Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/OKY0X_OgLYwBYsuBLbtGzTqfjj0.roa
File: OKY0X_OgLYwBYsuBLbtGzTqfjj0.roa (raw, json)
Hash identifier: C1ONimvIchVyjTMuJAeiGiw+phxNhEXQ/UadtansUV4=
Subject key identifier: 38:A6:34:5F:F3:A0:2D:8C:01:62:CB:81:2D:BB:46:CD:3A:9F:8E:3D
Certificate issuer: /CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Certificate serial: 018CC8DECBBBA2B765E14BD4B6177DB143A6
Authority key identifier: 9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/OKY0X_OgLYwBYsuBLbtGzTqfjj0.roa
Signing time: Tue 02 Jan 2024 06:31:33 +0000
ROA not before: Tue 02 Jan 2024 06:31:33 +0000
ROA not after: Tue 01 Jul 2025 00:00:00 +0000
asID: 34304
IP address blocks: 86.107.57.0/24 maxlen: 24
188.211.164.0/23 maxlen: 23
86.107.63.0/24 maxlen: 24
86.107.60.0/23 maxlen: 23
193.138.192.0/23 maxlen: 23
193.138.194.0/24 maxlen: 24
89.47.0.0/24 maxlen: 24
89.47.14.0/24 maxlen: 24
89.47.12.0/24 maxlen: 24
89.35.224.0/24 maxlen: 24
89.35.229.0/24 maxlen: 24
89.35.232.0/24 maxlen: 24
89.35.236.0/24 maxlen: 24
89.35.234.0/23 maxlen: 23
89.35.238.0/24 maxlen: 24
2a05:8880::/30 maxlen: 30
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:c8:de:cb:bb:a2:b7:65:e1:4b:d4:b6:17:7d:b1:43:a6
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=9c542f5df3c1acb857fd50eeb016eed07385ff8c
Validity
Not Before: Jan 2 06:31:33 2024 GMT
Not After : Jul 1 00:00:00 2025 GMT
Subject: CN=38a6345ff3a02d8c0162cb812dbb46cd3a9f8e3d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:98:cb:48:53:f2:04:04:ef:d7:9f:63:94:88:9e:
5c:4b:d5:44:47:18:f0:25:64:5d:09:63:43:fc:22:
77:dd:7a:9e:39:38:16:50:66:2c:24:68:32:9c:6e:
b9:66:0f:67:ec:4d:1b:25:a8:a7:ed:ea:5c:d4:ae:
57:7a:98:8a:df:04:1a:9e:2d:0d:df:98:fa:15:3e:
23:99:33:3c:ae:2b:75:f4:55:d1:4b:b2:77:8d:d2:
2d:17:99:cc:d4:35:f7:30:eb:39:d3:f7:e4:1f:ee:
a4:53:0e:07:7f:2d:79:67:37:d2:7e:0d:e7:0b:f9:
4f:ab:b1:59:d9:82:55:5f:cf:a9:13:a3:45:5c:5c:
a9:77:03:45:85:ac:f4:85:aa:da:11:63:62:8a:8a:
2c:95:6a:ed:64:e7:8b:39:78:50:75:6b:d9:be:a1:
3d:fb:05:8b:9e:92:74:3d:67:5b:4e:11:3f:ab:d9:
36:94:88:5f:dd:95:0f:3d:0c:14:e0:bc:fc:26:cb:
87:c5:74:3d:8b:72:cf:54:04:e7:35:73:a2:3b:16:
60:41:f0:b8:37:76:ac:75:35:27:32:c5:2e:3f:0c:
d1:fb:37:92:27:d1:92:9b:f8:7f:ac:d7:ee:3a:7b:
17:d7:cf:9c:ed:ed:cd:5e:f9:91:8c:b7:a1:aa:13:
31:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
38:A6:34:5F:F3:A0:2D:8C:01:62:CB:81:2D:BB:46:CD:3A:9F:8E:3D
X509v3 Authority Key Identifier:
keyid:9C:54:2F:5D:F3:C1:AC:B8:57:FD:50:EE:B0:16:EE:D0:73:85:FF:8C
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/nFQvXfPBrLhX_VDusBbu0HOF_4w.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/OKY0X_OgLYwBYsuBLbtGzTqfjj0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/8a/fb791b-8013-458a-9a1e-25dbf43804c5/1/nFQvXfPBrLhX_VDusBbu0HOF_4w.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
86.107.57.0/24
