Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/HQBNmRoiI-WrbKUt6026ljqqorE.roa
File: HQBNmRoiI-WrbKUt6026ljqqorE.roa (raw, json)
Hash identifier: gPaaoMBLT2kw4gVSKcKsY/Ap67AZSxAkkYrC0o05jBM=
Subject key identifier: 1D:00:4D:99:1A:22:23:E5:AB:6C:A5:2D:EB:4D:BA:96:3A:AA:A2:B1
Certificate issuer: /CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Certificate serial: 018AF577971E13EF2DE1994CFBA769E9255B
Authority key identifier: 6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/HQBNmRoiI-WrbKUt6026ljqqorE.roa
Signing time: Tue 03 Oct 2023 12:16:09 +0000
ROA not before: Tue 03 Oct 2023 12:16:09 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200845
IP address blocks: 185.188.17.0/24 maxlen: 24
185.188.16.0/24 maxlen: 24
185.188.19.0/24 maxlen: 24
185.194.208.0/24 maxlen: 24
185.188.18.0/24 maxlen: 24
185.194.211.0/24 maxlen: 24
185.194.210.0/24 maxlen: 24
185.194.209.0/24 maxlen: 24
185.157.212.0/24 maxlen: 24
5.61.213.0/24 maxlen: 24
5.61.212.0/24 maxlen: 24
185.157.215.0/24 maxlen: 24
185.157.214.0/24 maxlen: 24
5.61.215.0/24 maxlen: 24
5.61.214.0/24 maxlen: 24
185.122.187.0/24 maxlen: 24
185.104.61.0/24 maxlen: 24
185.104.60.0/24 maxlen: 24
185.89.29.0/24 maxlen: 24
185.89.28.0/24 maxlen: 24
185.89.31.0/24 maxlen: 24
185.84.44.0/24 maxlen: 24
185.84.47.0/24 maxlen: 24
185.84.46.0/24 maxlen: 24
185.84.45.0/24 maxlen: 24
217.61.243.0/24 maxlen: 24
217.61.242.0/24 maxlen: 24
217.61.241.0/24 maxlen: 24
185.122.186.0/24 maxlen: 24
5.187.39.0/24 maxlen: 24
185.161.184.0/24 maxlen: 24
195.181.253.0/24 maxlen: 24
195.181.252.0/24 maxlen: 24
95.156.206.0/24 maxlen: 24
95.156.205.0/24 maxlen: 24
95.156.204.0/24 maxlen: 24
185.104.153.0/24 maxlen: 24
185.104.155.0/24 maxlen: 24
185.104.154.0/24 maxlen: 24
5.187.38.0/24 maxlen: 24
95.156.207.0/24 maxlen: 24
185.191.23.0/24 maxlen: 24
185.191.22.0/24 maxlen: 24
185.191.21.0/24 maxlen: 24
185.191.20.0/24 maxlen: 24
185.76.78.0/24 maxlen: 24
185.76.79.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:f5:77:97:1e:13:ef:2d:e1:99:4c:fb:a7:69:e9:25:5b
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Validity
Not Before: Oct 3 12:16:09 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1d004d991a2223e5ab6ca52deb4dba963aaaa2b1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8e:d4:13:af:9f:a6:9c:3d:ca:67:51:06:0b:b1:
a0:60:dc:a1:1c:e5:dc:52:58:28:67:49:3c:bf:dc:
93:73:e9:99:aa:27:37:6a:01:cb:5d:7f:5b:62:98:
66:40:d1:45:78:83:18:cd:34:a0:4b:31:dc:a8:b8:
7c:93:b7:ee:5d:9e:6b:4d:7d:66:db:2d:7b:fb:40:
a9:1c:af:e5:19:55:62:d1:b4:c5:7a:70:c5:9e:7a:
8d:8a:b3:7e:51:fd:ac:e6:3c:86:5a:a8:8a:f8:ae:
2f:1a:33:f8:28:e2:a3:86:69:09:fd:55:ce:ef:ca:
87:ed:ac:0d:80:59:0b:b6:3a:b7:b7:25:2d:cf:5d:
dd:b3:ea:11:83:7a:9e:0b:d7:48:58:36:b8:ba:75:
28:1d:d3:46:b2:0b:bb:08:0a:e4:5d:f7:4a:74:d5:
ad:78:67:7f:27:76:3e:a6:c0:0b:0b:59:68:ba:1d:
fb:e7:55:c2:aa:db:01:03:f8:0c:aa:64:b1:ab:98:
5e:cd:f6:bb:2b:09:2e:2f:b8:b4:f0:88:7f:a8:a5:
e0:f9:f7:0a:29:4c:72:15:46:36:47:ad:55:4a:7d:
30:a3:6b:1b:e2:ec:72:fd:6b:bf:3f:b2:34:51:28:
45:98:02:7b:28:bc:0c:8e:86:65:9c:f6:a4:a1:9a:
25:03
