Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/TYuK84ouR1u3XSKF_UhdTdz3GEo.roa
File: TYuK84ouR1u3XSKF_UhdTdz3GEo.roa (raw, json)
Hash identifier: yQCV6DG6BQxFpdYLgyOw6JdAYXK/0oUzBdA/RIEa/vk=
Subject key identifier: 4D:8B:8A:F3:8A:2E:47:5B:B7:5D:22:85:FD:48:5D:4D:DC:F7:18:4A
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018797ACE1131094CE51D0BEA5C509D9F955
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/TYuK84ouR1u3XSKF_UhdTdz3GEo.roa
Signing time: Wed 19 Apr 2023 04:01:42 +0000
ROA not before: Wed 19 Apr 2023 04:01:42 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 393427
IP address blocks: 84.234.16.0/20 maxlen: 24
194.88.96.0/21 maxlen: 24
5.35.192.0/21 maxlen: 24
85.204.160.0/22 maxlen: 24
62.112.0.0/21 maxlen: 24
89.37.128.0/24 maxlen: 24
194.88.112.0/20 maxlen: 24
93.113.184.0/21 maxlen: 24
91.232.136.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:87:97:ac:e1:13:10:94:ce:51:d0:be:a5:c5:09:d9:f9:55
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Apr 19 04:01:42 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=4d8b8af38a2e475bb75d2285fd485d4ddcf7184a
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:9e:10:f2:77:a9:8b:8e:b9:3a:77:ae:9d:b3:c6:
f5:a5:ce:a6:b7:67:12:b6:e2:5a:da:b3:9a:71:13:
58:b2:f1:d7:77:7a:4a:eb:11:48:fb:99:ee:08:b6:
f5:5a:bb:07:c9:6a:8e:c0:9d:6b:01:b5:54:f6:c8:
c8:72:3b:b6:c8:5d:96:e9:f9:a4:66:ec:1a:be:76:
36:d9:d4:4f:a5:3c:03:5e:d1:91:31:b7:35:f5:0e:
f3:95:94:29:a2:0f:43:d9:f6:d9:87:e6:4c:8e:a7:
01:cc:fd:22:e4:f3:9d:b7:37:90:54:e9:f0:b5:23:
b8:97:56:e6:c2:cb:d5:ea:80:86:65:33:9b:2a:95:
4b:3c:59:42:d0:6e:53:77:54:e2:23:73:a3:74:c6:
18:58:06:86:9d:1d:9b:d8:cb:75:6b:b1:6f:34:32:
ab:a7:db:e3:a5:ca:cd:2c:66:fe:7d:e6:2a:ec:96:
07:50:1d:b6:2b:66:a0:1c:67:2f:5a:ff:29:8c:ae:
99:1e:40:6b:ad:49:4b:59:03:14:7f:ce:48:ca:da:
ea:05:34:b2:b6:b0:e7:9f:12:35:70:cc:80:75:b0:
55:50:4c:9c:85:f0:aa:56:9a:27:7a:49:f8:9f:49:
b5:e7:67:d6:f0:71:a6:19:e4:5d:b1:c6:e0:00:50:
39:eb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
4D:8B:8A:F3:8A:2E:47:5B:B7:5D:22:85:FD:48:5D:4D:DC:F7:18:4A
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/TYuK84ouR1u3XSKF_UhdTdz3GEo.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.35.192.0/21
62.112.0.0/21
84.234.16.0/20
85.204.160.0/22
89.37.128.0/24
91.232.136.0/22
93.113.184.0/21
