Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/21jYyY3DYQpWN2SHVXzXLPXBwX8.roa
File: 21jYyY3DYQpWN2SHVXzXLPXBwX8.roa (raw, json)
Hash identifier: NNxG5HIPR8Z5w6Y7Kl8kyXI/Kl1nkPIVyXA75xYrKHU=
Subject key identifier: DB:58:D8:C9:8D:C3:61:0A:56:37:64:87:55:7C:D7:2C:F5:C1:C1:7F
Certificate issuer: /CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Certificate serial: 018CC64AB0301A924F6C45123A03D187C88F
Authority key identifier: 6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/21jYyY3DYQpWN2SHVXzXLPXBwX8.roa
Signing time: Mon 01 Jan 2024 18:30:32 +0000
ROA not before: Mon 01 Jan 2024 18:30:32 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200845
IP address blocks: 185.188.17.0/24 maxlen: 24
185.188.19.0/24 maxlen: 24
185.157.212.0/24 maxlen: 24
5.61.213.0/24 maxlen: 24
5.61.212.0/24 maxlen: 24
185.157.215.0/24 maxlen: 24
185.157.214.0/24 maxlen: 24
5.61.215.0/24 maxlen: 24
5.61.214.0/24 maxlen: 24
185.122.187.0/24 maxlen: 24
185.104.61.0/24 maxlen: 24
185.104.60.0/24 maxlen: 24
185.89.29.0/24 maxlen: 24
185.89.28.0/24 maxlen: 24
185.89.31.0/24 maxlen: 24
217.61.243.0/24 maxlen: 24
217.61.242.0/24 maxlen: 24
217.61.241.0/24 maxlen: 24
185.122.186.0/24 maxlen: 24
5.187.39.0/24 maxlen: 24
185.161.184.0/24 maxlen: 24
195.181.253.0/24 maxlen: 24
195.181.252.0/24 maxlen: 24
95.156.206.0/24 maxlen: 24
95.156.205.0/24 maxlen: 24
95.156.204.0/24 maxlen: 24
185.104.153.0/24 maxlen: 24
185.104.155.0/24 maxlen: 24
185.104.154.0/24 maxlen: 24
5.187.38.0/24 maxlen: 24
95.156.207.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c6:4a:b0:30:1a:92:4f:6c:45:12:3a:03:d1:87:c8:8f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Validity
Not Before: Jan 1 18:30:32 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=db58d8c98dc3610a56376487557cd72cf5c1c17f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d4:5a:60:ba:7c:c6:1d:9c:32:7c:5c:91:09:77:
46:9b:91:2d:63:17:53:30:8f:54:99:21:3d:b8:ef:
42:11:80:2a:1c:3d:81:bb:06:fd:b9:57:0b:81:7c:
d9:83:ff:7f:5b:39:f5:78:93:49:31:01:d0:8a:83:
bc:2a:1e:53:fd:94:80:ab:3a:ae:cd:a4:21:b8:b0:
67:3e:80:da:bf:c2:89:d8:74:35:f3:3f:a8:3a:61:
23:fb:31:8f:fa:36:6a:8b:68:d2:75:05:6a:37:b8:
b9:7d:f1:30:0d:5a:62:fe:fd:31:d0:7b:1f:77:88:
ea:25:a5:0a:8c:f5:22:95:de:b7:a9:46:f0:64:be:
c9:14:3f:75:85:5c:a3:6b:5e:44:ae:d2:2e:03:2e:
c4:16:0b:4f:ea:e2:78:26:11:a4:06:aa:fb:4d:2a:
55:9a:34:b0:de:9b:2a:b7:3c:75:4a:15:bf:0a:39:
58:ad:3b:c7:61:63:f1:ac:f7:1c:69:77:59:f8:df:
64:0d:92:6d:24:c5:00:d0:4c:3f:8b:d2:e3:3f:fe:
00:90:f6:30:c8:25:03:a7:9f:20:a8:5b:8a:ed:35:
7f:22:0b:4a:01:ff:15:ae:3c:73:ed:81:42:23:3d:
1a:0c:bb:cb:9a:8e:86:c8:34:97:ec:20:72:00:91:
6a:ad
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DB:58:D8:C9:8D:C3:61:0A:56:37:64:87:55:7C:D7:2C:F5:C1:C1:7F
X509v3 Authority Key Identifier:
keyid:6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/21jYyY3DYQpWN2SHVXzXLPXBwX8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.61.212.0/22
