Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/5e/eb7835-d364-4e28-9a82-ed9231fbaed1/1/lDohMBDcyw189X-7WtgwcQhrTZM.roa
File: lDohMBDcyw189X-7WtgwcQhrTZM.roa (raw, json)
Hash identifier: S4rB/9cpBlIFY7E9bXoVVjgy1SjsVai3MzYGzkXl0Tw=
Subject key identifier: 94:3A:21:30:10:DC:CB:0D:7C:F5:7F:BB:5A:D8:30:71:08:6B:4D:93
Certificate issuer: /CN=1ae9db29aa9308e1751b03d0d6999bb868805886
Certificate serial: 018CC56E5F20C636F215B9C6569E78EE5D26
Authority key identifier: 1A:E9:DB:29:AA:93:08:E1:75:1B:03:D0:D6:99:9B:B8:68:80:58:86
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/GunbKaqTCOF1GwPQ1pmbuGiAWIY.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/5e/eb7835-d364-4e28-9a82-ed9231fbaed1/1/lDohMBDcyw189X-7WtgwcQhrTZM.roa
Signing time: Mon 01 Jan 2024 14:29:53 +0000
ROA not before: Mon 01 Jan 2024 14:29:53 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 199939
IP address blocks: 87.121.16.0/23 maxlen: 24
87.120.160.0/23 maxlen: 24
89.19.60.0/22 maxlen: 24
141.98.2.0/23 maxlen: 24
185.42.8.0/22 maxlen: 24
185.156.160.0/22 maxlen: 24
45.133.248.0/23 maxlen: 24
212.237.253.0/24 maxlen: 24
45.139.120.0/23 maxlen: 24
2a0d:bb40::/32 maxlen: 48
2a01:5860::/32 maxlen: 48
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c5:6e:5f:20:c6:36:f2:15:b9:c6:56:9e:78:ee:5d:26
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1ae9db29aa9308e1751b03d0d6999bb868805886
Validity
Not Before: Jan 1 14:29:53 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=943a213010dccb0d7cf57fbb5ad83071086b4d93
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b9:1f:e4:53:3b:1a:77:86:48:84:c2:af:de:37:
94:61:14:99:0a:c3:d0:16:25:57:c4:8a:cd:fb:cd:
11:84:31:94:f0:f4:85:5c:f2:fa:64:c1:6c:5c:eb:
9c:46:59:c0:eb:e2:43:c2:25:13:2d:d3:52:de:4e:
3d:4b:1c:30:d4:57:8d:36:29:a7:d2:35:01:33:72:
63:67:49:45:dc:a0:31:a1:1f:ef:98:cd:e0:ac:33:
c9:f6:78:e1:2d:b7:28:42:14:92:1e:81:ae:dc:e0:
ff:ec:49:e8:a6:82:e3:f4:5a:0f:79:74:ff:1d:9b:
3b:ef:56:c0:24:ee:d1:d8:32:2d:1d:e0:fb:a3:2c:
ca:cd:0b:6d:68:15:45:19:76:65:1f:8c:cf:9f:37:
fc:94:36:ed:e4:cb:ef:af:3d:f6:76:9d:b4:d0:b3:
26:5a:89:e0:c2:90:24:3f:d0:5f:4f:71:65:5f:73:
58:be:df:cf:3b:73:7b:0f:55:02:1e:43:02:b3:8e:
35:3f:78:83:ed:51:16:61:86:e9:a9:ca:0d:38:5e:
d2:c3:6d:ae:58:ec:23:d9:d4:ca:83:33:3f:c6:73:
1e:1c:e1:03:78:84:cc:ec:97:e5:87:3a:22:03:5b:
0d:ac:fb:52:ad:dd:3f:85:4b:2e:6e:70:7f:eb:af:
fb:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
94:3A:21:30:10:DC:CB:0D:7C:F5:7F:BB:5A:D8:30:71:08:6B:4D:93
X509v3 Authority Key Identifier:
keyid:1A:E9:DB:29:AA:93:08:E1:75:1B:03:D0:D6:99:9B:B8:68:80:58:86
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/GunbKaqTCOF1GwPQ1pmbuGiAWIY.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/eb7835-d364-4e28-9a82-ed9231fbaed1/1/lDohMBDcyw189X-7WtgwcQhrTZM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/5e/eb7835-d364-4e28-9a82-ed9231fbaed1/1/GunbKaqTCOF1GwPQ1pmbuGiAWIY.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.133.248.0/23
