Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/01GCwUrg8YgHeYfli2On6-DjoOE.roa
File: 01GCwUrg8YgHeYfli2On6-DjoOE.roa (raw, json)
Hash identifier: RKadYsKZAWZo/G+WiqC47uhnj3tPkXG6ZKV6f3WgfHU=
Subject key identifier: D3:51:82:C1:4A:E0:F1:88:07:79:87:E5:8B:63:A7:EB:E0:E3:A0:E1
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018AEA4B545DD2B8628DB773D1B16579AF5C
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/01GCwUrg8YgHeYfli2On6-DjoOE.roa
Signing time: Sun 01 Oct 2023 08:11:59 +0000
ROA not before: Sun 01 Oct 2023 08:11:59 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3320
IP address blocks: 85.204.148.0/22 maxlen: 22
5.35.192.0/21 maxlen: 24
84.234.16.0/20 maxlen: 24
194.88.96.0/21 maxlen: 24
85.204.160.0/22 maxlen: 24
194.88.112.0/20 maxlen: 24
91.232.136.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:ea:4b:54:5d:d2:b8:62:8d:b7:73:d1:b1:65:79:af:5c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Oct 1 08:11:59 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=d35182c14ae0f188077987e58b63a7ebe0e3a0e1
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:8a:1c:a9:35:d8:2b:d6:ac:54:2d:77:58:a5:75:
1c:49:b1:d1:cd:39:0b:28:c1:c0:3b:b1:b9:01:35:
21:6e:30:18:b2:79:41:c4:09:6d:f0:d7:e8:ca:9f:
7d:c0:3d:e4:fe:73:1b:b8:d6:74:bb:cf:37:d3:36:
ae:f8:e4:01:78:6b:15:73:77:20:c7:92:0b:a4:9b:
47:f2:bd:a5:39:d0:a8:1a:6c:6d:19:24:2e:35:47:
23:30:ce:73:57:a1:ef:10:91:04:62:5e:c0:72:09:
c0:bd:94:8d:dd:27:20:be:91:67:48:cc:64:d9:cd:
f6:27:7c:38:7f:cc:b6:f5:0f:2b:ba:99:b0:ee:4a:
50:09:f2:67:c2:29:7d:d4:32:5b:f9:d6:98:01:e2:
5d:d1:ce:13:1f:5a:8e:f3:25:ab:5e:26:f0:a1:12:
ad:39:0f:4c:c4:d5:52:f8:cf:c7:0b:d6:98:c3:99:
8a:c0:9b:4e:95:08:d8:f4:1e:b2:95:74:4c:05:18:
e1:0e:8d:84:7e:1d:07:b5:cb:c8:0f:54:af:16:9d:
68:61:48:ed:7a:d0:c0:87:39:d9:98:cc:0b:d5:68:
f5:42:23:ee:d0:71:85:ed:f1:48:c2:73:82:73:64:
98:57:d3:44:11:77:7a:50:64:0c:6c:97:4a:51:3d:
c5:fb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
D3:51:82:C1:4A:E0:F1:88:07:79:87:E5:8B:63:A7:EB:E0:E3:A0:E1
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/01GCwUrg8YgHeYfli2On6-DjoOE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.35.192.0/21
84.234.16.0/20
85.204.148.0/22
85.204.160.0/22
91.232.136.0/22
194.88.96.0/21
194.88.112.0/20
Signature Algorithm: sha256WithRSAEncryption
69:5d:e6:59:e2:1a:27:97:c4:70:c0:b1:40:81:48:4d:cc:2f:
d5:61:3c:ed:98:78:0b:c5:dc:20:57:8c:7b:2c:12:0d:5b:64:
3c:bf:f6:99:a5:6c:ce:b3:a5:f7:b4:51:6f:75:ab:35:a2:c4:
a0:4d:ec:38:3b:81:14:e1:63:3c:f7:a5:aa:8c:6a:bf:72:60:
b6:61:81:f2:81:57:a5:27:c6:f6:b3:1a:00:b8:c6:1b:b4:fb:
31:29:31:91:ad:50:41:52:e4:32:5a:82:37:a6:a8:c5:1f:16:
e4:12:93:38:e3:ad:57:f9:f3:cf:86:1c:0b:35:1f:33:ab:33:
fa:e2:90:96:c5:22:bb:16:d0:65:e8:26:60:e8:61:bd:4c:c6:
98:9c:6b:b6:c5:ba:4a:2c:6f:7e:60:25:1c:40:f2:fb:3c:81:
8f:ee:7c:3f:59:37:10:3f:29:32:a8:2e:ae:69:89:b6:2f:47:
a4:ab:fc:06:27:91:36:87:b2:6f:03:15:0b:0b:f6:dd:aa:a2:
81:d4:6a:76:e9:a5:32:33:de:2b:20:ce:cf:51:13:b8:6e:4d:
8d:65:61:2f:99:4f:ce:75:c3:14:6b:4b:ff:47:5e:10:ea:94:
eb:cc:2c:4a:3c:54:8d:cb:69:e9:43:55:8b:32:7a:b2:e1:e0:
dd:34:cf:a3
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYrqS1Rd0rhijbdz0bFlea9cMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMxMDAxMDgxMTU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkMzUxODJjMTRhZTBmMTg4MDc3OTg3ZTU4YjYzYTdlYmUwZTNhMGUxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAihypNdgr1qxULXdYpXUcSbHRzTkL
KMHAO7G5ATUhbjAYsnlBxAlt8Nfoyp99wD3k/nMbuNZ0u8830zau+OQBeGsVc3cg
x5ILpJtH8r2lOdCoGmxtGSQuNUcjMM5zV6HvEJEEYl7AcgnAvZSN3ScgvpFnSMxk
2c32J3w4f8y29Q8rupmw7kpQCfJnwil91DJb+daYAeJd0c4TH1qO8yWrXibwoRKt
OQ9MxNVS+M/HC9aYw5mKwJtOlQjY9B6ylXRMBRjhDo2Efh0HtcvID1SvFp1oYUjt
etDAhznZmMwL1Wj1QiPu0HGF7fFIwnOCc2SYV9NEEXd6UGQMbJdKUT3F+wIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFNNRgsFK4PGIB3mH5Ytjp+vg46DhMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvMDFHQ3dVcmc4WWdIZVlmbGkyT242LURqb09FLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQDBSPAAwQE
VOoQAwQCVcyUAwQCVcygAwQCW+iIAwQDwlhgAwQEwlhwMA0GCSqGSIb3DQEBCwUA
A4IBAQBpXeZZ4honl8RwwLFAgUhNzC/VYTztmHgLxdwgV4x7LBINW2Q8v/aZpWzO
s6X3tFFvdas1osSgTew4O4EU4WM896WqjGq/cmC2YYHygVelJ8b2sxoAuMYbtPsx
KTGRrVBBUuQyWoI3pqjFHxbkEpM4461X+fPPhhwLNR8zqzP64pCWxSK7FtBl6CZg
6GG9TMaYnGu2xbpKLG9+YCUcQPL7PIGP7nw/WTcQPykyqC6uaYm2L0ekq/wGJ5E2
h7JvAxULC/bdqqKB1Gp26aUyM94rIM7PURO4bk2NZWEvmU/OdcMUa0v/R14Q6pTr
zCxKPFSNy2npQ1WLMnqy4eDdNM+j
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:48 2024 by rpki-client on console-ams.rpki-client.org