Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/sHDTrczAmXzdMVlwTbxw1rkFjnM.roa
File: sHDTrczAmXzdMVlwTbxw1rkFjnM.roa (raw, json)
Hash identifier: d6F9AqNa7m+vZYBle+1unIswPIClT6JvZtwyhRjSkAA=
Subject key identifier: B0:70:D3:AD:CC:C0:99:7C:DD:31:59:70:4D:BC:70:D6:B9:05:8E:73
Certificate issuer: /CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Certificate serial: 01914B884FA1B27D900EF168AC0C568FF6F2
Authority key identifier: 6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/sHDTrczAmXzdMVlwTbxw1rkFjnM.roa
Signing time: Tue 13 Aug 2024 11:38:30 +0000
ROA not before: Tue 13 Aug 2024 11:38:30 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 200845
IP address blocks: 5.187.38.0/24 maxlen: 24
5.187.39.0/24 maxlen: 24
95.156.204.0/24 maxlen: 24
95.156.205.0/24 maxlen: 24
95.156.206.0/24 maxlen: 24
95.156.207.0/24 maxlen: 24
185.104.60.0/24 maxlen: 24
185.104.61.0/24 maxlen: 24
185.104.153.0/24 maxlen: 24
185.122.186.0/24 maxlen: 24
185.122.187.0/24 maxlen: 24
185.157.212.0/24 maxlen: 24
185.157.214.0/24 maxlen: 24
185.157.215.0/24 maxlen: 24
185.161.184.0/24 maxlen: 24
185.188.17.0/24 maxlen: 24
195.181.252.0/24 maxlen: 24
195.181.253.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:91:4b:88:4f:a1:b2:7d:90:0e:f1:68:ac:0c:56:8f:f6:f2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=6bc5de7d7255b7d58260c65a120b164ef10ef903
Validity
Not Before: Aug 13 11:38:30 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=b070d3adccc0997cdd3159704dbc70d6b9058e73
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:bf:29:5c:08:14:fe:1d:6b:4e:f1:e5:e6:ff:b0:
8f:27:1c:b9:de:2c:9b:17:0c:b5:7a:cf:ef:64:36:
cd:72:dc:e5:9d:7f:73:2c:ed:a3:69:79:7b:d0:90:
95:42:94:f3:a8:74:df:fd:b6:23:ea:ba:3e:cd:30:
99:8a:23:56:18:a8:c7:57:9a:8f:de:09:1e:26:f9:
66:9e:f7:95:a2:78:9d:0f:56:6a:d9:62:e0:92:6d:
35:06:19:bd:47:0a:df:37:7c:53:50:15:63:81:a1:
de:93:a8:0d:3e:6f:ae:a3:6b:61:6b:10:6a:e7:ec:
95:7d:82:f6:70:0e:05:5b:f6:25:56:1d:75:1b:97:
4e:8d:cb:73:03:73:73:b9:5e:2a:3f:d1:c9:b8:43:
76:78:09:1c:f1:a0:d0:c6:f3:e8:55:e7:d2:97:fe:
2a:5a:6b:9e:21:4b:4f:d7:eb:74:ae:0c:88:39:3f:
1c:6b:02:3d:57:f0:74:d0:a9:f8:a9:5f:a6:19:1f:
8f:28:73:26:74:1e:3c:78:31:ef:33:e3:b6:70:39:
21:ca:c1:42:ba:c1:27:a4:98:1a:c1:7e:03:8c:85:
3e:a0:7b:71:ee:54:d7:0a:c2:5a:3d:f2:f2:93:af:
5e:d3:db:4a:d2:04:c3:1e:63:89:7d:9c:29:62:0d:
f9:a3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
B0:70:D3:AD:CC:C0:99:7C:DD:31:59:70:4D:BC:70:D6:B9:05:8E:73
X509v3 Authority Key Identifier:
keyid:6B:C5:DE:7D:72:55:B7:D5:82:60:C6:5A:12:0B:16:4E:F1:0E:F9:03
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/a8XefXJVt9WCYMZaEgsWTvEO-QM.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/sHDTrczAmXzdMVlwTbxw1rkFjnM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/bb/32109e-24c9-4c88-a8e8-fdf6638d2c04/1/a8XefXJVt9WCYMZaEgsWTvEO-QM.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.187.38.0/23
