Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/VxxP7MTyGkzczSNMM6RFPFVUisQ.roa
File: VxxP7MTyGkzczSNMM6RFPFVUisQ.roa (raw, json)
Hash identifier: R29z8+/XRC71jb2sWtrtNf9iKwOervdZUvxVqUwGA9w=
Subject key identifier: 57:1C:4F:EC:C4:F2:1A:4C:DC:CD:23:4C:33:A4:45:3C:55:54:8A:C4
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 01856F022A9C9E75B292248CCE0316E1C60C
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/VxxP7MTyGkzczSNMM6RFPFVUisQ.roa
Signing time: Sun 01 Jan 2023 20:24:51 +0000
ROA not before: Sun 01 Jan 2023 20:24:51 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 61317
IP address blocks: 93.115.155.0/24 maxlen: 24
86.104.209.0/24 maxlen: 24
217.19.1.0/24 maxlen: 24
89.42.40.0/24 maxlen: 24
93.115.111.0/24 maxlen: 24
185.77.249.0/24 maxlen: 24
84.247.59.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:85:6f:02:2a:9c:9e:75:b2:92:24:8c:ce:03:16:e1:c6:0c
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Jan 1 20:24:51 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=571c4fecc4f21a4cdccd234c33a4453c55548ac4
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:90:56:1d:a1:a8:db:de:98:66:6f:38:f4:95:28:
6f:30:29:24:89:1f:32:01:b4:78:60:9b:26:73:87:
1b:97:29:27:3d:8e:e4:70:3c:81:5c:88:d2:41:f4:
f0:7e:7e:6e:d7:67:20:7f:3f:3d:1f:c1:a2:7c:2d:
cb:22:f5:a6:ad:b9:af:19:b8:d6:b7:db:75:7e:7c:
4a:72:11:f5:b1:1b:48:95:e6:da:9e:19:41:3f:c8:
df:a5:90:94:f4:1a:32:cd:59:26:38:fe:4c:2a:84:
a8:23:63:22:d4:49:c7:8e:32:04:8c:ea:dc:3d:b9:
01:b0:12:25:3c:a4:a0:91:66:8f:20:65:00:b0:8f:
d2:07:fa:f4:45:3b:f5:ad:45:49:79:62:7f:a8:ad:
f8:70:d0:82:3c:fc:be:8f:ca:dc:e1:d1:19:8c:d3:
0d:ce:5f:85:3b:44:eb:f8:22:5f:47:f9:6f:f5:af:
6e:bd:2d:b6:ae:42:c7:2d:dc:1c:63:3a:d2:5c:9b:
9c:19:3c:5e:fa:02:ca:db:a1:80:5a:7a:a7:1f:0e:
41:34:bc:1f:9d:39:b9:30:32:8b:c5:68:ea:cc:01:
77:bc:16:80:00:5a:9d:9d:38:bf:e3:89:2c:22:b9:
a6:8a:0c:ab:4c:58:51:02:6b:a4:a5:0d:79:23:f5:
cd:01
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
57:1C:4F:EC:C4:F2:1A:4C:DC:CD:23:4C:33:A4:45:3C:55:54:8A:C4
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/VxxP7MTyGkzczSNMM6RFPFVUisQ.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.247.59.0/24
86.104.209.0/24
89.42.40.0/24
93.115.111.0/24
93.115.155.0/24
185.77.249.0/24
217.19.1.0/24
