Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/7d/a188bc-deee-42ec-8289-ed84a0058a9f/1/8JbIvS_mJk3tqtHbE85xrtIXERo.roa
File: 8JbIvS_mJk3tqtHbE85xrtIXERo.roa (raw, json)
Hash identifier: KOazbHGMnAIDQDK82JUKpLtG0o6s4ED29g5358XCzCg=
Subject key identifier: F0:96:C8:BD:2F:E6:26:4D:ED:AA:D1:DB:13:CE:71:AE:D2:17:11:1A
Certificate issuer: /CN=b328fe258a1b9bf6148a6ce0e8a712f18840904c
Certificate serial: 018E1B272B8B5EDCB1FCC0CEF228F8066CAD
Authority key identifier: B3:28:FE:25:8A:1B:9B:F6:14:8A:6C:E0:E8:A7:12:F1:88:40:90:4C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/syj-JYobm_YUimzg6KcS8YhAkEw.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/7d/a188bc-deee-42ec-8289-ed84a0058a9f/1/8JbIvS_mJk3tqtHbE85xrtIXERo.roa
Signing time: Thu 07 Mar 2024 23:02:15 +0000
ROA not before: Thu 07 Mar 2024 23:02:15 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 25459
IP address blocks: 83.172.128.0/21 maxlen: 21
83.172.136.0/24 maxlen: 24
83.172.138.0/23 maxlen: 23
83.172.140.0/22 maxlen: 22
83.172.144.0/21 maxlen: 21
83.172.152.0/23 maxlen: 23
83.172.158.0/23 maxlen: 23
83.172.160.0/22 maxlen: 22
83.172.164.0/23 maxlen: 23
83.172.168.0/23 maxlen: 23
83.172.180.0/22 maxlen: 22
83.172.186.0/24 maxlen: 24
83.172.188.0/23 maxlen: 23
83.172.190.0/24 maxlen: 24
2a02:cec0::/30 maxlen: 30
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8e:1b:27:2b:8b:5e:dc:b1:fc:c0:ce:f2:28:f8:06:6c:ad
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=b328fe258a1b9bf6148a6ce0e8a712f18840904c
Validity
Not Before: Mar 7 23:02:15 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=f096c8bd2fe6264dedaad1db13ce71aed217111a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:40:77:27:77:f6:25:c9:b7:8a:a1:e4:ad:4f:
c5:4b:4d:2f:9b:01:33:dd:12:91:56:26:db:e2:4d:
8e:da:27:f6:8c:5a:78:13:da:d6:1a:f6:df:f0:2d:
2b:36:d2:fa:e2:3b:e1:e6:48:f5:e2:89:4e:4d:b1:
e8:e9:65:3a:ed:84:d2:31:ec:53:7c:a2:6b:d6:0d:
c3:16:17:f9:30:2c:f0:23:71:7c:9c:2d:2b:18:d4:
8b:0f:18:a5:87:b3:06:b2:0d:1e:42:42:c8:8d:74:
6b:84:1d:28:fd:cd:8d:e7:0e:fc:32:9b:62:c0:0f:
02:6e:8e:62:df:ad:6b:ba:e6:b3:e4:8e:48:ae:cf:
98:6b:a8:5f:c5:ed:d5:40:da:f1:d9:d2:91:65:2c:
95:ea:c0:50:72:a9:73:c6:9e:b3:e8:a0:69:08:9d:
be:6c:cb:fd:aa:6d:4f:e0:e6:a3:e5:49:19:56:20:
9f:94:9e:d0:84:b5:9e:f7:77:6e:03:53:a2:f3:f6:
df:2b:64:43:b9:f6:60:bc:27:3d:1a:ec:22:d5:0f:
2f:a8:01:2e:9b:d7:40:86:40:36:ae:7f:3c:1a:a1:
f0:b6:5b:5d:9d:47:fd:79:81:6c:33:0e:e2:3e:09:
0e:05:4f:8c:10:0a:88:d0:67:e7:c8:2d:bb:67:f5:
dc:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
F0:96:C8:BD:2F:E6:26:4D:ED:AA:D1:DB:13:CE:71:AE:D2:17:11:1A
X509v3 Authority Key Identifier:
keyid:B3:28:FE:25:8A:1B:9B:F6:14:8A:6C:E0:E8:A7:12:F1:88:40:90:4C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/syj-JYobm_YUimzg6KcS8YhAkEw.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a188bc-deee-42ec-8289-ed84a0058a9f/1/8JbIvS_mJk3tqtHbE85xrtIXERo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/7d/a188bc-deee-42ec-8289-ed84a0058a9f/1/syj-JYobm_YUimzg6KcS8YhAkEw.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
