Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/1s0MVEpO60XLkZYfZ7tW2dyf8qY.roa
File: 1s0MVEpO60XLkZYfZ7tW2dyf8qY.roa (raw, json)
Hash identifier: 5Dwmwnca6C9QQ1Xu/WjFsS4VmEaIuoEWkH7HBhoyrOc=
Subject key identifier: D6:CD:0C:54:4A:4E:EB:45:CB:91:96:1F:67:BB:56:D9:DC:9F:F2:A6
Certificate issuer: /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial: 018A240100A57FFCD315C6105FBF0DBD5988
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/1s0MVEpO60XLkZYfZ7tW2dyf8qY.roa
Signing time: Wed 23 Aug 2023 20:06:00 +0000
ROA not before: Wed 23 Aug 2023 20:06:00 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200740
IP address blocks: 94.142.136.0/23 maxlen: 23
94.142.137.0/24 maxlen: 24
94.142.136.0/24 maxlen: 24
185.103.252.0/24 maxlen: 24
185.117.116.0/24 maxlen: 24
185.103.253.0/24 maxlen: 24
185.103.252.0/23 maxlen: 23
45.9.72.0/24 maxlen: 24
185.233.80.0/23 maxlen: 23
185.233.82.0/24 maxlen: 24
185.102.136.0/24 maxlen: 24
185.252.144.0/24 maxlen: 24
185.103.254.0/24 maxlen: 24
185.117.119.0/24 maxlen: 24
185.103.255.0/24 maxlen: 24
185.103.254.0/23 maxlen: 23
185.40.7.0/24 maxlen: 24
194.36.178.0/23 maxlen: 23
185.233.202.0/23 maxlen: 23
185.232.170.0/23 maxlen: 23
185.94.164.0/24 maxlen: 24
185.200.190.0/24 maxlen: 24
185.94.164.0/23 maxlen: 23
185.94.165.0/24 maxlen: 24
80.76.32.0/23 maxlen: 23
80.76.34.0/23 maxlen: 23
91.217.76.0/24 maxlen: 24
95.214.9.0/24 maxlen: 24
95.214.11.0/24 maxlen: 24
95.214.10.0/23 maxlen: 23
95.214.10.0/24 maxlen: 24
194.67.201.0/24 maxlen: 24
46.17.105.0/24 maxlen: 24
2a04:5200:68::/48 maxlen: 48
2a0d:2cc4::/31 maxlen: 31
2a04:5201:2::/48 maxlen: 48
2a04:5201:7::/48 maxlen: 48
2a04:5201:8018::/48 maxlen: 48
2a04:5201:4::/48 maxlen: 48
2a0d:2cc2::/31 maxlen: 31
2a04:5201:6::/48 maxlen: 48
2a0d:2cc0::/31 maxlen: 31
2a0d:2cc6::/31 maxlen: 31
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:24:01:00:a5:7f:fc:d3:15:c6:10:5f:bf:0d:bd:59:88
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Validity
Not Before: Aug 23 20:06:00 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d6cd0c544a4eeb45cb91961f67bb56d9dc9ff2a6
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8c:01:be:f2:65:fc:a4:85:7e:cd:a7:07:95:f3:
c8:0d:f4:83:20:55:09:58:0d:46:70:4a:47:c1:22:
fa:dd:33:8a:79:b5:97:51:8b:80:c8:77:ee:0c:46:
59:79:58:e3:69:dd:1b:3c:a8:f5:60:36:66:91:c4:
f8:08:22:02:91:be:6c:c7:4b:e3:45:54:7f:6c:5e:
95:67:3d:15:71:e4:c2:0e:bd:b9:f3:2c:d1:cc:9a:
a0:56:a7:5e:ad:a2:56:0d:ce:c8:83:94:46:59:04:
75:7f:e6:6f:66:8c:6d:01:32:35:c0:5f:71:28:26:
40:64:64:7f:2a:9a:44:fd:d9:ea:ad:7c:dc:c3:47:
8b:d1:28:51:77:17:95:eb:ee:c1:97:c5:ed:15:97:
87:a6:7e:10:ab:6e:96:cc:c1:4d:6e:30:2d:ac:c3:
e8:c4:c7:cd:9d:87:08:a4:de:ac:78:8d:ea:33:41:
1e:fa:ad:d5:e1:fa:e2:e0:e2:01:48:56:5a:bb:ec:
df:9f:0d:64:bd:96:14:7b:e2:d8:93:78:55:fb:59:
18:7a:57:e7:78:7a:d4:98:c7:16:2a:65:5d:e2:99:
8e:e8:f5:2e:eb:cc:d6:c2:50:a8:3d:fa:c1:8e:1f:
95:c8:68:f4:c8:40:eb:74:45:b7:e1:3e:39:6e:80:
27:11
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D6:CD:0C:54:4A:4E:EB:45:CB:91:96:1F:67:BB:56:D9:DC:9F:F2:A6
