Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/YRufHwQqOs6ZdSlsi8IpsIo7oAc.roa
File: YRufHwQqOs6ZdSlsi8IpsIo7oAc.roa (raw, json)
Hash identifier: kmDc/G9Ex77P6nCo38z5qnvucKCoxXNtKkgS1B7Rq/8=
Subject key identifier: 61:1B:9F:1F:04:2A:3A:CE:99:75:29:6C:8B:C2:29:B0:8A:3B:A0:07
Certificate issuer: /CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Certificate serial: 018AED4C5FA7129E2FF954ED99D698080F9F
Authority key identifier: 6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/YRufHwQqOs6ZdSlsi8IpsIo7oAc.roa
Signing time: Sun 01 Oct 2023 22:11:59 +0000
ROA not before: Sun 01 Oct 2023 22:11:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200845
IP address blocks: 185.188.17.0/24 maxlen: 24
185.188.16.0/24 maxlen: 24
185.188.19.0/24 maxlen: 24
185.194.208.0/24 maxlen: 24
185.188.18.0/24 maxlen: 24
185.194.211.0/24 maxlen: 24
185.194.210.0/24 maxlen: 24
185.194.209.0/24 maxlen: 24
185.157.212.0/24 maxlen: 24
5.61.213.0/24 maxlen: 24
5.61.212.0/24 maxlen: 24
185.157.215.0/24 maxlen: 24
185.157.214.0/24 maxlen: 24
5.61.215.0/24 maxlen: 24
5.61.214.0/24 maxlen: 24
185.122.187.0/24 maxlen: 24
185.104.61.0/24 maxlen: 24
185.104.60.0/24 maxlen: 24
185.89.29.0/24 maxlen: 24
185.89.28.0/24 maxlen: 24
185.89.31.0/24 maxlen: 24
185.84.44.0/24 maxlen: 24
185.84.47.0/24 maxlen: 24
185.84.46.0/24 maxlen: 24
185.84.45.0/24 maxlen: 24
217.61.243.0/24 maxlen: 24
217.61.242.0/24 maxlen: 24
217.61.241.0/24 maxlen: 24
185.122.186.0/24 maxlen: 24
5.187.39.0/24 maxlen: 24
185.161.184.0/24 maxlen: 24
195.181.253.0/24 maxlen: 24
195.181.252.0/24 maxlen: 24
95.156.206.0/24 maxlen: 24
95.156.205.0/24 maxlen: 24
95.156.204.0/24 maxlen: 24
185.104.153.0/24 maxlen: 24
185.104.155.0/24 maxlen: 24
185.104.154.0/24 maxlen: 24
5.187.38.0/24 maxlen: 24
95.156.207.0/24 maxlen: 24
185.191.23.0/24 maxlen: 24
185.191.22.0/24 maxlen: 24
185.191.21.0/24 maxlen: 24
185.191.20.0/24 maxlen: 24
212.237.231.0/24 maxlen: 24
185.76.78.0/24 maxlen: 24
185.76.79.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:ed:4c:5f:a7:12:9e:2f:f9:54:ed:99:d6:98:08:0f:9f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Validity
Not Before: Oct 1 22:11:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=611b9f1f042a3ace9975296c8bc229b08a3ba007
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:5b:df:39:e1:6e:5a:ce:62:34:82:14:61:9a:
5e:b5:74:ed:fe:14:01:d5:8e:94:67:c4:1e:63:13:
84:fd:0f:3c:3d:00:4b:77:12:ca:73:89:ef:69:6f:
75:94:20:12:5b:93:e3:b2:47:b7:89:ea:9f:52:70:
70:fd:b7:ab:20:6d:03:c4:7d:00:e7:ca:fb:bf:4a:
9e:41:9c:a0:b6:ee:1b:da:ec:4c:b1:d2:da:dc:7d:
cf:4e:84:fc:03:e9:27:ef:39:29:39:ec:b6:e1:83:
2a:2e:ee:49:bb:7c:9d:7a:1c:32:fc:df:a5:bd:2a:
54:c5:6e:21:88:5b:17:b4:11:86:50:4a:6e:f6:87:
f4:ee:22:df:20:e5:a8:84:2b:75:af:0c:1d:2e:37:
90:0c:79:a8:27:36:ea:13:c6:7a:89:a3:db:41:80:
0a:a0:02:87:af:28:c3:10:b8:2f:51:d4:28:23:3d:
96:75:da:01:f3:91:94:7a:a6:07:33:ba:1e:0c:d4:
22:bf:29:6f:9b:8d:46:1a:71:ec:a0:aa:bd:6a:4c:
f0:d1:54:ec:ce:57:41:26:92:0d:ef:bf:fc:ee:0c:
8c:55:bc:09:ca:8c:ce:4f:ce:95:0a:39:c8:76:21:
24:0e:e3:0a:57:6d:ba:97:41:9d:17:38:bd:cf:bf:
af:21
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