86.107.60.0/23
86.107.63.0/24
89.35.224.0/24
89.35.229.0/24
89.35.232.0/24
89.35.234.0-89.35.236.255
89.35.238.0/24
89.47.0.0/24
89.47.12.0/24
89.47.14.0/24
188.211.164.0/23
193.138.192.0-193.138.194.255
IPv6:
2a05:8880::/30
Signature Algorithm: sha256WithRSAEncryption
28:8e:f3:54:d4:79:b7:04:de:0e:ee:49:ca:6c:ab:d5:b8:e7:
8e:03:8a:dd:55:4f:0f:09:11:f1:4c:b3:79:c4:f5:96:af:33:
12:90:05:06:62:fa:8f:40:72:ca:3e:7e:ec:39:64:a2:34:75:
46:a3:14:98:7e:ab:05:5b:70:40:d2:11:4f:5d:e1:3e:be:8d:
db:e4:5c:a1:d3:e0:04:d8:b2:72:92:84:5b:15:3b:30:0e:f5:
e4:e3:ad:3b:7b:27:20:89:39:59:97:86:2e:b1:f5:33:a8:c9:
06:eb:c9:96:1c:03:bd:54:ef:49:22:6e:a4:93:11:0e:0f:50:
6d:4c:52:d9:33:2c:70:21:f6:e3:a7:b3:cb:19:3f:09:0c:e6:
6e:a9:ad:9f:60:5e:bd:77:e8:da:19:17:28:ef:f1:c9:86:07:
93:89:2b:09:62:ab:de:ea:af:f8:b7:58:1b:21:3f:7f:d4:ce:
20:d1:fd:99:1f:fe:72:d1:63:d1:43:54:5b:86:cb:8c:94:0b:
20:0b:ff:be:e6:10:7a:78:e2:f9:dd:26:99:80:85:8a:fc:62:
2d:d3:d4:21:f6:15:7f:d2:2e:94:1a:4d:9c:a1:04:8f:f9:b0:
52:34:2f:f6:c0:24:c5:d3:58:fe:2c:6a:5f:99:8c:09:10:93:
7f:13:3d:ab
-----BEGIN CERTIFICATE-----
MIIFZTCCBE2gAwIBAgISAYzI3su7ordl4UvUthd9sUOmMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDljNTQyZjVkZjNjMWFjYjg1N2ZkNTBlZWIwMTZlZWQwNzM4
NWZmOGMwHhcNMjQwMTAyMDYzMTMzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzOGE2MzQ1ZmYzYTAyZDhjMDE2MmNiODEyZGJiNDZjZDNhOWY4ZTNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmMtIU/IEBO/Xn2OUiJ5cS9VERxjw
JWRdCWND/CJ33XqeOTgWUGYsJGgynG65Zg9n7E0bJain7epc1K5XepiK3wQani0N
35j6FT4jmTM8rit19FXRS7J3jdItF5nM1DX3MOs50/fkH+6kUw4Hfy15ZzfSfg3n
C/lPq7FZ2YJVX8+pE6NFXFypdwNFhaz0haraEWNiiooslWrtZOeLOXhQdWvZvqE9
+wWLnpJ0PWdbThE/q9k2lIhf3ZUPPQwU4Lz8JsuHxXQ9i3LPVATnNXOiOxZgQfC4
N3asdTUnMsUuPwzR+zeSJ9GSm/h/rNfuOnsX18+c7e3NXvmRjLehqhMxywIDAQAB
o4ICcTCCAm0wHQYDVR0OBBYEFDimNF/zoC2MAWLLgS27Rs06n449MB8GA1UdIwQY
MBaAFJxUL13zway4V/1Q7rAW7tBzhf+MMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUt
MjVkYmY0MzgwNGM1LzEvT0tZMFhfT2dMWXdCWXN1QkxidEd6VHFmamowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84YS9mYjc5MWItODAxMy00NThhLTlhMWUtMjVkYmY0MzgwNGM1
LzEvbkZRdlhmUEJyTGhYX1ZEdXNCYnUwSE9GXzR3LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGGBggrBgEFBQcBBwEB/wR3MHUwZAQCAAEwXgMEAFZrOQME
AVZrPAMEAFZrPwMEAFkj4AMEAFkj5QMEAFkj6DAMAwQBWSPqAwQAWSPsAwQAWSPu
AwQAWS8AAwQAWS8MAwQAWS8OAwQBvNOkMAwDBAbBisADBADBisIwDQQCAAIwBwMF
AioFiIAwDQYJKoZIhvcNAQELBQADggEBACiO81TUebcE3g7uScpsq9W4544Dit1V
Tw8JEfFMs3nE9ZavMxKQBQZi+o9Acso+fuw5ZKI0dUajFJh+qwVbcEDSEU9d4T6+
jdvkXKHT4ATYsnKShFsVOzAO9eTjrTt7JyCJOVmXhi6x9TOoyQbryZYcA71U70ki
bqSTEQ4PUG1MUtkzLHAh9uOns8sZPwkM5m6prZ9gXr136NoZFyjv8cmGB5OJKwli
q97qr/i3WBshP3/UziDR/Zkf/nLRY9FDVFuGy4yUCyAL/77mEHp44vndJpmAhYr8
Yi3T1CH2FX/SLpQaTZyhBI/5sFI0L/bAJMXTWP4sal+ZjAkQk38TPas=
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:22:40 2024 by rpki-client on console-ams.rpki-client.org