Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/iNAKCx9g75C3yhJThkaYCD2TXM4.roa
File: iNAKCx9g75C3yhJThkaYCD2TXM4.roa (raw, json)
Hash identifier: HsnBPe6p/Iu94WreImLtgCozqr3b1Nu1r5uVWKD/H20=
Subject key identifier: 88:D0:0A:0B:1F:60:EF:90:B7:CA:12:53:86:46:98:08:3D:93:5C:CE
Certificate issuer: /CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Certificate serial: 01915AAD0867D401F2F73E50D8D47A3B1A1A
Authority key identifier: 6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/iNAKCx9g75C3yhJThkaYCD2TXM4.roa
Signing time: Fri 16 Aug 2024 10:12:54 +0000
ROA not before: Fri 16 Aug 2024 10:12:54 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 50129
IP address blocks: 5.187.38.0/24 maxlen: 24
5.187.39.0/24 maxlen: 24
185.104.60.0/24 maxlen: 24
185.104.61.0/24 maxlen: 24
185.104.153.0/24 maxlen: 24
185.122.186.0/24 maxlen: 24
185.122.187.0/24 maxlen: 24
185.161.184.0/24 maxlen: 24
185.161.185.0/24 maxlen: 24
195.181.252.0/24 maxlen: 24
195.181.253.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:5a:ad:08:67:d4:01:f2:f7:3e:50:d8:d4:7a:3b:1a:1a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Validity
Not Before: Aug 16 10:12:54 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=88d00a0b1f60ef90b7ca1253864698083d935cce
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a2:ce:0a:69:87:2d:30:cb:42:56:82:60:78:0e:
4a:bb:5a:ed:79:52:39:34:31:43:c3:9c:3b:b8:ff:
67:ac:1c:df:39:54:d5:00:ae:45:8a:a2:19:21:25:
17:38:a6:04:fa:82:e0:b3:77:e4:e0:5b:44:f8:49:
8d:05:ab:af:3e:84:4f:38:ea:3c:69:60:8d:c7:b2:
79:6d:da:9a:7e:b9:42:18:85:d6:01:18:fe:9c:e4:
c0:de:87:bb:2d:b3:de:5c:d3:ee:2c:14:14:e4:b6:
ab:89:73:05:25:44:61:6e:82:47:04:e8:18:d8:af:
46:80:95:60:95:ee:68:3b:3c:0e:6b:a9:12:44:bd:
76:b6:a8:5d:e8:e6:0e:ef:ce:7e:bc:72:94:a6:b3:
1d:dd:bb:09:9f:42:16:87:d3:06:78:c6:9a:5d:93:
8c:36:b7:d7:7e:30:e4:b7:e8:c0:be:79:0c:d8:b9:
ad:86:73:15:27:0f:1a:dc:dd:4e:d8:14:80:c9:ee:
79:05:65:45:5a:35:43:aa:b9:24:0b:0a:fa:62:ca:
fc:f9:34:49:a3:ce:72:ae:a5:22:c7:c1:85:48:ad:
ff:b8:e0:64:78:eb:d8:89:3a:3a:c9:29:a8:d8:d1:
09:cc:3e:c8:41:f6:da:6c:4a:de:53:6d:fe:e0:b9:
46:07
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
88:D0:0A:0B:1F:60:EF:90:B7:CA:12:53:86:46:98:08:3D:93:5C:CE
X509v3 Authority Key Identifier:
keyid:6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/iNAKCx9g75C3yhJThkaYCD2TXM4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.187.38.0/23
185.104.60.0/23
185.104.153.0/24
185.122.186.0/23
185.161.184.0/23
