Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Xo4CPzMsAOFOHKL9lfN6kG9shRs.roa
File: Xo4CPzMsAOFOHKL9lfN6kG9shRs.roa (raw, json)
Hash identifier: 98iGMu8sg2Q3Bz5Rdw3TzkqoIDGTvL/mygYbxNGYfj8=
Subject key identifier: 5E:8E:02:3F:33:2C:00:E1:4E:1C:A2:FD:95:F3:7A:90:6F:6C:85:1B
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 0192964EAF61A508669E2E74A967A18E20E6
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Xo4CPzMsAOFOHKL9lfN6kG9shRs.roa
Signing time: Wed 16 Oct 2024 17:09:51 +0000
ROA not before: Wed 16 Oct 2024 17:09:51 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 3257
IP address blocks: 5.180.4.0/22 maxlen: 22
5.182.28.0/22 maxlen: 22
45.86.16.0/21 maxlen: 21
85.159.117.0/24 maxlen: 24
89.39.242.0/24 maxlen: 24
91.239.59.0/24 maxlen: 24
91.242.72.0/23 maxlen: 23
91.242.73.0/24 maxlen: 24
91.242.74.0/23 maxlen: 23
91.242.94.0/24 maxlen: 24
91.242.95.0/24 maxlen: 24
91.242.103.0/24 maxlen: 24
94.231.198.0/24 maxlen: 24
176.126.223.0/24 maxlen: 24
178.175.176.0/22 maxlen: 22
185.40.105.0/24 maxlen: 24
185.173.247.0/24 maxlen: 24
185.180.145.0/24 maxlen: 24
185.212.11.0/24 maxlen: 24
194.50.206.0/23 maxlen: 24
195.138.103.0/24 maxlen: 24
195.138.104.0/22 maxlen: 24
195.138.105.0/24 maxlen: 24
195.138.106.0/24 maxlen: 24
195.138.108.0/24 maxlen: 24
195.138.112.0/24 maxlen: 24
195.138.116.0/24 maxlen: 24
195.138.120.0/24 maxlen: 24
195.138.122.0/23 maxlen: 23
195.138.124.0/22 maxlen: 22
195.138.124.0/24 maxlen: 24
195.216.156.0/22 maxlen: 22
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:92:96:4e:af:61:a5:08:66:9e:2e:74:a9:67:a1:8e:20:e6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Oct 16 17:09:51 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5e8e023f332c00e14e1ca2fd95f37a906f6c851b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a3:10:ff:e5:39:12:99:31:db:b9:24:8f:8b:59:
8a:12:48:dd:64:1e:6e:be:aa:73:6e:ee:5c:de:a5:
f1:a7:d8:fb:b1:be:c4:d2:ad:06:53:a2:c0:13:73:
fe:99:2f:a4:33:97:45:5b:da:db:a0:86:6c:0b:8f:
af:94:41:e2:80:6f:41:51:d7:71:38:26:89:5b:bc:
62:30:8e:53:48:b8:5a:32:af:29:b3:60:96:63:f0:
84:7a:7e:84:61:3a:8e:75:d1:f5:e1:4f:1a:4a:43:
16:89:5f:3c:db:02:d1:88:c9:7b:15:a5:b8:f5:96:
ac:10:75:f6:b6:88:de:49:70:71:a4:ee:d9:c4:b2:
dc:cd:a3:d7:8d:54:d0:57:dd:8c:ce:91:ac:3c:ea:
96:18:0a:1c:3b:c1:33:18:84:3d:df:59:e4:35:e8:
22:cf:7e:53:63:8d:a9:b5:d3:35:e9:a0:b6:14:e6:
97:bf:f2:7d:e7:3a:f0:f7:1b:de:9d:33:f1:e3:d2:
74:e8:33:dd:83:c5:94:5a:cf:56:64:76:d2:23:e3:
5d:e3:ab:27:f5:73:79:2c:21:9a:24:4a:21:25:13:
a2:db:99:7e:f1:94:6e:d1:1c:35:8e:f7:39:19:0b:
66:ca:46:3c:cb:77:fb:2f:e3:9c:5b:b6:d2:80:ab:
6e:c3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:8E:02:3F:33:2C:00:E1:4E:1C:A2:FD:95:F3:7A:90:6F:6C:85:1B
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/Xo4CPzMsAOFOHKL9lfN6kG9shRs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.180.4.0/22
