Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ac/51f9a1-4368-4568-b029-dd22530e15a4/1/Z84WVlZf6jAmKbXfdj7kyO4Stj0.roa
File: Z84WVlZf6jAmKbXfdj7kyO4Stj0.roa (raw, json)
Hash identifier: PG7qkPJEjmyw/hcwZFUE2P3ucxwuWY8Zlq9Ww1EcX6E=
Subject key identifier: 67:CE:16:56:56:5F:EA:30:26:29:B5:DF:76:3E:E4:C8:EE:12:B6:3D
Certificate issuer: /CN=3f230752f3ba0026fbb20c5e4c963b1129ac9d34
Certificate serial: 01856E78C7E096EE3CC7A62F975CC14096DD
Authority key identifier: 3F:23:07:52:F3:BA:00:26:FB:B2:0C:5E:4C:96:3B:11:29:AC:9D:34
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/PyMHUvO6ACb7sgxeTJY7ESmsnTQ.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ac/51f9a1-4368-4568-b029-dd22530e15a4/1/Z84WVlZf6jAmKbXfdj7kyO4Stj0.roa
Signing time: Sun 01 Jan 2023 17:54:47 +0000
ROA not before: Sun 01 Jan 2023 17:54:47 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 39305
IP address blocks: 193.57.227.0/24 maxlen: 24
185.151.214.0/23 maxlen: 24
91.211.64.0/22 maxlen: 22
45.84.52.0/22 maxlen: 22
185.88.9.0/24 maxlen: 24
62.106.73.0/24 maxlen: 24
193.57.226.0/24 maxlen: 24
2a0e:9780::/29 maxlen: 29
2a0c:7140::/29 maxlen: 29
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6e:78:c7:e0:96:ee:3c:c7:a6:2f:97:5c:c1:40:96:dd
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=3f230752f3ba0026fbb20c5e4c963b1129ac9d34
Validity
Not Before: Jan 1 17:54:47 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=67ce1656565fea302629b5df763ee4c8ee12b63d
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:8f:c3:ca:ed:ff:29:f4:bc:80:8d:27:02:b0:
f9:17:f0:71:99:62:e5:0d:fe:3b:b9:fe:fc:0e:23:
71:85:74:4a:84:c0:09:c0:89:95:cb:65:98:4b:dd:
5e:d0:87:6c:4a:f0:de:29:88:c8:39:24:e6:71:bd:
e7:08:a3:f1:d3:bb:fd:b6:03:f1:b9:df:59:56:59:
d4:be:09:b9:8d:7b:c3:40:05:b6:bc:68:44:b7:0f:
73:b7:b2:a7:df:0f:e2:f8:5f:d2:ab:59:d2:07:ee:
af:5b:6c:fb:65:21:3d:74:8b:99:d1:b1:f7:0c:9a:
ea:f8:62:4f:c6:da:c1:11:6a:62:98:9a:29:f1:ea:
c5:55:21:4e:29:2c:76:5f:7a:e7:0f:b0:0d:51:f7:
5c:1a:24:c9:54:38:1d:27:b8:f6:71:74:69:7a:d0:
64:a1:4b:42:85:82:4e:96:35:19:c4:85:85:2a:05:
de:fd:6e:a7:7f:9e:c0:a4:fb:60:ce:84:3a:e4:78:
49:a1:a3:bd:71:53:e9:f9:32:80:63:35:ae:d1:db:
21:7a:14:33:5e:e7:67:2d:3f:02:82:f7:3c:3f:32:
a2:51:69:7c:62:16:e6:76:02:8e:e5:a4:4d:43:d4:
e0:02:53:8e:48:52:fb:9f:e0:f7:b0:e4:bd:af:fa:
7e:2b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
67:CE:16:56:56:5F:EA:30:26:29:B5:DF:76:3E:E4:C8:EE:12:B6:3D
X509v3 Authority Key Identifier:
keyid:3F:23:07:52:F3:BA:00:26:FB:B2:0C:5E:4C:96:3B:11:29:AC:9D:34
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/PyMHUvO6ACb7sgxeTJY7ESmsnTQ.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/51f9a1-4368-4568-b029-dd22530e15a4/1/Z84WVlZf6jAmKbXfdj7kyO4Stj0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ac/51f9a1-4368-4568-b029-dd22530e15a4/1/PyMHUvO6ACb7sgxeTJY7ESmsnTQ.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
