Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/rkMhDQvrCwAqPSgObZs2qf5b86A.roa
File: rkMhDQvrCwAqPSgObZs2qf5b86A.roa (raw, json)
Hash identifier: VrySbO8j5ioi5vpYH/Z2Q1arBTGAvuW1s0VdCHO/jfY=
Subject key identifier: AE:43:21:0D:0B:EB:0B:00:2A:3D:28:0E:6D:9B:36:A9:FE:5B:F3:A0
Certificate issuer: /CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Certificate serial: 018D59BCC4362F2705A2E69EB92E0974A5B4
Authority key identifier: 6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/rkMhDQvrCwAqPSgObZs2qf5b86A.roa
Signing time: Tue 30 Jan 2024 09:39:19 +0000
ROA not before: Tue 30 Jan 2024 09:39:19 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 50129
IP address blocks: 5.61.212.0/24 maxlen: 24
5.61.213.0/24 maxlen: 24
5.61.214.0/24 maxlen: 24
5.61.215.0/24 maxlen: 24
5.187.38.0/24 maxlen: 24
5.187.39.0/24 maxlen: 24
95.156.204.0/24 maxlen: 24
95.156.205.0/24 maxlen: 24
95.156.206.0/24 maxlen: 24
95.156.207.0/24 maxlen: 24
185.89.28.0/24 maxlen: 24
185.89.29.0/24 maxlen: 24
185.89.31.0/24 maxlen: 24
185.104.60.0/24 maxlen: 24
185.104.61.0/24 maxlen: 24
185.104.153.0/24 maxlen: 24
185.104.154.0/24 maxlen: 24
185.104.155.0/24 maxlen: 24
185.122.186.0/24 maxlen: 24
185.122.187.0/24 maxlen: 24
185.157.212.0/23 maxlen: 23
185.157.214.0/24 maxlen: 24
185.157.215.0/24 maxlen: 24
185.161.184.0/24 maxlen: 24
185.161.185.0/24 maxlen: 24
195.181.252.0/24 maxlen: 24
195.181.253.0/24 maxlen: 24
217.61.242.0/24 maxlen: 24
217.61.243.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:59:bc:c4:36:2f:27:05:a2:e6:9e:b9:2e:09:74:a5:b4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Validity
Not Before: Jan 30 09:39:19 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=ae43210d0beb0b002a3d280e6d9b36a9fe5bf3a0
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:95:1f:ae:ff:48:85:86:f3:51:f1:07:bf:d1:8a:
e5:e7:b7:fe:92:d2:10:0f:4e:71:bd:b9:81:93:2c:
1a:f0:b5:6e:d7:b7:6e:57:7e:de:1a:66:f8:d7:62:
ea:9b:92:74:e6:f8:25:66:d2:b7:18:02:35:b3:7c:
63:2c:b5:b6:c3:ee:da:0c:df:56:e4:c7:d0:f4:9b:
82:ae:7a:d6:6c:4e:4a:8b:ec:00:45:06:e2:d7:3a:
c0:03:81:c5:34:c8:8d:9f:bf:d9:5b:65:76:ba:be:
3c:7f:74:72:98:70:fe:84:71:ec:68:03:0f:a5:d7:
0a:0e:a0:ea:64:56:45:b6:86:a0:45:bb:7f:26:68:
bf:b4:ef:8e:49:86:76:40:19:d5:50:7f:22:ff:ee:
d3:d4:4d:ec:16:b9:e7:6b:46:69:e0:c4:c9:56:fe:
a5:f6:7b:8a:06:fb:6e:e8:1d:ca:d1:e9:e5:8e:ae:
31:89:e4:ff:25:98:fe:25:f4:9b:7f:88:ea:81:9a:
e8:55:a0:a6:c6:ce:14:ab:71:22:5f:f4:62:72:45:
37:e1:7b:63:6c:4b:d4:50:86:4d:82:81:39:9a:20:
88:0d:83:f9:b6:2f:76:96:b7:fd:c0:10:81:f8:59:
09:94:e5:64:8f:a4:80:e2:ce:5d:2d:55:23:f7:98:
11:6d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
AE:43:21:0D:0B:EB:0B:00:2A:3D:28:0E:6D:9B:36:A9:FE:5B:F3:A0
X509v3 Authority Key Identifier:
