Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/SuuKAF17hC84WGIH8503GEKxo4s.roa
File: SuuKAF17hC84WGIH8503GEKxo4s.roa (raw, json)
Hash identifier: gJEgLCEBn0eNMwzUCbEsufzgASoMC/puHZDvZDFxsIk=
Subject key identifier: 4A:EB:8A:00:5D:7B:84:2F:38:58:62:07:F3:9D:37:18:42:B1:A3:8B
Certificate issuer: /CN=ceb86983547113359bade1f3f38104091e3a6439
Certificate serial: 01856C25B33C583524B42E481DF3C253F7CA
Authority key identifier: CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/SuuKAF17hC84WGIH8503GEKxo4s.roa
Signing time: Sun 01 Jan 2023 07:04:48 +0000
ROA not before: Sun 01 Jan 2023 07:04:48 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8612
IP address blocks: 84.220.0.0/14 maxlen: 24
195.130.224.0/19 maxlen: 19
193.43.3.180/30 maxlen: 30
213.205.0.0/18 maxlen: 18
193.43.3.192/26 maxlen: 26
193.43.2.0/24 maxlen: 24
82.85.26.128/26 maxlen: 26
82.85.53.64/26 maxlen: 26
82.85.53.0/26 maxlen: 26
82.84.0.0/15 maxlen: 24
193.207.24.0/21 maxlen: 24
62.10.0.0/15 maxlen: 24
217.133.0.0/16 maxlen: 16
193.207.32.0/19 maxlen: 24
217.73.208.0/20 maxlen: 20
94.32.0.0/13 maxlen: 24
193.207.96.0/20 maxlen: 21
193.43.3.184/29 maxlen: 29
212.123.64.0/19 maxlen: 19
94.199.8.0/24 maxlen: 24
193.207.128.0/17 maxlen: 22
193.207.64.0/18 maxlen: 24
94.32.0.0/14 maxlen: 14
94.36.0.0/14 maxlen: 14
213.205.0.251/32 maxlen: 32
217.133.170.0/24 maxlen: 24
2a01:7d0:4800:1::/64 maxlen: 64
2a01:7d0::/32 maxlen: 32
2a01:7d0:4811::/64 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:25:b3:3c:58:35:24:b4:2e:48:1d:f3:c2:53:f7:ca
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ceb86983547113359bade1f3f38104091e3a6439
Validity
Not Before: Jan 1 07:04:48 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4aeb8a005d7b842f38586207f39d371842b1a38b
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:80:97:21:b5:95:1b:df:43:d3:13:8b:7f:f1:44:
da:f3:2c:0e:14:74:bf:ef:75:59:a9:36:23:2a:7a:
04:91:c1:af:2e:3b:4d:b8:79:7f:78:4b:f9:43:29:
97:b9:40:cb:59:ae:5b:f7:71:94:dc:73:30:ae:32:
f3:44:a5:86:de:25:3d:70:56:85:d8:e5:86:f0:cf:
ab:d9:51:b5:3e:12:ef:bf:9c:e7:d2:56:34:42:3f:
e5:37:dc:69:37:dd:85:31:77:02:bd:60:26:a0:70:
eb:d1:77:8a:15:c8:f6:e6:f6:1d:72:b7:dd:ed:06:
57:ea:36:0c:ee:0e:e5:b0:41:a5:a3:b8:e8:00:b0:
24:f4:d0:e1:14:c4:bf:13:8b:d0:05:65:29:40:c1:
b5:01:fa:09:53:45:c3:ee:ba:8e:e5:f7:65:2f:df:
14:e8:9c:2f:7b:f8:c3:ca:02:1b:e0:57:6f:ab:2e:
32:25:23:46:50:83:a0:d6:4f:69:ee:72:ee:be:64:
dd:53:25:70:f5:50:56:65:22:97:59:05:12:fc:fc:
38:77:e3:3f:35:e2:3b:bf:e6:fa:1d:85:5b:4a:b7:
13:35:64:7e:4c:41:00:7d:f4:a3:88:f2:e5:c3:c6:
c0:53:ff:6a:e9:b0:a5:12:9f:da:1c:ed:d5:33:7a:
0a:e1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4A:EB:8A:00:5D:7B:84:2F:38:58:62:07:F3:9D:37:18:42:B1:A3:8B
X509v3 Authority Key Identifier:
keyid:CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/SuuKAF17hC84WGIH8503GEKxo4s.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.10.0.0/15
