Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/WsHxiDWisaupPTkzZLll0TWKmYM.roa
File: WsHxiDWisaupPTkzZLll0TWKmYM.roa (raw, json)
Hash identifier: 36orxESmXGeIeCiMoutUX0ce3lsmpE54lu3mJ0PAOyQ=
Subject key identifier: 5A:C1:F1:88:35:A2:B1:AB:A9:3D:39:33:64:B9:65:D1:35:8A:99:83
Certificate issuer: /CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Certificate serial: 01915AAD08B8C7EECF765A2F2768AB90F078
Authority key identifier: 6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/WsHxiDWisaupPTkzZLll0TWKmYM.roa
Signing time: Fri 16 Aug 2024 10:12:55 +0000
ROA not before: Fri 16 Aug 2024 10:12:55 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200845
IP address blocks: 5.187.38.0/24 maxlen: 24
5.187.39.0/24 maxlen: 24
185.104.60.0/24 maxlen: 24
185.104.61.0/24 maxlen: 24
185.104.153.0/24 maxlen: 24
185.122.186.0/24 maxlen: 24
185.122.187.0/24 maxlen: 24
185.161.184.0/24 maxlen: 24
185.188.17.0/24 maxlen: 24
195.181.252.0/24 maxlen: 24
195.181.253.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:5a:ad:08:b8:c7:ee:cf:76:5a:2f:27:68:ab:90:f0:78
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Validity
Not Before: Aug 16 10:12:55 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=5ac1f18835a2b1aba93d393364b965d1358a9983
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bd:fd:be:33:83:3b:ae:30:3a:a3:e9:57:af:ca:
f6:15:2f:fd:b1:62:f9:9b:41:db:4f:3a:e1:2c:42:
c1:7d:bc:ea:cf:b4:09:91:a2:d9:9b:8d:89:4a:11:
30:8f:09:80:c7:be:6f:79:d1:06:62:06:d7:7f:02:
32:16:f1:c9:d5:55:d5:6e:c3:4e:ba:d0:67:20:10:
50:c1:01:9a:13:e8:52:a4:72:76:48:26:46:e2:f1:
3f:df:42:2a:48:ee:20:65:91:2b:66:9f:b0:79:68:
98:d8:be:b0:e3:90:08:a7:dc:3d:03:f4:ad:a1:eb:
66:fc:39:89:d9:d6:1d:ef:ad:08:5e:b7:03:71:38:
86:4f:b2:8e:f7:8a:0b:63:26:bf:80:63:d3:69:84:
ea:62:41:e2:19:57:f5:95:c6:da:81:cb:b9:df:d9:
f2:12:80:77:ff:16:a4:6d:8d:ed:5e:7c:3f:4e:78:
a8:95:34:4e:09:f9:50:9e:4a:d3:4e:be:1c:10:ed:
36:66:fb:b8:27:2b:3b:e9:0c:fa:1a:1c:45:4a:7c:
f5:b6:9d:25:98:4d:40:cb:a3:1c:77:38:ad:71:64:
fb:d6:fe:d5:5b:04:9a:58:e1:ce:d9:35:b8:3a:1d:
f4:80:d9:e7:3e:70:4b:de:99:db:91:67:0c:36:15:
a3:4f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5A:C1:F1:88:35:A2:B1:AB:A9:3D:39:33:64:B9:65:D1:35:8A:99:83
X509v3 Authority Key Identifier:
keyid:6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/WsHxiDWisaupPTkzZLll0TWKmYM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.187.38.0/23
185.104.60.0/23
185.104.153.0/24
185.122.186.0/23
185.161.184.0/24