83.172.128.0-83.172.136.255
83.172.138.0-83.172.153.255
83.172.158.0-83.172.165.255
83.172.168.0/23
83.172.180.0/22
83.172.186.0/24
83.172.188.0-83.172.190.255
IPv6:
2a02:cec0::/30
Signature Algorithm: sha256WithRSAEncryption
70:16:a0:8b:1f:e6:22:dd:31:a4:c8:c5:ab:97:1d:80:ba:c2:
ee:e8:23:ac:68:e4:8b:96:07:44:1f:8e:69:43:65:5c:c1:5b:
49:48:06:b6:82:88:8c:17:e8:73:3e:3d:b1:12:cc:0a:ca:3f:
ca:1a:a6:27:4f:b4:3a:91:ab:78:e3:b9:e2:bd:84:04:46:8a:
dc:60:de:b0:4a:87:1a:22:6b:04:ac:4f:47:7c:f1:fc:1d:1c:
e1:e4:da:18:dd:43:46:18:7e:2b:9c:b1:ea:35:5f:24:e9:49:
9e:7f:65:fd:85:ef:27:e1:00:d1:72:5d:bf:c5:f7:af:50:c5:
2f:7c:36:c7:bb:89:de:1e:e9:9d:89:0f:f4:f4:b9:5d:ab:91:
49:cb:11:15:fa:84:61:37:96:06:9f:96:0b:15:ce:43:01:8b:
ec:17:a4:0e:ee:92:6a:fc:5f:08:95:e1:37:83:0c:c8:6c:03:
4d:1f:90:70:6d:ea:96:7b:21:00:47:a1:4a:a8:08:67:b1:b7:
ba:6b:52:f1:06:d3:91:f1:92:27:55:36:28:e4:9a:9e:08:7a:
37:a2:54:ea:e4:dc:1f:d9:46:77:5e:c1:13:de:f6:ab:56:73:
1a:fb:e7:88:b2:d3:69:c0:1e:db:e5:f8:e8:55:7b:9c:df:32:
f8:a3:af:8d
-----BEGIN CERTIFICATE-----
MIIFUDCCBDigAwIBAgISAY4bJyuLXtyx/MDO8ij4BmytMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGIzMjhmZTI1OGExYjliZjYxNDhhNmNlMGU4YTcxMmYxODg0
MDkwNGMwHhcNMjQwMzA3MjMwMjE1WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmMDk2YzhiZDJmZTYyNjRkZWRhYWQxZGIxM2NlNzFhZWQyMTcxMTFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhEB3J3f2Jcm3iqHkrU/FS00vmwEz
3RKRVibb4k2O2if2jFp4E9rWGvbf8C0rNtL64jvh5kj14olOTbHo6WU67YTSMexT
fKJr1g3DFhf5MCzwI3F8nC0rGNSLDxilh7MGsg0eQkLIjXRrhB0o/c2N5w78Mpti
wA8Cbo5i361ruuaz5I5Irs+Ya6hfxe3VQNrx2dKRZSyV6sBQcqlzxp6z6KBpCJ2+
bMv9qm1P4Oaj5UkZViCflJ7QhLWe93duA1Oi8/bfK2RDufZgvCc9Guwi1Q8vqAEu
m9dAhkA2rn88GqHwtltdnUf9eYFsMw7iPgkOBU+MEAqI0GfnyC27Z/XcUQIDAQAB
o4ICXDCCAlgwHQYDVR0OBBYEFPCWyL0v5iZN7arR2xPOca7SFxEaMB8GA1UdIwQY
MBaAFLMo/iWKG5v2FIps4OinEvGIQJBMMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvc3lqLUpZb2JtX1lVaW16ZzZLY1M4WWhBa0V3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC83ZC9hMTg4YmMtZGVlZS00MmVjLTgyODkt
ZWQ4NGEwMDU4YTlmLzEvOEpiSXZTX21KazN0cXRIYkU4NXhydElYRVJvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC83ZC9hMTg4YmMtZGVlZS00MmVjLTgyODktZWQ4NGEwMDU4YTlm
LzEvc3lqLUpZb2JtX1lVaW16ZzZLY1M4WWhBa0V3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHIGCCsGAQUFBwEHAQH/BGMwYTBQBAIAATBKMAwDBAdTrIAD
BABTrIgwDAMEAVOsigMEAVOsmDAMAwQBU6yeAwQBU6ykAwQBU6yoAwQCU6y0AwQA
U6y6MAwDBAJTrLwDBABTrL4wDQQCAAIwBwMFAioCzsAwDQYJKoZIhvcNAQELBQAD
ggEBAHAWoIsf5iLdMaTIxauXHYC6wu7oI6xo5IuWB0QfjmlDZVzBW0lIBraCiIwX
6HM+PbESzArKP8oapidPtDqRq3jjueK9hARGitxg3rBKhxoiawSsT0d88fwdHOHk
2hjdQ0YYfiucseo1XyTpSZ5/Zf2F7yfhANFyXb/F969QxS98Nse7id4e6Z2JD/T0
uV2rkUnLERX6hGE3lgaflgsVzkMBi+wXpA7ukmr8XwiV4TeDDMhsA00fkHBt6pZ7
IQBHoUqoCGext7prUvEG05HxkidVNijkmp4IejeiVOrk3B/ZRndewRPe9qtWcxr7
54iy02nAHtvl+OhVe5zfMvijr40=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:19:51 2024 by rpki-client on console-ams.rpki-client.org