Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/AXOfy9o5HWeNQk0vhmFUEddTb_I.roa
File: AXOfy9o5HWeNQk0vhmFUEddTb_I.roa (raw, json)
Hash identifier: C5xz399Uet+gGnuo824RDOdc0me4aJBfBYxPc0IS/gg=
Subject key identifier: 01:73:9F:CB:DA:39:1D:67:8D:42:4D:2F:86:61:54:11:D7:53:6F:F2
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 0189934345A02DD43106137598BF17037E34
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/AXOfy9o5HWeNQk0vhmFUEddTb_I.roa
Signing time: Wed 26 Jul 2023 17:33:26 +0000
ROA not before: Wed 26 Jul 2023 17:33:26 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7029
IP address blocks: 94.190.248.0/22 maxlen: 24
185.172.20.0/22 maxlen: 24
185.64.100.0/22 maxlen: 24
185.77.250.0/23 maxlen: 24
91.232.136.0/22 maxlen: 24
188.240.40.0/23 maxlen: 24
188.212.104.0/22 maxlen: 24
188.211.252.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:93:43:45:a0:2d:d4:31:06:13:75:98:bf:17:03:7e:34
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Jul 26 17:33:26 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=01739fcbda391d678d424d2f86615411d7536ff2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:a1:dc:e6:0a:fe:63:d8:63:46:07:59:41:0a:83:
d0:d9:e6:be:b3:05:df:35:61:b3:7b:b5:70:01:8d:
99:04:37:98:2b:88:ea:a1:25:43:58:9f:29:e6:a0:
a0:0e:e4:64:e3:01:4b:30:cb:2d:12:54:2e:ca:b5:
d4:3a:97:d5:30:bc:86:a2:fe:ab:50:84:f4:6a:c1:
34:22:7e:89:29:90:8d:b5:fb:c6:18:2e:c1:31:e7:
99:1c:ef:f5:30:64:8a:f0:80:32:d7:31:06:32:53:
ce:8a:61:f0:08:8f:09:da:4d:4f:41:9d:6e:b5:3b:
cc:8b:c2:98:79:ab:39:3b:f9:cc:a2:56:67:fa:7b:
25:f6:89:b3:bc:90:d8:ef:1a:b6:3a:60:ed:34:8f:
93:1a:16:df:03:23:fb:19:1b:b0:4b:34:ae:52:b8:
ef:cc:b5:7f:56:af:70:50:72:50:b3:43:c9:35:af:
f3:bf:cc:2b:77:1e:5e:63:74:0f:4a:33:3b:09:7d:
60:6c:d8:fa:41:58:f0:93:90:0a:54:58:0a:8a:60:
10:28:08:9d:c7:e6:38:06:a8:f5:6c:69:84:31:de:
66:58:7a:84:ec:e4:3a:da:3f:e7:28:00:80:62:29:
67:4b:4a:be:2b:9f:69:28:d7:ab:e1:fb:19:01:e2:
08:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
01:73:9F:CB:DA:39:1D:67:8D:42:4D:2F:86:61:54:11:D7:53:6F:F2
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/AXOfy9o5HWeNQk0vhmFUEddTb_I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
91.232.136.0/22
94.190.248.0/22
185.64.100.0/22
185.77.250.0/23
185.172.20.0/22
188.211.252.0/22
188.212.104.0/22
188.240.40.0/23
Signature Algorithm: sha256WithRSAEncryption
78:b0:f4:0c:c6:de:e6:01:5e:5a:b8:df:31:a2:7a:b6:ab:22:
0d:04:f2:73:7b:3b:99:86:bc:78:57:61:a2:83:16:b8:b4:00:
5a:a8:7d:e8:6f:a1:d4:10:52:dc:29:ca:24:17:be:45:e1:82:
db:b4:e3:e6:06:04:06:32:50:22:68:b8:d1:f2:3e:81:ff:11:
72:95:2b:f2:09:c3:24:20:00:34:9a:6a:45:ae:87:88:93:f5:
30:a2:83:74:54:db:b6:8b:18:7c:36:46:a9:97:b9:5c:c8:5d:
51:23:83:01:2f:ec:76:63:dc:39:05:c5:7a:4a:b9:e2:da:5d:
ce:2c:d2:c1:71:ed:d1:d2:83:9d:7d:59:f3:78:0a:1f:c2:ab:
e4:b7:e0:74:95:ed:24:52:fd:26:c0:78:53:02:33:54:57:33:
9a:56:f2:04:bf:4e:00:db:f4:29:65:a0:ac:b0:94:10:a5:38:
49:13:81:1d:2b:d0:4e:f4:7a:95:9d:81:68:4e:f1:8d:81:ed:
8c:8e:3b:07:d4:63:bb:b7:30:94:89:42:54:24:71:8e:a0:6a:
09:f1:b0:8f:01:d3:ac:c2:15:61:20:9a:09:44:6a:d7:95:80:
bd:d0:35:f5:30:0b:38:5a:2d:02:44:d9:17:2b:b2:f3:9b:6d:
f9:c3:0a:b4
-----BEGIN CERTIFICATE-----
MIIFJzCCBA+gAwIBAgISAYmTQ0WgLdQxBhN1mL8XA340MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNzI2MTczMzI2WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwMTczOWZjYmRhMzkxZDY3OGQ0MjRkMmY4NjYxNTQxMWQ3NTM2ZmYyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAodzmCv5j2GNGB1lBCoPQ2ea+swXf
NWGze7VwAY2ZBDeYK4jqoSVDWJ8p5qCgDuRk4wFLMMstElQuyrXUOpfVMLyGov6r
UIT0asE0In6JKZCNtfvGGC7BMeeZHO/1MGSK8IAy1zEGMlPOimHwCI8J2k1PQZ1u
tTvMi8KYeas5O/nMolZn+nsl9omzvJDY7xq2OmDtNI+TGhbfAyP7GRuwSzSuUrjv
zLV/Vq9wUHJQs0PJNa/zv8wrdx5eY3QPSjM7CX1gbNj6QVjwk5AKVFgKimAQKAid
x+Y4Bqj1bGmEMd5mWHqE7OQ62j/nKACAYilnS0q+K59pKNer4fsZAeIItQIDAQAB
o4ICMzCCAi8wHQYDVR0OBBYEFAFzn8vaOR1njUJNL4ZhVBHXU2/yMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvQVhPZnk5bzVIV2VOUWswdmhtRlVFZGRUYl9JLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEkGCCsGAQUFBwEHAQH/BDowODA2BAIAATAwAwQCW+iIAwQC
Xr74AwQCuUBkAwQBuU36AwQCuawUAwQCvNP8AwQCvNRoAwQBvPAoMA0GCSqGSIb3
DQEBCwUAA4IBAQB4sPQMxt7mAV5auN8xonq2qyINBPJzezuZhrx4V2Gigxa4tABa
qH3ob6HUEFLcKcokF75F4YLbtOPmBgQGMlAiaLjR8j6B/xFylSvyCcMkIAA0mmpF
roeIk/UwooN0VNu2ixh8Nkapl7lcyF1RI4MBL+x2Y9w5BcV6Srni2l3OLNLBce3R
0oOdfVnzeAofwqvkt+B0le0kUv0mwHhTAjNUVzOaVvIEv04A2/QpZaCssJQQpThJ
E4EdK9BO9HqVnYFoTvGNge2MjjsH1GO7tzCUiUJUJHGOoGoJ8bCPAdOswhVhIJoJ
RGrXlYC90DX1MAs4Wi0CRNkXK7Lzm235wwq0
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:48 2024 by rpki-client on console-ams.rpki-client.org