Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/85/221fd6-e4f6-43e3-946d-dd1ec57d7e74/1/t5mWofNYijdnBP4fLj7ZnprE1Y8.roa
File: t5mWofNYijdnBP4fLj7ZnprE1Y8.roa (raw, json)
Hash identifier: HNOvz923DZ7faNWJECLlf19Po1kxqfWRWf6NvDHHK/k=
Subject key identifier: B7:99:96:A1:F3:58:8A:37:67:04:FE:1F:2E:3E:D9:9E:9A:C4:D5:8F
Certificate issuer: /CN=1372e0c2b83dd5109013c7f1c0bb9716d3618dd2
Certificate serial: 018CC26D5E1FC5F6177BF3390CA86044BC54
Authority key identifier: 13:72:E0:C2:B8:3D:D5:10:90:13:C7:F1:C0:BB:97:16:D3:61:8D:D2
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/E3Lgwrg91RCQE8fxwLuXFtNhjdI.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/85/221fd6-e4f6-43e3-946d-dd1ec57d7e74/1/t5mWofNYijdnBP4fLj7ZnprE1Y8.roa
Signing time: Mon 01 Jan 2024 00:29:56 +0000
ROA not before: Mon 01 Jan 2024 00:29:56 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 199967
IP address blocks: 92.118.44.0/24 maxlen: 24
92.118.45.0/24 maxlen: 24
92.118.47.0/24 maxlen: 24
45.85.3.0/24 maxlen: 24
45.146.120.0/24 maxlen: 24
45.85.1.0/24 maxlen: 24
45.146.121.0/24 maxlen: 24
45.85.0.0/24 maxlen: 24
45.90.141.0/24 maxlen: 24
45.90.143.0/24 maxlen: 24
5.252.197.0/24 maxlen: 24
2.56.151.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c2:6d:5e:1f:c5:f6:17:7b:f3:39:0c:a8:60:44:bc:54
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=1372e0c2b83dd5109013c7f1c0bb9716d3618dd2
Validity
Not Before: Jan 1 00:29:56 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b79996a1f3588a376704fe1f2e3ed99e9ac4d58f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:95:04:95:70:90:48:7d:01:b0:27:29:44:9c:
db:05:37:78:cf:04:6b:25:aa:ff:6b:33:82:dd:07:
a2:3f:c5:84:14:9b:bf:6b:49:63:a0:2e:f8:c4:ca:
74:7f:a6:34:12:f2:b9:42:c0:67:45:5d:bd:57:fc:
cc:88:11:e8:38:51:5a:e9:01:9f:44:a2:53:50:2d:
d4:14:5f:39:ea:44:7d:29:02:49:93:ed:90:6f:de:
ae:0f:03:25:26:fd:92:d8:7c:d5:39:50:e1:35:35:
e4:58:ea:ff:a1:ea:d0:2e:7d:44:f6:4b:97:f7:70:
3b:d4:11:89:39:ca:36:ff:bf:8a:0d:21:fd:27:58:
28:12:18:bb:55:81:53:eb:b4:ce:dc:70:49:8d:1b:
fc:90:8a:dd:d3:1b:7b:2f:82:74:e4:a2:9f:58:f9:
c4:a2:f0:7f:36:f8:ab:8d:60:fa:2a:3a:6a:59:0b:
02:78:03:f2:e7:a1:1a:b5:55:cf:b9:cb:1b:96:13:
1f:d6:34:95:8e:f8:73:17:dc:41:3a:27:85:51:e8:
db:f0:98:b0:e7:11:5b:79:3c:41:dd:49:94:fc:e7:
d5:05:13:22:45:25:13:1b:62:6c:68:0f:35:04:21:
5c:be:e5:49:6c:07:a8:a9:cd:04:9e:3f:bd:d4:26:
12:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B7:99:96:A1:F3:58:8A:37:67:04:FE:1F:2E:3E:D9:9E:9A:C4:D5:8F
X509v3 Authority Key Identifier:
keyid:13:72:E0:C2:B8:3D:D5:10:90:13:C7:F1:C0:BB:97:16:D3:61:8D:D2
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/E3Lgwrg91RCQE8fxwLuXFtNhjdI.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/85/221fd6-e4f6-43e3-946d-dd1ec57d7e74/1/t5mWofNYijdnBP4fLj7ZnprE1Y8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/85/221fd6-e4f6-43e3-946d-dd1ec57d7e74/1/E3Lgwrg91RCQE8fxwLuXFtNhjdI.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.151.0/24
