Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/iqnxdMFlZo6sdrkNdxyYdJmeorg.roa
File: iqnxdMFlZo6sdrkNdxyYdJmeorg.roa (raw, json)
Hash identifier: mTBzT3NfDhPdwVnSS8LAnoOkKZZtjp5IAHqO9FHpTSU=
Subject key identifier: 8A:A9:F1:74:C1:65:66:8E:AC:76:B9:0D:77:1C:98:74:99:9E:A2:B8
Certificate issuer: /CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Certificate serial: 01916A570688BEFD055EC39ECD8A3682B67C
Authority key identifier: 6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/iqnxdMFlZo6sdrkNdxyYdJmeorg.roa
Signing time: Mon 19 Aug 2024 11:12:53 +0000
ROA not before: Mon 19 Aug 2024 11:12:53 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200845
IP address blocks: 5.187.38.0/24 maxlen: 24
5.187.39.0/24 maxlen: 24
185.104.153.0/24 maxlen: 24
185.122.186.0/24 maxlen: 24
185.122.187.0/24 maxlen: 24
185.188.17.0/24 maxlen: 24
195.181.252.0/24 maxlen: 24
195.181.253.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:6a:57:06:88:be:fd:05:5e:c3:9e:cd:8a:36:82:b6:7c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Validity
Not Before: Aug 19 11:12:53 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=8aa9f174c165668eac76b90d771c9874999ea2b8
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:f0:d3:67:55:9e:bf:b3:74:fe:8f:aa:7a:c2:0a:
09:63:31:c1:d2:c0:5f:2a:c5:b3:20:45:3f:a0:c7:
81:8e:67:83:81:21:4d:a3:b4:78:fd:71:6f:3b:76:
7c:fc:f1:67:5f:34:06:fa:46:80:57:e8:70:9c:f2:
b3:a2:ca:fe:8d:13:63:d1:89:fe:38:48:94:6b:6b:
e1:98:55:73:6b:88:04:2b:2a:aa:7e:ea:fb:f5:8f:
06:84:34:4f:d4:ed:1d:54:31:bf:62:74:d5:5e:ff:
cd:2a:6d:1a:0e:c1:a5:f6:ca:eb:33:38:02:cd:e2:
67:05:9a:ff:48:ff:94:e2:0b:de:37:ef:57:ff:b2:
47:60:7b:df:67:ec:27:91:1c:28:4f:d0:1f:57:67:
a7:62:59:65:c4:fe:ba:84:e6:90:57:da:ef:1e:db:
d2:78:54:53:4d:3d:d8:e1:b6:b0:48:ce:58:46:34:
99:33:d2:00:8d:e0:6d:72:7e:cd:23:26:78:1f:12:
94:50:dd:f1:60:de:a3:46:1a:38:a7:74:32:f6:18:
f6:70:d7:41:00:b9:fa:f0:57:3f:08:50:8d:b6:ab:
09:ae:ac:3b:76:33:ba:5d:13:f2:b9:02:f9:61:c0:
67:b1:69:35:bf:66:ea:44:c0:63:2b:74:5c:6b:9b:
dd:f7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
8A:A9:F1:74:C1:65:66:8E:AC:76:B9:0D:77:1C:98:74:99:9E:A2:B8
X509v3 Authority Key Identifier:
keyid:6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/iqnxdMFlZo6sdrkNdxyYdJmeorg.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.187.38.0/23
185.104.153.0/24
185.122.186.0/23
185.188.17.0/24
195.181.252.0/23