95.156.204.0/22
185.104.60.0/23
185.104.153.0/24
185.122.186.0/23
185.157.212.0/24
185.157.214.0/23
185.161.184.0/24
185.188.17.0/24
195.181.252.0/23
Signature Algorithm: sha256WithRSAEncryption
ab:d6:cb:79:fb:7e:78:4e:c8:8b:c8:0c:0f:58:2a:3c:48:e4:
4d:db:84:31:26:37:b4:89:7e:53:30:03:b6:00:38:04:c1:1e:
52:57:58:30:df:f6:16:29:d1:fd:45:c7:9e:ad:e4:62:46:3c:
4d:0b:8f:00:b9:07:77:24:01:73:ea:b8:22:97:02:08:a7:fd:
24:6b:a1:b0:e7:f7:e6:b0:e5:5e:8e:0a:1e:fd:63:a3:0d:18:
84:82:7c:5d:09:a5:4f:67:a7:f5:06:5e:cc:b2:dc:7c:9a:8d:
f5:05:34:31:0c:b0:b3:10:8c:43:af:ca:2a:49:5f:67:77:14:
1c:41:fe:11:de:25:c1:e2:c1:99:0b:4f:40:de:95:1f:82:28:
6f:75:4c:f2:a3:92:7b:63:94:19:02:1a:d7:5c:85:8a:77:40:
55:d5:8b:ff:5a:40:05:1b:2e:61:9b:2c:80:c7:90:71:9d:02:
c0:97:07:00:06:8e:d4:01:91:0f:af:ad:2b:73:80:6d:a6:1e:
cf:e2:eb:9c:3d:f9:27:14:e9:40:ca:bf:b0:50:35:69:d0:97:
ef:fd:a4:f8:16:5f:86:80:c6:99:55:c4:e0:8e:aa:e2:fe:7a:
60:ff:16:52:b2:81:2f:20:b2:f6:e6:9e:2c:25:9f:75:92:02:
1e:f8:8f:9a
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAZFLiE+hsn2QDvForAxWj/byMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDZiYzVkZTdkNzI1NWI3ZDU4MjYwYzY1YTEyMGIxNjRlZjEw
ZWY5MDMwHhcNMjQwODEzMTEzODMwWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMDcwZDNhZGNjYzA5OTdjZGQzMTU5NzA0ZGJjNzBkNmI5MDU4ZTczMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvylcCBT+HWtO8eXm/7CPJxy53iyb
Fwy1es/vZDbNctzlnX9zLO2jaXl70JCVQpTzqHTf/bYj6ro+zTCZiiNWGKjHV5qP
3gkeJvlmnveVonidD1Zq2WLgkm01Bhm9RwrfN3xTUBVjgaHek6gNPm+uo2thaxBq
5+yVfYL2cA4FW/YlVh11G5dOjctzA3NzuV4qP9HJuEN2eAkc8aDQxvPoVefSl/4q
WmueIUtP1+t0rgyIOT8cawI9V/B00Kn4qV+mGR+PKHMmdB48eDHvM+O2cDkhysFC
usEnpJgawX4DjIU+oHtx7lTXCsJaPfLyk69e09tK0gTDHmOJfZwpYg35owIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFLBw063MwJl83TFZcE28cNa5BY5zMB8GA1UdIwQY
MBaAFGvF3n1yVbfVgmDGWhILFk7xDvkDMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgt
ZmRmNjYzOGQyYzA0LzEvc0hEVHJjekFtWHpkTVZsd1RieHcxcmtGam5NLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iYi8zMjEwOWUtMjRjOS00Yzg4LWE4ZTgtZmRmNjYzOGQyYzA0
LzEvYThYZWZYSlZ0OVdDWU1aYUVnc1dUdkVPLVFNLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQBBbsmAwQC
X5zMAwQBuWg8AwQAuWiZAwQBuXq6AwQAuZ3UAwQBuZ3WAwQAuaG4AwQAubwRAwQB
w7X8MA0GCSqGSIb3DQEBCwUAA4IBAQCr1st5+354TsiLyAwPWCo8SORN24QxJje0
iX5TMAO2ADgEwR5SV1gw3/YWKdH9RceereRiRjxNC48AuQd3JAFz6rgilwIIp/0k
a6Gw5/fmsOVejgoe/WOjDRiEgnxdCaVPZ6f1Bl7Mstx8mo31BTQxDLCzEIxDr8oq
SV9ndxQcQf4R3iXB4sGZC09A3pUfgihvdUzyo5J7Y5QZAhrXXIWKd0BV1Yv/WkAF
Gy5hmyyAx5BxnQLAlwcABo7UAZEPr60rc4Btph7P4uucPfknFOlAyr+wUDVp0Jfv
/aT4Fl+GgMaZVcTgjqri/npg/xZSsoEvILL25p4sJZ91kgIe+I+a
-----END CERTIFICATE-----
Generated at Wed Aug 14 15:15:13 2024 by rpki-client on console-ams.rpki-client.org