185.188.17.0/24
195.181.252.0/23
Signature Algorithm: sha256WithRSAEncryption
b0:b0:ba:0b:b5:f1:15:89:59:97:71:f2:75:df:90:b4:a1:3b:
59:f0:09:24:ab:06:58:47:7e:13:c7:d2:74:b1:a8:b4:a8:ca:
ce:78:76:b0:0c:bc:84:ac:d2:a8:73:d7:95:99:b2:c8:aa:3e:
96:70:bc:18:0c:29:f5:03:87:d8:02:33:e3:e4:e4:4d:78:51:
30:27:85:71:8b:03:66:c4:99:8a:93:b9:d2:3f:8e:d2:b7:09:
49:73:dd:32:12:07:a2:9c:10:ca:bd:7c:cd:df:a0:e5:c3:4b:
d2:a7:18:c9:00:e0:87:4d:0d:d8:77:2f:3c:49:b4:e5:b3:c9:
d5:69:9b:c0:0d:dc:af:34:3a:e4:23:95:52:3a:3c:54:05:c5:
05:49:cb:e0:74:28:ac:20:69:1f:84:2b:b3:86:ef:bb:73:fa:
10:a5:e4:97:ff:37:47:70:a7:e2:93:35:4d:ca:84:17:10:90:
9a:74:56:35:dc:0f:6e:a5:d9:ce:fd:67:b4:a6:27:71:40:91:
59:84:f1:e5:9c:37:45:0d:bc:cf:e7:ed:87:85:eb:27:74:5f:
4e:53:f1:2b:77:ec:ff:9f:47:c6:fa:3b:b8:67:8c:47:b7:80:
d4:1a:42:22:66:75:f5:2e:4e:8c:f2:83:da:f1:23:ce:38:a8:
b6:da:cd:fc
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAZFarQi4x+7PdlovJ2irkPB4MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYzVkZTdkNzI1NWI3ZDU4MjYwYzY1YTEyMGIxNjRlZjEw
ZWY5MDMwHhcNMjQwODE2MTAxMjU1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1YWMxZjE4ODM1YTJiMWFiYTkzZDM5MzM2NGI5NjVkMTM1OGE5OTgzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvf2+M4M7rjA6o+lXr8r2FS/9sWL5
m0HbTzrhLELBfbzqz7QJkaLZm42JShEwjwmAx75vedEGYgbXfwIyFvHJ1VXVbsNO
utBnIBBQwQGaE+hSpHJ2SCZG4vE/30IqSO4gZZErZp+weWiY2L6w45AIp9w9A/St
oetm/DmJ2dYd760IXrcDcTiGT7KO94oLYya/gGPTaYTqYkHiGVf1lcbagcu539ny
EoB3/xakbY3tXnw/TniolTROCflQnkrTTr4cEO02Zvu4Jys76Qz6GhxFSnz1tp0l
mE1Ay6McdzitcWT71v7VWwSaWOHO2TW4Oh30gNnnPnBL3pnbkWcMNhWjTwIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFFrB8Yg1orGrqT05M2S5ZdE1ipmDMB8GA1UdIwQY
MBaAFGvF3n1yVbfVgmDGWhILFk7xDvkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgt
ZmRmNjYzOGQyYzA0LzEvV3NIeGlEV2lzYXVwUFRrelpMbGwwVFdLbVlNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgtZmRmNjYzOGQyYzA0
LzEvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQBBbsmAwQB
uWg8AwQAuWiZAwQBuXq6AwQAuaG4AwQAubwRAwQBw7X8MA0GCSqGSIb3DQEBCwUA
A4IBAQCwsLoLtfEViVmXcfJ135C0oTtZ8AkkqwZYR34Tx9J0sai0qMrOeHawDLyE
rNKoc9eVmbLIqj6WcLwYDCn1A4fYAjPj5ORNeFEwJ4VxiwNmxJmKk7nSP47StwlJ
c90yEgeinBDKvXzN36Dlw0vSpxjJAOCHTQ3Ydy88SbTls8nVaZvADdyvNDrkI5VS
OjxUBcUFScvgdCisIGkfhCuzhu+7c/oQpeSX/zdHcKfikzVNyoQXEJCadFY13A9u
pdnO/We0pidxQJFZhPHlnDdFDbzP5+2HhesndF9OU/Erd+z/n0fG+ju4Z4xHt4DU
GkIiZnX1Lk6M8oPa8SPOOKi22s38
-----END CERTIFICATE-----
Generated at Mon Aug 19 15:41:46 2024 by rpki-client on console-ams.rpki-client.org