Signature Algorithm: sha256WithRSAEncryption
35:f2:15:c4:34:28:0d:d7:28:c6:cd:7e:e0:cf:08:73:c5:7b:
1c:74:04:8f:7c:d4:3b:0e:98:ad:6f:41:fd:65:4e:1d:2c:44:
2f:12:e7:f7:8a:e8:7c:59:6f:f1:c7:81:a8:b3:16:cf:85:35:
29:5e:8a:20:0c:87:b0:68:c4:f2:17:d1:4d:12:51:b3:a5:0d:
c5:88:82:f6:31:b6:1e:f6:52:ef:0a:b4:e4:30:a8:ee:d1:ba:
4e:dd:ee:5a:af:dd:b8:53:ef:9c:31:1d:d1:70:93:1b:4f:ce:
25:99:cc:da:61:8a:1c:f5:ca:18:9b:63:40:25:37:26:cd:08:
f7:bc:d5:b6:93:2a:d0:d3:93:62:07:8b:e0:96:e8:eb:73:cf:
30:5e:dc:18:1e:21:c1:0a:4b:48:25:c7:96:77:8f:ae:51:a0:
d2:b8:e1:7a:59:61:10:86:f1:0a:0b:a3:72:9d:d1:43:77:0d:
cf:90:8d:7c:24:ad:d4:b5:2b:31:74:2d:17:60:57:8b:82:06:
d9:43:a5:14:95:f4:98:63:b3:4b:bd:a8:1c:d1:4a:b4:5d:0a:
c1:d4:6c:89:ce:cf:c3:05:ce:8c:28:98:74:53:9f:f6:34:b3:
dd:b5:c5:bf:96:45:33:db:2e:8b:28:90:9d:e8:ff:2c:12:13:
b2:18:13:6b
-----BEGIN CERTIFICATE-----
MIIFITCCBAmgAwIBAgISAYVvAiqcnnWykiSMzgMW4cYMMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwMTAxMjAyNDUxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1NzFjNGZlY2M0ZjIxYTRjZGNjZDIzNGMzM2E0NDUzYzU1NTQ4YWM0MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkFYdoajb3phmbzj0lShvMCkkiR8y
AbR4YJsmc4cblyknPY7kcDyBXIjSQfTwfn5u12cgfz89H8GifC3LIvWmrbmvGbjW
t9t1fnxKchH1sRtIlebanhlBP8jfpZCU9BoyzVkmOP5MKoSoI2Mi1EnHjjIEjOrc
PbkBsBIlPKSgkWaPIGUAsI/SB/r0RTv1rUVJeWJ/qK34cNCCPPy+j8rc4dEZjNMN
zl+FO0Tr+CJfR/lv9a9uvS22rkLHLdwcYzrSXJucGTxe+gLK26GAWnqnHw5BNLwf
nTm5MDKLxWjqzAF3vBaAAFqdnTi/44ksIrmmigyrTFhRAmukpQ15I/XNAQIDAQAB
o4ICLTCCAikwHQYDVR0OBBYEFFccT+zE8hpM3M0jTDOkRTxVVIrEMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvVnh4UDdNVHlHa3pjelNOTU02UkZQRlZVaXNRLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEMGCCsGAQUFBwEHAQH/BDQwMjAwBAIAATAqAwQAVPc7AwQA
VmjRAwQAWSooAwQAXXNvAwQAXXObAwQAuU35AwQA2RMBMA0GCSqGSIb3DQEBCwUA
A4IBAQA18hXENCgN1yjGzX7gzwhzxXscdASPfNQ7Dpitb0H9ZU4dLEQvEuf3iuh8
WW/xx4GosxbPhTUpXoogDIewaMTyF9FNElGzpQ3FiIL2MbYe9lLvCrTkMKju0bpO
3e5ar924U++cMR3RcJMbT84lmczaYYoc9coYm2NAJTcmzQj3vNW2kyrQ05NiB4vg
lujrc88wXtwYHiHBCktIJceWd4+uUaDSuOF6WWEQhvEKC6NyndFDdw3PkI18JK3U
tSsxdC0XYFeLggbZQ6UUlfSYY7NLvagc0Uq0XQrB1GyJzs/DBc6MKJh0U5/2NLPd
tcW/lkUz2y6LKJCd6P8sEhOyGBNr
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:14 2024 by rpki-client on console-fra.rpki-client.org