Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/2RDYDceAh9vXvfvXRZI6-OyrEzc.roa
File: 2RDYDceAh9vXvfvXRZI6-OyrEzc.roa (raw, json)
Hash identifier: wR5ydwFZFeaAraqq8dPOTOz9571Ib7Y3gwWaC4i52m0=
Subject key identifier: D9:10:D8:0D:C7:80:87:DB:D7:BD:FB:D7:45:92:3A:F8:EC:AB:13:37
Certificate issuer: /CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Certificate serial: 0185714C0DB3C8D32BEF82C600B7C29BC1ED
Authority key identifier: 35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/2RDYDceAh9vXvfvXRZI6-OyrEzc.roa
Signing time: Mon 02 Jan 2023 07:04:47 +0000
ROA not before: Mon 02 Jan 2023 07:04:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 47223
IP address blocks: 94.240.52.0/22 maxlen: 22
94.240.63.0/24 maxlen: 24
94.240.62.0/23 maxlen: 23
91.106.30.0/23 maxlen: 23
91.106.26.0/23 maxlen: 23
94.240.23.0/24 maxlen: 24
185.139.16.0/22 maxlen: 22
94.240.32.0/21 maxlen: 21
94.240.40.0/24 maxlen: 24
94.240.42.0/24 maxlen: 24
94.240.44.0/22 maxlen: 22
94.240.46.0/24 maxlen: 24
94.240.48.0/22 maxlen: 22
94.240.48.0/24 maxlen: 24
94.240.48.0/21 maxlen: 21
91.106.24.0/23 maxlen: 23
194.152.46.0/23 maxlen: 23
2a01:6e80::/32 maxlen: 32
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:71:4c:0d:b3:c8:d3:2b:ef:82:c6:00:b7:c2:9b:c1:ed
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=351a2fd6f5e5af87d5cea095066fbcc3d3e546a4
Validity
Not Before: Jan 2 07:04:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d910d80dc78087dbd7bdfbd745923af8ecab1337
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:96:7a:62:89:3c:21:29:b7:bd:66:09:8a:79:78:
d5:de:e9:7e:4d:6d:9f:40:7c:c7:49:30:24:18:aa:
70:18:95:f8:1f:bd:25:bf:23:fb:c5:5b:6d:26:eb:
9e:a5:0d:64:cf:d6:f7:97:21:fc:db:0d:14:13:d3:
89:6d:17:f4:3d:ad:79:6b:9d:f9:16:ef:be:27:2d:
b4:7c:f9:75:00:89:91:04:c3:88:89:1e:4b:35:26:
7b:02:7b:d9:6c:5f:6e:fc:c5:f2:5f:ac:1b:48:29:
eb:1a:c1:ff:25:64:d4:df:d4:aa:07:69:98:07:88:
9e:4f:df:8b:94:20:18:8e:8f:b4:d3:99:19:43:9c:
95:9e:a7:58:2c:32:76:35:e5:49:59:e8:36:78:4c:
97:44:cb:13:7f:53:a4:1b:d4:71:bf:b1:29:5a:18:
2b:57:5a:86:5f:d5:06:83:eb:b0:1d:2d:54:96:7b:
b3:0f:66:8f:38:97:25:31:eb:19:a6:47:c3:07:3a:
0a:51:cb:22:f0:de:63:b8:26:f7:81:1f:d8:c0:51:
9c:00:f6:58:40:03:f8:f8:eb:f7:15:32:2e:7f:ba:
ae:ff:5d:e1:b2:57:7b:f9:90:73:c3:1c:2a:99:09:
44:03:a4:20:34:e3:1a:56:ed:58:52:45:4f:28:a2:
3b:6f
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D9:10:D8:0D:C7:80:87:DB:D7:BD:FB:D7:45:92:3A:F8:EC:AB:13:37
X509v3 Authority Key Identifier:
keyid:35:1A:2F:D6:F5:E5:AF:87:D5:CE:A0:95:06:6F:BC:C3:D3:E5:46:A4
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/NRov1vXlr4fVzqCVBm-8w9PlRqQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/2RDYDceAh9vXvfvXRZI6-OyrEzc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/b1/cdddd5-817a-4113-8b82-23049e4d2f12/1/NRov1vXlr4fVzqCVBm-8w9PlRqQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.106.24.0/22
