Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/3STTM8x_KVdOno05kYhLfDoC1aM.roa
File: 3STTM8x_KVdOno05kYhLfDoC1aM.roa (raw, json)
Hash identifier: l0kwnSu1a2C07I8z3otR1EZ2KdzrwHHYm+ZeGOouPOA=
Subject key identifier: DD:24:D3:33:CC:7F:29:57:4E:9E:8D:39:91:88:4B:7C:3A:02:D5:A3
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018966AEB307089494FB654C3DF04C465421
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/3STTM8x_KVdOno05kYhLfDoC1aM.roa
Signing time: Tue 18 Jul 2023 01:47:52 +0000
ROA not before: Tue 18 Jul 2023 01:47:52 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 89.36.231.0/24 maxlen: 24
188.240.83.0/24 maxlen: 24
84.247.20.0/24 maxlen: 24
46.102.174.0/24 maxlen: 24
89.37.128.0/24 maxlen: 24
62.112.30.0/24 maxlen: 24
93.114.69.0/24 maxlen: 24
176.223.190.0/24 maxlen: 24
94.177.113.0/24 maxlen: 24
94.177.118.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:66:ae:b3:07:08:94:94:fb:65:4c:3d:f0:4c:46:54:21
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Jul 18 01:47:52 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=dd24d333cc7f29574e9e8d3991884b7c3a02d5a3
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:91:32:d7:0d:56:09:23:d5:a8:ff:e3:30:7f:bf:
a0:2e:74:4f:69:b4:38:f3:99:d6:a7:ee:90:be:d4:
80:09:79:da:11:ca:c6:90:95:92:bf:df:22:24:a6:
47:d6:a5:65:89:e4:90:cb:fd:a7:73:29:71:07:22:
c5:91:98:92:32:41:7f:56:eb:84:33:b6:94:30:1d:
91:a2:a5:31:aa:05:b0:8a:c1:85:b2:3e:dd:35:9a:
90:f2:c3:05:b1:90:46:69:de:0a:ac:c1:68:e9:a2:
68:0b:4d:e9:b2:27:55:b9:ba:98:79:be:a5:35:46:
a1:24:7a:34:1a:da:84:07:53:18:5e:26:02:b6:f8:
a2:9a:39:9f:68:71:a5:4c:5a:2e:d3:27:a2:2e:f9:
37:01:0a:39:0a:dc:22:92:9c:f1:68:d9:13:d5:cd:
f7:5a:fe:9d:4d:2e:3d:b8:b9:62:a1:8f:b4:52:96:
39:d4:e2:1e:6b:ab:47:45:52:0b:aa:32:76:c3:49:
58:5b:ef:57:6b:85:19:4a:04:92:c9:d9:e4:de:c0:
f8:4a:33:98:0f:c8:c6:13:69:1c:c5:46:a7:53:2c:
66:3b:06:0d:1d:e8:8b:0a:43:a6:53:e3:fc:86:cc:
ba:e5:dd:6f:76:31:1f:90:0e:b3:cd:7c:64:32:b1:
9f:d1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
DD:24:D3:33:CC:7F:29:57:4E:9E:8D:39:91:88:4B:7C:3A:02:D5:A3
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/3STTM8x_KVdOno05kYhLfDoC1aM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
46.102.174.0/24
62.112.30.0/24
84.247.20.0/24
89.36.231.0/24
89.37.128.0/24
93.114.69.0/24
94.177.113.0/24
