Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/IPH_OvBIM9d1BUeoC3XFTVLkFlo.roa
File: IPH_OvBIM9d1BUeoC3XFTVLkFlo.roa (raw, json)
Hash identifier: sLbRKA/JWvyJP++AZN7DW3Yj/kmVmOZkkMR/Ya0dPMc=
Subject key identifier: 20:F1:FF:3A:F0:48:33:D7:75:05:47:A8:0B:75:C5:4D:52:E4:16:5A
Certificate issuer: /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial: 018731E9BD386FF8980BD97589DC92957770
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/IPH_OvBIM9d1BUeoC3XFTVLkFlo.roa
Signing time: Thu 30 Mar 2023 09:46:54 +0000
ROA not before: Thu 30 Mar 2023 09:46:54 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 200740
IP address blocks: 94.142.136.0/23 maxlen: 23
94.142.137.0/24 maxlen: 24
94.142.136.0/24 maxlen: 24
185.103.252.0/24 maxlen: 24
185.117.116.0/24 maxlen: 24
185.103.253.0/24 maxlen: 24
185.103.252.0/23 maxlen: 23
45.9.72.0/24 maxlen: 24
185.233.80.0/23 maxlen: 23
185.233.82.0/24 maxlen: 24
185.102.136.0/24 maxlen: 24
185.252.144.0/24 maxlen: 24
185.103.254.0/24 maxlen: 24
185.117.119.0/24 maxlen: 24
185.103.255.0/24 maxlen: 24
185.103.254.0/23 maxlen: 23
185.40.7.0/24 maxlen: 24
194.36.178.0/23 maxlen: 23
185.233.202.0/23 maxlen: 23
185.232.170.0/23 maxlen: 23
185.94.164.0/24 maxlen: 24
185.200.190.0/24 maxlen: 24
185.94.164.0/23 maxlen: 23
185.94.165.0/24 maxlen: 24
91.217.76.0/24 maxlen: 24
95.214.9.0/24 maxlen: 24
95.214.11.0/24 maxlen: 24
95.214.10.0/23 maxlen: 23
95.214.10.0/24 maxlen: 24
46.17.105.0/24 maxlen: 24
2a04:5200:68::/48 maxlen: 48
2a0d:2cc4::/31 maxlen: 31
2a04:5201:2::/48 maxlen: 48
2a04:5201:7::/48 maxlen: 48
2a04:5201:8018::/48 maxlen: 48
2a04:5201:4::/48 maxlen: 48
2a0d:2cc2::/31 maxlen: 31
2a04:5201:6::/48 maxlen: 48
2a0d:2cc0::/31 maxlen: 31
2a0d:2cc6::/31 maxlen: 31
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:31:e9:bd:38:6f:f8:98:0b:d9:75:89:dc:92:95:77:70
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Validity
Not Before: Mar 30 09:46:54 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=20f1ff3af04833d7750547a80b75c54d52e4165a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:d3:4c:20:29:3d:e4:f2:29:22:e6:51:62:82:07:
6b:e7:75:17:6a:92:ab:1f:77:78:f0:ec:86:e3:69:
1f:41:00:a5:ee:cc:a7:34:86:42:cf:80:11:c2:29:
3c:91:ca:1e:9f:8e:d3:30:e4:92:ab:b5:41:44:b8:
7a:d7:b0:9a:46:57:2a:e7:f6:57:71:f0:82:e7:cf:
57:fd:1b:f8:10:6e:61:1b:af:c5:39:60:ec:5f:e4:
de:94:c6:1a:88:32:72:91:0d:25:ec:da:98:ff:c2:
9e:a6:d0:d1:2e:51:f8:f5:1f:06:11:48:60:11:6f:
4e:a5:d5:be:db:9b:15:50:af:28:92:a6:cb:3e:47:
4e:d5:fb:76:1b:88:3a:19:2a:39:cc:1b:3f:47:8f:
5c:1b:e6:06:24:8e:db:a0:03:72:9d:30:9e:f3:d5:
25:b6:dc:93:ae:f7:1c:41:d3:24:8a:05:13:4f:08:
ef:1f:26:75:7f:8f:c8:b4:95:77:12:3b:5a:5b:8c:
be:0c:63:60:95:3d:1b:82:71:3f:53:1f:e6:a6:d2:
49:18:f9:82:6b:b5:76:fd:bc:91:1c:05:fc:78:78:
7b:ee:e6:9c:f2:ac:d4:96:8e:f7:9f:88:35:72:51:
53:04:29:4c:11:ac:5e:b5:d4:0d:ae:42:0c:dd:a3:
d1:75
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
20:F1:FF:3A:F0:48:33:D7:75:05:47:A8:0B:75:C5:4D:52:E4:16:5A
X509v3 Authority Key Identifier:
keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/IPH_OvBIM9d1BUeoC3XFTVLkFlo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.9.72.0/24
46.17.105.0/24
91.217.76.0/24
94.142.136.0/23
95.214.9.0-95.214.11.255
185.40.7.0/24
185.94.164.0/23
185.102.136.0/24
185.103.252.0/22
185.117.116.0/24
185.117.119.0/24
185.200.190.0/24
185.232.170.0/23
185.233.80.0-185.233.82.255
185.233.202.0/23
185.252.144.0/24
194.36.178.0/23
IPv6:
2a04:5200:68::/48
2a04:5201:2::/48
2a04:5201:4::/48
2a04:5201:6::/47
2a04:5201:8018::/48
2a0d:2cc0::/29
Signature Algorithm: sha256WithRSAEncryption
7a:52:33:57:77:81:5c:68:da:b7:b2:48:6b:c0:11:7f:9e:57:
60:86:d8:c7:df:22:be:34:6a:ef:8b:12:57:ee:fc:3a:b4:5c:
a6:d2:aa:e0:0a:62:13:8b:e0:c8:00:dd:e0:9f:af:a5:0f:fc:
e8:1a:d3:df:e7:92:2a:22:b8:57:38:f9:f7:03:e1:e1:ad:24:
e4:d7:1f:0a:7b:ae:ad:e1:cf:e0:9d:c0:86:3f:b1:54:ab:0e:
bd:7b:8c:f0:85:40:4f:15:5f:d1:1f:00:1d:e4:5d:cf:00:b7:
8a:85:42:73:8a:f2:d7:31:ed:db:d2:19:89:4a:5b:d4:16:a7:
1f:a0:26:2c:71:b5:44:85:ca:ae:50:4f:ca:c5:9b:3c:1e:94:
dd:a1:37:a5:c5:ee:e7:c2:b6:97:52:c4:ff:17:3f:84:d7:55:
5e:45:5e:41:17:2a:f5:ea:30:a9:52:00:2a:21:7f:f2:64:71:
8a:c8:ed:a0:a9:2e:f1:81:b2:5e:a7:38:e5:ed:e1:72:c2:41:
55:0a:4d:97:09:bd:32:f4:ad:e6:dd:03:1f:6f:13:fe:0d:de:
50:80:e0:26:8c:34:94:6a:c5:93:56:3d:9e:d4:ac:18:99:b2:
24:5c:a6:67:36:c4:e4:7e:1f:cd:f0:99:6e:6c:36:cb:eb:09:
23:68:3d:5d
-----BEGIN CERTIFICATE-----
MIIFrDCCBJSgAwIBAgISAYcx6b04b/iYC9l1idySlXdwMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjMwMzMwMDk0NjU0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGYxZmYzYWYwNDgzM2Q3NzUwNTQ3YTgwYjc1YzU0ZDUyZTQxNjVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA00wgKT3k8iki5lFiggdr53UXapKr
H3d48OyG42kfQQCl7synNIZCz4ARwik8kcoen47TMOSSq7VBRLh617CaRlcq5/ZX
cfCC589X/Rv4EG5hG6/FOWDsX+TelMYaiDJykQ0l7NqY/8KeptDRLlH49R8GEUhg
EW9OpdW+25sVUK8okqbLPkdO1ft2G4g6GSo5zBs/R49cG+YGJI7boANynTCe89Ul
ttyTrvccQdMkigUTTwjvHyZ1f4/ItJV3EjtaW4y+DGNglT0bgnE/Ux/mptJJGPmC
a7V2/byRHAX8eHh77uac8qzUlo73n4g1clFTBClMEaxetdQNrkIM3aPRdQIDAQAB
o4ICuDCCArQwHQYDVR0OBBYEFCDx/zrwSDPXdQVHqAt1xU1S5BZaMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvSVBIX092QklNOWQxQlVlb0MzWEZUVkxrRmxvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIHNBggrBgEFBQcBBwEB/wSBvTCBujB8BAIAATB2AwQALQlI
AwQALhFpAwQAW9lMAwQBXo6IMAwDBABf1gkDBAJf1ggDBAC5KAcDBAG5XqQDBAC5
ZogDBAK5Z/wDBAC5dXQDBAC5dXcDBAC5yL4DBAG56KowDAMEBLnpUAMEALnpUgME
AbnpygMEALn8kAMEAcIksjA6BAIAAjA0AwcAKgRSAABoAwcAKgRSAQACAwcAKgRS
AQAEAwcBKgRSAQAGAwcAKgRSAYAYAwUDKg0swDANBgkqhkiG9w0BAQsFAAOCAQEA
elIzV3eBXGjat7JIa8ARf55XYIbYx98ivjRq74sSV+78OrRcptKq4ApiE4vgyADd
4J+vpQ/86BrT3+eSKiK4Vzj59wPh4a0k5NcfCnuureHP4J3Ahj+xVKsOvXuM8IVA
TxVf0R8AHeRdzwC3ioVCc4ry1zHt29IZiUpb1BanH6AmLHG1RIXKrlBPysWbPB6U
3aE3pcXu58K2l1LE/xc/hNdVXkVeQRcq9eowqVIAKiF/8mRxisjtoKku8YGyXqc4
5e3hcsJBVQpNlwm9MvSt5t0DH28T/g3eUIDgJow0lGrFk1Y9ntSsGJmyJFymZzbE
5H4fzfCZbmw2y+sJI2g9XQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:43:10 2024 by rpki-client on console-ams.rpki-client.org