Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/donr6exjfawMDpziMaAOu0NHIU8.roa
File: donr6exjfawMDpziMaAOu0NHIU8.roa (raw, json)
Hash identifier: qtzSo30RjkaFJyWdUP/ZmpaG79UkVbPX2iN+QyAca/8=
Subject key identifier: 76:89:EB:E9:EC:63:7D:AC:0C:0E:9C:E2:31:A0:0E:BB:43:47:21:4F
Certificate issuer: /CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Certificate serial: 019150E599FD474E9BB374EBAE7ABEB459AD
Authority key identifier: 6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/donr6exjfawMDpziMaAOu0NHIU8.roa
Signing time: Wed 14 Aug 2024 12:38:30 +0000
ROA not before: Wed 14 Aug 2024 12:38:30 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200845
IP address blocks: 5.187.38.0/24 maxlen: 24
5.187.39.0/24 maxlen: 24
95.156.204.0/24 maxlen: 24
95.156.205.0/24 maxlen: 24
95.156.206.0/24 maxlen: 24
95.156.207.0/24 maxlen: 24
185.104.60.0/24 maxlen: 24
185.104.61.0/24 maxlen: 24
185.104.153.0/24 maxlen: 24
185.122.186.0/24 maxlen: 24
185.122.187.0/24 maxlen: 24
185.161.184.0/24 maxlen: 24
185.188.17.0/24 maxlen: 24
195.181.252.0/24 maxlen: 24
195.181.253.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:50:e5:99:fd:47:4e:9b:b3:74:eb:ae:7a:be:b4:59:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Validity
Not Before: Aug 14 12:38:30 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7689ebe9ec637dac0c0e9ce231a00ebb4347214f
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:b6:1b:db:ff:83:a4:a9:07:12:1f:76:59:2c:
d8:8a:1f:d4:14:d2:c7:85:c2:1f:4a:45:6e:55:fe:
43:52:6a:31:8b:79:49:1c:49:9f:14:90:c7:32:6c:
b1:a3:e8:c3:0f:a6:e5:39:4c:5e:75:69:23:42:76:
3f:dc:38:9b:c7:d4:30:d6:79:c2:68:05:5c:60:8d:
2c:0c:53:e6:0b:df:3b:a4:ba:05:23:2e:e5:83:12:
4c:68:f2:3b:e4:99:8e:40:6a:06:a4:1f:3b:7c:ee:
c6:04:c3:63:4d:2f:a5:85:e8:d4:0e:42:dc:c3:f0:
94:2a:48:ce:cc:a7:d3:dd:cf:a2:d9:b2:b3:ef:3c:
9d:18:9f:c4:5a:a5:6e:b9:55:0f:ce:2b:80:8a:45:
85:4e:85:e3:87:07:19:87:8f:0b:14:eb:45:2e:fa:
d2:48:e8:40:19:2a:f8:6e:e5:87:91:f4:1a:92:35:
0b:25:aa:d5:58:c9:73:e2:4d:27:9c:ba:fa:ae:b5:
86:bc:e4:4e:07:ed:c1:56:77:44:fc:c2:84:1d:92:
9b:0f:7d:00:23:26:c3:6a:db:a6:72:8d:bc:40:f7:
f5:9f:cf:a6:35:42:da:6c:ba:f1:ef:5e:da:d5:89:
f3:6b:90:d2:79:95:51:b0:3d:d9:f0:25:b3:31:3c:
8e:91
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
76:89:EB:E9:EC:63:7D:AC:0C:0E:9C:E2:31:A0:0E:BB:43:47:21:4F
X509v3 Authority Key Identifier:
keyid:6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/donr6exjfawMDpziMaAOu0NHIU8.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.187.38.0/23
95.156.204.0/22
185.104.60.0/23
