Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/e8hd4356Fdmj3xQtCDzMA5e03pM.roa
File: e8hd4356Fdmj3xQtCDzMA5e03pM.roa (raw, json)
Hash identifier: hP+c+7EDgY5mrXgPnHHEeni/Wq4jlg9BpVlb6SRWx7s=
Subject key identifier: 7B:C8:5D:E3:7E:7A:15:D9:A3:DF:14:2D:08:3C:CC:03:97:B4:DE:93
Certificate issuer: /CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Certificate serial: 018CC8DFAE7DFB9E7DBB4B573F4D643ECF98
Authority key identifier: B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/e8hd4356Fdmj3xQtCDzMA5e03pM.roa
Signing time: Tue 02 Jan 2024 06:32:31 +0000
ROA not before: Tue 02 Jan 2024 06:32:31 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 209641
IP address blocks: 185.5.248.0/23 maxlen: 23
185.5.250.0/23 maxlen: 23
185.5.248.0/22 maxlen: 22
185.5.250.0/24 maxlen: 24
185.87.48.0/22 maxlen: 22
185.87.50.0/24 maxlen: 24
185.87.48.0/24 maxlen: 24
185.87.51.0/24 maxlen: 24
185.87.49.0/24 maxlen: 24
185.117.152.0/22 maxlen: 22
185.114.75.0/24 maxlen: 24
185.200.188.0/24 maxlen: 24
45.89.67.0/24 maxlen: 24
45.89.66.0/24 maxlen: 24
91.217.80.0/24 maxlen: 24
94.142.136.0/21 maxlen: 21
94.142.139.0/24 maxlen: 24
94.142.143.0/24 maxlen: 24
94.142.141.0/24 maxlen: 24
94.142.140.0/24 maxlen: 24
94.142.142.0/24 maxlen: 24
185.125.218.0/23 maxlen: 23
185.125.216.0/22 maxlen: 22
185.105.116.0/24 maxlen: 24
185.105.117.0/24 maxlen: 24
193.109.85.0/24 maxlen: 24
185.58.206.0/24 maxlen: 24
185.58.204.0/24 maxlen: 24
185.58.204.0/22 maxlen: 22
185.58.207.0/24 maxlen: 24
45.132.252.0/24 maxlen: 24
185.125.231.0/24 maxlen: 24
185.125.229.0/24 maxlen: 24
185.125.228.0/22 maxlen: 22
185.125.230.0/24 maxlen: 24
185.125.228.0/24 maxlen: 24
194.67.192.0/19 maxlen: 19
194.67.196.0/22 maxlen: 22
194.67.194.0/23 maxlen: 23
194.67.193.0/24 maxlen: 24
193.124.176.0/21 maxlen: 21
193.124.176.0/20 maxlen: 20
193.124.184.0/21 maxlen: 21
45.128.176.0/24 maxlen: 24
45.128.178.0/24 maxlen: 24
45.128.176.0/22 maxlen: 22
45.128.177.0/24 maxlen: 24
45.128.179.0/24 maxlen: 24
195.47.250.0/24 maxlen: 24
194.67.203.0/24 maxlen: 24
194.67.200.0/21 maxlen: 21
194.67.202.0/24 maxlen: 24
194.67.204.0/22 maxlen: 22
193.168.224.0/24 maxlen: 24
194.67.208.0/20 maxlen: 20
2a0a:9300:d1::/48 maxlen: 48
2a0a:9300::/48 maxlen: 48
2a0a:9301:1::/48 maxlen: 48
2a0a:9301::/48 maxlen: 48
2a0a:9300:d2::/48 maxlen: 48
2a0a:9301:2::/48 maxlen: 48
2a0c:77c0::/32 maxlen: 32
2a0c:74c0::/29 maxlen: 29
2a0a:9300:2::/48 maxlen: 48
2a0a:9302::/32 maxlen: 32
2a07:4a00::/29 maxlen: 29
2a0b:9800::/29 maxlen: 29
2a0c:77c0::/29 maxlen: 29
2a0a:9300:d0::/48 maxlen: 48
2a0d:3880::/29 maxlen: 29