5.252.197.0/24
45.85.0.0/23
45.85.3.0/24
45.90.141.0/24
45.90.143.0/24
45.146.120.0/23
92.118.44.0/23
92.118.47.0/24
Signature Algorithm: sha256WithRSAEncryption
36:ed:61:b2:97:31:95:84:5d:9f:42:84:f8:24:02:9c:a1:6e:
6c:55:cc:62:d3:dd:b7:c3:12:2d:64:f2:3c:c6:2d:7a:38:05:
37:af:d8:72:fd:cb:6a:4c:fa:1b:bd:52:18:07:f7:17:d2:78:
cf:62:a2:dc:96:84:f3:54:c7:f3:62:2d:e9:14:3c:8e:50:83:
5d:d4:34:75:e5:20:a7:ef:32:f6:28:2f:fa:b5:2a:3e:b9:85:
b3:b5:2f:fe:06:2c:bd:c9:d7:fa:71:24:76:8f:84:aa:c8:78:
bb:76:d3:64:6f:7f:02:0c:3c:f2:4a:75:22:de:7b:2d:e4:9d:
93:0d:f2:ce:da:e2:9e:18:b5:3d:83:d5:af:7a:28:8a:ff:37:
a2:87:c8:e2:8c:0e:04:9a:35:22:78:9a:4e:9c:4b:d5:d4:f1:
5d:54:5e:79:a2:7f:5a:51:93:a4:73:33:7b:6c:b0:07:a6:a0:
c3:de:da:4c:e9:c4:a7:97:de:8f:9e:ab:5b:85:59:04:85:0e:
59:0c:ac:6c:be:48:a7:fe:ae:82:37:7d:bd:bf:fd:48:df:11:
b8:69:98:c5:d3:5a:fd:d8:da:bd:40:21:f2:74:21:3c:2d:64:
2c:df:eb:b5:c4:b2:92:56:25:44:6f:89:f5:d6:30:a9:49:e2:
4e:3f:ba:2a
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYzCbV4fxfYXe/M5DKhgRLxUMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDEzNzJlMGMyYjgzZGQ1MTA5MDEzYzdmMWMwYmI5NzE2ZDM2
MThkZDIwHhcNMjQwMTAxMDAyOTU2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiNzk5OTZhMWYzNTg4YTM3NjcwNGZlMWYyZTNlZDk5ZTlhYzRkNThmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjpUElXCQSH0BsCcpRJzbBTd4zwRr
Jar/azOC3QeiP8WEFJu/a0ljoC74xMp0f6Y0EvK5QsBnRV29V/zMiBHoOFFa6QGf
RKJTUC3UFF856kR9KQJJk+2Qb96uDwMlJv2S2HzVOVDhNTXkWOr/oerQLn1E9kuX
93A71BGJOco2/7+KDSH9J1goEhi7VYFT67TO3HBJjRv8kIrd0xt7L4J05KKfWPnE
ovB/NvirjWD6KjpqWQsCeAPy56EatVXPucsblhMf1jSVjvhzF9xBOieFUejb8Jiw
5xFbeTxB3UmU/OfVBRMiRSUTG2JsaA81BCFcvuVJbAeoqc0Enj+91CYS6wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFLeZlqHzWIo3ZwT+Hy4+2Z6axNWPMB8GA1UdIwQY
MBaAFBNy4MK4PdUQkBPH8cC7lxbTYY3SMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvRTNMZ3dyZzkxUkNRRThmeHdMdVhGdE5oamRJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84NS8yMjFmZDYtZTRmNi00M2UzLTk0NmQt
ZGQxZWM1N2Q3ZTc0LzEvdDVtV29mTllpamRuQlA0ZkxqN1pucHJFMVk4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84NS8yMjFmZDYtZTRmNi00M2UzLTk0NmQtZGQxZWM1N2Q3ZTc0
LzEvRTNMZ3dyZzkxUkNRRThmeHdMdVhGdE5oamRJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQAAjiXAwQA
BfzFAwQBLVUAAwQALVUDAwQALVqNAwQALVqPAwQBLZJ4AwQBXHYsAwQAXHYvMA0G
CSqGSIb3DQEBCwUAA4IBAQA27WGylzGVhF2fQoT4JAKcoW5sVcxi0923wxItZPI8
xi16OAU3r9hy/ctqTPobvVIYB/cX0njPYqLcloTzVMfzYi3pFDyOUINd1DR15SCn
7zL2KC/6tSo+uYWztS/+Biy9ydf6cSR2j4SqyHi7dtNkb38CDDzySnUi3nst5J2T
DfLO2uKeGLU9g9WveiiK/zeih8jijA4EmjUieJpOnEvV1PFdVF55on9aUZOkczN7
bLAHpqDD3tpM6cSnl96PnqtbhVkEhQ5ZDKxsvkin/q6CN329v/1I3xG4aZjF01r9
2Nq9QCHydCE8LWQs3+u1xLKSViVEb4n11jCpSeJOP7oq
-----END CERTIFICATE-----
Generated at Mon Apr 15 14:34:13 2024 by rpki-client on console-ams.rpki-client.org