Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/0DmiMvkVpx0hPnOF3M-yPTmuwbw.roa
File: 0DmiMvkVpx0hPnOF3M-yPTmuwbw.roa (raw, json)
Hash identifier: FBgnvFrF+e2Bwsv9qyjEmCmu0udz3jqqqHwXwWkwfec=
Subject key identifier: D0:39:A2:32:F9:15:A7:1D:21:3E:73:85:DC:CF:B2:3D:39:AE:C1:BC
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 0190562C8D0695D9A1280F0C418F6C5DE349
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/0DmiMvkVpx0hPnOF3M-yPTmuwbw.roa
Signing time: Wed 26 Jun 2024 20:11:18 +0000
ROA not before: Wed 26 Jun 2024 20:11:18 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 3257
IP address blocks: 2.56.0.0/22 maxlen: 22
5.180.4.0/22 maxlen: 22
5.182.28.0/22 maxlen: 22
45.67.117.0/24 maxlen: 24
45.86.16.0/21 maxlen: 21
85.159.117.0/24 maxlen: 24
89.39.242.0/24 maxlen: 24
89.40.161.0/24 maxlen: 24
91.239.59.0/24 maxlen: 24
91.242.70.0/24 maxlen: 24
91.242.72.0/23 maxlen: 23
91.242.73.0/24 maxlen: 24
91.242.74.0/23 maxlen: 23
91.242.94.0/24 maxlen: 24
91.242.95.0/24 maxlen: 24
91.242.103.0/24 maxlen: 24
91.242.105.0/24 maxlen: 24
91.242.123.0/24 maxlen: 24
91.242.124.0/24 maxlen: 24
91.242.125.0/24 maxlen: 24
91.242.126.0/24 maxlen: 24
91.242.127.0/24 maxlen: 24
94.231.198.0/24 maxlen: 24
176.126.223.0/24 maxlen: 24
178.175.176.0/22 maxlen: 22
185.40.105.0/24 maxlen: 24
185.173.244.0/24 maxlen: 24
185.173.247.0/24 maxlen: 24
185.180.145.0/24 maxlen: 24
185.212.11.0/24 maxlen: 24
193.46.204.0/24 maxlen: 24
194.50.200.0/23 maxlen: 24
194.50.201.0/24 maxlen: 24
194.50.206.0/23 maxlen: 24
195.138.103.0/24 maxlen: 24
195.138.104.0/22 maxlen: 22
195.138.104.0/24 maxlen: 24
195.138.105.0/24 maxlen: 24
195.138.106.0/24 maxlen: 24
195.138.107.0/24 maxlen: 24
195.138.108.0/24 maxlen: 24
195.138.111.0/24 maxlen: 24
195.138.112.0/24 maxlen: 24
195.138.114.0/24 maxlen: 24
195.138.116.0/24 maxlen: 24
195.138.118.0/24 maxlen: 24
195.138.120.0/24 maxlen: 24
195.138.122.0/23 maxlen: 23
195.138.124.0/22 maxlen: 22
195.138.124.0/24 maxlen: 24
195.216.156.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:90:56:2c:8d:06:95:d9:a1:28:0f:0c:41:8f:6c:5d:e3:49
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Jun 26 20:11:18 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=d039a232f915a71d213e7385dccfb23d39aec1bc
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d2:d2:41:6c:e3:31:36:41:ee:d6:da:7e:31:d2:
2e:61:f7:4f:da:a4:8b:48:6a:af:74:72:d4:d8:7a:
c2:e0:f9:59:4f:f6:24:05:9e:f5:ed:13:82:c2:c7:
87:03:11:d4:6c:80:64:88:49:83:b9:21:7d:de:a5:
14:88:37:cc:b9:3f:dd:c0:a1:4c:10:ec:a4:1f:1a:
5d:47:77:21:7c:91:72:b3:2c:27:96:97:73:b4:31:
73:4b:6c:3a:5b:97:c0:76:27:1f:b6:96:01:f1:1f:
d9:15:ee:9c:62:54:34:41:5d:41:fb:18:65:c8:75:
4f:bb:e4:ec:83:51:ef:be:49:cd:6a:60:6c:35:d5:
08:b6:ec:1f:c9:b3:47:3c:4c:ff:59:43:87:5b:11:
0e:17:c1:5f:13:01:f5:58:e3:ae:e6:e0:57:3c:2d:
fd:b3:ea:0c:44:d6:7c:48:6f:f8:e1:28:34:f3:3b:
38:e9:12:4f:db:55:85:80:06:15:d8:f2:4e:1f:99:
d0:6a:1d:bf:fc:b1:7f:dc:66:23:c9:43:33:e7:d6:
a3:76:f4:49:4a:47:21:48:8b:98:56:89:2f:1a:2e:
43:d2:3e:26:c3:4a:a9:62:f1:ea:db:3e:91:59:26:
e2:04:3e:d0:f1:7e:7e:7a:8c:b0:2b:ef:fb:11:5d:
b8:f3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D0:39:A2:32:F9:15:A7:1D:21:3E:73:85:DC:CF:B2:3D:39:AE:C1:BC