45.139.120.0/23
87.120.160.0/23
87.121.16.0/23
89.19.60.0/22
141.98.2.0/23
185.42.8.0/22
185.156.160.0/22
212.237.253.0/24
IPv6:
2a01:5860::/32
2a0d:bb40::/32
Signature Algorithm: sha256WithRSAEncryption
60:7c:76:92:0e:db:d1:0b:d9:ed:14:48:36:dc:17:38:b7:17:
e9:5d:74:d7:bd:d5:66:f6:df:9c:bb:f2:17:a3:1c:08:75:74:
46:1b:50:aa:de:c0:65:1a:e0:79:0b:8e:37:95:e9:c6:3b:e4:
7f:c2:b5:f2:7f:89:33:80:80:02:30:f1:f3:ac:f9:95:90:e4:
cf:e9:7a:4d:37:05:1c:04:8c:ab:b4:a8:b6:52:3e:02:62:db:
ef:cc:b6:87:29:b1:b1:f3:bf:5f:99:ac:7f:af:bb:a3:12:ac:
79:31:43:4d:8d:34:96:37:0e:f5:7f:aa:df:cf:39:4b:32:9d:
5e:e9:df:88:d0:5d:22:0f:94:bb:5c:90:3e:9a:14:1b:4f:06:
b2:da:60:c5:6c:fc:a5:59:c7:5b:3c:80:e6:82:c5:a7:ab:2f:
82:4d:e7:d5:74:a9:f6:99:b9:49:8c:27:d4:db:78:3a:67:f8:
14:b8:1d:19:a7:bf:46:ad:a3:e8:fb:00:34:fb:22:a7:06:f8:
54:15:03:59:db:ce:c0:bf:76:f6:1d:40:c1:81:52:97:13:77:
32:92:4c:09:26:17:e5:36:fc:26:cd:4c:e9:78:11:3a:2c:a1:
23:2d:9d:54:9a:a4:5d:bd:5f:6b:7e:d2:ff:3e:49:5b:fb:99:
5a:ba:64:2a
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYzFbl8gxjbyFbnGVp547l0mMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDFhZTlkYjI5YWE5MzA4ZTE3NTFiMDNkMGQ2OTk5YmI4Njg4
MDU4ODYwHhcNMjQwMTAxMTQyOTUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NDNhMjEzMDEwZGNjYjBkN2NmNTdmYmI1YWQ4MzA3MTA4NmI0ZDkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuR/kUzsad4ZIhMKv3jeUYRSZCsPQ
FiVXxIrN+80RhDGU8PSFXPL6ZMFsXOucRlnA6+JDwiUTLdNS3k49Sxww1FeNNimn
0jUBM3JjZ0lF3KAxoR/vmM3grDPJ9njhLbcoQhSSHoGu3OD/7EnopoLj9FoPeXT/
HZs771bAJO7R2DItHeD7oyzKzQttaBVFGXZlH4zPnzf8lDbt5Mvvrz32dp200LMm
WongwpAkP9BfT3FlX3NYvt/PO3N7D1UCHkMCs441P3iD7VEWYYbpqcoNOF7Sw22u
WOwj2dTKgzM/xnMeHOEDeITM7JflhzoiA1sNrPtSrd0/hUsubnB/66/7tQIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFJQ6ITAQ3MsNfPV/u1rYMHEIa02TMB8GA1UdIwQY
MBaAFBrp2ymqkwjhdRsD0NaZm7hogFiGMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvR3VuYkthcVRDT0YxR3dQUTFwbWJ1R2lBV0lZLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81ZS9lYjc4MzUtZDM2NC00ZTI4LTlhODIt
ZWQ5MjMxZmJhZWQxLzEvbERvaE1CRGN5dzE4OVgtN1d0Z3djUWhyVFpNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81ZS9lYjc4MzUtZDM2NC00ZTI4LTlhODItZWQ5MjMxZmJhZWQx
LzEvR3VuYkthcVRDT0YxR3dQUTFwbWJ1R2lBV0lZLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDA8BAIAATA2AwQBLYX4AwQB
LYt4AwQBV3igAwQBV3kQAwQCWRM8AwQBjWICAwQCuSoIAwQCuZygAwQA1O39MBQE
AgACMA4DBQAqAVhgAwUAKg27QDANBgkqhkiG9w0BAQsFAAOCAQEAYHx2kg7b0QvZ
7RRINtwXOLcX6V10173VZvbfnLvyF6McCHV0RhtQqt7AZRrgeQuON5Xpxjvkf8K1
8n+JM4CAAjDx86z5lZDkz+l6TTcFHASMq7SotlI+AmLb78y2hymxsfO/X5msf6+7
oxKseTFDTY00ljcO9X+q3885SzKdXunfiNBdIg+Uu1yQPpoUG08GstpgxWz8pVnH
WzyA5oLFp6svgk3n1XSp9pm5SYwn1Nt4Omf4FLgdGae/Rq2j6PsANPsipwb4VBUD
WdvOwL929h1AwYFSlxN3MpJMCSYX5Tb8Js1M6XgROiyhIy2dVJqkXb1fa37S/z5J
W/uZWrpkKg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:13:30 2024 by rpki-client on console-ams.rpki-client.org