Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/a8/5c5138-aee4-482c-913c-3a4dff8e8ded/1/oHMN_2FS8jpFMPIdliZbVFLCcrs.roa
File: oHMN_2FS8jpFMPIdliZbVFLCcrs.roa (raw, json)
Hash identifier: VoLMQNTzUAmF553DWzwLRrt6+DBTF7ReKDs8o9ZyhbU=
Subject key identifier: A0:73:0D:FF:61:52:F2:3A:45:30:F2:1D:96:26:5B:54:52:C2:72:BB
Certificate issuer: /CN=35730bb8b2623e7f65a6163604d1c85f9106288f
Certificate serial: 0186DBC8B7016259197E76D1C8693C96B48A
Authority key identifier: 35:73:0B:B8:B2:62:3E:7F:65:A6:16:36:04:D1:C8:5F:91:06:28:8F
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NXMLuLJiPn9lphY2BNHIX5EGKI8.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/a8/5c5138-aee4-482c-913c-3a4dff8e8ded/1/oHMN_2FS8jpFMPIdliZbVFLCcrs.roa
Signing time: Mon 13 Mar 2023 16:23:29 +0000
ROA not before: Mon 13 Mar 2023 16:23:29 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 34513
IP address blocks: 85.198.28.0/24 maxlen: 24
85.198.29.0/24 maxlen: 24
85.198.0.0/24 maxlen: 24
85.198.1.0/24 maxlen: 24
85.198.2.0/24 maxlen: 24
85.198.3.0/24 maxlen: 24
85.198.4.0/24 maxlen: 24
78.110.112.0/24 maxlen: 24
85.198.9.0/24 maxlen: 24
85.198.6.0/24 maxlen: 24
85.198.5.0/24 maxlen: 24
78.110.113.0/24 maxlen: 24
78.110.118.0/24 maxlen: 24
78.110.114.0/24 maxlen: 24
85.198.7.0/24 maxlen: 24
78.110.115.0/24 maxlen: 24
85.198.8.0/24 maxlen: 24
85.198.10.0/24 maxlen: 24
85.198.11.0/24 maxlen: 24
78.110.116.0/24 maxlen: 24
78.110.117.0/24 maxlen: 24
85.198.15.0/24 maxlen: 24
85.198.14.0/24 maxlen: 24
85.198.16.0/24 maxlen: 24
78.110.124.0/24 maxlen: 24
85.198.17.0/24 maxlen: 24
78.110.125.0/24 maxlen: 24
78.110.119.0/24 maxlen: 24
85.198.12.0/24 maxlen: 24
85.198.13.0/24 maxlen: 24
85.198.21.0/24 maxlen: 24
85.198.22.0/24 maxlen: 24
85.198.23.0/24 maxlen: 24
85.198.18.0/24 maxlen: 24
78.110.126.0/24 maxlen: 24
85.198.19.0/24 maxlen: 24
78.110.127.0/24 maxlen: 24
85.198.20.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:db:c8:b7:01:62:59:19:7e:76:d1:c8:69:3c:96:b4:8a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=35730bb8b2623e7f65a6163604d1c85f9106288f
Validity
Not Before: Mar 13 16:23:29 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=a0730dff6152f23a4530f21d96265b5452c272bb
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:f6:44:30:18:81:9a:62:16:ed:45:85:20:09:
d5:ca:e9:6e:cd:83:aa:82:dd:c7:0b:90:fc:4b:a2:
0b:b5:99:67:67:55:f2:47:a8:d4:5c:13:27:0d:49:
99:51:2d:44:1c:cd:1f:55:51:8f:ab:13:2f:4e:bc:
28:59:af:c4:db:06:d8:f4:49:37:20:d7:9a:46:b1:
12:c3:28:a2:72:08:49:57:d9:3b:c0:22:ec:05:ad:
56:18:66:93:3b:6c:e4:b7:75:87:68:34:52:24:72:
d4:77:8c:a7:7d:b7:4e:05:66:33:08:86:15:2e:ca:
aa:79:fe:ba:31:1e:9c:6d:ca:28:48:f2:b8:2a:98:
86:53:80:cf:df:55:15:88:b3:21:ba:66:50:71:04:
2a:48:a0:33:40:52:f1:e3:3d:57:a9:ac:71:c6:21:
7e:5b:0c:88:b3:23:55:3c:39:05:7c:07:1d:ee:65:
fe:74:c8:33:95:3b:ff:cf:3f:cb:88:4b:67:0b:c1:
04:39:df:d1:f9:20:30:c6:0f:3d:0f:d8:75:4f:b0:
58:c1:61:82:74:72:fb:7a:84:22:44:3f:87:ef:25:
d8:0e:18:12:70:14:e1:52:57:b8:bc:c8:48:5d:e2:
e9:53:2e:47:fc:ca:48:1c:15:1d:ed:91:4a:28:36:
c6:4d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
A0:73:0D:FF:61:52:F2:3A:45:30:F2:1D:96:26:5B:54:52:C2:72:BB
