Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Jdw2GHbD2plvBkYvKsbe3nFZkxM.roa
File: Jdw2GHbD2plvBkYvKsbe3nFZkxM.roa (raw, json)
Hash identifier: wMPvuCQ5ys3tZdIiDLdAqgvOZ8Sqo9nPPildRffvu0k=
Subject key identifier: 25:DC:36:18:76:C3:DA:99:6F:06:46:2F:2A:C6:DE:DE:71:59:93:13
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018B2015DC029DBB5C3BA13E1C0602E4506F
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Jdw2GHbD2plvBkYvKsbe3nFZkxM.roa
Signing time: Wed 11 Oct 2023 18:53:05 +0000
ROA not before: Wed 11 Oct 2023 18:53:05 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 16589
IP address blocks: 89.40.176.0/22 maxlen: 24
193.124.20.0/23 maxlen: 24
194.135.26.0/23 maxlen: 24
62.112.0.0/21 maxlen: 24
89.37.228.0/22 maxlen: 24
89.37.236.0/22 maxlen: 24
62.112.12.0/23 maxlen: 24
89.39.172.0/23 maxlen: 24
86.105.104.0/22 maxlen: 24
89.37.188.0/22 maxlen: 24
89.36.236.0/22 maxlen: 24
89.37.216.0/23 maxlen: 24
89.34.124.0/23 maxlen: 24
86.107.108.0/23 maxlen: 24
188.211.250.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:20:15:dc:02:9d:bb:5c:3b:a1:3e:1c:06:02:e4:50:6f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Oct 11 18:53:05 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=25dc361876c3da996f06462f2ac6dede71599313
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c8:fc:c8:02:3d:c6:b0:0e:e2:e2:4a:ff:be:0d:
cb:c2:1a:10:f0:03:55:6f:0f:fe:82:a2:3e:00:ee:
27:dc:fb:c9:d8:42:de:97:66:6e:fe:dd:07:5f:b8:
64:9d:9b:32:f2:00:ea:ad:5a:31:b1:33:79:54:10:
46:cb:22:33:9a:25:ad:25:37:4f:31:3d:1d:25:a9:
56:56:7b:31:f6:76:ce:e1:40:b0:9f:36:ad:01:eb:
3e:b9:74:2e:0a:a7:0b:02:d0:a8:d1:12:07:00:c8:
4c:d7:52:7e:c1:4b:33:07:85:13:84:79:a3:86:1a:
4e:63:11:8a:03:68:43:07:02:c9:99:09:b2:42:15:
b8:d0:05:51:30:a7:3d:20:eb:4a:e4:01:5a:54:8e:
32:de:71:0e:e7:52:68:02:98:f8:03:8b:8b:ea:7b:
aa:25:56:c7:5a:81:4b:44:24:18:3a:37:f2:9a:81:
ce:b6:8a:7d:c0:cc:50:5f:74:9d:9c:9c:32:98:22:
4e:a8:8d:2c:74:b9:6e:2b:dd:1a:46:74:9a:3d:07:
20:b7:27:5e:bd:e2:8f:02:f4:a8:f6:3e:ac:1c:8f:
be:00:24:8d:b0:52:a7:81:27:b6:c8:a7:bf:4c:e0:
39:60:38:12:60:04:1b:72:72:42:35:ed:c1:cd:f3:
fb:29
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
25:DC:36:18:76:C3:DA:99:6F:06:46:2F:2A:C6:DE:DE:71:59:93:13
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Jdw2GHbD2plvBkYvKsbe3nFZkxM.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.112.0.0/21
62.112.12.0/23
86.105.104.0/22
86.107.108.0/23
89.34.124.0/23
89.36.236.0/22
89.37.188.0/22
