:D2:B1:A3:89:79:8B
X509v3 Authority Key Identifier:
keyid:40:D9:33:E8:24:74:65:0C:6A:A3:E9:CB:F0:57:4D:27:28:65:92:E7
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/QNkz6CR0ZQxqo-nL8FdNJyhlkuc.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/22/3879dd-ef95-45e6-8767-e681ebba4a4a/1/OGqMzbbsdpkIefl5-AzSsaOJeYs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/22/3879dd-ef95-45e6-8767-e681ebba4a4a/1/QNkz6CR0ZQxqo-nL8FdNJyhlkuc.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.128.192.0/21
46.183.108.0/22
87.120.48.0/21
87.120.240.0/22
87.120.248.0/22
87.121.252.0/22
88.151.24.0/21
89.184.36.0/22
89.184.60.0/22
91.92.28.0/22
94.156.28.0/22
94.156.148.0/22
94.156.204.0/22
94.156.228.0/22
109.106.120.0/22
185.167.196.0/22
213.133.64.0/21
IPv6:
2a0b:ae00::/29
Signature Algorithm: sha256WithRSAEncryption
66:1a:88:ce:6d:89:7b:d6:06:23:f8:f1:7c:2f:61:8b:66:7b:
cb:96:c4:52:0e:b3:86:f9:d7:57:0f:4a:85:39:01:46:e8:f6:
e5:36:bc:f3:24:5a:ac:93:85:e3:45:85:6a:3f:72:df:b9:3b:
03:33:04:f5:7a:c1:c7:0f:a3:c0:c7:c1:08:5e:3c:1c:20:70:
94:a7:8a:d0:13:cd:08:77:87:88:9b:57:23:8a:27:83:7c:d1:
84:17:36:8a:57:5d:70:be:c6:98:44:cb:ee:b3:e4:ce:71:c3:
b5:bc:2e:30:9c:c0:0d:1d:99:34:e5:70:96:39:0a:69:b2:e5:
24:0c:70:58:bb:7b:39:be:73:0e:90:be:2f:f3:7f:9b:8f:3d:
5e:3c:34:90:2a:58:99:4e:5a:c0:82:bf:1a:01:6a:38:be:bc:
d7:01:ae:55:bf:19:d1:a1:b9:a2:54:38:6c:f2:4e:36:56:95:
ed:fa:8d:2b:bf:aa:36:07:55:fd:2f:da:2c:b9:d1:3f:fa:c0:
34:0b:51:ab:ad:fd:cd:94:1c:62:ed:f4:12:ce:db:41:f8:50:
4d:3a:d6:b2:af:65:64:ed:69:fe:c0:67:98:fb:94:10:d5:a8:
31:db:be:68:39:2a:61:0f:81:b4:21:f4:d1:ec:b4:3d:68:a6:
d5:e9:aa:1d
-----BEGIN CERTIFICATE-----
MIIFbTCCBFWgAwIBAgISAYYsLxnV7hKHcHsAkgB2hui4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDQwZDkzM2U4MjQ3NDY1MGM2YWEzZTljYmYwNTc0ZDI3Mjg2
NTkyZTcwHhcNMjMwMjA3MTQwMjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzODZhOGNjZGI2ZWM3Njk5MDg3OWY5NzlmODBjZDJiMWEzODk3OThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqTPutkW2GQeCjpMndl3lblFsoIrY
oqm/hX5IPlXBreDsP+nb/wF5henzvDeWmELhFbK1z/gahdYuFlw/Y8Z/IXaZKwc8
EQ8BllNI2GMzrVKDjJVodK+WmXWpbZwob6yTi6aEfitlRnRCvgU+KFGjYpjR+Z8P
bXkUJMbxvMwsjqbVnbecynKQNg28A38U0fYodOSMD33tCTFlFmPmZStZrblwNq2U
Nmi9C+gqdYE21kBoETWRep4OuwQ9QlfS9RPR+HzUttlC/w2GgiF2qh0RV6icOJ+N
CC+CnMWdDLjiW45S6cMJ+WiFALhCGTLMQZcIwp0u+mY9Zq9kbxfShjTM7wIDAQAB
o4ICeTCCAnUwHQYDVR0OBBYEFDhqjM227HaZCHn5efgM0rGjiXmLMB8GA1UdIwQY
MBaAFEDZM+gkdGUMaqPpy/BXTScoZZLnMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUU5rejZDUjBaUXhxby1uTDhGZE5KeWhsa3VjLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yMi8zODc5ZGQtZWY5NS00NWU2LTg3Njct
ZTY4MWViYmE0YTRhLzEvT0dxTXpiYnNkcGtJZWZsNS1BelNzYU9KZVlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yMi8zODc5ZGQtZWY5NS00NWU2LTg3NjctZTY4MWViYmE0YTRh
LzEvUU5rejZDUjBaUXhxby1uTDhGZE5KeWhsa3VjLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGOBggrBgEFBQcBBwEB/wR/MH0wbAQCAAEwZgMEAyWAwAME
Ai63bAMEA1d4MAMEAld48AMEAld4+AMEAld5/AMEA1iXGAMEAlm4JAMEAlm4PAME
AltcHAMEAl6cHAMEAl6clAMEAl6czAMEAl6c5AMEAm1qeAMEArmnxAMEA9WFQDAN
BAIAAjAHAwUDKguuADANBgkqhkiG9w0BAQsFAAOCAQEAZhqIzm2Je9YGI/jxfC9h
i2Z7y5bEUg6zhvnXVw9KhTkBRuj25Ta88yRarJOF40WFaj9y37k7AzME9XrBxw+j
wMfBCF48HCBwlKeK0BPNCHeHiJtXI4ong3zRhBc2ilddcL7GmETL7rPkznHDtbwu
MJzADR2ZNOVwljkKabLlJAxwWLt7Ob5zDpC+L/N/m489Xjw0kCpYmU5awIK/GgFq
OL681wGuVb8Z0aG5olQ4bPJONlaV7fqNK7+qNgdV/S/aLLnRP/rANAtRq639zZQc
Yu30Es7bQfhQTTrWsq9lZO1p/sBnmPuUENWoMdu+aDkqYQ+BtCH00ey0PWim1emq
HQ==
-----END CERTIFICATE-----
Generated at Thu May 15 11:09:08 2025 by rpki-client