194.88.96.0/21
194.88.112.0/20
Signature Algorithm: sha256WithRSAEncryption
86:f3:04:ab:35:ad:a8:22:08:1e:ac:79:cd:55:44:b7:6d:b2:
f9:4f:f3:18:b5:09:79:9a:0a:1f:29:df:15:fe:00:21:d7:70:
82:b2:46:06:af:70:60:f9:b6:4e:57:1c:e3:5e:ce:a4:e3:21:
da:91:f3:fa:ca:ca:76:f6:6e:ee:f6:b8:8e:09:93:87:c6:fb:
28:e5:e7:59:be:cc:a0:85:c5:d8:2f:de:be:13:aa:91:9e:09:
fa:4a:aa:8e:c6:e6:16:34:03:e5:55:ae:70:46:7b:ef:04:be:
18:85:ed:8e:82:0b:e8:f6:47:2e:0e:b7:47:1e:e0:4c:5f:79:
b1:82:18:56:98:d6:f7:7a:95:cd:f3:1c:98:33:7a:e2:8d:8c:
58:d2:38:a4:0d:7b:97:be:0d:3e:65:b0:08:53:7a:2f:4f:a1:
cf:9b:59:f7:7e:ee:5a:40:0a:fb:bc:22:d8:c8:90:55:d3:96:
77:4b:ad:90:e1:8a:d5:2a:02:ed:a0:3c:18:b4:0a:e7:b5:14:
f9:94:f8:05:78:bd:cf:1b:19:0d:92:ee:19:81:c8:08:a9:bc:
1f:22:64:ab:9a:84:27:f9:d8:00:ee:e1:16:7d:27:85:6e:7a:
9c:ce:d2:93:1e:da:4f:e7:9c:19:80:4f:6c:41:33:59:da:0e:
8e:cd:60:8d
-----BEGIN CERTIFICATE-----
MIIFLTCCBBWgAwIBAgISAYeXrOETEJTOUdC+pcUJ2flVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwNDE5MDQwMTQyWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0ZDhiOGFmMzhhMmU0NzViYjc1ZDIyODVmZDQ4NWQ0ZGRjZjcxODRhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnhDyd6mLjrk6d66ds8b1pc6mt2cS
tuJa2rOacRNYsvHXd3pK6xFI+5nuCLb1WrsHyWqOwJ1rAbVU9sjIcju2yF2W6fmk
ZuwavnY22dRPpTwDXtGRMbc19Q7zlZQpog9D2fbZh+ZMjqcBzP0i5POdtzeQVOnw
tSO4l1bmwsvV6oCGZTObKpVLPFlC0G5Td1TiI3OjdMYYWAaGnR2b2Mt1a7FvNDKr
p9vjpcrNLGb+feYq7JYHUB22K2agHGcvWv8pjK6ZHkBrrUlLWQMUf85IytrqBTSy
trDnnxI1cMyAdbBVUEychfCqVponekn4n0m152fW8HGmGeRdscbgAFA56wIDAQAB
o4ICOTCCAjUwHQYDVR0OBBYEFE2LivOKLkdbt10ihf1IXU3c9xhKMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvVFl1Szg0b3VSMXUzWFNLRl9VaGRUZHozR0VvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CME8GCCsGAQUFBwEHAQH/BEAwPjA8BAIAATA2AwQDBSPAAwQD
PnAAAwQEVOoQAwQCVcygAwQAWSWAAwQCW+iIAwQDXXG4AwQDwlhgAwQEwlhwMA0G
CSqGSIb3DQEBCwUAA4IBAQCG8wSrNa2oIggerHnNVUS3bbL5T/MYtQl5mgofKd8V
/gAh13CCskYGr3Bg+bZOVxzjXs6k4yHakfP6ysp29m7u9riOCZOHxvso5edZvsyg
hcXYL96+E6qRngn6SqqOxuYWNAPlVa5wRnvvBL4Yhe2Oggvo9kcuDrdHHuBMX3mx
ghhWmNb3epXN8xyYM3rijYxY0jikDXuXvg0+ZbAIU3ovT6HPm1n3fu5aQAr7vCLY
yJBV05Z3S62Q4YrVKgLtoDwYtArntRT5lPgFeL3PGxkNku4ZgcgIqbwfImSrmoQn
+dgA7uEWfSeFbnqcztKTHtpP55wZgE9sQTNZ2g6OzWCN
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:49 2024 by rpki-client on console-ams.rpki-client.org