X509v3 Authority Key Identifier:
keyid:35:73:0B:B8:B2:62:3E:7F:65:A6:16:36:04:D1:C8:5F:91:06:28:8F
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NXMLuLJiPn9lphY2BNHIX5EGKI8.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/5c5138-aee4-482c-913c-3a4dff8e8ded/1/oHMN_2FS8jpFMPIdliZbVFLCcrs.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/a8/5c5138-aee4-482c-913c-3a4dff8e8ded/1/NXMLuLJiPn9lphY2BNHIX5EGKI8.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
78.110.112.0/21
78.110.124.0/22
85.198.0.0-85.198.23.255
85.198.28.0/23
Signature Algorithm: sha256WithRSAEncryption
89:53:7d:23:5d:2c:81:99:66:29:ca:ac:94:d0:87:3d:48:8c:
0d:c1:da:d3:39:a0:23:f5:72:6a:4d:b0:4e:4f:56:8e:82:f7:
ef:02:48:a3:2b:66:5d:41:b6:4f:66:68:a8:5d:e7:d3:9e:68:
9d:14:9b:2f:5a:a0:86:51:8b:ff:69:70:e6:9f:f1:47:29:2e:
54:ca:d0:ea:4b:a7:c8:15:85:9c:b1:1f:df:95:74:e5:ea:4f:
31:e0:28:22:1e:b3:27:59:06:f3:7a:a3:e4:74:c3:39:a7:dc:
d7:83:90:45:6a:15:57:31:c5:ac:f6:d1:fb:d7:61:7c:25:b1:
dc:d1:14:e6:8e:69:15:82:2d:53:e8:a2:c7:8f:a5:22:14:55:
36:75:7f:f0:54:c5:21:59:3f:0b:b9:f2:d1:43:fc:5c:84:cb:
74:5e:f4:34:02:5b:e6:96:d4:56:95:60:97:b5:4d:a2:37:31:
39:3f:0f:7d:f1:c2:9c:7f:92:95:31:03:67:5f:33:b2:55:35:
d1:da:9a:dc:13:63:31:59:ed:f5:46:20:2c:ad:59:1f:32:dd:
b8:db:a0:9e:3a:1e:8b:be:c3:83:6d:9f:5a:a9:6d:a2:6b:52:
92:9e:3e:db:00:37:2c:e4:40:ef:85:09:4a:9a:7e:a8:24:30:
55:90:02:fe
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgISAYbbyLcBYlkZfnbRyGk8lrSKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1NzMwYmI4YjI2MjNlN2Y2NWE2MTYzNjA0ZDFjODVmOTEw
NjI4OGYwHhcNMjMwMzEzMTYyMzI5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhMDczMGRmZjYxNTJmMjNhNDUzMGYyMWQ5NjI2NWI1NDUyYzI3MmJiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAivZEMBiBmmIW7UWFIAnVyuluzYOq
gt3HC5D8S6ILtZlnZ1XyR6jUXBMnDUmZUS1EHM0fVVGPqxMvTrwoWa/E2wbY9Ek3
INeaRrESwyiicghJV9k7wCLsBa1WGGaTO2zkt3WHaDRSJHLUd4ynfbdOBWYzCIYV
Lsqqef66MR6cbcooSPK4KpiGU4DP31UViLMhumZQcQQqSKAzQFLx4z1XqaxxxiF+
WwyIsyNVPDkFfAcd7mX+dMgzlTv/zz/LiEtnC8EEOd/R+SAwxg89D9h1T7BYwWGC
dHL7eoQiRD+H7yXYDhgScBThUle4vMhIXeLpUy5H/MpIHBUd7ZFKKDbGTQIDAQAB
o4ICIjCCAh4wHQYDVR0OBBYEFKBzDf9hUvI6RTDyHZYmW1RSwnK7MB8GA1UdIwQY
MBaAFDVzC7iyYj5/ZaYWNgTRyF+RBiiPMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlhNTHVMSmlQbjlscGhZMkJOSElYNUVHS0k4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hOC81YzUxMzgtYWVlNC00ODJjLTkxM2Mt
M2E0ZGZmOGU4ZGVkLzEvb0hNTl8yRlM4anBGTVBJZGxpWmJWRkxDY3JzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hOC81YzUxMzgtYWVlNC00ODJjLTkxM2MtM2E0ZGZmOGU4ZGVk
LzEvTlhNTHVMSmlQbjlscGhZMkJOSElYNUVHS0k4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDgGCCsGAQUFBwEHAQH/BCkwJzAlBAIAATAfAwQDTm5wAwQC
Tm58MAsDAwFVxgMEA1XGEAMEAVXGHDANBgkqhkiG9w0BAQsFAAOCAQEAiVN9I10s
gZlmKcqslNCHPUiMDcHa0zmgI/Vyak2wTk9WjoL37wJIoytmXUG2T2ZoqF3n055o
nRSbL1qghlGL/2lw5p/xRykuVMrQ6kunyBWFnLEf35V05epPMeAoIh6zJ1kG83qj
5HTDOafc14OQRWoVVzHFrPbR+9dhfCWx3NEU5o5pFYItU+iix4+lIhRVNnV/8FTF
IVk/C7ny0UP8XITLdF70NAJb5pbUVpVgl7VNojcxOT8PffHCnH+SlTEDZ18zslU1
0dqa3BNjMVnt9UYgLK1ZHzLduNugnjoei77Dg22fWqltomtSkp4+2wA3LORA74UJ
Spp+qCQwVZAC/g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:37:08 2024 by rpki-client on console-ams.rpki-client.org