89.37.216.0/23
89.37.228.0/22
89.37.236.0/22
89.39.172.0/23
89.40.176.0/22
188.211.250.0/23
193.124.20.0/23
194.135.26.0/23
Signature Algorithm: sha256WithRSAEncryption
33:35:4a:c8:0a:df:89:ea:cb:11:df:5f:f0:3f:2f:64:3b:af:
ea:83:d2:9f:97:50:70:71:cc:80:f2:35:ed:a0:2a:b1:2c:4d:
2c:1a:8b:e1:e7:a3:cd:9b:9c:cf:c0:59:4d:74:7c:66:00:f4:
10:bd:37:21:50:4d:74:91:fe:f7:36:5f:a8:72:90:98:36:3e:
70:2f:a9:c2:f9:8b:b9:99:80:73:00:dc:ce:59:ed:41:12:a4:
49:be:41:1e:93:d5:ef:a4:dd:80:0d:4a:11:15:10:12:aa:6c:
ef:b4:58:ad:eb:91:c5:fe:8a:40:06:e8:25:fa:28:7a:90:49:
34:87:a1:8e:66:67:de:ad:96:12:75:f3:ac:ba:4e:32:26:6c:
44:53:ad:92:72:22:e8:1a:76:87:58:08:36:dc:59:a1:11:fa:
34:79:34:1b:4f:0e:88:58:0e:47:84:4a:9c:8d:d9:d7:7b:35:
f7:02:93:b5:50:9b:96:46:03:c6:a1:55:19:db:0a:25:8f:4b:
6a:b2:a2:a1:bc:e5:ab:52:ef:d0:fd:7b:71:c6:a2:11:dd:46:
7e:48:38:71:e0:9d:db:ea:c0:99:59:97:4a:ba:26:2f:5c:70:
e0:61:77:c7:b8:52:21:02:c1:27:24:b3:38:ac:7c:e0:b1:dd:
a0:5e:d9:9e
-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISAYsgFdwCnbtcO6E+HAYC5FBvMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMxMDExMTg1MzA1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyNWRjMzYxODc2YzNkYTk5NmYwNjQ2MmYyYWM2ZGVkZTcxNTk5MzEzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyPzIAj3GsA7i4kr/vg3LwhoQ8ANV
bw/+gqI+AO4n3PvJ2ELel2Zu/t0HX7hknZsy8gDqrVoxsTN5VBBGyyIzmiWtJTdP
MT0dJalWVnsx9nbO4UCwnzatAes+uXQuCqcLAtCo0RIHAMhM11J+wUszB4UThHmj
hhpOYxGKA2hDBwLJmQmyQhW40AVRMKc9IOtK5AFaVI4y3nEO51JoApj4A4uL6nuq
JVbHWoFLRCQYOjfymoHOtop9wMxQX3SdnJwymCJOqI0sdLluK90aRnSaPQcgtyde
veKPAvSo9j6sHI++ACSNsFKngSe2yKe/TOA5YDgSYAQbcnJCNe3BzfP7KQIDAQAB
o4ICXTCCAlkwHQYDVR0OBBYEFCXcNhh2w9qZbwZGLyrG3t5xWZMTMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvSmR3MkdIYkQycGx2QmtZdktzYmUzbkZaa3hNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMHMGCCsGAQUFBwEHAQH/BGQwYjBgBAIAATBaAwQDPnAAAwQB
PnAMAwQCVmloAwQBVmtsAwQBWSJ8AwQCWSTsAwQCWSW8AwQBWSXYAwQCWSXkAwQC
WSXsAwQBWSesAwQCWSiwAwQBvNP6AwQBwXwUAwQBwocaMA0GCSqGSIb3DQEBCwUA
A4IBAQAzNUrICt+J6ssR31/wPy9kO6/qg9Kfl1BwccyA8jXtoCqxLE0sGovh56PN
m5zPwFlNdHxmAPQQvTchUE10kf73Nl+ocpCYNj5wL6nC+Yu5mYBzANzOWe1BEqRJ
vkEek9XvpN2ADUoRFRASqmzvtFit65HF/opABugl+ih6kEk0h6GOZmferZYSdfOs
uk4yJmxEU62SciLoGnaHWAg23FmhEfo0eTQbTw6IWA5HhEqcjdnXezX3ApO1UJuW
RgPGoVUZ2wolj0tqsqKhvOWrUu/Q/XtxxqIR3UZ+SDhx4J3b6sCZWZdKuiYvXHDg
YXfHuFIhAsEnJLM4rHzgsd2gXtme
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:14 2024 by rpki-client on console-fra.rpki-client.org