Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/U5CTfEElTOl6nDglNKAYQwZ20HY.roa
File: U5CTfEElTOl6nDglNKAYQwZ20HY.roa (raw, json)
Hash identifier: elysKFJvCEM5CEX4YE08Y99kJznkvrThCIO9zJ0H1AY=
Subject key identifier: 53:90:93:7C:41:25:4C:E9:7A:9C:38:25:34:A0:18:43:06:76:D0:76
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 0189D32D262F8FCD2AE27233F2844BCD8D3A
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/U5CTfEElTOl6nDglNKAYQwZ20HY.roa
Signing time: Tue 08 Aug 2023 03:24:58 +0000
ROA not before: Tue 08 Aug 2023 03:24:58 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 393427
IP address blocks: 5.35.192.0/21 maxlen: 24
85.204.160.0/22 maxlen: 24
62.112.0.0/21 maxlen: 24
194.88.112.0/20 maxlen: 24
93.113.184.0/21 maxlen: 24
91.232.136.0/22 maxlen: 24
194.58.64.0/23 maxlen: 24
188.240.40.0/23 maxlen: 24
188.212.104.0/22 maxlen: 24
94.190.248.0/22 maxlen: 24
213.159.10.0/23 maxlen: 24
195.133.202.0/23 maxlen: 24
213.159.12.0/23 maxlen: 24
195.133.208.0/23 maxlen: 24
84.234.16.0/20 maxlen: 24
194.88.96.0/21 maxlen: 24
185.77.250.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:89:d3:2d:26:2f:8f:cd:2a:e2:72:33:f2:84:4b:cd:8d:3a
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Aug 8 03:24:58 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5390937c41254ce97a9c382534a018430676d076
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:92:65:5d:be:4b:8d:96:65:80:79:41:5c:2e:cf:
28:e3:c4:40:3e:b5:02:cd:43:ef:cc:b3:a1:59:80:
8e:01:d3:75:f0:e6:f0:2d:62:0d:c1:12:34:a7:b2:
37:75:d0:2e:8e:d4:82:6c:7a:cf:ef:f6:54:8b:9f:
f2:c0:98:23:45:28:33:29:b2:00:d1:7e:54:49:b1:
b6:85:71:5c:5c:27:5d:19:11:ad:61:5a:31:a9:a9:
ad:ec:6a:66:2a:d5:53:47:83:f9:cb:8f:aa:90:d1:
9b:0b:be:a4:d2:04:e1:31:3f:46:f7:fe:09:26:9a:
81:60:01:aa:1c:10:cb:d4:7e:96:94:32:7f:35:40:
a4:f5:5f:f1:26:fb:7a:72:85:90:8a:fe:63:56:9b:
7b:a2:5e:09:19:12:e4:b1:51:5e:ef:67:08:80:56:
1b:e0:7c:df:71:86:20:c0:4f:4a:97:24:0a:bf:a2:
d4:0a:72:ab:14:d1:d0:c9:8e:38:33:fb:82:44:de:
53:51:f9:21:02:7e:4a:69:c7:ff:be:9a:ad:56:c2:
69:1a:6e:15:34:21:75:b6:f2:c4:26:bf:be:0d:74:
11:7e:e0:f8:64:e7:51:00:e9:ee:16:9b:23:b1:cb:
5a:43:6c:d7:9e:e1:82:ea:f7:d2:7b:13:66:97:e9:
88:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
53:90:93:7C:41:25:4C:E9:7A:9C:38:25:34:A0:18:43:06:76:D0:76
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/U5CTfEElTOl6nDglNKAYQwZ20HY.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
5.35.192.0/21
62.112.0.0/21
84.234.16.0/20
85.204.160.0/22
91.232.136.0/22
93.113.184.0/21
