Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/e9/c8010e-3289-4a36-a2b8-12b2bc58053a/1/bifExOqpBTz6Oa0WlyMHLsnJDK4.roa
File: bifExOqpBTz6Oa0WlyMHLsnJDK4.roa (raw, json)
Hash identifier: 7AzNRKH2ZcGS1diB6Su/QaaKhg03mrzHZcMyJZesNGE=
Subject key identifier: 6E:27:C4:C4:EA:A9:05:3C:FA:39:AD:16:97:23:07:2E:C9:C9:0C:AE
Certificate issuer: /CN=dba12207af4d186c44da2533c0b8f1fd1f55d8db
Certificate serial: 018A45ACEBB830299A316D52C03A74AFF1C2
Authority key identifier: DB:A1:22:07:AF:4D:18:6C:44:DA:25:33:C0:B8:F1:FD:1F:55:D8:DB
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/26EiB69NGGxE2iUzwLjx_R9V2Ns.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/e9/c8010e-3289-4a36-a2b8-12b2bc58053a/1/bifExOqpBTz6Oa0WlyMHLsnJDK4.roa
Signing time: Wed 30 Aug 2023 09:01:14 +0000
ROA not before: Wed 30 Aug 2023 09:01:14 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 41960
IP address blocks: 213.156.0.0/20 maxlen: 24
91.211.160.0/22 maxlen: 24
212.19.192.0/19 maxlen: 19
195.238.86.0/23 maxlen: 24
212.26.192.0/19 maxlen: 19
185.116.12.0/22 maxlen: 24
45.151.116.0/22 maxlen: 24
5.183.132.0/22 maxlen: 24
212.57.48.0/20 maxlen: 24
217.8.96.0/20 maxlen: 20
45.95.252.0/22 maxlen: 24
2.56.216.0/22 maxlen: 24
93.188.64.0/22 maxlen: 24
193.105.183.0/24 maxlen: 24
213.173.56.0/22 maxlen: 22
77.73.224.0/21 maxlen: 24
185.249.136.0/22 maxlen: 24
45.10.124.0/22 maxlen: 24
185.251.152.0/22 maxlen: 24
194.61.84.0/23 maxlen: 24
194.61.86.0/24 maxlen: 24
195.184.86.0/23 maxlen: 24
195.184.90.0/23 maxlen: 24
171.22.176.0/22 maxlen: 24
45.140.156.0/22 maxlen: 24
85.184.8.0/21 maxlen: 24
185.234.152.0/23 maxlen: 24
185.239.168.0/23 maxlen: 24
185.234.154.0/24 maxlen: 24
185.239.170.0/24 maxlen: 24
37.148.184.0/21 maxlen: 24
91.216.34.0/24 maxlen: 24
185.253.48.0/22 maxlen: 24
2a02:690::/29 maxlen: 32
2001:6e0::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:45:ac:eb:b8:30:29:9a:31:6d:52:c0:3a:74:af:f1:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=dba12207af4d186c44da2533c0b8f1fd1f55d8db
Validity
Not Before: Aug 30 09:01:14 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=6e27c4c4eaa9053cfa39ad169723072ec9c90cae
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b6:d2:c1:a8:35:f5:0c:4b:bb:ac:af:2b:d6:d6:
cc:39:34:9d:20:c4:a9:59:f2:d7:9a:87:04:cb:b4:
b8:69:f8:27:88:37:60:bc:cf:af:c8:bf:c2:75:20:
d7:2b:30:02:19:40:1c:e9:8b:e8:d3:1f:ad:0a:45:
c2:d5:8e:7b:5b:1b:4f:26:41:68:cd:2d:8b:39:86:
69:cd:8d:14:60:a9:82:15:99:83:cf:7f:61:4d:de:
7e:76:b7:fa:da:f5:e7:dd:57:91:dc:85:42:b8:e3:
87:98:71:79:d4:4d:e7:df:8a:94:f9:df:d0:ff:7d:
20:4a:ad:0a:29:27:33:d5:5d:f6:75:e5:ac:fe:49:
c0:4c:c7:72:ff:f5:a2:78:e4:21:82:a9:b8:75:bc:
ca:8a:3e:74:6c:b4:21:d3:70:00:cf:a8:81:35:b0:
5b:5e:ee:63:49:4e:8c:fa:c4:b8:aa:5d:0e:51:d7:
4d:c4:03:68:27:ee:6b:b6:74:07:0c:b5:ac:46:59:
32:b5:0d:e4:df:6f:a4:e4:97:d1:1b:4f:00:4e:4a:
8e:55:80:2a:aa:2c:2c:5d:43:8e:0b:74:92:76:d8:
91:2f:98:96:52:63:18:59:67:90:ce:8a:ea:00:d4:
1d:da:6c:08:78:72:2f:2e:85:18:02:7f:4e:d8:9d:
70:bd
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
6E:27:C4:C4:EA:A9:05:3C:FA:39:AD:16:97:23:07:2E:C9:C9:0C:AE
X509v3 Authority Key Identifier:
keyid:DB:A1:22:07:AF:4D:18:6C:44:DA:25:33:C0:B8:F1:FD:1F:55:D8:DB
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/26EiB69NGGxE2iUzwLjx_R9V2Ns.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/c8010e-3289-4a36-a2b8-12b2bc58053a/1/bifExOqpBTz6Oa0WlyMHLsnJDK4.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/e9/c8010e-3289-4a36-a2b8-12b2bc58053a/1/26EiB69NGGxE2iUzwLjx_R9V2Ns.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
2.56.216.0/22
5.183.132.0/22
37.148.184.0/21
45.10.124.0/22
45.95.252.0/22
45.140.156.0/22
45.151.116.0/22
77.73.224.0/21
85.184.8.0/21
91.211.160.0/22
91.216.34.0/24
93.188.64.0/22
171.22.176.0/22
185.116.12.0/22
185.234.152.0-185.234.154.255
185.239.168.0-185.239.170.255
185.249.136.0/22
185.251.152.0/22
185.253.48.0/22
193.105.183.0/24
194.61.84.0-194.61.86.255
195.184.86.0/23
195.184.90.0/23
195.238.86.0/23
212.19.192.0/19
212.26.192.0/19
212.57.48.0/20
213.156.0.0/20
213.173.56.0/22
217.8.96.0/20
IPv6:
2001:6e0::/32
2a02:690::/29
Signature Algorithm: sha256WithRSAEncryption
30:df:f9:18:f5:ab:b6:8d:c0:74:81:27:97:a3:d3:d9:0d:38:
6f:4b:be:59:c4:3b:43:ed:be:12:2d:ba:81:50:31:64:74:bd:
31:0c:d0:b5:f5:be:bf:52:13:e4:15:07:83:15:19:8b:8e:c0:
8c:b1:70:7a:43:df:e5:af:2d:f8:7c:7b:28:e4:1d:76:53:ba:
e6:ba:8b:3a:6e:e7:82:06:51:0e:6b:21:ff:b5:bc:e2:91:0d:
b0:26:c9:b8:6c:70:d2:f1:61:a8:ba:e5:06:c7:dd:f9:fc:68:
b4:78:9d:77:c6:15:c8:38:65:b3:b4:1d:ef:70:73:1f:6d:07:
da:b0:d2:dd:2e:fb:22:70:f9:25:46:9d:fe:d8:ff:fc:5b:ed:
1d:5c:ce:8b:6f:0a:97:5c:7e:2c:09:db:ee:89:ae:89:6c:8c:
