Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/dK4Qgr1a4wUouSH5w-yZWw3QspY.roa
File: dK4Qgr1a4wUouSH5w-yZWw3QspY.roa (raw, json)
Hash identifier: lrvt3NNph/G9/Ot3t+T5mtJWd0OL4HL0GOkWVCijkoA=
Subject key identifier: 74:AE:10:82:BD:5A:E3:05:28:B9:21:F9:C3:EC:99:5B:0D:D0:B2:96
Certificate issuer: /CN=4d88eb730ab1a501ea36ea3482d764544e141111
Certificate serial: 01856CCAE0ABC64E4CF76AF7AEB986468377
Authority key identifier: 4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/dK4Qgr1a4wUouSH5w-yZWw3QspY.roa
Signing time: Sun 01 Jan 2023 10:05:13 +0000
ROA not before: Sun 01 Jan 2023 10:05:13 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 32475
IP address blocks: 37.60.224.0/19 maxlen: 24
185.225.236.0/22 maxlen: 24
77.104.128.0/18 maxlen: 24
109.199.96.0/19 maxlen: 24
185.56.84.0/22 maxlen: 24
185.197.129.0/24 maxlen: 24
185.197.130.0/24 maxlen: 24
185.197.128.0/24 maxlen: 24
185.197.131.0/24 maxlen: 24
146.66.64.0/18 maxlen: 24
93.187.136.0/21 maxlen: 24
185.62.236.0/22 maxlen: 24
109.73.224.0/20 maxlen: 24
2a04:f280::/40 maxlen: 64
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6c:ca:e0:ab:c6:4e:4c:f7:6a:f7:ae:b9:86:46:83:77
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=4d88eb730ab1a501ea36ea3482d764544e141111
Validity
Not Before: Jan 1 10:05:13 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=74ae1082bd5ae30528b921f9c3ec995b0dd0b296
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a9:c5:67:71:db:26:93:95:ed:a6:b2:9d:8a:df:
bf:13:c2:d2:d2:11:09:58:4d:e7:23:88:82:09:03:
1b:48:71:cd:52:56:f9:41:0f:ec:41:f7:0f:f9:2b:
aa:98:3c:00:c7:d8:94:28:17:9f:14:71:e6:a6:ad:
7e:9c:4c:ad:67:aa:b3:ff:3c:20:ff:be:d1:8b:3d:
59:7b:29:17:75:fe:44:54:de:19:d7:2d:4b:77:20:
77:f2:4a:f2:f5:f6:2c:94:3b:09:dd:e5:71:2d:ea:
9b:ca:32:1a:f0:8a:fc:97:3f:8e:e8:7f:cf:78:60:
93:4a:ea:cc:49:17:b1:8c:0c:46:19:e0:bf:8c:66:
d0:6a:4b:fe:20:ed:69:be:16:88:e6:4e:3f:af:80:
38:c6:3b:2c:c9:4d:d1:90:7e:f3:f4:99:5e:e3:83:
40:11:5b:d0:b6:73:eb:58:3e:e5:6f:cc:42:bf:a2:
71:9b:f8:96:07:74:75:ed:ca:7a:3d:e1:34:6f:e1:
c7:93:d3:cd:e7:e5:c9:f1:ab:78:07:37:4a:d7:66:
4b:bf:70:8e:2e:5c:ad:cd:ea:91:6f:0e:a5:2f:ce:
ea:8f:21:8a:82:de:d0:8b:c1:01:51:be:0e:a3:17:
f2:cf:5f:9c:ec:34:e7:ed:16:34:96:07:64:a4:df:
bd:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
74:AE:10:82:BD:5A:E3:05:28:B9:21:F9:C3:EC:99:5B:0D:D0:B2:96
X509v3 Authority Key Identifier:
keyid:4D:88:EB:73:0A:B1:A5:01:EA:36:EA:34:82:D7:64:54:4E:14:11:11
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/TYjrcwqxpQHqNuo0gtdkVE4UERE.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/dK4Qgr1a4wUouSH5w-yZWw3QspY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/6a/c493ee-f66e-4208-a31d-726f83d23892/1/TYjrcwqxpQHqNuo0gtdkVE4UERE.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