94.190.248.0/22
185.77.250.0/23
188.212.104.0/22
188.240.40.0/23
194.58.64.0/23
194.88.96.0/21
194.88.112.0/20
195.133.202.0/23
195.133.208.0/23
213.159.10.0-213.159.13.255
Signature Algorithm: sha256WithRSAEncryption
22:83:71:17:39:96:af:e7:d8:15:02:1b:e7:3c:2a:bf:84:82:
aa:97:35:a4:bd:ea:66:98:24:f9:ec:17:a9:bb:05:c9:e6:a5:
e6:b0:30:f0:e0:ef:ef:0c:e9:fd:11:2c:5a:88:1b:2f:aa:36:
a4:6e:70:bd:b5:6e:b8:f6:60:71:25:a6:ca:87:ae:1d:7a:cb:
d8:68:4c:73:84:35:c2:6b:e3:d7:91:6b:86:07:49:1d:d3:c2:
f5:8a:a5:5f:55:b1:5c:5f:bd:7c:47:85:e2:64:fd:df:4f:9f:
7b:d8:ab:68:c6:93:f8:0a:3d:f8:47:74:90:5b:f1:60:5f:89:
03:56:40:50:bb:47:2d:06:a9:8b:e2:bd:7e:a3:fb:7b:c2:91:
2c:d6:4f:9d:c0:1f:f4:e1:29:6a:a7:26:03:b6:a8:45:69:06:
d7:b8:82:0d:a0:26:1f:ac:d8:9e:8c:09:eb:ff:71:ca:e6:9a:
23:47:6e:de:90:af:3b:f8:ba:88:b1:e1:74:3c:2d:fd:2c:35:
4c:bd:9a:59:db:16:d3:44:53:b0:72:fc:64:74:e6:f2:c5:0f:
c7:fc:fb:c7:39:44:97:5e:31:d5:19:12:3d:8b:32:f9:66:82:
0b:3f:90:17:f5:82:47:0b:34:82:b7:83:12:6f:f1:6b:b3:eb:
f5:97:5f:1a
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgISAYnTLSYvj80q4nIz8oRLzY06MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwODA4MDMyNDU4WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1MzkwOTM3YzQxMjU0Y2U5N2E5YzM4MjUzNGEwMTg0MzA2NzZkMDc2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkmVdvkuNlmWAeUFcLs8o48RAPrUC
zUPvzLOhWYCOAdN18ObwLWINwRI0p7I3ddAujtSCbHrP7/ZUi5/ywJgjRSgzKbIA
0X5USbG2hXFcXCddGRGtYVoxqamt7GpmKtVTR4P5y4+qkNGbC76k0gThMT9G9/4J
JpqBYAGqHBDL1H6WlDJ/NUCk9V/xJvt6coWQiv5jVpt7ol4JGRLksVFe72cIgFYb
4HzfcYYgwE9KlyQKv6LUCnKrFNHQyY44M/uCRN5TUfkhAn5Kacf/vpqtVsJpGm4V
NCF1tvLEJr++DXQRfuD4ZOdRAOnuFpsjsctaQ2zXnuGC6vfSexNml+mIAQIDAQAB
o4ICbDCCAmgwHQYDVR0OBBYEFFOQk3xBJUzpepw4JTSgGEMGdtB2MB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvVTVDVGZFRWxUT2w2bkRnbE5LQVlRd1oyMEhZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGBBggrBgEFBQcBBwEB/wRyMHAwbgQCAAEwaAMEAwUjwAME
Az5wAAMEBFTqEAMEAlXMoAMEAlvoiAMEA11xuAMEAl6++AMEAblN+gMEArzUaAME
AbzwKAMEAcI6QAMEA8JYYAMEBMJYcAMEAcOFygMEAcOF0DAMAwQB1Z8KAwQB1Z8M
MA0GCSqGSIb3DQEBCwUAA4IBAQAig3EXOZav59gVAhvnPCq/hIKqlzWkvepmmCT5
7BepuwXJ5qXmsDDw4O/vDOn9ESxaiBsvqjakbnC9tW649mBxJabKh64desvYaExz
hDXCa+PXkWuGB0kd08L1iqVfVbFcX718R4XiZP3fT5972KtoxpP4Cj34R3SQW/Fg
X4kDVkBQu0ctBqmL4r1+o/t7wpEs1k+dwB/04SlqpyYDtqhFaQbXuIINoCYfrNie
jAnr/3HK5pojR27ekK87+LqIseF0PC39LDVMvZpZ2xbTRFOwcvxkdObyxQ/H/PvH
OUSXXjHVGRI9izL5ZoILP5AX9YJHCzSCt4MSb/Frs+v1l18a
-----END CERTIFICATE-----
Generated at Thu Jun 6 19:54:49 2024 by rpki-client on console-ams.rpki-client.org