Signature Algorithm: sha256WithRSAEncryption
86:4c:cd:de:b7:c1:8b:b4:eb:d7:e1:c1:20:6b:a7:4c:97:99:
68:b3:d3:60:4b:8b:19:56:96:be:f9:fe:8d:d4:66:02:cf:20:
7a:40:a8:80:59:15:92:53:f1:73:71:20:fd:57:11:c3:43:70:
0b:5c:09:4c:80:56:5b:f8:43:18:16:4b:a9:9d:9a:99:ab:5e:
d8:08:cd:3f:c0:c6:ae:31:61:b8:f6:1c:fd:31:39:1b:bf:43:
c8:bb:97:be:8d:35:c3:96:3b:33:8d:66:83:64:a9:b1:de:10:
61:ce:6e:0a:8c:8f:1a:42:ec:d9:cd:0d:8d:36:82:7a:de:c8:
c3:62:d8:92:84:55:42:ee:12:a0:3b:a5:1a:ca:2e:f1:09:a7:
15:9c:13:d2:28:1d:4b:d0:16:9b:8d:66:d8:49:10:0f:35:4b:
3e:93:ed:2d:a7:9e:bb:6c:2d:b4:53:57:82:03:2a:22:1c:3c:
c4:2c:1c:c4:45:62:71:32:14:e5:e3:29:b3:5f:17:77:39:aa:
83:28:24:80:56:e8:a2:b5:fd:6d:97:1d:64:28:38:bc:1e:a9:
78:96:ee:7d:8c:5d:68:23:d8:8e:d3:5d:e9:ab:b1:05:41:3e:
4f:03:30:a9:20:71:3b:82:b6:e0:49:0a:15:92:a4:84:68:44:
7c:06:3c:42
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAZFqVwaIvv0FXsOezYo2grZ8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYzVkZTdkNzI1NWI3ZDU4MjYwYzY1YTEyMGIxNjRlZjEw
ZWY5MDMwHhcNMjQwODE5MTExMjUzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4YWE5ZjE3NGMxNjU2NjhlYWM3NmI5MGQ3NzFjOTg3NDk5OWVhMmI4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8NNnVZ6/s3T+j6p6wgoJYzHB0sBf
KsWzIEU/oMeBjmeDgSFNo7R4/XFvO3Z8/PFnXzQG+kaAV+hwnPKzosr+jRNj0Yn+
OEiUa2vhmFVza4gEKyqqfur79Y8GhDRP1O0dVDG/YnTVXv/NKm0aDsGl9srrMzgC
zeJnBZr/SP+U4gveN+9X/7JHYHvfZ+wnkRwoT9AfV2enYlllxP66hOaQV9rvHtvS
eFRTTT3Y4bawSM5YRjSZM9IAjeBtcn7NIyZ4HxKUUN3xYN6jRho4p3Qy9hj2cNdB
ALn68Fc/CFCNtqsJrqw7djO6XRPyuQL5YcBnsWk1v2bqRMBjK3Rca5vd9wIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFIqp8XTBZWaOrHa5DXccmHSZnqK4MB8GA1UdIwQY
MBaAFGvF3n1yVbfVgmDGWhILFk7xDvkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgt
ZmRmNjYzOGQyYzA0LzEvaXFueGRNRmxabzZzZHJrTmR4eVlkSm1lb3JnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgtZmRmNjYzOGQyYzA0
LzEvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQBBbsmAwQA
uWiZAwQBuXq6AwQAubwRAwQBw7X8MA0GCSqGSIb3DQEBCwUAA4IBAQCGTM3et8GL
tOvX4cEga6dMl5los9NgS4sZVpa++f6N1GYCzyB6QKiAWRWSU/FzcSD9VxHDQ3AL
XAlMgFZb+EMYFkupnZqZq17YCM0/wMauMWG49hz9MTkbv0PIu5e+jTXDljszjWaD
ZKmx3hBhzm4KjI8aQuzZzQ2NNoJ63sjDYtiShFVC7hKgO6Uayi7xCacVnBPSKB1L
0BabjWbYSRAPNUs+k+0tp567bC20U1eCAyoiHDzELBzERWJxMhTl4ymzXxd3OaqD
KCSAVuiitf1tlx1kKDi8Hql4lu59jF1oI9iO013pq7EFQT5PAzCpIHE7grbgSQoV
kqSEaER8BjxC
-----END CERTIFICATE-----
Generated at Thu Aug 22 17:02:49 2024 by rpki-client on console-fra.rpki-client.org