X509v3 Authority Key Identifier:
keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/1s0MVEpO60XLkZYfZ7tW2dyf8qY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.72.0/24
46.17.105.0/24
80.76.32.0/22
91.217.76.0/24
94.142.136.0/23
95.214.9.0-95.214.11.255
185.40.7.0/24
185.94.164.0/23
185.102.136.0/24
185.103.252.0/22
185.117.116.0/24
185.117.119.0/24
185.200.190.0/24
185.232.170.0/23
185.233.80.0-185.233.82.255
185.233.202.0/23
185.252.144.0/24
194.36.178.0/23
194.67.201.0/24
IPv6:
2a04:5200:68::/48
2a04:5201:2::/48
2a04:5201:4::/48
2a04:5201:6::/47
2a04:5201:8018::/48
2a0d:2cc0::/29
Signature Algorithm: sha256WithRSAEncryption
67:fc:8f:f8:a5:00:94:a1:62:72:19:c0:a1:64:83:39:a8:cf:
f1:21:77:b0:f2:87:40:70:c0:e3:d5:36:02:a5:91:d9:ff:d8:
eb:ca:a5:36:70:ae:d4:f3:8f:ea:98:60:01:2b:cf:10:2f:77:
33:9f:ef:f3:84:eb:67:92:f8:04:5b:6a:73:ca:42:e3:58:7d:
88:ad:c2:0a:02:cf:6f:52:0f:f4:06:49:ca:6c:06:87:ff:0c:
b0:38:55:85:af:aa:8d:e1:86:d6:52:b6:fd:30:2d:c0:3a:c1:
9f:76:78:f4:81:53:f0:26:9e:19:13:a4:fc:ad:f5:3b:d2:f2:
1c:ee:60:db:b7:1b:7a:c1:03:f3:92:a2:c1:80:70:5e:f7:0c:
6b:0a:aa:b5:29:04:0d:45:c5:7d:a4:e7:88:49:6e:9b:1c:05:
9c:dd:a4:10:30:80:75:da:97:02:88:1f:34:cc:89:3d:de:58:
de:67:e4:25:26:4b:5a:fe:6c:b6:e7:70:51:2b:0c:d1:ed:30:
09:2b:69:1f:fb:e2:ca:d1:94:de:08:19:18:7e:db:60:99:7a:
75:db:21:11:4d:be:c5:e2:73:71:f2:39:5d:b7:5d:f3:19:74:
a6:a4:36:18:b5:23:2c:1e:45:15:13:c9:81:c3:a1:a2:08:ad:
ac:12:82:82
-----BEGIN CERTIFICATE-----
MIIFujCCBKKgAwIBAgISAYokAQClf/zTFcYQX78NvVmIMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMwODIzMjAwNjAwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkNmNkMGM1NDRhNGVlYjQ1Y2I5MTk2MWY2N2JiNTZkOWRjOWZmMmE2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAjAG+8mX8pIV+zacHlfPIDfSDIFUJ
WA1GcEpHwSL63TOKebWXUYuAyHfuDEZZeVjjad0bPKj1YDZmkcT4CCICkb5sx0vj
RVR/bF6VZz0VceTCDr258yzRzJqgVqderaJWDc7Ig5RGWQR1f+ZvZoxtATI1wF9x
KCZAZGR/KppE/dnqrXzcw0eL0ShRdxeV6+7Bl8XtFZeHpn4Qq26WzMFNbjAtrMPo
xMfNnYcIpN6seI3qM0Ee+q3V4fri4OIBSFZau+zfnw1kvZYUe+LYk3hV+1kYelfn
eHrUmMcWKmVd4pmO6PUu68zWwlCoPfrBjh+VyGj0yEDrdEW34T45boAnEQIDAQAB
o4ICxjCCAsIwHQYDVR0OBBYEFNbNDFRKTutFy5GWH2e7Vtncn/KmMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvMXMwTVZFcE82MFhMa1pZZlo3dFcyZHlmOHFZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHbBggrBgEFBQcBBwEB/wSByzCByDCBiQQCAAEwgYIDBAAt
CUgDBAAuEWkDBAJQTCADBABb2UwDBAFejogwDAMEAF/WCQMEAl/WCAMEALkoBwME
AblepAMEALlmiAMEArln/AMEALl1dAMEALl1dwMEALnIvgMEAbnoqjAMAwQEuelQ
AwQAuelSAwQBuenKAwQAufyQAwQBwiSyAwQAwkPJMDoEAgACMDQDBwAqBFIAAGgD
BwAqBFIBAAIDBwAqBFIBAAQDBwEqBFIBAAYDBwAqBFIBgBgDBQMqDSzAMA0GCSqG
SIb3DQEBCwUAA4IBAQBn/I/4pQCUoWJyGcChZIM5qM/xIXew8odAcMDj1TYCpZHZ
/9jryqU2cK7U84/qmGABK88QL3czn+/zhOtnkvgEW2pzykLjWH2IrcIKAs9vUg/0
BknKbAaH/wywOFWFr6qN4YbWUrb9MC3AOsGfdnj0gVPwJp4ZE6T8rfU70vIc7mDb
txt6wQPzkqLBgHBe9wxrCqq1KQQNRcV9pOeISW6bHAWc3aQQMIB12pcCiB80zIk9
3ljeZ+QlJkta/my253BRKwzR7TAJK2kf++LK0ZTeCBkYfttgmXp12yERTb7F4nNx
8jldt13zGXSmpDYYtSMsHkUVE8mBw6GiCK2sEoKC
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:07 2024 by rpki-client on console-fra.rpki-client.org