91.106.30.0/23
94.240.23.0/24
94.240.32.0-94.240.40.255
94.240.42.0/24
94.240.44.0-94.240.55.255
94.240.62.0/23
185.139.16.0/22
194.152.46.0/23
IPv6:
2a01:6e80::/32
Signature Algorithm: sha256WithRSAEncryption
37:2f:0a:e5:a5:98:bf:41:74:ee:8a:a3:a3:d4:4b:cd:8c:86:
15:26:6a:dd:a5:2c:7b:59:42:43:7e:f8:ba:05:3f:86:92:85:
b6:0a:f6:6c:22:af:43:8a:19:ed:89:c4:e6:f5:39:ff:1b:8d:
d1:5c:95:2b:dd:b6:9e:61:a5:5a:b7:ca:6c:bc:26:4f:89:c9:
a8:80:51:9d:6d:9b:4e:cd:54:4c:01:93:6e:53:b2:0d:35:69:
82:cd:55:4f:f6:7c:65:2f:38:0b:df:07:ab:4d:11:c3:48:80:
62:4a:ff:cd:d3:6c:6c:75:15:fb:cb:53:49:f0:4f:e4:f9:36:
a5:e6:e5:17:0c:5a:3e:44:8d:6a:35:5a:0b:d1:fc:52:9e:bd:
ba:ec:c4:61:5b:7e:d5:2a:2b:6e:cd:08:95:7d:07:16:76:75:
8b:ee:42:de:6e:88:3d:e1:f4:6d:5b:2d:41:b4:51:ba:bb:1b:
89:a8:02:74:52:75:4e:52:20:b0:c0:8d:8b:ab:c8:11:3d:7e:
bf:27:88:a3:13:31:5b:4a:6f:ff:8f:77:00:c8:ce:f9:b9:ec:
1d:d0:a1:a9:de:92:07:4a:6c:63:06:93:34:04:7d:5f:c1:fd:
7c:0f:bb:64:12:23:f0:46:84:6f:62:dc:bd:76:e3:15:e1:ec:
19:e4:5b:04
-----BEGIN CERTIFICATE-----
MIIFTDCCBDSgAwIBAgISAYVxTA2zyNMr74LGALfCm8HtMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDM1MWEyZmQ2ZjVlNWFmODdkNWNlYTA5NTA2NmZiY2MzZDNl
NTQ2YTQwHhcNMjMwMTAyMDcwNDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkOTEwZDgwZGM3ODA4N2RiZDdiZGZiZDc0NTkyM2FmOGVjYWIxMzM3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlnpiiTwhKbe9ZgmKeXjV3ul+TW2f
QHzHSTAkGKpwGJX4H70lvyP7xVttJuuepQ1kz9b3lyH82w0UE9OJbRf0Pa15a535
Fu++Jy20fPl1AImRBMOIiR5LNSZ7AnvZbF9u/MXyX6wbSCnrGsH/JWTU39SqB2mY
B4ieT9+LlCAYjo+005kZQ5yVnqdYLDJ2NeVJWeg2eEyXRMsTf1OkG9Rxv7EpWhgr
V1qGX9UGg+uwHS1UlnuzD2aPOJclMesZpkfDBzoKUcsi8N5juCb3gR/YwFGcAPZY
QAP4+Ov3FTIuf7qu/13hsld7+ZBzwxwqmQlEA6QgNOMaVu1YUkVPKKI7bwIDAQAB
o4ICWDCCAlQwHQYDVR0OBBYEFNkQ2A3HgIfb173710WSOvjsqxM3MB8GA1UdIwQY
MBaAFDUaL9b15a+H1c6glQZvvMPT5UakMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODIt
MjMwNDllNGQyZjEyLzEvMlJEWURjZUFoOXZYdmZ2WFJaSTYtT3lyRXpjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMS9jZGRkZDUtODE3YS00MTEzLThiODItMjMwNDllNGQyZjEy
LzEvTlJvdjF2WGxyNGZWenFDVkJtLTh3OVBsUnFRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMG4GCCsGAQUFBwEHAQH/BF8wXTBMBAIAATBGAwQCW2oYAwQB
W2oeAwQAXvAXMAwDBAVe8CADBABe8CgDBABe8CowDAMEAl7wLAMEA17wMAMEAV7w
PgMEArmLEAMEAcKYLjANBAIAAjAHAwUAKgFugDANBgkqhkiG9w0BAQsFAAOCAQEA
Ny8K5aWYv0F07oqjo9RLzYyGFSZq3aUse1lCQ374ugU/hpKFtgr2bCKvQ4oZ7YnE
5vU5/xuN0VyVK922nmGlWrfKbLwmT4nJqIBRnW2bTs1UTAGTblOyDTVpgs1VT/Z8
ZS84C98Hq00Rw0iAYkr/zdNsbHUV+8tTSfBP5Pk2peblFwxaPkSNajVaC9H8Up69
uuzEYVt+1Sorbs0IlX0HFnZ1i+5C3m6IPeH0bVstQbRRursbiagCdFJ1TlIgsMCN
i6vIET1+vyeIoxMxW0pv/493AMjO+bnsHdChqd6SB0psYwaTNAR9X8H9fA+7ZBIj
8EaEb2LcvXbjFeHsGeRbBA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:50:18 2024 by rpki-client on console-fra.rpki-client.org