Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/0_06goI0W_dlpAHty1CfqvWXvT0.roa
File: 0_06goI0W_dlpAHty1CfqvWXvT0.roa (raw, json)
Hash identifier: ntunWk1UXBPFsa+0bVpTjDSKjHCHXIPKg3qQTR7kuIo=
Subject key identifier: D3:FD:3A:82:82:34:5B:F7:65:A4:01:ED:CB:50:9F:AA:F5:97:BD:3D
Certificate issuer: /CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Certificate serial: 018C87DB815B96D8624AA6261F892865EAFA
Authority key identifier: 5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/0_06goI0W_dlpAHty1CfqvWXvT0.roa
Signing time: Wed 20 Dec 2023 15:32:38 +0000
ROA not before: Wed 20 Dec 2023 15:32:38 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 49505
IP address blocks: 45.139.53.0/24 maxlen: 24
45.139.55.0/24 maxlen: 24
45.139.52.0/24 maxlen: 24
45.132.128.0/24 maxlen: 24
45.132.129.0/24 maxlen: 24
185.188.41.0/24 maxlen: 24
45.146.24.0/24 maxlen: 24
45.152.116.0/24 maxlen: 24
45.152.117.0/24 maxlen: 24
45.159.84.0/24 maxlen: 24
45.159.87.0/24 maxlen: 24
176.222.57.0/24 maxlen: 24
176.222.56.0/24 maxlen: 24
176.222.59.0/24 maxlen: 24
45.146.27.0/24 maxlen: 24
45.146.25.0/24 maxlen: 24
45.149.129.0/24 maxlen: 24
2.59.49.0/24 maxlen: 24
91.236.121.0/24 maxlen: 24
45.138.213.0/24 maxlen: 24
45.138.214.0/24 maxlen: 24
91.206.68.0/24 maxlen: 24
45.147.15.0/24 maxlen: 24
45.147.12.0/24 maxlen: 24
45.147.13.0/24 maxlen: 24
45.147.14.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:87:db:81:5b:96:d8:62:4a:a6:26:1f:89:28:65:ea:fa
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=5da3941c27cfe5c234c4bf221ecb2a579b2deaab
Validity
Not Before: Dec 20 15:32:38 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d3fd3a8282345bf765a401edcb509faaf597bd3d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:3d:13:74:8f:b8:f1:05:b0:48:2e:92:a8:41:
c8:03:01:3c:de:10:c1:19:7d:1e:af:82:42:6a:57:
41:51:b1:fc:82:0d:7a:e7:f4:24:7f:28:5c:6d:e0:
c3:a1:22:a0:0a:81:9a:71:11:d0:90:a5:f2:76:d6:
75:e4:dd:41:54:b3:63:0a:40:ad:c6:34:d8:10:03:
9c:25:b3:2f:56:b9:11:53:e3:e1:11:9a:cd:98:5b:
fb:bd:5c:27:14:fa:a1:30:5a:d7:cc:bc:e1:90:de:
8f:74:ce:82:fd:c7:f7:91:71:3b:d2:32:ad:38:77:
06:85:4c:88:18:65:05:15:1b:c0:96:df:7d:1a:4f:
43:15:05:6d:30:c1:4a:0c:fa:50:f1:e8:2a:e6:00:
50:59:53:6e:9e:dc:b9:e4:cf:9b:95:3a:55:09:c9:
d4:eb:b3:67:0a:55:0c:ad:b5:8f:bd:aa:17:98:f8:
98:ce:c4:fc:d9:de:95:2b:27:6b:10:cd:0c:99:d5:
4d:46:bc:42:55:e2:51:35:cb:79:72:ff:3a:89:9b:
39:8b:fc:6a:c1:94:e2:3d:9d:07:e0:a4:4d:f3:5c:
06:7b:25:25:7e:ee:f0:72:ab:05:4e:76:88:98:a1:
0e:d1:28:2d:84:8e:d7:01:4b:dc:43:ce:8e:ba:b1:
bc:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:FD:3A:82:82:34:5B:F7:65:A4:01:ED:CB:50:9F:AA:F5:97:BD:3D
X509v3 Authority Key Identifier:
keyid:5D:A3:94:1C:27:CF:E5:C2:34:C4:BF:22:1E:CB:2A:57:9B:2D:EA:AB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/XaOUHCfP5cI0xL8iHssqV5st6qs.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/0_06goI0W_dlpAHty1CfqvWXvT0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/80/30ed3e-c4c4-4de8-b4f1-f11a39f26c3b/1/XaOUHCfP5cI0xL8iHssqV5st6qs.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.59.49.0/24
