Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/NfrYVgcVGnqXWIGf8zFZVD9jJ6I.roa
File: NfrYVgcVGnqXWIGf8zFZVD9jJ6I.roa (raw, json)
Hash identifier: rO1PzAEslElZy1ULsXLxPrsNHIfM2Io9PsOrQ22W0dg=
Subject key identifier: 35:FA:D8:56:07:15:1A:7A:97:58:81:9F:F3:31:59:54:3F:63:27:A2
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018796968BC07001EFA72EECA3E01329D502
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/NfrYVgcVGnqXWIGf8zFZVD9jJ6I.roa
Signing time: Tue 18 Apr 2023 22:57:41 +0000
ROA not before: Tue 18 Apr 2023 22:57:41 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 3320
IP address blocks: 188.240.83.0/24 maxlen: 24
5.35.192.0/21 maxlen: 24
84.234.16.0/20 maxlen: 24
62.112.0.0/21 maxlen: 24
85.204.160.0/22 maxlen: 24
93.113.184.0/21 maxlen: 24
194.88.112.0/20 maxlen: 24
89.37.128.0/24 maxlen: 24
176.223.190.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:96:96:8b:c0:70:01:ef:a7:2e:ec:a3:e0:13:29:d5:02
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Apr 18 22:57:41 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=35fad85607151a7a9758819ff33159543f6327a2
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:c9:ce:77:d7:4a:02:8f:4a:4c:e1:b8:88:76:cd:
cf:8b:2d:fb:dd:5e:56:b6:91:4d:70:68:cc:a2:54:
73:e4:fb:ed:41:c3:28:6d:78:0a:f6:60:31:d5:c8:
97:00:07:5e:06:df:16:64:b0:fe:a2:e8:5e:8f:0b:
89:82:9a:a6:17:3b:ac:03:2f:a5:38:97:0e:24:c9:
75:ae:27:7f:72:21:f8:a8:45:35:a7:a3:85:64:57:
0c:d5:ac:85:9b:64:d4:97:e6:0a:a8:0d:5a:94:b1:
d9:37:7a:8b:9f:5c:71:a8:07:e8:ff:77:71:cb:d0:
13:18:1b:df:ea:c0:70:45:4e:dc:2e:c6:e3:8e:d7:
7e:21:d0:0c:5b:d1:33:ca:0e:d1:29:0b:05:db:c3:
07:1b:be:d2:89:a4:93:74:a4:f9:3c:e2:31:26:30:
07:10:98:36:b4:17:9a:9d:4b:ab:e9:28:5f:30:93:
e5:63:0d:6c:24:7d:15:10:33:db:28:09:22:76:25:
6c:1c:9d:08:4b:fd:94:bc:d5:26:6c:97:c7:03:f1:
fe:2d:9e:4c:78:30:fb:97:b3:a0:cc:3a:79:6e:e1:
02:52:f2:eb:b3:38:7e:5f:5c:20:aa:48:4a:1d:ff:
e5:ea:2a:96:96:75:68:db:8f:2c:4b:be:8b:94:18:
a0:5d
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
35:FA:D8:56:07:15:1A:7A:97:58:81:9F:F3:31:59:54:3F:63:27:A2
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/NfrYVgcVGnqXWIGf8zFZVD9jJ6I.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.35.192.0/21
62.112.0.0/21
84.234.16.0/20
85.204.160.0/22
89.37.128.0/24
93.113.184.0/21
176.223.190.0/24
188.240.83.0/24
194.88.112.0/20
Signature Algorithm: sha256WithRSAEncryption
15:74:4a:27:2d:08:77:f5:93:49:68:13:1d:13:8d:02:c0:f0:
0d:db:cd:14:21:4f:41:88:0d:57:f3:17:c9:a0:19:1d:09:d4:
34:e9:e1:6f:2c:b6:fd:b5:a6:a7:68:d3:8a:f4:7f:81:bf:d2:
8a:d9:b8:ca:10:9d:dc:62:74:2f:fb:9b:3a:16:ac:2a:bb:80:
bc:d4:c6:a4:f0:56:02:fd:97:10:de:52:07:64:d3:cd:c5:60:
6b:9e:bd:54:fb:ea:3f:9c:4e:b6:63:fa:c4:da:65:73:10:53:
1b:f6:94:17:62:bb:a4:70:4c:24:a8:a4:82:11:3f:02:73:df:
27:f7:92:c3:7d:60:83:ff:e6:e9:aa:ec:cf:a5:02:37:74:97:
cb:01:43:cb:c9:3b:34:f3:15:81:2f:c4:f6:79:82:fc:f8:99:
5f:28:93:0a:bd:72:12:f1:f7:65:00:bd:f3:a3:ca:0b:61:93:
cb:06:e7:77:f9:0f:ae:95:73:fd:e7:57:85:8c:5f:68:3e:a6:
8b:78:9e:4d:79:6d:6d:d6:2a:c1:67:5c:03:c4:a8:1e:11:17:
7d:ad:f7:c6:2c:0d:1a:d5:92:84:e9:6a:a0:aa:23:0c:53:ae:
8f:dd:eb:b8:55:6a:0d:dc:99:b3:7b:86:0b:d9:7f:31:09:c0:
d8:60:4e:7b
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYeWlovAcAHvpy7so+ATKdUCMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNDE4MjI1NzQxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzNWZhZDg1NjA3MTUxYTdhOTc1ODgxOWZmMzMxNTk1NDNmNjMyN2EyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyc5310oCj0pM4biIds3Piy373V5W
tpFNcGjMolRz5PvtQcMobXgK9mAx1ciXAAdeBt8WZLD+ouhejwuJgpqmFzusAy+l
OJcOJMl1rid/ciH4qEU1p6OFZFcM1ayFm2TUl+YKqA1alLHZN3qLn1xxqAfo/3dx
y9ATGBvf6sBwRU7cLsbjjtd+IdAMW9Ezyg7RKQsF28MHG77SiaSTdKT5POIxJjAH
EJg2tBeanUur6ShfMJPlYw1sJH0VEDPbKAkidiVsHJ0IS/2UvNUmbJfHA/H+LZ5M
eDD7l7OgzDp5buECUvLrszh+X1wgqkhKHf/l6iqWlnVo248sS76LlBigXQIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFDX62FYHFRp6l1iBn/MxWVQ/YyeiMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvTmZyWVZnY1ZHbnFYV0lHZjh6RlpWRDlqSjZJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQDBSPAAwQD
PnAAAwQEVOoQAwQCVcygAwQAWSWAAwQDXXG4AwQAsN++AwQAvPBTAwQEwlhwMA0G
CSqGSIb3DQEBCwUAA4IBAQAVdEonLQh39ZNJaBMdE40CwPAN280UIU9BiA1X8xfJ
oBkdCdQ06eFvLLb9taanaNOK9H+Bv9KK2bjKEJ3cYnQv+5s6Fqwqu4C81Mak8FYC
/ZcQ3lIHZNPNxWBrnr1U++o/nE62Y/rE2mVzEFMb9pQXYrukcEwkqKSCET8Cc98n
95LDfWCD/+bpquzPpQI3dJfLAUPLyTs08xWBL8T2eYL8+JlfKJMKvXIS8fdlAL3z
o8oLYZPLBud3+Q+ulXP951eFjF9oPqaLeJ5NeW1t1irBZ1wDxKgeERd9rffGLA0a
1ZKE6WqgqiMMU66P3eu4VWoN3Jmze4YL2X8xCcDYYE57
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:14 2024 by rpki-client on console-fra.rpki-client.org