Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/G83Z5LqQYHgYSkF7ZY9zQc6aLf0.roa
File: G83Z5LqQYHgYSkF7ZY9zQc6aLf0.roa (raw, json)
Hash identifier: tLjY9FEXvcsLjqNpjrG3Eh8YbG4yMGeCAbq+PgIvO4o=
Subject key identifier: 1B:CD:D9:E4:BA:90:60:78:18:4A:41:7B:65:8F:73:41:CE:9A:2D:FD
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 0189D3699206F98EB882BA07841F628014C2
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/G83Z5LqQYHgYSkF7ZY9zQc6aLf0.roa
Signing time: Tue 08 Aug 2023 04:30:58 +0000
ROA not before: Tue 08 Aug 2023 04:30:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 393427
IP address blocks: 94.190.248.0/22 maxlen: 24
84.234.16.0/20 maxlen: 24
194.88.96.0/21 maxlen: 24
5.35.192.0/21 maxlen: 24
85.204.160.0/22 maxlen: 24
62.112.0.0/21 maxlen: 24
194.88.112.0/20 maxlen: 24
93.113.184.0/21 maxlen: 24
185.77.250.0/23 maxlen: 24
91.232.136.0/22 maxlen: 24
188.240.40.0/23 maxlen: 24
188.212.104.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:d3:69:92:06:f9:8e:b8:82:ba:07:84:1f:62:80:14:c2
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Aug 8 04:30:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=1bcdd9e4ba906078184a417b658f7341ce9a2dfd
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:ea:5a:d1:4a:e7:69:54:6e:eb:86:0d:0f:64:62:
df:c4:4d:18:de:07:1e:ae:0b:49:2b:f4:c1:57:eb:
e6:d1:99:8e:f3:89:98:91:71:ae:50:c9:dd:62:84:
33:a0:d0:e8:90:e2:aa:0d:1b:49:c3:b1:47:4c:97:
dd:9f:0a:ad:93:68:53:eb:c7:71:b8:95:60:29:8f:
0a:c4:88:86:ee:b2:ae:90:ad:68:1f:f4:68:53:58:
7f:1d:2e:da:8e:4e:6b:6e:f2:12:22:64:d2:88:8d:
fe:ee:d1:be:c5:1e:36:ea:fe:68:1b:d8:b0:50:18:
73:4d:34:e1:0e:b9:19:80:a8:d4:87:48:8f:5b:de:
13:be:95:a8:19:4f:31:a9:96:23:21:7b:e8:54:ce:
81:93:91:40:4c:c7:74:b6:05:e4:98:4e:f8:dc:35:
bf:c2:d1:7d:4b:22:f2:1b:2b:52:c5:3c:3a:cf:1d:
75:17:5a:bd:72:1c:a8:11:9c:0b:e1:38:dc:29:8e:
bd:b1:20:06:b0:7d:2c:29:13:76:64:98:f6:28:8f:
e9:1d:70:fa:de:90:a6:cd:05:2e:b7:51:84:16:24:
31:bd:d3:0e:79:77:c1:be:93:17:e4:8b:ef:30:56:
f1:ab:76:ea:56:1e:9e:1d:8f:0e:d6:51:7f:2d:98:
ff:8b
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
1B:CD:D9:E4:BA:90:60:78:18:4A:41:7B:65:8F:73:41:CE:9A:2D:FD
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/G83Z5LqQYHgYSkF7ZY9zQc6aLf0.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.35.192.0/21
62.112.0.0/21
84.234.16.0/20
85.204.160.0/22
91.232.136.0/22
93.113.184.0/21
94.190.248.0/22
