Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Xi76YJJkeua4BGUe1AYHLTak6wE.roa
File: Xi76YJJkeua4BGUe1AYHLTak6wE.roa (raw, json)
Hash identifier: EvFwFlb8pG5l/c+B4/IQsRbbUwtbbltZdYGgeAmoZ/o=
Subject key identifier: 5E:2E:FA:60:92:64:7A:E6:B8:04:65:1E:D4:06:07:2D:36:A4:EB:01
Certificate issuer: /CN=da00e981953061972c896bd6d27738d083aadb0e
Certificate serial: 018C24A1EF9D21D2D262955C125C7E08BD60
Authority key identifier: DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Xi76YJJkeua4BGUe1AYHLTak6wE.roa
Signing time: Fri 01 Dec 2023 09:07:21 +0000
ROA not before: Fri 01 Dec 2023 09:07:21 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 209706
IP address blocks: 185.172.20.0/22 maxlen: 22
89.37.228.0/22 maxlen: 24
89.37.236.0/22 maxlen: 24
62.112.12.0/23 maxlen: 24
86.105.104.0/22 maxlen: 24
188.240.40.0/23 maxlen: 24
188.212.104.0/22 maxlen: 22
94.190.248.0/22 maxlen: 24
89.37.188.0/22 maxlen: 24
89.36.236.0/22 maxlen: 24
89.36.32.0/22 maxlen: 24
185.77.250.0/23 maxlen: 24
188.211.252.0/22 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8c:24:a1:ef:9d:21:d2:d2:62:95:5c:12:5c:7e:08:bd:60
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=da00e981953061972c896bd6d27738d083aadb0e
Validity
Not Before: Dec 1 09:07:21 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=5e2efa6092647ae6b804651ed406072d36a4eb01
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:82:e9:f6:59:9d:c7:97:ba:e9:86:3a:2e:b8:77:
02:b5:5d:eb:f3:ff:63:12:48:0c:4a:b4:7f:e6:3b:
76:33:cd:dc:03:a4:37:a1:70:dc:ca:ee:36:05:1c:
f1:73:f0:39:e3:af:26:4c:43:45:28:6f:21:27:fe:
81:7f:3a:2b:94:a7:bc:0c:41:1f:25:73:76:45:bd:
07:de:6b:f9:87:7d:5f:75:d3:3f:01:af:cf:17:c8:
d4:c1:b1:b3:b4:62:6f:b4:72:9c:d3:6a:75:3d:83:
6a:0f:f0:a1:6f:57:21:6a:3f:97:16:cc:49:d2:13:
b0:21:6e:d1:9f:bb:09:ef:19:f3:3a:65:3b:dd:02:
d9:2d:18:9d:d3:41:fc:63:99:f3:82:43:e6:47:20:
4c:06:5f:71:47:c9:33:fc:36:71:9b:1b:ef:d3:33:
8a:7f:48:8e:c4:bd:69:b9:87:b7:e7:6a:3d:8f:dc:
54:5e:05:10:e5:7c:c5:2c:8f:d5:b7:04:2c:da:b7:
33:d6:6f:80:48:3b:b0:9b:bb:37:a0:1d:a5:5a:f4:
e2:3d:eb:a7:28:b2:82:34:29:cc:f2:19:34:51:7d:
58:d1:8c:75:ca:df:8d:84:a1:1a:5a:58:fc:92:6a:
41:66:7f:27:3f:57:ad:c1:e0:a7:9c:a4:aa:dc:2a:
0e:b5
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
5E:2E:FA:60:92:64:7A:E6:B8:04:65:1E:D4:06:07:2D:36:A4:EB:01
X509v3 Authority Key Identifier:
keyid:DA:00:E9:81:95:30:61:97:2C:89:6B:D6:D2:77:38:D0:83:AA:DB:0E
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/2gDpgZUwYZcsiWvW0nc40IOq2w4.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/Xi76YJJkeua4BGUe1AYHLTak6wE.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/ff/82a7d6-92a9-4204-9ae0-9a48ecf9e15e/1/2gDpgZUwYZcsiWvW0nc40IOq2w4.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
62.112.12.0/23