195.181.252.0/23
Signature Algorithm: sha256WithRSAEncryption
4e:4c:86:28:47:e7:ff:45:5e:62:5d:23:26:9a:d1:14:64:c3:
08:bb:01:a0:78:c4:0a:bf:72:20:0a:d9:fa:ba:6c:fb:2b:06:
d5:09:f7:b7:63:01:bf:31:c3:0e:b0:c4:40:aa:af:fd:58:ac:
37:01:85:07:39:80:b8:62:0b:7e:3b:62:a9:e0:bb:b8:c7:86:
3d:a0:68:dd:ef:95:57:80:c5:0e:d9:b7:b4:3a:47:5c:06:5f:
8a:d7:1f:11:7e:18:b5:e7:68:d7:d8:8a:d4:cb:63:7f:5d:a8:
75:d1:cd:4d:58:09:4b:9f:39:25:16:f1:91:00:67:96:b6:3e:
bf:34:82:bd:1b:5d:e0:19:44:ed:83:79:4e:47:7c:32:d1:c4:
23:50:48:2d:16:88:35:ea:9e:03:36:6f:2d:3d:3f:a3:d0:77:
21:af:16:2c:0e:06:ef:e7:84:5f:4a:8e:f8:8f:65:f9:0d:b6:
13:21:19:01:b2:e7:2b:dd:26:94:fc:37:d6:15:fd:b5:3a:9b:
7e:45:ba:99:65:78:d4:83:32:2d:55:5b:44:f3:3d:74:48:48:
58:04:4b:70:61:4d:9f:46:34:6a:4b:a2:22:3d:85:c3:c7:81:
ac:c3:69:05:cd:f9:0d:45:88:b1:1b:40:63:ae:37:dd:2e:1b:
2d:6f:bf:b0
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgISAZFarQhn1AHy9z5Q2NR6OxoaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYzVkZTdkNzI1NWI3ZDU4MjYwYzY1YTEyMGIxNjRlZjEw
ZWY5MDMwHhcNMjQwODE2MTAxMjU0WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4OGQwMGEwYjFmNjBlZjkwYjdjYTEyNTM4NjQ2OTgwODNkOTM1Y2NlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAos4KaYctMMtCVoJgeA5Ku1rteVI5
NDFDw5w7uP9nrBzfOVTVAK5FiqIZISUXOKYE+oLgs3fk4FtE+EmNBauvPoRPOOo8
aWCNx7J5bdqafrlCGIXWARj+nOTA3oe7LbPeXNPuLBQU5LariXMFJURhboJHBOgY
2K9GgJVgle5oOzwOa6kSRL12tqhd6OYO785+vHKUprMd3bsJn0IWh9MGeMaaXZOM
NrfXfjDkt+jAvnkM2LmthnMVJw8a3N1O2BSAye55BWVFWjVDqrkkCwr6Ysr8+TRJ
o85yrqUix8GFSK3/uOBkeOvYiTo6ySmo2NEJzD7IQfbabEreU23+4LlGBwIDAQAB
o4ICJzCCAiMwHQYDVR0OBBYEFIjQCgsfYO+Qt8oSU4ZGmAg9k1zOMB8GA1UdIwQY
MBaAFGvF3n1yVbfVgmDGWhILFk7xDvkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgt
ZmRmNjYzOGQyYzA0LzEvaU5BS0N4OWc3NUMzeWhKVGhrYVlDRDJUWE00LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgtZmRmNjYzOGQyYzA0
LzEvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD0GCCsGAQUFBwEHAQH/BC4wLDAqBAIAATAkAwQBBbsmAwQB
uWg8AwQAuWiZAwQBuXq6AwQBuaG4AwQBw7X8MA0GCSqGSIb3DQEBCwUAA4IBAQBO
TIYoR+f/RV5iXSMmmtEUZMMIuwGgeMQKv3IgCtn6umz7KwbVCfe3YwG/McMOsMRA
qq/9WKw3AYUHOYC4Ygt+O2Kp4Lu4x4Y9oGjd75VXgMUO2be0OkdcBl+K1x8Rfhi1
52jX2IrUy2N/Xah10c1NWAlLnzklFvGRAGeWtj6/NIK9G13gGUTtg3lOR3wy0cQj
UEgtFog16p4DNm8tPT+j0HchrxYsDgbv54RfSo74j2X5DbYTIRkBsucr3SaU/DfW
Ff21Opt+RbqZZXjUgzItVVtE8z10SEhYBEtwYU2fRjRqS6IiPYXDx4Gsw2kFzfkN
RYixG0BjrjfdLhstb7+w
-----END CERTIFICATE-----
Generated at Mon Aug 19 14:03:26 2024 by rpki-client on console-fra.rpki-client.org