keyid:6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/rkMhDQvrCwAqPSgObZs2qf5b86A.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.61.212.0/22
5.187.38.0/23
95.156.204.0/22
185.89.28.0/23
185.89.31.0/24
185.104.60.0/23
185.104.153.0-185.104.155.255
185.122.186.0/23
185.157.212.0/22
185.161.184.0/23
195.181.252.0/23
217.61.242.0/23
Signature Algorithm: sha256WithRSAEncryption
93:1f:00:05:fa:3b:d3:18:09:01:bd:8f:6d:89:01:22:28:69:
b8:33:0d:05:b9:49:92:db:90:52:32:68:84:8a:30:33:99:45:
80:9f:1b:dd:1e:db:40:b9:4f:82:6f:0c:51:32:bc:27:b7:54:
c2:c3:a2:e9:cd:98:95:7f:94:47:9b:de:c8:6c:60:93:b5:6e:
ee:13:54:5b:0c:ae:81:6f:ac:a1:4f:02:b3:a7:a1:06:ac:c1:
0c:e0:eb:1e:2b:d4:29:9d:ea:a6:7b:ee:79:ca:43:37:24:34:
47:bb:2b:93:f9:f5:5f:cd:ed:6c:57:b9:e1:96:69:1b:23:2b:
58:6d:a5:dc:fa:19:39:78:71:b1:fd:a5:b6:14:60:30:84:82:
46:5b:d6:ab:20:94:f5:62:73:cb:fa:3d:7f:d5:49:46:d3:68:
0d:24:fb:97:f1:ba:37:5e:0f:9f:9d:ce:64:ce:a7:0a:37:ed:
20:b7:90:ff:17:04:76:97:0f:13:32:58:42:80:d1:36:9e:9a:
45:a1:d3:73:40:fd:c9:f2:92:dc:f8:fd:28:2f:fd:37:e1:cf:
16:00:dc:24:2b:0f:e7:0b:2e:11:27:47:20:d6:ba:ca:4f:b9:
b5:1f:85:1c:fe:a5:8e:55:8a:da:56:65:14:31:cf:f8:51:6b:
d5:a5:9f:3c
-----BEGIN CERTIFICATE-----
MIIFRzCCBC+gAwIBAgISAY1ZvMQ2LycFouaeuS4JdKW0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYzVkZTdkNzI1NWI3ZDU4MjYwYzY1YTEyMGIxNjRlZjEw
ZWY5MDMwHhcNMjQwMTMwMDkzOTE5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhhZTQzMjEwZDBiZWIwYjAwMmEzZDI4MGU2ZDliMzZhOWZlNWJmM2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlR+u/0iFhvNR8Qe/0Yrl57f+ktIQ
D05xvbmBkywa8LVu17duV37eGmb412Lqm5J05vglZtK3GAI1s3xjLLW2w+7aDN9W
5MfQ9JuCrnrWbE5Ki+wARQbi1zrAA4HFNMiNn7/ZW2V2ur48f3RymHD+hHHsaAMP
pdcKDqDqZFZFtoagRbt/Jmi/tO+OSYZ2QBnVUH8i/+7T1E3sFrnna0Zp4MTJVv6l
9nuKBvtu6B3K0enljq4xieT/JZj+JfSbf4jqgZroVaCmxs4Uq3EiX/RickU34Xtj
bEvUUIZNgoE5miCIDYP5ti92lrf9wBCB+FkJlOVkj6SA4s5dLVUj95gRbQIDAQAB
o4ICUzCCAk8wHQYDVR0OBBYEFK5DIQ0L6wsAKj0oDm2bNqn+W/OgMB8GA1UdIwQY
MBaAFGvF3n1yVbfVgmDGWhILFk7xDvkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgt
ZmRmNjYzOGQyYzA0LzEvcmtNaERRdnJDd0FxUFNnT2JaczJxZjViODZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgtZmRmNjYzOGQyYzA0
LzEvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGkGCCsGAQUFBwEHAQH/BFowWDBWBAIAATBQAwQCBT3UAwQB
BbsmAwQCX5zMAwQBuVkcAwQAuVkfAwQBuWg8MAwDBAC5aJkDBAK5aJgDBAG5eroD
BAK5ndQDBAG5obgDBAHDtfwDBAHZPfIwDQYJKoZIhvcNAQELBQADggEBAJMfAAX6
O9MYCQG9j22JASIoabgzDQW5SZLbkFIyaISKMDOZRYCfG90e20C5T4JvDFEyvCe3
VMLDounNmJV/lEeb3shsYJO1bu4TVFsMroFvrKFPArOnoQaswQzg6x4r1Cmd6qZ7
7nnKQzckNEe7K5P59V/N7WxXueGWaRsjK1htpdz6GTl4cbH9pbYUYDCEgkZb1qsg
lPVic8v6PX/VSUbTaA0k+5fxujdeD5+dzmTOpwo37SC3kP8XBHaXDxMyWEKA0Tae
mkWh03NA/cnyktz4/Sgv/TfhzxYA3CQrD+cLLhEnRyDWuspPubUfhRz+pY5VitpW
ZRQxz/hRa9Wlnzw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:51:34 2024 by rpki-client on console-fra.rpki-client.org