Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/yH8mfUjxn7L2HmqcOlEVx79sLpc.roa
File: yH8mfUjxn7L2HmqcOlEVx79sLpc.roa (raw, json)
Hash identifier: j22KAK2YZITjkj/9S8kg9rWc3Z3Gh0zuJNl9z6xQO/s=
Subject key identifier: C8:7F:26:7D:48:F1:9F:B2:F6:1E:6A:9C:3A:51:15:C7:BF:6C:2E:97
Certificate issuer: /CN=ceb86983547113359bade1f3f38104091e3a6439
Certificate serial: 0186C1812B93B54EE590FABE1A0FAA5359B9
Authority key identifier: CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/yH8mfUjxn7L2HmqcOlEVx79sLpc.roa
Signing time: Wed 08 Mar 2023 13:55:13 +0000
ROA not before: Wed 08 Mar 2023 13:55:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 8612
IP address blocks: 84.220.0.0/14 maxlen: 24
195.130.224.0/19 maxlen: 19
193.43.3.180/30 maxlen: 30
213.205.0.0/18 maxlen: 18
193.43.3.192/26 maxlen: 26
193.43.2.0/24 maxlen: 24
82.85.26.128/26 maxlen: 26
94.38.0.0/15 maxlen: 15
82.85.53.64/26 maxlen: 26
82.85.53.0/26 maxlen: 26
82.84.0.0/15 maxlen: 24
193.207.24.0/21 maxlen: 24
62.10.0.0/15 maxlen: 24
217.133.0.0/16 maxlen: 16
193.207.32.0/19 maxlen: 24
217.73.208.0/20 maxlen: 20
94.32.0.0/13 maxlen: 24
193.207.96.0/20 maxlen: 21
193.43.3.184/29 maxlen: 29
212.123.64.0/19 maxlen: 19
94.199.8.0/24 maxlen: 24
193.207.128.0/17 maxlen: 22
193.207.64.0/18 maxlen: 24
94.32.0.0/14 maxlen: 14
94.36.0.0/14 maxlen: 14
213.205.0.251/32 maxlen: 32
217.133.170.0/24 maxlen: 24
2a01:7d0:4800:1::/64 maxlen: 64
2a01:7d0::/32 maxlen: 32
2a01:7d0:4811::/64 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:86:c1:81:2b:93:b5:4e:e5:90:fa:be:1a:0f:aa:53:59:b9
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=ceb86983547113359bade1f3f38104091e3a6439
Validity
Not Before: Mar 8 13:55:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=c87f267d48f19fb2f61e6a9c3a5115c7bf6c2e97
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9b:af:93:9b:ec:d2:c3:b2:fa:5a:dd:cc:fc:54:
f7:60:b4:d5:40:c2:41:a1:e8:e1:14:d7:36:60:af:
3c:e4:41:77:00:5f:72:00:9e:77:8f:3b:34:de:d8:
81:52:7d:31:b3:92:e7:36:10:cc:63:f9:b3:23:76:
8e:5d:e2:54:c2:66:82:93:8c:e0:f2:b4:45:b9:57:
8b:03:27:45:51:0c:6f:a4:0e:69:47:4b:83:f8:a1:
47:31:e0:45:27:00:6a:8c:1e:ce:18:5e:71:b4:fd:
33:a1:7f:38:2f:af:ab:95:c5:ce:7e:ba:b4:36:d2:
79:79:8c:18:98:80:2d:d2:06:ed:83:19:3c:58:c1:
11:9b:80:b8:d8:0d:b3:3a:e2:0c:86:32:80:96:1e:
64:2a:5c:8b:af:66:b9:ad:78:ff:17:cf:58:27:75:
99:a5:92:c3:93:b5:e6:be:3f:15:77:cf:99:24:66:
0e:8a:fb:eb:f9:dd:a6:69:df:9b:46:02:5c:c3:dd:
ba:df:4c:7a:64:10:40:65:55:14:58:32:18:40:45:
0a:61:3e:d4:e7:45:f6:a5:6c:47:ce:2f:3a:63:a3:
1b:a6:05:d9:33:70:0a:9f:a1:9b:ad:e3:35:6e:07:
5f:07:06:06:aa:0e:52:df:a0:45:08:6f:f3:1a:c0:
61:51
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
C8:7F:26:7D:48:F1:9F:B2:F6:1E:6A:9C:3A:51:15:C7:BF:6C:2E:97
X509v3 Authority Key Identifier:
keyid:CE:B8:69:83:54:71:13:35:9B:AD:E1:F3:F3:81:04:09:1E:3A:64:39
