Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/usGVcFjF2ddJSAq6e7pCv_PHbO4.roa
File: usGVcFjF2ddJSAq6e7pCv_PHbO4.roa (raw, json)
Hash identifier: f1yWC3G/ojuTA9+npM3hOs9B/LnBRrcEW0Vsg0V53VU=
Subject key identifier: BA:C1:95:70:58:C5:D9:D7:49:48:0A:BA:7B:BA:42:BF:F3:C7:6C:EE
Certificate issuer: /CN=cdaaa0e082360360acda347664eb8314eb11da10
Certificate serial: 018DF94078995E325FDC07D7D91B007F2260
Authority key identifier: CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/usGVcFjF2ddJSAq6e7pCv_PHbO4.roa
Signing time: Fri 01 Mar 2024 09:02:48 +0000
ROA not before: Fri 01 Mar 2024 09:02:48 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 42864
IP address blocks: 5.182.115.0/24 maxlen: 24
45.9.169.0/24 maxlen: 24
45.9.170.0/24 maxlen: 24
45.9.171.0/24 maxlen: 24
45.14.10.0/24 maxlen: 24
45.14.11.0/24 maxlen: 24
45.88.93.0/24 maxlen: 24
77.242.144.0/22 maxlen: 24
77.242.148.0/24 maxlen: 24
77.242.151.0/24 maxlen: 24
77.242.152.0/22 maxlen: 24
83.137.158.0/24 maxlen: 24
88.209.193.0/24 maxlen: 24
88.209.196.0/24 maxlen: 24
88.209.208.0/24 maxlen: 24
88.209.210.0/24 maxlen: 24
88.209.212.0/24 maxlen: 24
88.209.213.0/24 maxlen: 24
88.209.214.0/24 maxlen: 24
88.209.215.0/24 maxlen: 24
88.209.219.0/24 maxlen: 24
92.52.208.0/24 maxlen: 24
92.52.209.0/24 maxlen: 24
92.52.210.0/23 maxlen: 23
92.52.212.0/22 maxlen: 24
178.210.224.0/24 maxlen: 24
178.210.225.0/24 maxlen: 24
178.210.226.0/23 maxlen: 23
178.210.228.0/22 maxlen: 24
178.210.232.0/22 maxlen: 22
178.210.236.0/24 maxlen: 24
178.210.237.0/24 maxlen: 24
178.210.238.0/23 maxlen: 23
178.210.240.0/22 maxlen: 22
178.210.244.0/22 maxlen: 22
178.210.248.0/24 maxlen: 24
178.210.249.0/24 maxlen: 24
178.210.250.0/24 maxlen: 24
178.210.251.0/24 maxlen: 24
178.210.252.0/22 maxlen: 22
178.248.200.0/21 maxlen: 21
193.138.125.0/24 maxlen: 24
2a00:1f40::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8d:f9:40:78:99:5e:32:5f:dc:07:d7:d9:1b:00:7f:22:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=cdaaa0e082360360acda347664eb8314eb11da10
Validity
Not Before: Mar 1 09:02:48 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=bac1957058c5d9d749480aba7bba42bff3c76cee
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ab:d4:e0:c0:e2:47:87:f2:b6:31:82:66:61:05:
e0:35:21:ab:3c:06:5d:23:95:37:21:4e:44:ff:fe:
57:b1:b2:89:41:c9:4a:3d:c8:df:7a:c8:c5:34:88:
2a:00:55:b1:ae:6a:c5:a4:8d:20:77:9e:07:d5:ea:
46:cc:f7:65:39:bb:b7:41:fc:9c:28:8f:5d:c6:ce:
fe:77:6a:c5:d9:cc:d1:f0:cb:0e:32:37:08:da:23:
02:d5:58:e5:fd:f2:36:5a:4c:13:0b:75:df:25:2c:
6f:9f:20:34:42:6e:11:6c:eb:9a:3e:49:4b:95:be:
b4:0e:d8:a8:7a:ad:1f:85:43:1b:7f:4e:0a:1b:f6:
2d:91:58:3d:b1:50:af:88:3d:16:35:84:53:97:0a:
74:af:0d:fe:37:da:f3:cc:71:b9:9f:ad:1b:fa:2c:
11:9a:63:93:7b:27:c1:6d:90:d4:ee:92:03:1e:14:
4a:3b:f6:05:75:a4:5b:7a:81:2d:10:cb:98:9c:7c:
dd:a2:8b:51:e9:5d:d0:2a:14:c2:a2:41:60:91:2d:
eb:ae:b8:5c:3f:91:a6:62:7d:1a:51:f8:cc:9f:86:
24:32:cd:86:17:9a:60:87:f8:82:94:3c:83:36:84:
f9:89:78:54:ab:74:22:47:55:57:2e:eb:60:15:b7:
c3:2f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
BA:C1:95:70:58:C5:D9:D7:49:48:0A:BA:7B:BA:42:BF:F3:C7:6C:EE
X509v3 Authority Key Identifier:
keyid:CD:AA:A0:E0:82:36:03:60:AC:DA:34:76:64:EB:83:14:EB:11:DA:10