45.84.52.0/22
62.106.73.0/24
91.211.64.0/22
185.88.9.0/24
185.151.214.0/23
193.57.226.0/23
IPv6:
2a0c:7140::/29
2a0e:9780::/29
Signature Algorithm: sha256WithRSAEncryption
4a:03:15:7e:f4:2f:42:bd:31:10:4b:8a:4b:4b:42:4e:39:7b:
02:a2:cf:fa:15:47:fc:52:8d:0c:35:ee:ff:6f:c0:ed:7c:6d:
3d:c9:43:19:54:f6:1f:51:dd:59:49:3d:f4:0c:6f:7c:fa:e5:
61:6a:a3:6b:4e:29:db:fb:44:a5:04:55:52:f4:6d:8d:58:72:
75:55:1f:56:b5:d8:a3:fe:94:76:3f:3a:a6:bf:d6:34:8e:c9:
29:a7:78:e9:86:11:06:dd:dd:bd:7f:4a:67:9a:12:09:d0:b4:
0c:e9:77:52:e6:6c:92:c7:39:37:cb:cb:73:13:bd:f6:1a:31:
bc:f5:d5:36:36:d0:98:e1:2f:8d:a1:1f:cd:a7:4b:c5:e9:d9:
cf:5d:19:27:b1:35:64:b0:b0:1d:7e:d6:b1:fb:34:4c:7c:c2:
86:57:fc:61:cb:e8:6a:34:1f:5f:ee:91:b4:02:d4:39:3b:8d:
ab:9e:e8:15:a3:c2:7c:51:31:f0:be:6c:b0:02:61:67:ce:8a:
c4:6e:87:87:f7:4a:86:51:83:b9:78:78:b8:0c:2a:bd:6d:05:
b6:5b:98:7e:ee:db:29:8c:e7:84:9f:cf:d5:8f:f3:b9:95:0e:
4b:59:cb:18:12:52:33:6f:9d:c0:32:7f:6b:7d:d1:01:4d:c4:
70:5a:16:a0
-----BEGIN CERTIFICATE-----
MIIFMTCCBBmgAwIBAgISAYVueMfglu48x6Yvl1zBQJbdMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDNmMjMwNzUyZjNiYTAwMjZmYmIyMGM1ZTRjOTYzYjExMjlh
YzlkMzQwHhcNMjMwMTAxMTc1NDQ3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2N2NlMTY1NjU2NWZlYTMwMjYyOWI1ZGY3NjNlZTRjOGVlMTJiNjNkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAio/Dyu3/KfS8gI0nArD5F/BxmWLl
Df47uf78DiNxhXRKhMAJwImVy2WYS91e0IdsSvDeKYjIOSTmcb3nCKPx07v9tgPx
ud9ZVlnUvgm5jXvDQAW2vGhEtw9zt7Kn3w/i+F/Sq1nSB+6vW2z7ZSE9dIuZ0bH3
DJrq+GJPxtrBEWpimJop8erFVSFOKSx2X3rnD7ANUfdcGiTJVDgdJ7j2cXRpetBk
oUtChYJOljUZxIWFKgXe/W6nf57ApPtgzoQ65HhJoaO9cVPp+TKAYzWu0dshehQz
XudnLT8Cgvc8PzKiUWl8YhbmdgKO5aRNQ9TgAlOOSFL7n+D3sOS9r/p+KwIDAQAB
o4ICPTCCAjkwHQYDVR0OBBYEFGfOFlZWX+owJim133Y+5MjuErY9MB8GA1UdIwQY
MBaAFD8jB1LzugAm+7IMXkyWOxEprJ00MA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvUHlNSFV2TzZBQ2I3c2d4ZVRKWTdFU21zblRRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9hYy81MWY5YTEtNDM2OC00NTY4LWIwMjkt
ZGQyMjUzMGUxNWE0LzEvWjg0V1ZsWmY2akFtS2JYZmRqN2t5TzRTdGowLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9hYy81MWY5YTEtNDM2OC00NTY4LWIwMjktZGQyMjUzMGUxNWE0
LzEvUHlNSFV2TzZBQ2I3c2d4ZVRKWTdFU21zblRRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFMGCCsGAQUFBwEHAQH/BEQwQjAqBAIAATAkAwQCLVQ0AwQA
PmpJAwQCW9NAAwQAuVgJAwQBuZfWAwQBwTniMBQEAgACMA4DBQMqDHFAAwUDKg6X
gDANBgkqhkiG9w0BAQsFAAOCAQEASgMVfvQvQr0xEEuKS0tCTjl7AqLP+hVH/FKN
DDXu/2/A7XxtPclDGVT2H1HdWUk99AxvfPrlYWqja04p2/tEpQRVUvRtjVhydVUf
VrXYo/6Udj86pr/WNI7JKad46YYRBt3dvX9KZ5oSCdC0DOl3UuZsksc5N8vLcxO9
9hoxvPXVNjbQmOEvjaEfzadLxenZz10ZJ7E1ZLCwHX7Wsfs0THzChlf8YcvoajQf
X+6RtALUOTuNq57oFaPCfFEx8L5ssAJhZ86KxG6Hh/dKhlGDuXh4uAwqvW0FtluY
fu7bKYznhJ/P1Y/zuZUOS1nLGBJSM2+dwDJ/a33RAU3EcFoWoA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:38:02 2024 by rpki-client on console-ams.rpki-client.org