Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/WRQZ12X34HCq0p-M7h9uzL_Dhlc.roa
File: WRQZ12X34HCq0p-M7h9uzL_Dhlc.roa (raw, json)
Hash identifier: HTKTCDmLa7TqIkquNGF0TFTFF8GDyaY/o+OBiMHBoTo=
Subject key identifier: 59:14:19:D7:65:F7:E0:70:AA:D2:9F:8C:EE:1F:6E:CC:BF:C3:86:57
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018A62C493657930767D447AB322F0D9C0F4
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/WRQZ12X34HCq0p-M7h9uzL_Dhlc.roa
Signing time: Tue 05 Sep 2023 00:36:04 +0000
ROA not before: Tue 05 Sep 2023 00:36:04 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 7018
IP address blocks: 213.159.10.0/23 maxlen: 24
213.159.12.0/23 maxlen: 24
195.133.202.0/23 maxlen: 24
195.133.208.0/23 maxlen: 24
194.88.96.0/21 maxlen: 24
84.234.24.0/22 maxlen: 24
93.113.184.0/21 maxlen: 24
194.58.64.0/23 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8a:62:c4:93:65:79:30:76:7d:44:7a:b3:22:f0:d9:c0:f4
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Sep 5 00:36:04 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=591419d765f7e070aad29f8cee1f6eccbfc38657
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:b3:dc:91:5d:fd:3a:c6:4e:c5:d2:28:6d:f8:62:
90:2d:e6:f2:5f:32:df:86:f6:b2:da:65:6f:8a:b8:
51:59:d3:52:4e:cd:67:67:23:c9:7e:37:9b:55:f6:
ef:ff:6c:94:01:b7:60:8f:ab:b3:f7:42:fa:26:42:
8e:40:61:ba:79:0a:d7:c9:a6:2d:fa:22:7a:46:94:
91:73:bf:4a:04:bb:4b:ef:8c:52:24:25:c7:6a:e8:
d6:10:b0:fd:9c:be:cf:c4:75:2f:e5:e0:cc:10:ad:
37:2d:a7:53:85:bb:c4:b3:d0:ff:b6:b9:b7:46:c9:
6e:e6:91:10:29:1f:70:97:72:51:d5:2e:be:f8:36:
1c:1c:4d:11:24:80:72:bf:ce:58:46:f8:a5:3b:ed:
44:d0:ca:08:e3:63:bd:82:b5:f2:b4:ce:3e:f3:9b:
ce:1f:bf:35:97:c2:72:fb:31:38:66:05:3b:db:d3:
af:e2:f4:84:2d:ea:94:43:11:6b:2d:87:72:5e:b8:
d7:1e:b7:e8:fe:42:6e:90:e4:0b:e7:55:dc:e7:59:
bc:13:74:51:b0:af:e2:3c:e4:ef:88:27:b1:13:de:
87:f8:63:00:d3:da:6b:2c:e7:8d:f4:2e:c6:89:86:
cf:2c:52:a3:1d:12:09:bf:a0:af:88:c5:e0:dc:b7:
9a:d3
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
59:14:19:D7:65:F7:E0:70:AA:D2:9F:8C:EE:1F:6E:CC:BF:C3:86:57
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/WRQZ12X34HCq0p-M7h9uzL_Dhlc.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
84.234.24.0/22
93.113.184.0/21
194.58.64.0/23
194.88.96.0/21
195.133.202.0/23
195.133.208.0/23