61:1B:9F:1F:04:2A:3A:CE:99:75:29:6C:8B:C2:29:B0:8A:3B:A0:07
X509v3 Authority Key Identifier:
keyid:6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/YRufHwQqOs6ZdSlsi8IpsIo7oAc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.61.212.0/22
5.187.38.0/23
95.156.204.0/22
185.76.78.0/23
185.84.44.0/22
185.89.28.0/23
185.89.31.0/24
185.104.60.0/23
185.104.153.0-185.104.155.255
185.122.186.0/23
185.157.212.0/24
185.157.214.0/23
185.161.184.0/24
185.188.16.0/22
185.191.20.0/22
185.194.208.0/22
195.181.252.0/23
212.237.231.0/24
217.61.241.0-217.61.243.255
Signature Algorithm: sha256WithRSAEncryption
07:c6:f7:f7:54:43:5f:8a:fb:4d:67:89:f1:c8:76:32:8f:5d:
fe:f0:1d:3d:c4:e1:ce:5e:68:de:f7:63:32:10:50:17:04:4f:
85:aa:ba:94:0b:89:c3:f4:0d:29:67:0b:b7:93:c0:7e:2c:a3:
6a:ce:38:6b:91:4a:ae:10:22:e9:ed:54:ed:9b:f2:0a:08:0c:
c8:98:d1:20:11:38:30:d7:39:72:c7:78:06:de:37:1f:11:77:
41:83:1d:01:07:e4:d5:b1:8f:68:f5:15:7b:77:be:2b:91:c9:
2b:79:79:00:ab:db:dd:f4:d0:80:0f:be:34:bb:99:f7:5d:b6:
1f:0b:00:52:89:eb:68:39:9a:c3:17:05:db:78:50:e1:d9:a6:
08:70:45:85:31:1c:cf:7e:3d:7d:a5:9d:6c:4e:f3:13:db:73:
42:14:d4:2d:a0:f1:95:21:d9:e4:a1:83:ed:27:cb:53:a4:ae:
9e:c6:81:1a:f6:ec:af:e7:61:d5:ed:13:59:e0:d3:59:7e:44:
74:cd:14:01:cf:a9:e9:7d:6f:9a:5a:a4:2e:71:ff:06:50:2b:
2b:a8:8a:ca:05:f2:25:ad:35:c3:ec:b6:cb:39:6d:5a:8f:f8:
16:2c:1d:a0:43:b1:f7:e0:de:72:0d:47:d1:59:b6:be:35:05:
35:52:b8:2f
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgISAYrtTF+nEp4v+VTtmdaYCA+fMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYzVkZTdkNzI1NWI3ZDU4MjYwYzY1YTEyMGIxNjRlZjEw
ZWY5MDMwHhcNMjMxMDAxMjIxMTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MTFiOWYxZjA0MmEzYWNlOTk3NTI5NmM4YmMyMjliMDhhM2JhMDA3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiFvfOeFuWs5iNIIUYZpetXTt/hQB
1Y6UZ8QeYxOE/Q88PQBLdxLKc4nvaW91lCASW5Pjske3ieqfUnBw/berIG0DxH0A
58r7v0qeQZygtu4b2uxMsdLa3H3PToT8A+kn7zkpOey24YMqLu5Ju3ydehwy/N+l
vSpUxW4hiFsXtBGGUEpu9of07iLfIOWohCt1rwwdLjeQDHmoJzbqE8Z6iaPbQYAK
oAKHryjDELgvUdQoIz2WddoB85GUeqYHM7oeDNQivylvm41GGnHsoKq9akzw0VTs
zldBJpIN77/87gyMVbwJyozOT86VCjnIdiEkDuMKV226l0GdFzi9z7+vIQIDAQAB
o4ICijCCAoYwHQYDVR0OBBYEFGEbnx8EKjrOmXUpbIvCKbCKO6AHMB8GA1UdIwQY
MBaAFGvF3n1yVbfVgmDGWhILFk7xDvkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgt
ZmRmNjYzOGQyYzA0LzEvWVJ1Zkh3UXFPczZaZFNsc2k4SXBzSW83b0FjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgtZmRmNjYzOGQyYzA0
LzEvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGfBggrBgEFBQcBBwEB/wSBjzCBjDCBiQQCAAEwgYIDBAIF
PdQDBAEFuyYDBAJfnMwDBAG5TE4DBAK5VCwDBAG5WRwDBAC5WR8DBAG5aDwwDAME
ALlomQMEArlomAMEAbl6ugMEALmd1AMEAbmd1gMEALmhuAMEArm8EAMEArm/FAME
ArnC0AMEAcO1/AMEANTt5zAMAwQA2T3xAwQC2T3wMA0GCSqGSIb3DQEBCwUAA4IB
AQAHxvf3VENfivtNZ4nxyHYyj13+8B09xOHOXmje92MyEFAXBE+FqrqUC4nD9A0p
Zwu3k8B+LKNqzjhrkUquECLp7VTtm/IKCAzImNEgETgw1zlyx3gG3jcfEXdBgx0B
B+TVsY9o9RV7d74rkckreXkAq9vd9NCAD740u5n3XbYfCwBSietoOZrDFwXbeFDh
2aYIcEWFMRzPfj19pZ1sTvMT23NCFNQtoPGVIdnkoYPtJ8tTpK6exoEa9uyv52HV
7RNZ4NNZfkR0zRQBz6npfW+aWqQucf8GUCsrqIrKBfIlrTXD7LbLOW1aj/gWLB2g
Q7H34N5yDUfRWba+NQU1Urgv
-----END CERTIFICATE-----
Generated at Tue Oct 3 12:44:54 2023 by rpki-client on console-ams.rpki-client.org