45.132.128.0/23
45.138.213.0-45.138.214.255
45.139.52.0/23
45.139.55.0/24
45.146.24.0/23
45.146.27.0/24
45.147.12.0/22
45.149.129.0/24
45.152.116.0/23
45.159.84.0/24
45.159.87.0/24
91.206.68.0/24
91.236.121.0/24
176.222.56.0/23
176.222.59.0/24
185.188.41.0/24
Signature Algorithm: sha256WithRSAEncryption
95:ec:b7:55:98:8d:75:e1:cc:20:a8:ec:29:c9:f4:b2:b1:44:
de:96:e1:ce:f5:b2:19:55:d6:26:bf:35:34:27:4a:1d:5f:b9:
80:72:d4:b3:eb:03:97:50:42:b9:18:6b:9f:88:d3:aa:10:93:
4d:eb:d5:90:3d:a7:30:bd:fe:61:3d:1e:97:d8:15:72:a1:25:
74:dc:b5:af:aa:40:8f:b8:69:d2:c3:fb:8c:08:9d:73:54:5a:
d5:45:5d:fe:03:d8:97:ad:93:a9:7b:08:64:6c:ef:ce:03:e9:
c8:12:11:9d:c9:9e:1f:99:b9:27:46:0c:19:8c:d1:3d:38:04:
f1:0f:03:9d:6b:b6:53:97:89:3e:21:dc:02:3a:b8:8f:27:9e:
0f:28:e9:4b:fd:78:7b:85:fe:cc:11:e7:1f:8b:d9:83:73:24:
c0:2c:ed:37:fb:9a:e3:1c:d4:fb:9c:94:fd:b9:00:29:5c:2b:
88:45:d7:78:c8:02:90:b5:36:db:8a:aa:4e:41:60:81:97:00:
4d:04:3a:9d:a3:23:38:ef:fa:cf:06:9c:48:77:55:e9:29:4c:
28:dc:1b:88:b7:3a:59:f6:ea:48:74:aa:1e:67:d5:52:ca:3e:
e3:ea:34:0b:39:50:62:2a:89:0a:98:85:8b:a0:a6:a2:3f:8c:
e0:91:e8:b4
-----BEGIN CERTIFICATE-----
MIIFZjCCBE6gAwIBAgISAYyH24FblthiSqYmH4koZer6MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDVkYTM5NDFjMjdjZmU1YzIzNGM0YmYyMjFlY2IyYTU3OWIy
ZGVhYWIwHhcNMjMxMjIwMTUzMjM4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkM2ZkM2E4MjgyMzQ1YmY3NjVhNDAxZWRjYjUwOWZhYWY1OTdiZDNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoT0TdI+48QWwSC6SqEHIAwE83hDB
GX0er4JCaldBUbH8gg165/QkfyhcbeDDoSKgCoGacRHQkKXydtZ15N1BVLNjCkCt
xjTYEAOcJbMvVrkRU+PhEZrNmFv7vVwnFPqhMFrXzLzhkN6PdM6C/cf3kXE70jKt
OHcGhUyIGGUFFRvAlt99Gk9DFQVtMMFKDPpQ8egq5gBQWVNunty55M+blTpVCcnU
67NnClUMrbWPvaoXmPiYzsT82d6VKydrEM0MmdVNRrxCVeJRNct5cv86iZs5i/xq
wZTiPZ0H4KRN81wGeyUlfu7wcqsFTnaImKEO0SgthI7XAUvcQ86OurG8dQIDAQAB
o4ICcjCCAm4wHQYDVR0OBBYEFNP9OoKCNFv3ZaQB7ctQn6r1l709MB8GA1UdIwQY
MBaAFF2jlBwnz+XCNMS/Ih7LKlebLeqrMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEt
ZjExYTM5ZjI2YzNiLzEvMF8wNmdvSTBXX2RscEFIdHkxQ2ZxdldYdlQwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC8zMGVkM2UtYzRjNC00ZGU4LWI0ZjEtZjExYTM5ZjI2YzNi
LzEvWGFPVUhDZlA1Y0kweEw4aUhzc3FWNXN0NnFzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGHBggrBgEFBQcBBwEB/wR4MHYwdAQCAAEwbgMEAAI7MQME
AS2EgDAMAwQALYrVAwQALYrWAwQBLYs0AwQALYs3AwQBLZIYAwQALZIbAwQCLZMM
AwQALZWBAwQBLZh0AwQALZ9UAwQALZ9XAwQAW85EAwQAW+x5AwQBsN44AwQAsN47
AwQAubwpMA0GCSqGSIb3DQEBCwUAA4IBAQCV7LdVmI114cwgqOwpyfSysUTeluHO
9bIZVdYmvzU0J0odX7mActSz6wOXUEK5GGufiNOqEJNN69WQPacwvf5hPR6X2BVy
oSV03LWvqkCPuGnSw/uMCJ1zVFrVRV3+A9iXrZOpewhkbO/OA+nIEhGdyZ4fmbkn
RgwZjNE9OATxDwOda7ZTl4k+IdwCOriPJ54PKOlL/Xh7hf7MEecfi9mDcyTALO03
+5rjHNT7nJT9uQApXCuIRdd4yAKQtTbbiqpOQWCBlwBNBDqdoyM47/rPBpxId1Xp
KUwo3BuItzpZ9upIdKoeZ9VSyj7j6jQLOVBiKokKmIWLoKaiP4zgkei0
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:20:25 2024 by rpki-client on console-ams.rpki-client.org