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/0DmiMvkVpx0hPnOF3M-yPTmuwbw.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.0.0/22
5.180.4.0/22
5.182.28.0/22
45.67.117.0/24
45.86.16.0/21
85.159.117.0/24
89.39.242.0/24
89.40.161.0/24
91.239.59.0/24
91.242.70.0/24
91.242.72.0/22
91.242.94.0/23
91.242.103.0/24
91.242.105.0/24
91.242.123.0-91.242.127.255
94.231.198.0/24
176.126.223.0/24
178.175.176.0/22
185.40.105.0/24
185.173.244.0/24
185.173.247.0/24
185.180.145.0/24
185.212.11.0/24
193.46.204.0/24
194.50.200.0/23
194.50.206.0/23
195.138.103.0-195.138.108.255
195.138.111.0-195.138.112.255
195.138.114.0/24
195.138.116.0/24
195.138.118.0/24
195.138.120.0/24
195.138.122.0-195.138.127.255
195.216.156.0/22
Signature Algorithm: sha256WithRSAEncryption
81:ee:49:84:fe:e7:b3:58:13:17:af:11:48:2e:50:51:29:f0:
ad:ce:ec:c4:3f:32:4d:dc:a6:5e:8f:71:af:a4:68:c5:9a:95:
30:d5:b9:0e:4b:59:27:15:4e:f3:b5:55:9d:24:bf:6d:28:d0:
5d:f6:6c:90:83:43:73:c7:76:79:99:eb:9c:75:fc:33:02:8a:
ad:5f:2e:08:28:9a:b4:52:2d:68:ac:56:2a:db:54:07:b6:e3:
7f:b2:19:0f:75:24:b6:1e:25:f5:05:7e:be:35:70:59:b1:a6:
32:e7:1e:40:99:1d:04:aa:c3:6f:35:68:1a:1d:a0:70:ef:e3:
5b:a0:3d:ee:db:77:80:58:f0:ff:8c:90:fc:cd:74:75:f1:54:
64:92:e5:8d:00:35:f2:eb:04:37:98:f1:2e:0b:cf:22:0f:01:
7c:f0:01:1a:fe:16:85:cf:93:67:d3:4b:f0:04:7d:61:61:47:
8e:f0:6f:27:9a:b0:46:a0:fc:89:11:54:e0:51:1b:c3:71:9b:
12:73:53:d4:8d:44:e4:47:a6:95:40:22:9a:6a:33:b4:cb:48:
41:ee:23:08:79:13:1d:f1:09:d0:a8:ec:ab:26:5d:80:0d:af:
64:10:7f:75:8f:29:1a:2c:a7:51:c0:ac:59:15:6e:c5:ee:7c:
82:16:45:90
-----BEGIN CERTIFICATE-----
MIIF6TCCBNGgAwIBAgISAZBWLI0GldmhKA8MQY9sXeNJMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQwNjI2MjAxMTE4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMDM5YTIzMmY5MTVhNzFkMjEzZTczODVkY2NmYjIzZDM5YWVjMWJjMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0tJBbOMxNkHu1tp+MdIuYfdP2qSL
SGqvdHLU2HrC4PlZT/YkBZ717ROCwseHAxHUbIBkiEmDuSF93qUUiDfMuT/dwKFM
EOykHxpdR3chfJFysywnlpdztDFzS2w6W5fAdicftpYB8R/ZFe6cYlQ0QV1B+xhl
yHVPu+Tsg1HvvknNamBsNdUItuwfybNHPEz/WUOHWxEOF8FfEwH1WOOu5uBXPC39
s+oMRNZ8SG/44Sg08zs46RJP21WFgAYV2PJOH5nQah2//LF/3GYjyUMz59ajdvRJ
SkchSIuYVokvGi5D0j4mw0qpYvHq2z6RWSbiBD7Q8X5+eoywK+/7EV248wIDAQAB
o4IC9TCCAvEwHQYDVR0OBBYEFNA5ojL5FacdIT5zhdzPsj05rsG8MB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvMERtaU12a1ZweDBoUG5PRjNNLXlQVG11d2J3LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBCQYIKwYBBQUHAQcBAf8EgfkwgfYwgfMEAgABMIHsAwQC
AjgAAwQCBbQEAwQCBbYcAwQALUN1AwQDLVYQAwQAVZ91AwQAWSfyAwQAWSihAwQA
W+87AwQAW/JGAwQCW/JIAwQBW/JeAwQAW/JnAwQAW/JpMAwDBABb8nsDBAdb8gAD
BABe58YDBACwft8DBAKyr7ADBAC5KGkDBAC5rfQDBAC5rfcDBAC5tJEDBAC51AsD
BADBLswDBAHCMsgDBAHCMs4wDAMEAMOKZwMEAMOKbDAMAwQAw4pvAwQAw4pwAwQA
w4pyAwQAw4p0AwQAw4p2AwQAw4p4MAwDBAHDinoDBAfDigADBALD2JwwDQYJKoZI
hvcNAQELBQADggEBAIHuSYT+57NYExevEUguUFEp8K3O7MQ/Mk3cpl6Pca+kaMWa
lTDVuQ5LWScVTvO1VZ0kv20o0F32bJCDQ3PHdnmZ65x1/DMCiq1fLggomrRSLWis
VirbVAe243+yGQ91JLYeJfUFfr41cFmxpjLnHkCZHQSqw281aBodoHDv41ugPe7b
d4BY8P+MkPzNdHXxVGSS5Y0ANfLrBDeY8S4LzyIPAXzwARr+FoXPk2fTS/AEfWFh
R47wbyeasEag/IkRVOBRG8NxmxJzU9SNRORHppVAIppqM7TLSEHuIwh5Ex3xCdCo
7KsmXYANr2QQf3WPKRosp1HArFkVbsXufIIWRZA=
-----END CERTIFICATE-----
Generated at Mon Jul 8 16:01:27 2024 by rpki-client on console-ams.rpki-client.org