86.105.104.0/22
89.36.32.0/22
89.36.236.0/22
89.37.188.0/22
89.37.228.0/22
89.37.236.0/22
94.190.248.0/22
185.77.250.0/23
185.172.20.0/22
188.211.252.0/22
188.212.104.0/22
188.240.40.0/23
Signature Algorithm: sha256WithRSAEncryption
84:9c:4b:c4:f1:da:3c:68:50:a4:4b:46:93:0f:2f:f8:33:7b:
3f:27:4c:5a:c6:08:0f:4f:f3:ab:67:22:bb:4f:d1:ad:6a:86:
4a:2b:e8:e7:1e:03:15:6a:49:7b:cc:12:94:75:3a:87:4d:93:
5a:ac:00:74:7b:d6:de:a5:83:6e:91:d7:28:c1:d6:66:a5:5a:
0e:cd:7e:df:ce:e8:f7:4e:17:86:76:d1:de:5f:6c:dc:b0:a7:
f5:49:32:76:9e:3a:2d:38:9e:90:86:20:f0:2d:d0:74:2b:3b:
69:f9:e3:b6:36:15:bc:44:59:52:5c:3f:8a:93:e8:d5:49:dc:
32:3a:99:4e:bc:4d:98:f3:f4:3e:c3:d0:48:50:5b:b4:68:87:
4e:57:ab:6f:c5:9a:aa:a5:01:e5:5c:c0:5d:7a:88:59:d3:55:
66:73:fc:b8:e5:4a:93:8a:ae:ef:35:fa:f0:4d:de:16:ba:2a:
e5:24:b4:a5:8c:83:ff:23:4b:65:be:ff:5a:d2:7e:a7:6b:24:
60:28:cc:ee:63:93:0d:8e:e1:22:e8:77:43:55:99:ae:52:72:
9c:7e:5e:15:95:dd:09:6d:35:5c:aa:62:e3:e6:3e:75:5a:df:
c0:58:33:27:45:c6:76:22:81:d5:01:79:22:b7:8e:9a:af:b7:
5c:20:53:f3
-----BEGIN CERTIFICATE-----
MIIFRTCCBC2gAwIBAgISAYwkoe+dIdLSYpVcElx+CL1gMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGRhMDBlOTgxOTUzMDYxOTcyYzg5NmJkNmQyNzczOGQwODNh
YWRiMGUwHhcNMjMxMjAxMDkwNzIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZTJlZmE2MDkyNjQ3YWU2YjgwNDY1MWVkNDA2MDcyZDM2YTRlYjAxMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgun2WZ3Hl7rphjouuHcCtV3r8/9j
EkgMSrR/5jt2M83cA6Q3oXDcyu42BRzxc/A5468mTENFKG8hJ/6BfzorlKe8DEEf
JXN2Rb0H3mv5h31fddM/Aa/PF8jUwbGztGJvtHKc02p1PYNqD/Chb1chaj+XFsxJ
0hOwIW7Rn7sJ7xnzOmU73QLZLRid00H8Y5nzgkPmRyBMBl9xR8kz/DZxmxvv0zOK
f0iOxL1puYe352o9j9xUXgUQ5XzFLI/VtwQs2rcz1m+ASDuwm7s3oB2lWvTiPeun
KLKCNCnM8hk0UX1Y0Yx1yt+NhKEaWlj8kmpBZn8nP1etweCnnKSq3CoOtQIDAQAB
o4ICUTCCAk0wHQYDVR0OBBYEFF4u+mCSZHrmuARlHtQGBy02pOsBMB8GA1UdIwQY
MBaAFNoA6YGVMGGXLIlr1tJ3ONCDqtsOMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAt
OWE0OGVjZjllMTVlLzEvWGk3NllKSmtldWE0QkdVZTFBWUhMVGFrNndFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9mZi84MmE3ZDYtOTJhOS00MjA0LTlhZTAtOWE0OGVjZjllMTVl
LzEvMmdEcGdaVXdZWmNzaVd2VzBuYzQwSU9xMnc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGcGCCsGAQUFBwEHAQH/BFgwVjBUBAIAATBOAwQBPnAMAwQC
VmloAwQCWSQgAwQCWSTsAwQCWSW8AwQCWSXkAwQCWSXsAwQCXr74AwQBuU36AwQC
uawUAwQCvNP8AwQCvNRoAwQBvPAoMA0GCSqGSIb3DQEBCwUAA4IBAQCEnEvE8do8
aFCkS0aTDy/4M3s/J0xaxggPT/OrZyK7T9GtaoZKK+jnHgMVakl7zBKUdTqHTZNa
rAB0e9bepYNukdcowdZmpVoOzX7fzuj3TheGdtHeX2zcsKf1STJ2njotOJ6QhiDw
LdB0Kztp+eO2NhW8RFlSXD+Kk+jVSdwyOplOvE2Y8/Q+w9BIUFu0aIdOV6tvxZqq
pQHlXMBdeohZ01Vmc/y45UqTiq7vNfrwTd4WuirlJLSljIP/I0tlvv9a0n6nayRg
KMzuY5MNjuEi6HdDVZmuUnKcfl4Vld0JbTVcqmLj5j51Wt/AWDMnRcZ2IoHVAXki
t46ar7dcIFPz
-----END CERTIFICATE-----
Generated at Thu Dec 21 15:01:46 2023 by rpki-client on console-fra.rpki-client.org