Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/A0h4nHRJ76NTzxhRKNflrjDqrQA.roa
File: A0h4nHRJ76NTzxhRKNflrjDqrQA.roa (raw, json)
Hash identifier: 1drTaSDHNwYSCAOOvlqBfYoV2gvebBMlLsG3gYw0v64=
Subject key identifier: 03:48:78:9C:74:49:EF:A3:53:CF:18:51:28:D7:E5:AE:30:EA:AD:00
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 0188B6580C1B75B8189AD643E42F483E18DC
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/A0h4nHRJ76NTzxhRKNflrjDqrQA.roa
Signing time: Tue 13 Jun 2023 20:00:03 +0000
ROA not before: Tue 13 Jun 2023 20:00:03 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 834
IP address blocks: 89.37.128.0/24 maxlen: 24
62.112.30.0/24 maxlen: 24
93.114.69.0/24 maxlen: 24
89.40.43.0/24 maxlen: 24
188.211.249.0/24 maxlen: 24
94.177.113.0/24 maxlen: 24
94.177.118.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:88:b6:58:0c:1b:75:b8:18:9a:d6:43:e4:2f:48:3e:18:dc
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Jun 13 20:00:03 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=0348789c7449efa353cf185128d7e5ae30eaad00
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:88:0d:96:83:ca:ab:ad:74:c3:58:28:51:f2:c8:
cf:aa:16:80:c3:21:f8:e1:a3:85:a4:c3:f9:51:cc:
48:ef:4e:a3:10:fb:f3:80:47:61:00:37:3d:80:2a:
5b:f7:f1:59:c5:4b:70:4b:54:64:a8:3c:49:b0:05:
09:51:89:4c:12:d3:43:17:ec:74:ea:6d:fe:c0:90:
10:45:bb:f9:16:55:e5:d6:28:cc:a6:bb:54:03:57:
f1:f0:bb:e1:a0:e6:51:d4:6e:8c:5e:6a:9e:e1:e0:
fb:58:58:0c:c4:5a:51:e6:30:03:21:2c:a8:29:6c:
d8:a0:7c:c3:d6:a8:fc:70:d9:84:24:05:35:ea:69:
11:28:c4:0c:33:26:e2:af:f9:1a:6e:3c:83:08:cc:
be:4f:a4:c8:17:7a:80:67:e0:77:cb:19:ef:d8:31:
8e:fd:23:66:4e:d4:aa:4b:96:9a:d1:f6:2d:09:a5:
89:df:28:a6:6a:3f:70:eb:79:38:b4:bb:30:e5:17:
b5:bf:79:6c:3f:9b:9c:92:4e:c7:7b:61:9b:00:69:
28:b2:8e:67:73:84:7e:ed:f9:a2:47:e9:83:4d:75:
69:bc:36:c1:7c:f3:37:d8:96:13:71:35:c9:70:23:
3a:54:61:7a:a6:70:46:d1:b3:81:0c:5b:ff:b1:79:
88:c1
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
03:48:78:9C:74:49:EF:A3:53:CF:18:51:28:D7:E5:AE:30:EA:AD:00
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/A0h4nHRJ76NTzxhRKNflrjDqrQA.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.112.30.0/24
89.37.128.0/24
89.40.43.0/24
93.114.69.0/24
94.177.113.0/24
94.177.118.0/24
188.211.249.0/24
Signature Algorithm: sha256WithRSAEncryption
46:c2:c0:da:a7:9e:97:49:a3:db:85:66:9b:b9:32:24:7c:81:
bd:c3:e2:be:02:ad:0c:ee:ca:60:f0:84:21:53:43:f9:c2:cc:
54:05:4a:f0:89:1d:b4:7b:0f:2c:9c:f4:f3:99:e4:8b:51:b8:
fe:20:cf:96:5f:b1:ca:39:7e:1f:76:09:e1:ad:6f:ad:71:f4:
25:5c:9a:50:9c:e4:de:a1:67:13:e0:d1:f9:ff:3f:fd:fc:a0:
35:66:99:13:0b:f3:85:4e:10:68:9b:f9:19:92:d2:f3:0d:13:
df:35:ec:c3:2d:c8:3a:70:c4:75:80:95:68:e4:68:8b:4f:af:
71:a5:06:0e:84:b1:e9:09:39:63:91:99:29:7c:d0:20:7f:ec:
97:9a:20:09:29:f8:78:96:5f:cd:a5:7f:ad:f5:e9:57:56:62:
6a:66:10:98:cf:ce:a5:72:50:a2:fa:b6:4e:e6:d0:e3:07:99:
7d:00:bf:e5:14:d8:1d:93:fb:e6:b4:ad:42:6f:f8:60:56:0f:
7e:94:3f:21:f9:01:25:c4:ba:ca:e4:50:95:17:0e:b8:16:0a:
3a:b3:a1:d3:b5:65:d5:78:38:50:eb:01:7b:5e:b2:60:10:0d:
99:f1:01:c1:25:11:a4:10:4f:fd:db:08:02:99:f8:bd:a2:7d:
2d:a2:0c:cf
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYi2WAwbdbgYmtZD5C9IPhjcMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNjEzMjAwMDAzWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMzQ4Nzg5Yzc0NDllZmEzNTNjZjE4NTEyOGQ3ZTVhZTMwZWFhZDAwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAiA2Wg8qrrXTDWChR8sjPqhaAwyH4
4aOFpMP5UcxI706jEPvzgEdhADc9gCpb9/FZxUtwS1RkqDxJsAUJUYlMEtNDF+x0
6m3+wJAQRbv5FlXl1ijMprtUA1fx8LvhoOZR1G6MXmqe4eD7WFgMxFpR5jADISyo
KWzYoHzD1qj8cNmEJAU16mkRKMQMMybir/kabjyDCMy+T6TIF3qAZ+B3yxnv2DGO
/SNmTtSqS5aa0fYtCaWJ3yimaj9w63k4tLsw5Re1v3lsP5uckk7He2GbAGkoso5n
c4R+7fmiR+mDTXVpvDbBfPM32JYTcTXJcCM6VGF6pnBG0bOBDFv/sXmIwQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFANIeJx0Se+jU88YUSjX5a4w6q0AMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvQTBoNG5IUko3Nk5UenhoUktOZmxyakRxclFBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAPnAeAwQA
WSWAAwQAWSgrAwQAXXJFAwQAXrFxAwQAXrF2AwQAvNP5MA0GCSqGSIb3DQEBCwUA
A4IBAQBGwsDap56XSaPbhWabuTIkfIG9w+K+Aq0M7spg8IQhU0P5wsxUBUrwiR20
ew8snPTzmeSLUbj+IM+WX7HKOX4fdgnhrW+tcfQlXJpQnOTeoWcT4NH5/z/9/KA1
ZpkTC/OFThBom/kZktLzDRPfNezDLcg6cMR1gJVo5GiLT69xpQYOhLHpCTljkZkp
fNAgf+yXmiAJKfh4ll/NpX+t9elXVmJqZhCYz86lclCi+rZO5tDjB5l9AL/lFNgd
k/vmtK1Cb/hgVg9+lD8h+QElxLrK5FCVFw64Fgo6s6HTtWXVeDhQ6wF7XrJgEA2Z
8QHBJRGkEE/92wgCmfi9on0togzP
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:14 2024 by rpki-client on console-fra.rpki-client.org