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1D:00:4D:99:1A:22:23:E5:AB:6C:A5:2D:EB:4D:BA:96:3A:AA:A2:B1
X509v3 Authority Key Identifier:
keyid:6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/HQBNmRoiI-WrbKUt6026ljqqorE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.61.212.0/22
5.187.38.0/23
95.156.204.0/22
185.76.78.0/23
185.84.44.0/22
185.89.28.0/23
185.89.31.0/24
185.104.60.0/23
185.104.153.0-185.104.155.255
185.122.186.0/23
185.157.212.0/24
185.157.214.0/23
185.161.184.0/24
185.188.16.0/22
185.191.20.0/22
185.194.208.0/22
195.181.252.0/23
217.61.241.0-217.61.243.255
Signature Algorithm: sha256WithRSAEncryption
0e:e8:bf:ca:82:8c:55:0b:f1:ee:9d:a5:48:1b:b1:17:3c:22:
54:b6:4d:e4:ba:a2:d4:dd:a1:c5:09:76:4a:27:c2:4a:15:33:
10:40:fa:fc:ee:6e:0e:59:7c:88:80:83:12:a7:82:49:0d:12:
55:8b:69:24:6f:4f:c4:4f:39:c3:9c:24:8f:e2:cc:73:4a:d2:
70:7c:50:2b:2a:3b:21:a3:80:52:32:70:49:4a:73:5d:76:e6:
8b:2c:7c:7c:28:21:ea:ad:ad:7a:d3:69:4b:bb:3d:fa:3e:21:
75:0a:0b:af:e5:17:06:89:a6:59:28:a4:4e:24:0f:82:66:1d:
fb:e3:a3:08:c0:67:77:59:2d:b3:19:12:2c:80:fb:f7:1a:ae:
c9:83:ee:64:72:f2:7b:db:03:4d:67:3c:88:16:93:c3:f1:83:
65:14:c9:0c:e5:48:96:af:91:55:eb:c3:c1:fc:1e:66:bd:fb:
11:c5:54:59:96:72:92:98:50:1d:a4:84:11:05:22:36:b3:df:
de:71:49:20:0a:1a:c3:1e:da:f4:85:a4:ae:da:41:89:94:89:
be:64:c9:58:d0:7f:32:6c:39:a9:a1:1b:ec:85:ec:2b:3b:f8:
33:89:37:6b:2a:54:e4:f9:4b:b8:d3:9e:3b:fd:00:32:30:d2:
10:a2:1b:85
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgISAYr1d5ceE+8t4ZlM+6dp6SVbMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYzVkZTdkNzI1NWI3ZDU4MjYwYzY1YTEyMGIxNjRlZjEw
ZWY5MDMwHhcNMjMxMDAzMTIxNjA5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxZDAwNGQ5OTFhMjIyM2U1YWI2Y2E1MmRlYjRkYmE5NjNhYWFhMmIxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjtQTr5+mnD3KZ1EGC7GgYNyhHOXc
UlgoZ0k8v9yTc+mZqic3agHLXX9bYphmQNFFeIMYzTSgSzHcqLh8k7fuXZ5rTX1m
2y17+0CpHK/lGVVi0bTFenDFnnqNirN+Uf2s5jyGWqiK+K4vGjP4KOKjhmkJ/VXO
78qH7awNgFkLtjq3tyUtz13ds+oRg3qeC9dIWDa4unUoHdNGsgu7CArkXfdKdNWt
eGd/J3Y+psALC1louh3751XCqtsBA/gMqmSxq5hezfa7KwkuL7i08Ih/qKXg+fcK
KUxyFUY2R61VSn0wo2sb4uxy/Wu/P7I0UShFmAJ7KLwMjoZlnPakoZolAwIDAQAB
o4ICgzCCAn8wHQYDVR0OBBYEFB0ATZkaIiPlq2ylLetNupY6qqKxMB8GA1UdIwQY
MBaAFGvF3n1yVbfVgmDGWhILFk7xDvkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgt
ZmRmNjYzOGQyYzA0LzEvSFFCTm1Sb2lJLVdyYktVdDYwMjZsanFxb3JFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgtZmRmNjYzOGQyYzA0
LzEvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGYBggrBgEFBQcBBwEB/wSBiDCBhTCBggQCAAEwfAMEAgU9
1AMEAQW7JgMEAl+czAMEAblMTgMEArlULAMEAblZHAMEALlZHwMEAbloPDAMAwQA
uWiZAwQCuWiYAwQBuXq6AwQAuZ3UAwQBuZ3WAwQAuaG4AwQCubwQAwQCub8UAwQC
ucLQAwQBw7X8MAwDBADZPfEDBALZPfAwDQYJKoZIhvcNAQELBQADggEBAA7ov8qC
jFUL8e6dpUgbsRc8IlS2TeS6otTdocUJdkonwkoVMxBA+vzubg5ZfIiAgxKngkkN
ElWLaSRvT8RPOcOcJI/izHNK0nB8UCsqOyGjgFIycElKc1125ossfHwoIeqtrXrT
aUu7Pfo+IXUKC6/lFwaJplkopE4kD4JmHfvjowjAZ3dZLbMZEiyA+/carsmD7mRy
8nvbA01nPIgWk8Pxg2UUyQzlSJavkVXrw8H8Hma9+xHFVFmWcpKYUB2khBEFIjaz
395xSSAKGsMe2vSFpK7aQYmUib5kyVjQfzJsOamhG+yF7Cs7+DOJN2sqVOT5S7jT
njv9ADIw0hCiG4U=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:34 2024 by rpki-client on console-fra.rpki-client.org