185.104.153.0/24
185.122.186.0/23
185.161.184.0/24
185.188.17.0/24
195.181.252.0/23
Signature Algorithm: sha256WithRSAEncryption
0c:05:28:bd:8f:df:31:af:08:07:d8:af:b4:04:76:40:a0:15:
9e:03:1c:9e:6b:15:b5:07:b7:42:ac:2a:62:c2:16:11:cd:2c:
fa:4a:a2:e1:3d:9d:85:44:17:aa:f8:65:da:f7:e6:bb:05:6d:
e9:d7:01:48:58:d9:fc:39:bc:21:59:87:40:bb:69:2c:14:ce:
bf:56:ad:81:04:08:c8:38:04:eb:92:48:cc:9d:83:2f:b7:5a:
34:05:75:c1:d0:cb:bf:00:62:dd:7a:49:91:dc:b6:61:5c:05:
55:da:09:be:ae:42:92:bc:b9:68:14:57:4d:7d:c4:41:da:f1:
fd:ba:54:0e:85:67:44:80:f7:ce:f5:98:ca:3b:ba:f9:10:70:
1f:0d:4d:9a:51:a2:cc:5c:c3:36:65:37:a7:46:13:0a:38:92:
3e:1e:2c:bf:59:af:ca:0d:5d:20:1b:44:84:08:e6:23:02:b2:
57:14:c5:6f:00:df:3b:a0:8d:09:bc:66:28:92:0d:ab:09:66:
b5:0c:76:cc:a2:ef:1f:d4:85:5a:c5:e6:e9:c1:98:4b:70:1b:
ea:79:b1:b2:6d:27:b6:cb:28:27:6b:0c:90:fe:6c:81:da:0f:
39:6f:80:cb:36:ef:82:49:1d:bd:de:ed:2e:e8:35:cb:bb:ae:
15:3c:9b:c1
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAZFQ5Zn9R06bs3Trrnq+tFmtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYzVkZTdkNzI1NWI3ZDU4MjYwYzY1YTEyMGIxNjRlZjEw
ZWY5MDMwHhcNMjQwODE0MTIzODMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3Njg5ZWJlOWVjNjM3ZGFjMGMwZTljZTIzMWEwMGViYjQzNDcyMTRmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlrYb2/+DpKkHEh92WSzYih/UFNLH
hcIfSkVuVf5DUmoxi3lJHEmfFJDHMmyxo+jDD6blOUxedWkjQnY/3Dibx9Qw1nnC
aAVcYI0sDFPmC987pLoFIy7lgxJMaPI75JmOQGoGpB87fO7GBMNjTS+lhejUDkLc
w/CUKkjOzKfT3c+i2bKz7zydGJ/EWqVuuVUPziuAikWFToXjhwcZh48LFOtFLvrS
SOhAGSr4buWHkfQakjULJarVWMlz4k0nnLr6rrWGvOROB+3BVndE/MKEHZKbD30A
IybDatumco28QPf1n8+mNULabLrx717a1Ynza5DSeZVRsD3Z8CWzMTyOkQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFHaJ6+nsY32sDA6c4jGgDrtDRyFPMB8GA1UdIwQY
MBaAFGvF3n1yVbfVgmDGWhILFk7xDvkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgt
ZmRmNjYzOGQyYzA0LzEvZG9ucjZleGpmYXdNRHB6aU1hQU91ME5ISVU4LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgtZmRmNjYzOGQyYzA0
LzEvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQBBbsmAwQC
X5zMAwQBuWg8AwQAuWiZAwQBuXq6AwQAuaG4AwQAubwRAwQBw7X8MA0GCSqGSIb3
DQEBCwUAA4IBAQAMBSi9j98xrwgH2K+0BHZAoBWeAxyeaxW1B7dCrCpiwhYRzSz6
SqLhPZ2FRBeq+GXa9+a7BW3p1wFIWNn8ObwhWYdAu2ksFM6/Vq2BBAjIOATrkkjM
nYMvt1o0BXXB0Mu/AGLdekmR3LZhXAVV2gm+rkKSvLloFFdNfcRB2vH9ulQOhWdE
gPfO9ZjKO7r5EHAfDU2aUaLMXMM2ZTenRhMKOJI+Hiy/Wa/KDV0gG0SECOYjArJX
FMVvAN87oI0JvGYokg2rCWa1DHbMou8f1IVaxebpwZhLcBvqebGybSe2yygnawyQ
/myB2g85b4DLNu+CSR293u0u6DXLu64VPJvB
-----END CERTIFICATE-----
Generated at Fri Aug 16 13:23:13 2024 by rpki-client on console-fra.rpki-client.org