Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/iG5fJLDjAEdsmcCIqpnCs6fOhYs.roa
File: iG5fJLDjAEdsmcCIqpnCs6fOhYs.roa (raw, json)
Hash identifier: tOI17crakkwn/PRHpafE/CiJmzVoR3YTRhjJzfChq2c=
Subject key identifier: 88:6E:5F:24:B0:E3:00:47:6C:99:C0:88:AA:99:C2:B3:A7:CE:85:8B
Certificate issuer: /CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Certificate serial: 01896F1B4BEBC3368039641E336488387BA9
Authority key identifier: 8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/iG5fJLDjAEdsmcCIqpnCs6fOhYs.roa
Signing time: Wed 19 Jul 2023 17:03:27 +0000
ROA not before: Wed 19 Jul 2023 17:03:27 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7018
IP address blocks: 89.39.242.0/24 maxlen: 24
194.56.152.0/23 maxlen: 24
94.231.198.0/24 maxlen: 24
185.212.11.0/24 maxlen: 24
91.242.103.0/24 maxlen: 24
185.40.105.0/24 maxlen: 24
194.242.28.0/23 maxlen: 24
86.104.19.0/24 maxlen: 24
193.46.211.0/24 maxlen: 24
193.203.127.0/24 maxlen: 24
91.242.70.0/23 maxlen: 24
91.242.72.0/23 maxlen: 24
91.242.74.0/24 maxlen: 24
91.242.75.0/24 maxlen: 24
89.40.161.0/24 maxlen: 24
195.138.105.0/24 maxlen: 24
195.138.103.0/24 maxlen: 24
195.138.104.0/24 maxlen: 24
195.138.106.0/24 maxlen: 24
80.94.81.0/24 maxlen: 24
80.94.80.0/24 maxlen: 24
80.94.80.0/23 maxlen: 23
45.67.117.0/24 maxlen: 24
45.15.64.0/24 maxlen: 24
91.239.59.0/24 maxlen: 24
45.15.64.0/22 maxlen: 22
45.15.66.0/24 maxlen: 24
45.15.67.0/24 maxlen: 24
45.15.65.0/24 maxlen: 24
194.213.10.0/24 maxlen: 24
185.173.247.0/24 maxlen: 24
176.126.223.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:6f:1b:4b:eb:c3:36:80:39:64:1e:33:64:88:38:7b:a9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=8bab30683859ec7e0206fe9265363e8e3971a9a8
Validity
Not Before: Jul 19 17:03:27 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=886e5f24b0e300476c99c088aa99c2b3a7ce858b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:e7:d5:64:fb:e8:19:cc:72:14:50:c6:11:0a:
fc:c2:9a:32:0d:73:83:f2:a7:50:d6:b6:b9:f9:7f:
f8:e2:8d:7b:55:54:ee:2c:a6:1e:9e:39:0f:2b:c4:
56:de:44:84:26:67:8a:2c:4e:56:ae:5d:d3:67:57:
f0:2a:8f:cf:61:03:e5:d8:fe:f1:52:13:13:fb:cb:
e3:7a:a3:b1:ef:fb:4b:ca:05:31:5a:5d:20:d9:fb:
e7:a4:d6:94:4e:9f:53:95:03:5a:33:30:ee:90:03:
d9:0d:b8:05:8a:53:16:73:68:35:36:60:f9:14:85:
69:e0:8f:d7:c4:d6:98:e8:56:5c:8b:7d:39:84:ad:
e5:34:f3:16:46:33:67:38:0d:10:69:b7:a6:d7:87:
70:cd:4d:8e:92:01:0e:22:47:8e:8f:be:b6:e1:1c:
f9:58:bc:38:8b:48:14:2e:bb:e0:08:96:ec:60:9e:
d3:d2:03:90:0d:37:86:f7:ef:23:f0:18:c5:22:2c:
0b:89:a2:86:51:6a:7c:80:df:14:d3:1b:df:71:4f:
2e:75:7b:65:fc:4f:d2:30:69:14:06:dd:7c:d9:2e:
dc:f9:27:c8:98:a2:ec:b1:e2:d9:2d:3e:4d:3e:35:
b9:c3:57:25:e2:c7:78:77:4b:da:92:b9:b6:22:8f:
46:85
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:6E:5F:24:B0:E3:00:47:6C:99:C0:88:AA:99:C2:B3:A7:CE:85:8B
X509v3 Authority Key Identifier:
keyid:8B:AB:30:68:38:59:EC:7E:02:06:FE:92:65:36:3E:8E:39:71:A9:A8
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/i6swaDhZ7H4CBv6SZTY-jjlxqag.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/iG5fJLDjAEdsmcCIqpnCs6fOhYs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/2b/81fd1a-47a7-45d8-be74-3ac9e56c3089/1/i6swaDhZ7H4CBv6SZTY-jjlxqag.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.15.64.0/22