2a0a:9302:1::/48 maxlen: 48
2a0d:2cc0::/29 maxlen: 29
2a0b:7780::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:df:ae:7d:fb:9e:7d:bb:4b:57:3f:4d:64:3e:cf:98
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b4f96345d3f22edb395d247f7b86d2d73e4a0091
Validity
Not Before: Jan 2 06:32:31 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=7bc85de37e7a15d9a3df142d083ccc0397b4de93
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9d:95:7a:91:48:1f:77:a5:ba:ed:82:ff:d7:a2:
76:6f:97:5c:75:49:b4:64:aa:83:9e:6d:6f:c4:71:
0c:c1:94:2b:a5:11:3c:15:d9:ed:34:fd:5d:4d:47:
41:06:5c:25:94:f4:c2:c6:16:4d:d0:6a:8d:5a:8a:
95:91:de:83:d9:aa:96:ce:a7:d6:d3:52:3b:b9:bb:
5f:78:ec:2e:26:bc:20:dc:b9:67:2c:f1:c3:d8:23:
1b:3d:b6:04:b3:5d:a8:9d:89:21:64:9b:21:45:6b:
bf:83:61:22:39:57:0e:ce:b1:15:77:3a:c6:1d:10:
07:77:3f:72:b2:cb:3d:e9:47:7e:5a:6e:46:7c:42:
fb:80:27:ea:92:64:df:e5:ba:62:07:84:9f:72:6b:
be:46:5e:8d:65:33:c8:32:b3:68:d0:47:05:a7:47:
b0:55:bd:57:ce:d9:8e:4c:60:68:4e:8d:70:25:db:
5f:93:68:1d:2f:68:fc:d8:03:a5:bf:5c:50:33:fb:
b0:16:e9:17:3f:49:a9:43:45:8e:0e:58:3b:51:d6:
38:d5:2a:d4:c0:71:58:71:a6:ff:60:b0:9a:1a:83:
00:05:8f:82:2c:42:9d:5f:ae:ea:f9:8e:f3:d4:84:
ad:ee:00:9c:25:1b:35:19:46:ea:2d:be:b3:d5:79:
ee:37
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
7B:C8:5D:E3:7E:7A:15:D9:A3:DF:14:2D:08:3C:CC:03:97:B4:DE:93
X509v3 Authority Key Identifier:
keyid:B4:F9:63:45:D3:F2:2E:DB:39:5D:24:7F:7B:86:D2:D7:3E:4A:00:91
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/tPljRdPyLts5XSR_e4bS1z5KAJE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/e8hd4356Fdmj3xQtCDzMA5e03pM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/c5/8e121d-73b3-438a-83c4-6fc343d77cd2/1/tPljRdPyLts5XSR_e4bS1z5KAJE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.89.66.0/23
45.128.176.0/22
45.132.252.0/24
91.217.80.0/24
94.142.136.0/21
185.5.248.0/22
185.58.204.0/22
185.87.48.0/22
185.105.116.0/23
185.114.75.0/24
185.117.152.0/22
185.125.216.0/22
185.125.228.0/22
185.200.188.0/24
193.109.85.0/24
193.124.176.0/20
193.168.224.0/24
194.67.192.0/19
195.47.250.0/24
IPv6:
2a07:4a00::/29
2a0a:9300::/48
2a0a:9300:2::/48
2a0a:9300:d0::-2a0a:9300:d2:ffff:ffff:ffff:ffff:ffff
2a0a:9301::-2a0a:9301:2:ffff:ffff:ffff:ffff:ffff
2a0a:9302::/32
2a0b:7780::/29
2a0b:9800::/29
2a0c:74c0::/29
2a0c:77c0::/29
2a0d:2cc0::/29
2a0d:3880::/29
Signature Algorithm: sha256WithRSAEncryption
6f:eb:96:e5:ff:c3:6f:6f:da:71:b9:99:63:2e:b5:4f:f6:e2:
be:c9:46:1f:04:53:4f:66:d0:47:6d:fa:56:11:20:60:df:2b:
ad:b1:42:2b:da:19:b6:5e:8b:75:79:3b:d0:bc:e1:85:b2:9a:
bd:29:9f:00:ed:20:a6:4d:89:49:74:48:f4:81:eb:12:93:13:
8a:8a:80:31:35:29:1d:cf:89:80:cf:15:96:a0:09:af:90:3a:
15:de:45:73:09:b1:74:49:08:4a:7a:db:53:2a:36:5a:02:b3:
d6:fe:46:d3:da:17:a9:07:07:de:94:2a:7d:de:18:57:b0:87:
93:33:04:21:e5:86:6f:d8:4c:e3:10:4f:91:4e:c1:ce:b0:9b:
08:03:c3:6c:0e:0e:e4:d3:cc:cf:c1:a4:71:d2:c2:24:b4:35:
8e:ea:7e:cb:94:e3:d9:62:22:27:e1:ef:89:9d:77:4e:cc:10:
3d:cf:6b:06:65:c3:98:43:0f:d3:38:71:99:7c:fb:61:65:1d:
3c:80:a5:6b:8f:0d:51:d2:97:4c:5a:6a:d3:10:68:13:7f:77:
5d:a3:be:24:c7:db:92:5f:65:7d:dc:bc:b9:14:a4:86:14:1e:
00:8e:5f:30:70:3d:f5:72:9d:dd:16:84:1a:dd:7a:61:4b:a9:
17:d4:48:60
-----BEGIN CERTIFICATE-----
MIIF5TCCBM2gAwIBAgISAYzI3659+559u0tXP01kPs+YMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGI0Zjk2MzQ1ZDNmMjJlZGIzOTVkMjQ3ZjdiODZkMmQ3M2U0
YTAwOTEwHhcNMjQwMTAyMDYzMjMxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3YmM4NWRlMzdlN2ExNWQ5YTNkZjE0MmQwODNjY2MwMzk3YjRkZTkzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnZV6kUgfd6W67YL/16J2b5dcdUm0
ZKqDnm1vxHEMwZQrpRE8FdntNP1dTUdBBlwllPTCxhZN0GqNWoqVkd6D2aqWzqfW
01I7ubtfeOwuJrwg3LlnLPHD2CMbPbYEs12onYkhZJshRWu/g2EiOVcOzrEVdzrG
HRAHdz9ysss96Ud+Wm5GfEL7gCfqkmTf5bpiB4Sfcmu+Rl6NZTPIMrNo0EcFp0ew
Vb1XztmOTGBoTo1wJdtfk2gdL2j82AOlv1xQM/uwFukXP0mpQ0WODlg7UdY41SrU
wHFYcab/YLCaGoMABY+CLEKdX67q+Y7z1ISt7gCcJRs1GUbqLb6z1XnuNwIDAQAB
o4IC8TCCAu0wHQYDVR0OBBYEFHvIXeN+ehXZo98ULQg8zAOXtN6TMB8GA1UdIwQY
MBaAFLT5Y0XT8i7bOV0kf3uG0tc+SgCRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQt
NmZjMzQzZDc3Y2QyLzEvZThoZDQzNTZGZG1qM3hRdENEek1BNWUwM3BNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9jNS84ZTEyMWQtNzNiMy00MzhhLTgzYzQtNmZjMzQzZDc3Y2Qy
LzEvdFBsalJkUHlMdHM1WFNSX2U0YlMxejVLQUpFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIIBBQYIKwYBBQUHAQcBAf8EgfUwgfIweAQCAAEwcgMEAS1Z
QgMEAi2AsAMEAC2E/AMEAFvZUAMEA16OiAMEArkF+AMEArk6zAMEArlXMAMEAblp
dAMEALlySwMEArl1mAMEArl92AMEArl95AMEALnIvAMEAMFtVQMEBMF8sAMEAMGo
4AMEBcJDwAMEAMMv+jB2BAIAAjBwAwUDKgdKAAMHACoKkwAAAAMHACoKkwAAAjAS
AwcEKgqTAADQAwcAKgqTAADSMBADBQAqCpMBAwcAKgqTAQACAwUAKgqTAgMFAyoL
d4ADBQMqC5gAAwUDKgx0wAMFAyoMd8ADBQMqDSzAAwUDKg04gDANBgkqhkiG9w0B
AQsFAAOCAQEAb+uW5f/Db2/acbmZYy61T/bivslGHwRTT2bQR236VhEgYN8rrbFC
K9oZtl6LdXk70LzhhbKavSmfAO0gpk2JSXRI9IHrEpMTioqAMTUpHc+JgM8VlqAJ
r5A6Fd5FcwmxdEkISnrbUyo2WgKz1v5G09oXqQcH3pQqfd4YV7CHkzMEIeWGb9hM
4xBPkU7BzrCbCAPDbA4O5NPMz8GkcdLCJLQ1jup+y5Tj2WIiJ+HviZ13TswQPc9r
BmXDmEMP0zhxmXz7YWUdPICla48NUdKXTFpq0xBoE393XaO+JMfbkl9lfdy8uRSk
hhQeAI5fMHA99XKd3RaEGt16YUupF9RIYA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:53:08 2024 by rpki-client on console-fra.rpki-client.org