82.84.0.0/15
84.220.0.0/14
94.32.0.0/13
94.199.8.0/24
193.43.2.0/24
193.43.3.180-193.43.3.255
193.207.24.0-193.207.255.255
195.130.224.0/19
212.123.64.0/19
213.205.0.0/18
217.73.208.0/20
217.133.0.0/16
IPv6:
2a01:7d0::/32
Signature Algorithm: sha256WithRSAEncryption
04:67:02:70:ca:ae:a2:4f:f4:09:a2:b3:79:56:78:e8:de:2e:
a7:29:9a:9d:cc:c5:9b:4c:4c:bb:36:92:64:7a:22:28:aa:34:
72:ea:c4:60:6f:68:39:5b:44:33:a0:94:95:d2:b8:e9:14:ce:
e3:6f:d9:f9:7f:b5:2b:72:cd:3d:8a:af:d4:78:07:d9:55:64:
91:03:06:95:e9:8b:66:4c:73:cb:51:b7:eb:b8:5b:07:5e:71:
25:b4:1f:0e:92:78:0b:c3:12:2a:73:72:00:75:e7:19:d7:46:
6e:13:17:14:3c:7b:75:3e:59:ed:37:1a:35:9f:63:fe:93:6e:
25:ac:61:9e:27:08:2c:ee:df:b5:a5:88:a7:28:cd:5e:12:2b:
08:16:28:99:b2:a3:57:8e:1a:41:1b:e7:6f:d7:59:90:c0:32:
84:12:a7:b8:ca:d6:5f:f5:a0:fd:a7:87:c5:ed:7c:c5:25:cf:
3c:ec:06:3c:a5:b7:43:bd:43:8d:4a:13:04:65:64:f0:60:6e:
69:96:3f:26:b2:6d:27:4d:3d:aa:ff:0d:8a:44:8d:91:da:32:
a2:fd:48:60:09:26:5e:bc:91:8e:d9:81:8a:8e:cd:83:a7:ba:
10:a3:f0:38:6c:af:07:a0:36:54:42:45:2c:18:93:4e:14:fe:
e9:06:97:fd
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAYVsJbM8WDUktC5IHfPCU/fKMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYjg2OTgzNTQ3MTEzMzU5YmFkZTFmM2YzODEwNDA5MWUz
YTY0MzkwHhcNMjMwMTAxMDcwNDQ4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0YWViOGEwMDVkN2I4NDJmMzg1ODYyMDdmMzlkMzcxODQyYjFhMzhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgJchtZUb30PTE4t/8UTa8ywOFHS/
73VZqTYjKnoEkcGvLjtNuHl/eEv5QymXuUDLWa5b93GU3HMwrjLzRKWG3iU9cFaF
2OWG8M+r2VG1PhLvv5zn0lY0Qj/lN9xpN92FMXcCvWAmoHDr0XeKFcj25vYdcrfd
7QZX6jYM7g7lsEGlo7joALAk9NDhFMS/E4vQBWUpQMG1AfoJU0XD7rqO5fdlL98U
6Jwve/jDygIb4Fdvqy4yJSNGUIOg1k9p7nLuvmTdUyVw9VBWZSKXWQUS/Pw4d+M/
NeI7v+b6HYVbSrcTNWR+TEEAffSjiPLlw8bAU/9q6bClEp/aHO3VM3oK4QIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFErrigBde4QvOFhiB/OdNxhCsaOLMB8GA1UdIwQY
MBaAFM64aYNUcRM1m63h8/OBBAkeOmQ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2Qt
ZGVlMmY2NTBkZDg2LzEvU3V1S0FGMTdoQzg0V0dJSDg1MDNHRUt4bzRzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2QtZGVlMmY2NTBkZDg2
LzEvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwXwQCAAEwWQMDAT4KAwMB
UlQDAwJU3AMDA14gAwQAXscIAwQAwSsCMA0DBQLBKwO0AwQCwSsAMAsDBAPBzxgD
AwTBwAMEBcOC4AMEBdR7QAMEBtXNAAMEBNlJ0AMDANmFMA0EAgACMAcDBQAqAQfQ
MA0GCSqGSIb3DQEBCwUAA4IBAQAEZwJwyq6iT/QJorN5Vnjo3i6nKZqdzMWbTEy7
NpJkeiIoqjRy6sRgb2g5W0QzoJSV0rjpFM7jb9n5f7Urcs09iq/UeAfZVWSRAwaV
6YtmTHPLUbfruFsHXnEltB8OkngLwxIqc3IAdecZ10ZuExcUPHt1PlntNxo1n2P+
k24lrGGeJwgs7t+1pYinKM1eEisIFiiZsqNXjhpBG+dv11mQwDKEEqe4ytZf9aD9
p4fF7XzFJc887AY8pbdDvUONShMEZWTwYG5plj8msm0nTT2q/w2KRI2R2jKi/Uhg
CSZevJGO2YGKjs2Dp7oQo/A4bK8HoDZUQkUsGJNOFP7pBpf9
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:52:07 2023 by rpki-client on console-ams.rpki-client.org