5.187.38.0/23
95.156.204.0/22
185.89.28.0/23
185.89.31.0/24
185.104.60.0/23
185.104.153.0-185.104.155.255
185.122.186.0/23
185.157.212.0/24
185.157.214.0/23
185.161.184.0/24
185.188.17.0/24
185.188.19.0/24
195.181.252.0/23
217.61.241.0-217.61.243.255
Signature Algorithm: sha256WithRSAEncryption
a3:68:85:c5:16:ce:ab:6a:6a:56:0f:68:31:e2:e4:82:64:ab:
3e:85:0a:66:a4:e8:f2:d3:a7:55:a0:38:b8:6b:e7:bb:13:ee:
d0:c4:f7:1a:4c:a6:ee:88:4b:41:7b:77:7b:20:3b:a8:0e:63:
51:22:65:62:44:d8:cf:e1:b3:cf:29:2b:f9:fc:55:60:75:93:
86:92:67:08:b7:3b:68:2c:57:cd:ca:eb:c2:6b:cc:49:8f:d2:
fa:a9:ae:ac:0f:29:54:21:d2:07:b7:32:aa:d3:1c:cc:d7:42:
73:06:bc:5e:7a:be:ba:36:da:30:63:a9:e9:aa:36:f3:78:39:
4e:34:77:35:99:c5:56:df:d5:d4:c4:f9:f5:f6:64:a6:6b:27:
ea:d9:d5:67:5e:30:59:e1:60:9d:77:57:40:74:ae:07:f6:27:
5f:83:5c:de:57:7b:70:f7:77:d7:e7:01:3e:7e:4e:62:6f:83:
61:f1:df:30:d2:61:9e:73:00:b1:b4:ed:59:24:3c:de:8f:66:
fb:0f:3e:25:66:bd:0c:f1:1d:9a:b1:8e:c7:75:70:9d:32:b1:
64:79:55:bf:42:e4:70:36:7d:c5:0c:54:5f:c3:93:da:91:e8:
2e:72:48:5f:98:f2:ba:15:2f:6b:69:d1:b3:18:00:d9:5c:02:
17:c3:0b:7e
-----BEGIN CERTIFICATE-----
MIIFYjCCBEqgAwIBAgISAYzGSrAwGpJPbEUSOgPRh8iPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYzVkZTdkNzI1NWI3ZDU4MjYwYzY1YTEyMGIxNjRlZjEw
ZWY5MDMwHhcNMjQwMTAxMTgzMDMyWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYjU4ZDhjOThkYzM2MTBhNTYzNzY0ODc1NTdjZDcyY2Y1YzFjMTdmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1FpgunzGHZwyfFyRCXdGm5EtYxdT
MI9UmSE9uO9CEYAqHD2Buwb9uVcLgXzZg/9/Wzn1eJNJMQHQioO8Kh5T/ZSAqzqu
zaQhuLBnPoDav8KJ2HQ18z+oOmEj+zGP+jZqi2jSdQVqN7i5ffEwDVpi/v0x0Hsf
d4jqJaUKjPUild63qUbwZL7JFD91hVyja15ErtIuAy7EFgtP6uJ4JhGkBqr7TSpV
mjSw3psqtzx1ShW/CjlYrTvHYWPxrPccaXdZ+N9kDZJtJMUA0Ew/i9LjP/4AkPYw
yCUDp58gqFuK7TV/IgtKAf8Vrjxz7YFCIz0aDLvLmo6GyDSX7CByAJFqrQIDAQAB
o4ICbjCCAmowHQYDVR0OBBYEFNtY2MmNw2EKVjdkh1V81yz1wcF/MB8GA1UdIwQY
MBaAFGvF3n1yVbfVgmDGWhILFk7xDvkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgt
ZmRmNjYzOGQyYzA0LzEvMjFqWXlZM0RZUXBXTjJTSFZYelhMUFhCd1g4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgtZmRmNjYzOGQyYzA0
LzEvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGDBggrBgEFBQcBBwEB/wR0MHIwcAQCAAEwagMEAgU91AME
AQW7JgMEAl+czAMEAblZHAMEALlZHwMEAbloPDAMAwQAuWiZAwQCuWiYAwQBuXq6
AwQAuZ3UAwQBuZ3WAwQAuaG4AwQAubwRAwQAubwTAwQBw7X8MAwDBADZPfEDBALZ
PfAwDQYJKoZIhvcNAQELBQADggEBAKNohcUWzqtqalYPaDHi5IJkqz6FCmak6PLT
p1WgOLhr57sT7tDE9xpMpu6IS0F7d3sgO6gOY1EiZWJE2M/hs88pK/n8VWB1k4aS
Zwi3O2gsV83K68JrzEmP0vqprqwPKVQh0ge3MqrTHMzXQnMGvF56vro22jBjqemq
NvN4OU40dzWZxVbf1dTE+fX2ZKZrJ+rZ1WdeMFnhYJ13V0B0rgf2J1+DXN5Xe3D3
d9fnAT5+TmJvg2Hx3zDSYZ5zALG07VkkPN6PZvsPPiVmvQzxHZqxjsd1cJ0ysWR5
Vb9C5HA2fcUMVF/Dk9qR6C5ySF+Y8roVL2tp0bMYANlcAhfDC34=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:40:54 2024 by rpki-client on console-ams.rpki-client.org