5.182.28.0/22
45.86.16.0/21
85.159.117.0/24
89.39.242.0/24
91.239.59.0/24
91.242.72.0/22
91.242.94.0/23
91.242.103.0/24
94.231.198.0/24
176.126.223.0/24
178.175.176.0/22
185.40.105.0/24
185.173.247.0/24
185.180.145.0/24
185.212.11.0/24
194.50.206.0/23
195.138.103.0-195.138.108.255
195.138.112.0/24
195.138.116.0/24
195.138.120.0/24
195.138.122.0-195.138.127.255
195.216.156.0/22
Signature Algorithm: sha256WithRSAEncryption
44:8e:38:92:56:90:e8:8d:5c:18:9f:1d:62:a3:e7:1e:a5:db:
5b:6b:f8:d0:ec:a7:f3:30:cf:3b:27:20:93:05:ea:55:92:11:
66:91:e9:79:89:6d:56:3f:7b:15:79:e9:dc:70:f3:03:e3:d5:
04:97:59:55:1a:4f:ca:31:e7:21:61:28:68:16:69:07:7f:58:
78:f4:78:09:64:15:c7:ba:bb:42:9c:7c:6d:51:db:06:a0:c4:
d4:1c:fa:8e:a2:f6:f9:65:7e:f2:c4:2c:28:0d:b2:22:ec:90:
9c:fe:91:a5:dd:1d:ac:26:39:8c:1f:40:4e:91:c2:d4:bb:9b:
f2:6f:6d:82:25:86:74:71:db:be:ed:3b:30:fa:62:a9:2e:6a:
e6:3a:34:f8:62:35:d5:50:ce:c0:50:47:1f:94:38:81:e5:3d:
d9:60:08:2d:30:52:70:75:75:95:7a:f8:4d:c1:c2:70:4c:c1:
cc:4d:a4:93:26:0a:4d:05:2a:bb:83:70:36:54:8d:11:04:a0:
e8:92:e9:f2:17:c5:a2:97:d6:08:59:3c:a9:fd:c0:d6:26:56:
d7:c2:8e:33:1e:a5:5a:13:8c:c6:99:8a:c9:04:6a:18:c8:29:
44:d7:98:6e:62:7a:19:c5:2f:79:5d:ba:72:cf:de:14:13:62:
f1:e0:66:be
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgISAZKWTq9hpQhmni50qWehjiDmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjQxMDE2MTcwOTUxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZThlMDIzZjMzMmMwMGUxNGUxY2EyZmQ5NWYzN2E5MDZmNmM4NTFiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoxD/5TkSmTHbuSSPi1mKEkjdZB5u
vqpzbu5c3qXxp9j7sb7E0q0GU6LAE3P+mS+kM5dFW9rboIZsC4+vlEHigG9BUddx
OCaJW7xiMI5TSLhaMq8ps2CWY/CEen6EYTqOddH14U8aSkMWiV882wLRiMl7FaW4
9ZasEHX2tojeSXBxpO7ZxLLczaPXjVTQV92MzpGsPOqWGAocO8EzGIQ931nkNegi
z35TY42ptdM16aC2FOaXv/J95zrw9xvenTPx49J06DPdg8WUWs9WZHbSI+Nd46sn
9XN5LCGaJEohJROi25l+8ZRu0Rw1jvc5GQtmykY8y3f7L+OcW7bSgKtuwwIDAQAB
o4ICojCCAp4wHQYDVR0OBBYEFF6OAj8zLADhThyi/ZXzepBvbIUbMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvWG80Q1B6TXNBT0ZPSEtMOWxmTjZrRzlzaFJzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIG3BggrBgEFBQcBBwEB/wSBpzCBpDCBoQQCAAEwgZoDBAIF
tAQDBAIFthwDBAMtVhADBABVn3UDBABZJ/IDBABb7zsDBAJb8kgDBAFb8l4DBABb
8mcDBABe58YDBACwft8DBAKyr7ADBAC5KGkDBAC5rfcDBAC5tJEDBAC51AsDBAHC
Ms4wDAMEAMOKZwMEAMOKbAMEAMOKcAMEAMOKdAMEAMOKeDAMAwQBw4p6AwQHw4oA
AwQCw9icMA0GCSqGSIb3DQEBCwUAA4IBAQBEjjiSVpDojVwYnx1io+cepdtba/jQ
7KfzMM87JyCTBepVkhFmkel5iW1WP3sVeenccPMD49UEl1lVGk/KMechYShoFmkH
f1h49HgJZBXHurtCnHxtUdsGoMTUHPqOovb5ZX7yxCwoDbIi7JCc/pGl3R2sJjmM
H0BOkcLUu5vyb22CJYZ0cdu+7Tsw+mKpLmrmOjT4YjXVUM7AUEcflDiB5T3ZYAgt
MFJwdXWVevhNwcJwTMHMTaSTJgpNBSq7g3A2VI0RBKDokunyF8Wil9YIWTyp/cDW
JlbXwo4zHqVaE4zGmYrJBGoYyClE15huYnoZxS95Xbpyz94UE2Lx4Ga+
-----END CERTIFICATE-----
Generated at Tue Nov 19 17:32:29 2024 by rpki-client on console-fra.rpki-client.org