45.67.117.0/24
80.94.80.0/23
86.104.19.0/24
89.39.242.0/24
89.40.161.0/24
91.239.59.0/24
91.242.70.0-91.242.75.255
91.242.103.0/24
94.231.198.0/24
176.126.223.0/24
185.40.105.0/24
185.173.247.0/24
185.212.11.0/24
193.46.211.0/24
193.203.127.0/24
194.56.152.0/23
194.213.10.0/24
194.242.28.0/23
195.138.103.0-195.138.106.255
Signature Algorithm: sha256WithRSAEncryption
99:37:c9:be:38:c1:6f:92:79:10:f7:1a:c9:92:01:5a:b3:cd:
df:fd:5b:9a:0e:4c:47:b6:8e:4f:2c:c9:af:12:1c:2b:6b:2f:
77:34:60:19:9a:bc:f8:62:09:52:3b:09:35:23:2c:e7:6e:87:
bd:40:04:71:51:0a:73:9a:e1:48:f1:f9:fc:d4:82:89:4e:0b:
31:dd:39:cd:8e:3c:d7:4c:14:a6:91:15:37:04:d8:22:75:71:
bc:36:85:de:20:ec:25:c5:85:d7:18:fb:f7:09:33:60:ff:c3:
19:c4:37:75:db:c7:d3:51:9d:82:d1:44:72:41:2f:62:21:bb:
bd:92:7d:07:bc:62:2e:cc:80:d1:25:01:5b:d5:be:15:56:1d:
d9:4f:2e:28:8e:13:80:46:c9:f5:40:66:95:e1:06:fe:8c:2f:
20:fb:77:66:da:c1:73:59:d3:85:75:4b:8d:02:ac:7c:46:9b:
01:4e:b7:cb:88:8e:d9:b8:7e:54:68:14:cd:01:75:d7:71:af:
7b:a3:a8:e0:eb:77:34:62:c9:61:54:d9:f9:a4:41:ee:0b:10:
12:1e:00:ca:2a:bb:fc:27:18:43:75:43:1c:8e:7b:49:c8:c9:
6a:b5:2b:22:28:2f:03:68:03:14:8b:e6:99:13:a2:97:7e:ad:
4f:84:9e:34
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgISAYlvG0vrwzaAOWQeM2SIOHupMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDhiYWIzMDY4Mzg1OWVjN2UwMjA2ZmU5MjY1MzYzZThlMzk3
MWE5YTgwHhcNMjMwNzE5MTcwMzI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4ODZlNWYyNGIwZTMwMDQ3NmM5OWMwODhhYTk5YzJiM2E3Y2U4NThiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjOfVZPvoGcxyFFDGEQr8wpoyDXOD
8qdQ1ra5+X/44o17VVTuLKYenjkPK8RW3kSEJmeKLE5Wrl3TZ1fwKo/PYQPl2P7x
UhMT+8vjeqOx7/tLygUxWl0g2fvnpNaUTp9TlQNaMzDukAPZDbgFilMWc2g1NmD5
FIVp4I/XxNaY6FZci305hK3lNPMWRjNnOA0Qabem14dwzU2OkgEOIkeOj7624Rz5
WLw4i0gULrvgCJbsYJ7T0gOQDTeG9+8j8BjFIiwLiaKGUWp8gN8U0xvfcU8udXtl
/E/SMGkUBt182S7c+SfImKLsseLZLT5NPjW5w1cl4sd4d0vakrm2Io9GhQIDAQAB
o4ICkDCCAowwHQYDVR0OBBYEFIhuXySw4wBHbJnAiKqZwrOnzoWLMB8GA1UdIwQY
MBaAFIurMGg4Wex+Agb+kmU2Po45camoMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQt
M2FjOWU1NmMzMDg5LzEvaUc1ZkpMRGpBRWRzbWNDSXFwbkNzNmZPaFlzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yYi84MWZkMWEtNDdhNy00NWQ4LWJlNzQtM2FjOWU1NmMzMDg5
LzEvaTZzd2FEaFo3SDRDQnY2U1pUWS1qamx4cWFnLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGlBggrBgEFBQcBBwEB/wSBlTCBkjCBjwQCAAEwgYgDBAIt
D0ADBAAtQ3UDBAFQXlADBABWaBMDBABZJ/IDBABZKKEDBABb7zswDAMEAVvyRgME
AlvySAMEAFvyZwMEAF7nxgMEALB+3wMEALkoaQMEALmt9wMEALnUCwMEAMEu0wME
AMHLfwMEAcI4mAMEAMLVCgMEAcLyHDAMAwQAw4pnAwQAw4pqMA0GCSqGSIb3DQEB
CwUAA4IBAQCZN8m+OMFvknkQ9xrJkgFas83f/VuaDkxHto5PLMmvEhwray93NGAZ
mrz4YglSOwk1Iyznboe9QARxUQpzmuFI8fn81IKJTgsx3TnNjjzXTBSmkRU3BNgi
dXG8NoXeIOwlxYXXGPv3CTNg/8MZxDd128fTUZ2C0URyQS9iIbu9kn0HvGIuzIDR
JQFb1b4VVh3ZTy4ojhOARsn1QGaV4Qb+jC8g+3dm2sFzWdOFdUuNAqx8RpsBTrfL
iI7ZuH5UaBTNAXXXca97o6jg63c0YslhVNn5pEHuCxASHgDKKrv8JxhDdUMcjntJ
yMlqtSsiKC8DaAMUi+aZE6KXfq1PhJ40
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:00:26 2024 by rpki-client on console-ams.rpki-client.org