185.77.250.0/23
188.212.104.0/22
188.240.40.0/23
194.88.96.0/21
194.88.112.0/20
Signature Algorithm: sha256WithRSAEncryption
61:43:cd:83:a9:48:16:82:1f:34:fa:9f:49:80:aa:ba:33:1b:
6e:8d:47:68:ce:fe:dd:14:1f:c8:ae:29:ca:7c:9c:cc:c5:fc:
e1:20:58:6a:b8:e8:5d:c0:a2:dc:82:e5:15:ef:f7:9c:7c:48:
92:26:d4:fd:1e:55:17:a7:3a:d0:7c:5d:18:9f:cd:55:b2:5f:
2d:40:9e:23:b5:9f:ec:b8:e6:6f:83:41:59:6e:b3:47:c7:a2:
30:ca:19:2c:ab:4d:d3:98:89:d1:0f:3f:12:5b:b5:d5:1f:b8:
a5:46:29:f9:99:cc:93:b9:46:14:71:ab:41:c8:09:43:96:69:
63:17:b4:36:24:f0:45:34:8c:c8:93:23:43:40:3c:3e:23:da:
91:09:38:8b:66:f5:f0:0f:fa:96:67:18:f3:c1:1e:26:2c:3d:
a8:13:47:d9:99:4b:1f:d8:ae:33:6d:64:a1:b2:84:58:19:76:
cd:c4:8f:70:79:61:7d:39:26:f5:71:50:ca:23:18:dd:2d:38:
be:2e:22:41:54:5f:83:4d:0f:b4:95:29:b6:50:e8:78:ca:dd:
85:c0:bb:3f:16:c1:f0:a6:90:75:f2:ab:98:51:16:f7:ea:0e:
7e:0c:b2:e5:62:33:b7:34:9d:66:76:06:39:0c:34:5d:43:a7:
76:9c:48:03
-----BEGIN CERTIFICATE-----
MIIFPzCCBCegAwIBAgISAYnTaZIG+Y64groHhB9igBTCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwODA4MDQzMDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxYmNkZDllNGJhOTA2MDc4MTg0YTQxN2I2NThmNzM0MWNlOWEyZGZkMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6lrRSudpVG7rhg0PZGLfxE0Y3gce
rgtJK/TBV+vm0ZmO84mYkXGuUMndYoQzoNDokOKqDRtJw7FHTJfdnwqtk2hT68dx
uJVgKY8KxIiG7rKukK1oH/RoU1h/HS7ajk5rbvISImTSiI3+7tG+xR426v5oG9iw
UBhzTTThDrkZgKjUh0iPW94TvpWoGU8xqZYjIXvoVM6Bk5FATMd0tgXkmE743DW/
wtF9SyLyGytSxTw6zx11F1q9chyoEZwL4TjcKY69sSAGsH0sKRN2ZJj2KI/pHXD6
3pCmzQUut1GEFiQxvdMOeXfBvpMX5IvvMFbxq3bqVh6eHY8O1lF/LZj/iwIDAQAB
o4ICSzCCAkcwHQYDVR0OBBYEFBvN2eS6kGB4GEpBe2WPc0HOmi39MB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvRzgzWjVMcVFZSGdZU2tGN1pZOXpRYzZhTGYwLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGEGCCsGAQUFBwEHAQH/BFIwUDBOBAIAATBIAwQDBSPAAwQD
PnAAAwQEVOoQAwQCVcygAwQCW+iIAwQDXXG4AwQCXr74AwQBuU36AwQCvNRoAwQB
vPAoAwQDwlhgAwQEwlhwMA0GCSqGSIb3DQEBCwUAA4IBAQBhQ82DqUgWgh80+p9J
gKq6MxtujUdozv7dFB/IrinKfJzMxfzhIFhquOhdwKLcguUV7/ecfEiSJtT9HlUX
pzrQfF0Yn81Vsl8tQJ4jtZ/suOZvg0FZbrNHx6Iwyhksq03TmInRDz8SW7XVH7il
Rin5mcyTuUYUcatByAlDlmljF7Q2JPBFNIzIkyNDQDw+I9qRCTiLZvXwD/qWZxjz
wR4mLD2oE0fZmUsf2K4zbWShsoRYGXbNxI9weWF9OSb1cVDKIxjdLTi+LiJBVF+D
TQ+0lSm2UOh4yt2FwLs/FsHwppB18quYURb36g5+DLLlYjO3NJ1mdgY5DDRdQ6d2
nEgD
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:48 2024 by rpki-client on console-ams.rpki-client.org