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/zrhpg1RxEzWbreHz84EECR46ZDk.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/yH8mfUjxn7L2HmqcOlEVx79sLpc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/51/f3539d-38cd-465e-a57d-dee2f650dd86/1/zrhpg1RxEzWbreHz84EECR46ZDk.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.10.0.0/15
82.84.0.0/15
84.220.0.0/14
94.32.0.0/13
94.199.8.0/24
193.43.2.0/24
193.43.3.180-193.43.3.255
193.207.24.0-193.207.255.255
195.130.224.0/19
212.123.64.0/19
213.205.0.0/18
217.73.208.0/20
217.133.0.0/16
IPv6:
2a01:7d0::/32
Signature Algorithm: sha256WithRSAEncryption
86:c2:64:18:5a:ac:ff:90:d0:a8:61:53:cf:d2:3c:8f:9c:94:
1b:09:f3:88:81:41:1f:5c:d1:70:01:c0:87:e2:ef:37:cb:96:
9b:2b:e9:56:bf:88:f3:83:5d:5f:7a:d0:93:6a:45:21:de:fd:
fd:d7:be:5e:d9:fe:94:e9:98:74:75:01:17:de:f7:07:d2:24:
7d:a5:7e:c3:da:65:5b:0b:ae:54:c4:7f:82:57:7c:6b:af:16:
df:30:d9:0b:ee:f9:04:ad:2f:ee:a3:eb:35:d6:c1:60:fd:55:
af:66:c0:e2:8f:19:bc:67:54:d0:2a:56:a5:9c:37:bc:a8:3c:
9d:ec:88:6b:71:61:7d:d1:1c:b6:eb:9a:57:bb:a4:86:6e:4b:
35:8e:2f:ad:40:da:dd:a6:9e:33:9d:bf:cf:24:2d:10:bc:bd:
76:83:55:78:59:a2:0d:2b:6c:e2:4d:c9:e9:e0:73:aa:ec:d6:
ba:00:b3:d1:28:c8:ff:52:24:1c:54:25:5d:8a:1b:35:a7:fe:
b5:6c:a1:95:f0:27:c1:aa:6f:dc:a6:58:8e:8c:fe:ac:24:8f:
3d:41:6a:bb:e7:cb:08:ea:4e:ec:ba:2d:40:0d:5a:42:b8:9b:
1a:ac:4e:af:d2:2e:22:ca:8b:51:6c:9d:a8:0e:a2:ce:ea:8b:
58:55:e0:0b
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAYbBgSuTtU7lkPq+Gg+qU1m5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGNlYjg2OTgzNTQ3MTEzMzU5YmFkZTFmM2YzODEwNDA5MWUz
YTY0MzkwHhcNMjMwMzA4MTM1NTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjODdmMjY3ZDQ4ZjE5ZmIyZjYxZTZhOWMzYTUxMTVjN2JmNmMyZTk3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAm6+Tm+zSw7L6Wt3M/FT3YLTVQMJB
oejhFNc2YK885EF3AF9yAJ53jzs03tiBUn0xs5LnNhDMY/mzI3aOXeJUwmaCk4zg
8rRFuVeLAydFUQxvpA5pR0uD+KFHMeBFJwBqjB7OGF5xtP0zoX84L6+rlcXOfrq0
NtJ5eYwYmIAt0gbtgxk8WMERm4C42A2zOuIMhjKAlh5kKlyLr2a5rXj/F89YJ3WZ
pZLDk7Xmvj8Vd8+ZJGYOivvr+d2mad+bRgJcw92630x6ZBBAZVUUWDIYQEUKYT7U
50X2pWxHzi86Y6MbpgXZM3AKn6GbreM1bgdfBwYGqg5S36BFCG/zGsBhUQIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFMh/Jn1I8Z+y9h5qnDpRFce/bC6XMB8GA1UdIwQY
MBaAFM64aYNUcRM1m63h8/OBBAkeOmQ5MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2Qt
ZGVlMmY2NTBkZDg2LzEveUg4bWZVanhuN0wySG1xY09sRVZ4NzlzTHBjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS9mMzUzOWQtMzhjZC00NjVlLWE1N2QtZGVlMmY2NTBkZDg2
LzEvenJocGcxUnhFeldicmVIejg0RUVDUjQ2WkRrLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwXwQCAAEwWQMDAT4KAwMB
UlQDAwJU3AMDA14gAwQAXscIAwQAwSsCMA0DBQLBKwO0AwQCwSsAMAsDBAPBzxgD
AwTBwAMEBcOC4AMEBdR7QAMEBtXNAAMEBNlJ0AMDANmFMA0EAgACMAcDBQAqAQfQ
MA0GCSqGSIb3DQEBCwUAA4IBAQCGwmQYWqz/kNCoYVPP0jyPnJQbCfOIgUEfXNFw
AcCH4u83y5abK+lWv4jzg11fetCTakUh3v39175e2f6U6Zh0dQEX3vcH0iR9pX7D
2mVbC65UxH+CV3xrrxbfMNkL7vkErS/uo+s11sFg/VWvZsDijxm8Z1TQKlalnDe8
qDyd7IhrcWF90Ry265pXu6SGbks1ji+tQNrdpp4znb/PJC0QvL12g1V4WaINK2zi
Tcnp4HOq7Na6ALPRKMj/UiQcVCVdihs1p/61bKGV8CfBqm/cpliOjP6sJI89QWq7
58sI6k7sui1ADVpCuJsarE6v0i4iyotRbJ2oDqLO6otYVeAL
-----END CERTIFICATE-----
Generated at Wed Jul 19 23:48:23 2023 by rpki-client on console-fra.rpki-client.org