94.177.118.0/24
176.223.190.0/24
188.240.83.0/24
Signature Algorithm: sha256WithRSAEncryption
1e:2e:b7:65:88:de:31:93:1b:df:47:52:ee:7d:f7:44:6c:f7:
e3:ed:c8:e4:9a:f3:ea:9d:97:98:9c:12:65:a3:9a:95:e0:e7:
65:3e:1d:a3:46:c3:71:fc:d5:ec:27:36:e8:ec:1d:9f:ec:b2:
7a:f9:c5:57:08:90:d7:90:ad:04:cb:38:02:db:a1:49:78:1a:
97:c5:26:c5:59:c2:dd:40:c4:02:93:e8:17:1c:96:a1:3e:eb:
72:f0:47:c5:31:a2:9d:91:7d:98:b5:b8:ad:22:ce:a3:92:db:
de:f2:59:9e:d7:d6:7e:e2:2b:85:7d:c3:80:57:b5:32:cf:d3:
87:e3:69:d9:da:d7:39:46:82:29:61:71:84:bb:0c:72:53:ff:
39:35:aa:6a:7b:5b:27:b0:c4:5f:0e:6b:fa:d2:82:16:58:b8:
8d:79:7b:c6:e3:71:26:30:55:ec:d6:e2:1e:94:47:5b:19:08:
12:40:8e:c9:c0:34:e5:b4:5f:b2:b0:c1:00:a5:5d:1d:cd:fe:
76:c5:60:4a:e2:1c:18:64:2e:89:f2:49:44:61:e0:cf:29:77:
1c:e5:97:36:52:73:5b:46:c3:bb:30:56:1c:43:4f:76:80:f3:
53:2d:38:9f:3b:85:3c:04:8a:28:19:4a:ce:a2:5c:06:ff:de:
86:d5:d4:a6
-----BEGIN CERTIFICATE-----
MIIFMzCCBBugAwIBAgISAYlmrrMHCJSU+2VMPfBMRlQhMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNzE4MDE0NzUyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkZDI0ZDMzM2NjN2YyOTU3NGU5ZThkMzk5MTg4NGI3YzNhMDJkNWEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkTLXDVYJI9Wo/+Mwf7+gLnRPabQ4
85nWp+6QvtSACXnaEcrGkJWSv98iJKZH1qVlieSQy/2ncylxByLFkZiSMkF/VuuE
M7aUMB2RoqUxqgWwisGFsj7dNZqQ8sMFsZBGad4KrMFo6aJoC03psidVubqYeb6l
NUahJHo0GtqEB1MYXiYCtviimjmfaHGlTFou0yeiLvk3AQo5CtwikpzxaNkT1c33
Wv6dTS49uLlioY+0UpY51OIea6tHRVILqjJ2w0lYW+9Xa4UZSgSSydnk3sD4SjOY
D8jGE2kcxUanUyxmOwYNHeiLCkOmU+P8hsy65d1vdjEfkA6zzXxkMrGf0QIDAQAB
o4ICPzCCAjswHQYDVR0OBBYEFN0k0zPMfylXTp6NOZGIS3w6AtWjMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvM1NUVE04eF9LVmRPbm8wNWtZaExmRG9DMWFNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFUGCCsGAQUFBwEHAQH/BEYwRDBCBAIAATA8AwQALmauAwQA
PnAeAwQAVPcUAwQAWSTnAwQAWSWAAwQAXXJFAwQAXrFxAwQAXrF2AwQAsN++AwQA
vPBTMA0GCSqGSIb3DQEBCwUAA4IBAQAeLrdliN4xkxvfR1LuffdEbPfj7cjkmvPq
nZeYnBJlo5qV4OdlPh2jRsNx/NXsJzbo7B2f7LJ6+cVXCJDXkK0EyzgC26FJeBqX
xSbFWcLdQMQCk+gXHJahPuty8EfFMaKdkX2YtbitIs6jktve8lme19Z+4iuFfcOA
V7Uyz9OH42nZ2tc5RoIpYXGEuwxyU/85Napqe1snsMRfDmv60oIWWLiNeXvG43Em
MFXs1uIelEdbGQgSQI7JwDTltF+ysMEApV0dzf52xWBK4hwYZC6J8klEYeDPKXcc
5Zc2UnNbRsO7MFYcQ092gPNTLTifO4U8BIooGUrOolwG/96G1dSm
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:14 2024 by rpki-client on console-fra.rpki-client.org