bc:96:df:c8:ac:b6:33:f1:21:cc:d3:8b:73:36:87:34:19:35:
06:0a:1d:2f:e2:f3:ef:54:24:a0:38:dc:2c:c4:a2:7a:b8:7b:
f2:0a:ac:56:7d:7f:6a:bd:5b:07:3b:ac:23:ac:dc:a9:15:02:
35:30:d2:10:1b:08:90:51:20:4f:39:02:52:8e:c6:7f:da:58:
9c:08:69:ec:f9:79:8e:e6:d1:41:96:e7:b5:ca:f4:00:19:2e:
33:03:cd:71
-----BEGIN CERTIFICATE-----
MIIF3jCCBMagAwIBAgISAYpFrOu4MCmaMW1SwDp0r/HCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRiYTEyMjA3YWY0ZDE4NmM0NGRhMjUzM2MwYjhmMWZkMWY1
NWQ4ZGIwHhcNMjMwODMwMDkwMTE0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2ZTI3YzRjNGVhYTkwNTNjZmEzOWFkMTY5NzIzMDcyZWM5YzkwY2FlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAttLBqDX1DEu7rK8r1tbMOTSdIMSp
WfLXmocEy7S4afgniDdgvM+vyL/CdSDXKzACGUAc6Yvo0x+tCkXC1Y57WxtPJkFo
zS2LOYZpzY0UYKmCFZmDz39hTd5+drf62vXn3VeR3IVCuOOHmHF51E3n34qU+d/Q
/30gSq0KKScz1V32deWs/knATMdy//WieOQhgqm4dbzKij50bLQh03AAz6iBNbBb
Xu5jSU6M+sS4ql0OUddNxANoJ+5rtnQHDLWsRlkytQ3k32+k5JfRG08ATkqOVYAq
qiwsXUOOC3SSdtiRL5iWUmMYWWeQzorqANQd2mwIeHIvLoUYAn9O2J1wvQIDAQAB
o4IC6jCCAuYwHQYDVR0OBBYEFG4nxMTqqQU8+jmtFpcjBy7JyQyuMB8GA1UdIwQY
MBaAFNuhIgevTRhsRNolM8C48f0fVdjbMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMjZFaUI2OU5HR3hFMmlVendManhfUjlWMk5zLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lOS9jODAxMGUtMzI4OS00YTM2LWEyYjgt
MTJiMmJjNTgwNTNhLzEvYmlmRXhPcXBCVHo2T2EwV2x5TUhMc25KREs0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lOS9jODAxMGUtMzI4OS00YTM2LWEyYjgtMTJiMmJjNTgwNTNh
LzEvMjZFaUI2OU5HR3hFMmlVendManhfUjlWMk5zLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIH/BggrBgEFBQcBBwEB/wSB7zCB7DCB0wQCAAEwgcwDBAIC
ONgDBAIFt4QDBAMllLgDBAItCnwDBAItX/wDBAItjJwDBAItl3QDBANNSeADBANV
uAgDBAJb06ADBABb2CIDBAJdvEADBAKrFrADBAK5dAwwDAMEA7nqmAMEALnqmjAM
AwQDue+oAwQAue+qAwQCufmIAwQCufuYAwQCuf0wAwQAwWm3MAwDBALCPVQDBADC
PVYDBAHDuFYDBAHDuFoDBAHD7lYDBAXUE8ADBAXUGsADBATUOTADBATVnAADBALV
rTgDBATZCGAwFAQCAAIwDgMFACABBuADBQMqAgaQMA0GCSqGSIb3DQEBCwUAA4IB
AQAw3/kY9au2jcB0gSeXo9PZDThvS75ZxDtD7b4SLbqBUDFkdL0xDNC19b6/UhPk
FQeDFRmLjsCMsXB6Q9/lry34fHso5B12U7rmuos6bueCBlEOayH/tbzikQ2wJsm4
bHDS8WGouuUGx935/Gi0eJ13xhXIOGWztB3vcHMfbQfasNLdLvsicPklRp3+2P/8
W+0dXM6LbwqXXH4sCdvuia6JbIy8lt/IrLYz8SHM04tzNoc0GTUGCh0v4vPvVCSg
ONwsxKJ6uHvyCqxWfX9qvVsHO6wjrNypFQI1MNIQGwiQUSBPOQJSjsZ/2licCGns
+XmO5tFBlue1yvQAGS4zA81x
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:50:30 2024 by rpki-client on console-ams.rpki-client.org