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/usGVcFjF2ddJSAq6e7pCv_PHbO4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/dd/589127-1096-4c91-96cc-7e4d6f6f6e66/1/zaqg4II2A2Cs2jR2ZOuDFOsR2hA.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.182.115.0/24
45.9.169.0-45.9.171.255
45.14.10.0/23
45.88.93.0/24
77.242.144.0-77.242.148.255
77.242.151.0-77.242.155.255
83.137.158.0/24
88.209.193.0/24
88.209.196.0/24
88.209.208.0/24
88.209.210.0/24
88.209.212.0/22
88.209.219.0/24
92.52.208.0/21
178.210.224.0/19
178.248.200.0/21
193.138.125.0/24
IPv6:
2a00:1f40::/29
Signature Algorithm: sha256WithRSAEncryption
94:2b:d5:f6:85:e3:ee:88:4d:0f:1b:32:1a:eb:9b:52:df:25:
81:c4:5f:59:24:51:b0:2b:9b:5c:fd:5f:77:03:ca:25:83:b6:
e3:80:78:f9:5b:8c:41:dc:b7:83:c4:af:15:87:47:10:2b:5e:
d3:31:ce:00:97:1e:36:24:21:ab:6d:67:d2:05:5e:75:ca:70:
88:bb:73:26:d1:32:7f:a2:a2:5c:98:5a:9c:37:a4:db:a3:38:
f7:e7:b9:5a:84:a9:e8:50:2c:2f:18:b6:18:50:a3:f9:0a:74:
19:f1:34:bf:14:bd:6f:cc:e6:0d:4c:cd:6d:e4:54:8e:ce:90:
cd:9f:c7:5c:94:69:ca:a5:1b:83:98:69:e6:26:57:4c:82:e2:
53:d4:9b:39:be:49:29:04:07:82:c8:0a:5b:56:04:c7:7c:43:
ba:03:9e:7e:fc:9b:f0:ba:c8:21:4e:90:75:e8:9b:b6:b9:15:
7a:5d:ed:33:bc:8b:87:cc:2c:6c:82:d1:3b:fa:bf:56:74:6d:
af:51:60:c9:5b:8a:d7:ba:e3:e1:68:74:ed:f8:aa:fc:c1:92:
ae:1a:4f:2d:bc:ad:0e:5e:86:b7:12:58:45:1d:89:b7:f4:2d:
55:7f:14:a3:c5:1b:6e:18:d8:3c:72:a6:f8:9c:06:0a:d3:9a:
7d:4b:3b:9b
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgISAY35QHiZXjJf3AfX2RsAfyJgMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNkYWFhMGUwODIzNjAzNjBhY2RhMzQ3NjY0ZWI4MzE0ZWIx
MWRhMTAwHhcNMjQwMzAxMDkwMjQ4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiYWMxOTU3MDU4YzVkOWQ3NDk0ODBhYmE3YmJhNDJiZmYzYzc2Y2VlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq9TgwOJHh/K2MYJmYQXgNSGrPAZd
I5U3IU5E//5XsbKJQclKPcjfesjFNIgqAFWxrmrFpI0gd54H1epGzPdlObu3Qfyc
KI9dxs7+d2rF2czR8MsOMjcI2iMC1Vjl/fI2WkwTC3XfJSxvnyA0Qm4RbOuaPklL
lb60Dtioeq0fhUMbf04KG/YtkVg9sVCviD0WNYRTlwp0rw3+N9rzzHG5n60b+iwR
mmOTeyfBbZDU7pIDHhRKO/YFdaRbeoEtEMuYnHzdootR6V3QKhTCokFgkS3rrrhc
P5GmYn0aUfjMn4YkMs2GF5pgh/iClDyDNoT5iXhUq3QiR1VXLutgFbfDLwIDAQAB
o4IClDCCApAwHQYDVR0OBBYEFLrBlXBYxdnXSUgKunu6Qr/zx2zuMB8GA1UdIwQY
MBaAFM2qoOCCNgNgrNo0dmTrgxTrEdoQMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2Mt
N2U0ZDZmNmY2ZTY2LzEvdXNHVmNGakYyZGRKU0FxNmU3cEN2X1BIYk80LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9kZC81ODkxMjctMTA5Ni00YzkxLTk2Y2MtN2U0ZDZmNmY2ZTY2
LzEvemFxZzRJSTJBMkNzMmpSMlpPdURGT3NSMmhBLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGpBggrBgEFBQcBBwEB/wSBmTCBljCBhAQCAAEwfgMEAAW2
czAMAwQALQmpAwQCLQmoAwQBLQ4KAwQALVhdMAwDBARN8pADBABN8pQwDAMEAE3y
lwMEAk3ymAMEAFOJngMEAFjRwQMEAFjRxAMEAFjR0AMEAFjR0gMEAljR1AMEAFjR
2wMEA1w00AMEBbLS4AMEA7L4yAMEAMGKfTANBAIAAjAHAwUDKgAfQDANBgkqhkiG
9w0BAQsFAAOCAQEAlCvV9oXj7ohNDxsyGuubUt8lgcRfWSRRsCubXP1fdwPKJYO2
44B4+VuMQdy3g8SvFYdHECte0zHOAJceNiQhq21n0gVedcpwiLtzJtEyf6KiXJha
nDek26M49+e5WoSp6FAsLxi2GFCj+Qp0GfE0vxS9b8zmDUzNbeRUjs6QzZ/HXJRp
yqUbg5hp5iZXTILiU9SbOb5JKQQHgsgKW1YEx3xDugOefvyb8LrIIU6QdeibtrkV
el3tM7yLh8wsbILRO/q/VnRtr1FgyVuK17rj4Wh07fiq/MGSrhpPLbytDl6GtxJY
RR2Jt/QtVX8Uo8UbbhjYPHKm+JwGCtOafUs7mw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:47:57 2024 by rpki-client on console-ams.rpki-client.org