37.60.224.0/19
77.104.128.0/18
93.187.136.0/21
109.73.224.0/20
109.199.96.0/19
146.66.64.0/18
185.56.84.0/22
185.62.236.0/22
185.197.128.0/22
185.225.236.0/22
IPv6:
2a04:f280::/40
Signature Algorithm: sha256WithRSAEncryption
41:d1:2a:80:57:b1:4a:06:1a:1d:dc:27:09:fa:25:aa:0f:80:
6f:5a:f0:82:ef:73:bc:42:9a:9e:0b:e8:83:01:db:35:95:88:
a9:64:11:99:a0:2c:22:03:a8:cb:15:a4:05:4c:52:fa:df:c9:
a4:e6:39:79:55:7c:0f:c5:0b:1e:c1:0b:8d:1a:6e:1d:18:9b:
43:b6:e0:89:05:3e:24:98:00:c2:15:a4:d3:97:e2:29:1a:ac:
fe:98:95:d4:64:5a:7a:9b:88:cf:88:f5:73:c3:32:eb:8f:46:
d8:c7:30:2d:8e:e7:e5:ab:c9:c8:b2:e7:dd:b0:b6:43:cd:67:
6d:1e:d5:d0:1d:7c:93:13:f4:5a:0a:6f:b9:8f:9b:a2:2c:82:
23:f8:a2:c7:fd:63:0e:c4:14:91:24:03:8a:87:49:ab:53:62:
f2:a9:96:7b:d5:d5:85:a2:c9:3c:21:32:85:8f:aa:90:68:12:
c1:e7:be:79:a9:0a:c0:56:cb:c5:90:a2:6c:a2:05:7f:75:9e:
9c:70:d2:27:0d:5e:b5:d9:20:d4:6f:98:d5:25:f9:0b:d3:f4:
84:b7:4b:14:40:ff:e1:d4:d8:53:b3:c4:29:9f:04:dd:48:9b:
3b:00:ca:57:55:ce:f6:28:49:8a:e6:05:c0:fc:5e:90:3d:52:
ab:29:5d:ee
-----BEGIN CERTIFICATE-----
MIIFQzCCBCugAwIBAgISAYVsyuCrxk5M92r3rrmGRoN3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRkODhlYjczMGFiMWE1MDFlYTM2ZWEzNDgyZDc2NDU0NGUx
NDExMTEwHhcNMjMwMTAxMTAwNTEzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg3NGFlMTA4MmJkNWFlMzA1MjhiOTIxZjljM2VjOTk1YjBkZDBiMjk2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqcVncdsmk5XtprKdit+/E8LS0hEJ
WE3nI4iCCQMbSHHNUlb5QQ/sQfcP+SuqmDwAx9iUKBefFHHmpq1+nEytZ6qz/zwg
/77Riz1ZeykXdf5EVN4Z1y1LdyB38kry9fYslDsJ3eVxLeqbyjIa8Ir8lz+O6H/P
eGCTSurMSRexjAxGGeC/jGbQakv+IO1pvhaI5k4/r4A4xjssyU3RkH7z9Jle44NA
EVvQtnPrWD7lb8xCv6Jxm/iWB3R17cp6PeE0b+HHk9PN5+XJ8at4BzdK12ZLv3CO
LlytzeqRbw6lL87qjyGKgt7Qi8EBUb4Ooxfyz1+c7DTn7RY0lgdkpN+90wIDAQAB
o4ICTzCCAkswHQYDVR0OBBYEFHSuEIK9WuMFKLkh+cPsmVsN0LKWMB8GA1UdIwQY
MBaAFE2I63MKsaUB6jbqNILXZFROFBERMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQt
NzI2ZjgzZDIzODkyLzEvZEs0UWdyMWE0d1VvdVNINXcteVpXdzNRc3BZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC82YS9jNDkzZWUtZjY2ZS00MjA4LWEzMWQtNzI2ZjgzZDIzODky
LzEvVFlqcmN3cXhwUUhxTnVvMGd0ZGtWRTRVRVJFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGUGCCsGAQUFBwEHAQH/BFYwVDBCBAIAATA8AwQFJTzgAwQG
TWiAAwQDXbuIAwQEbUngAwQFbcdgAwQGkkJAAwQCuThUAwQCuT7sAwQCucWAAwQC
ueHsMA4EAgACMAgDBgAqBPKAADANBgkqhkiG9w0BAQsFAAOCAQEAQdEqgFexSgYa
HdwnCfolqg+Ab1rwgu9zvEKangvogwHbNZWIqWQRmaAsIgOoyxWkBUxS+t/JpOY5
eVV8D8ULHsELjRpuHRibQ7bgiQU+JJgAwhWk05fiKRqs/piV1GRaepuIz4j1c8My
649G2McwLY7n5avJyLLn3bC2Q81nbR7V0B18kxP0WgpvuY+boiyCI/iix/1jDsQU
kSQDiodJq1Ni8qmWe9XVhaLJPCEyhY+qkGgSwee+eakKwFbLxZCibKIFf3WenHDS
Jw1etdkg1G+Y1SX5C9P0hLdLFED/4dTYU7PEKZ8E3UibOwDKV1XO9ihJiuYFwPxe
kD1Sqyld7g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 17:33:48 2024 by rpki-client on console-fra.rpki-client.org