213.159.10.0-213.159.13.255
Signature Algorithm: sha256WithRSAEncryption
88:ea:ae:7b:ff:bd:2b:4c:a6:d5:54:c8:f8:eb:1a:23:47:3f:
45:6c:7f:48:e1:8f:3d:e1:af:e9:7e:58:27:b6:4c:57:8b:f0:
4a:47:78:df:5d:05:78:4a:aa:f2:ca:24:92:d4:d1:79:c4:72:
ce:a7:a6:bb:e8:6f:82:94:47:03:b2:a6:33:eb:8c:57:96:16:
08:04:78:0d:9b:27:8d:9c:b7:01:5e:dc:e2:21:de:be:dd:12:
91:19:16:dc:c4:4c:b1:b9:d9:e6:d9:8c:77:42:cf:56:ef:17:
10:2b:b0:6e:d5:a9:f6:ad:1b:9a:d6:47:dd:21:2e:b9:5f:96:
e8:00:09:85:d2:cc:1c:9d:3d:8c:7a:ae:37:42:25:b0:90:56:
79:bb:3e:bd:fb:2f:fb:52:36:66:8a:0d:87:0b:bb:af:38:b7:
73:3d:7c:60:03:9b:b2:01:5b:1e:f9:0a:ad:21:71:22:29:d0:
d0:a2:34:fc:d7:70:7a:4d:7d:a4:fe:9e:ce:f4:7a:03:49:df:
b7:b7:ae:41:fd:ce:26:aa:1f:25:a3:3a:dc:2e:cf:2a:33:0d:
71:b1:3e:e0:d6:66:17:68:44:46:af:24:b5:63:38:0e:13:be:
f4:73:a2:45:14:0b:15:38:6e:2e:f2:f4:88:64:5f:70:fe:9a:
ac:06:ad:84
-----BEGIN CERTIFICATE-----
MIIFKTCCBBGgAwIBAgISAYpixJNleTB2fUR6syLw2cD0MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMwOTA1MDAzNjA0WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1OTE0MTlkNzY1ZjdlMDcwYWFkMjlmOGNlZTFmNmVjY2JmYzM4NjU3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs9yRXf06xk7F0iht+GKQLebyXzLf
hvay2mVvirhRWdNSTs1nZyPJfjebVfbv/2yUAbdgj6uz90L6JkKOQGG6eQrXyaYt
+iJ6RpSRc79KBLtL74xSJCXHaujWELD9nL7PxHUv5eDMEK03LadThbvEs9D/trm3
Rslu5pEQKR9wl3JR1S6++DYcHE0RJIByv85YRvilO+1E0MoI42O9grXytM4+85vO
H781l8Jy+zE4ZgU729Ov4vSELeqUQxFrLYdyXrjXHrfo/kJukOQL51Xc51m8E3RR
sK/iPOTviCexE96H+GMA09prLOeN9C7GiYbPLFKjHRIJv6CviMXg3Lea0wIDAQAB
o4ICNTCCAjEwHQYDVR0OBBYEFFkUGddl9+BwqtKfjO4fbsy/w4ZXMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvV1JRWjEyWDM0SENxMHAtTTdoOXV6TF9EaGxjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEsGCCsGAQUFBwEHAQH/BDwwOjA4BAIAATAyAwQCVOoYAwQD
XXG4AwQBwjpAAwQDwlhgAwQBw4XKAwQBw4XQMAwDBAHVnwoDBAHVnwwwDQYJKoZI
hvcNAQELBQADggEBAIjqrnv/vStMptVUyPjrGiNHP0Vsf0jhjz3hr+l+WCe2TFeL
8EpHeN9dBXhKqvLKJJLU0XnEcs6nprvob4KURwOypjPrjFeWFggEeA2bJ42ctwFe
3OIh3r7dEpEZFtzETLG52ebZjHdCz1bvFxArsG7VqfatG5rWR90hLrlflugACYXS
zBydPYx6rjdCJbCQVnm7Pr37L/tSNmaKDYcLu684t3M9fGADm7IBWx75Cq0hcSIp
0NCiNPzXcHpNfaT+ns70egNJ37e3rkH9ziaqHyWjOtwuzyozDXGxPuDWZhdoREav
JLVjOA4TvvRzokUUCxU4bi7y9IhkX3D+mqwGrYQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:01:14 2024 by rpki-client on console-fra.rpki-client.org